diff options
| author | Ziad Sawalha <github@highbridgellc.com> | 2011-04-27 12:16:15 -0700 |
|---|---|---|
| committer | Ziad Sawalha <github@highbridgellc.com> | 2011-04-27 12:16:15 -0700 |
| commit | 87c469c630a32bdf407bfa569a5872943ec5fe9b (patch) | |
| tree | c950ef23d3af8b44f6c86e79e837074fb6e812b3 /echo | |
| parent | 3b32d5f29c8c59d26203ba597ebeb4c46738704d (diff) | |
Renamed delegated to 'delay_auth_decision'
Remove PAPIAuth
Rename folder to Auth_protocols (that is where we add protocol components)Get_request -> get_content
Make protocol module more generic (prepare for superclassing and multiple protocol support
Refactor Auth_protocol_token
If no token, bail out quick (clearer)
same with if app
Break out headers:
- here is what is coming in
- here is what we add
- explain the X in headers: extended header
Diffstat (limited to 'echo')
| -rw-r--r-- | echo/echo/echo.ini | 39 | ||||
| -rw-r--r-- | echo/echo/echo.py | 7 |
2 files changed, 21 insertions, 25 deletions
diff --git a/echo/echo/echo.ini b/echo/echo/echo.ini index cadd3fb5..e4ac690f 100644 --- a/echo/echo/echo.ini +++ b/echo/echo/echo.ini @@ -1,24 +1,25 @@ [DEFAULT] +;delegated means we still allow unauthenticated requests through so the +;service can make the final decision on authentication +delay_auth_decision = 0 + +;where to find the OpenStack service (if not in local WSGI chain) +service_protocol = http +service_host = 127.0.0.1 +service_port = 8090 +;used to verify this component with the OpenStack service (or PAPIAuth) +service_pass = dTpw + [app:echo] paste.app_factory = echo:app_factory [pipeline:main] pipeline = - auth - papiauth + tokenauth echo -;remove last entry to use the service_settings below if echo is remote - -[filter:papiauth] -paste.filter_factory = keystone:papiauth_factory -;password which will tell us caller is trusted (otherwise we redirect them) -auth_pass = dTpw -;where to redirect untrusted calls to -proxy_location = http://127.0.0.1:8080/ - -[filter:auth] +[filter:tokenauth] paste.filter_factory = keystone:tokenauth_factory ;where to find the token auth service auth_host = 127.0.0.1 @@ -27,14 +28,8 @@ auth_port = 8080 ;like validate token auth_token = 999888777666 -;delegated means we still allow unauthenticated requests through so the -;service can make the final decision on authentication -delegated = 0 - -;where to find the OpenStack service (if not in local WSGI chain) -service_protocol = http -service_host = 127.0.0.1 -service_port = 8090 -;used to verify this component with the OpenStack service (or PAPIAuth) -service_pass = dTpw +[filter:basicauth] +paste.filter_factory = keystone:basicauth_factory +[filter:openidauth] +paste.filter_factory = keystone:openidauth_factory diff --git a/echo/echo/echo.py b/echo/echo/echo.py index dada3392..b0fd9c7b 100644 --- a/echo/echo/echo.py +++ b/echo/echo/echo.py @@ -72,9 +72,10 @@ class EchoApp(object): def toDOM(self, environ): echo = etree.Element("{http://docs.openstack.org/echo/api/v1.0}echo", - method=environ["REQUEST_METHOD"], - pathInfo=environ["PATH_INFO"], - queryString=environ.get('QUERY_STRING', "")) + method= environ["REQUEST_METHOD"], + pathInfo= environ["PATH_INFO"], + queryString= environ.get('QUERY_STRING', ""), + caller_identity= self.envr['HTTP_X_AUTHORIZATION']) content = etree.Element( "{http://docs.openstack.org/echo/api/v1.0}content") content.set("type", environ["CONTENT_TYPE"]) |