diff options
author | Guang Yee <guang.yee@hp.com> | 2013-06-24 23:37:59 -0700 |
---|---|---|
committer | Guang Yee <guang.yee@hp.com> | 2013-07-15 12:53:27 -0700 |
commit | ee27d6eef62d201c99694d0f788ea2a96c6669a4 (patch) | |
tree | aed60962e83e6f98d24b7f2f763c2a8bc1c62c57 /keystone/contrib/ec2 | |
parent | c238ace30981877e5991874c5b193ea7d5107419 (diff) | |
download | keystone-ee27d6eef62d201c99694d0f788ea2a96c6669a4.tar.gz keystone-ee27d6eef62d201c99694d0f788ea2a96c6669a4.tar.xz keystone-ee27d6eef62d201c99694d0f788ea2a96c6669a4.zip |
Implements Pluggable V2 Token Provider
This patch implemented V2 token provider.
Abstract token provider backend to make token provider pluggable. It enables
deployers to customize token management to add their own capabilities.
Token provider is responsible for issuing, checking, validating, and
revoking tokens. Note the distinction between token 'driver' and 'provider'.
Token 'driver' simply provides token CRUD. It does not issue or interpret
tokens.
Token provider is specified by the 'provider' property in the '[token]'
section of the Keystone configuration file.
Change-Id: Ic418ec433bd9e3f2f70fa31c90e570e32c1ca687
Diffstat (limited to 'keystone/contrib/ec2')
-rw-r--r-- | keystone/contrib/ec2/core.py | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py index 5254b53f..fed7ee08 100644 --- a/keystone/contrib/ec2/core.py +++ b/keystone/contrib/ec2/core.py @@ -97,7 +97,7 @@ class Ec2Extension(wsgi.ExtensionRouter): conditions=dict(method=['DELETE'])) -@dependency.requires('catalog_api', 'ec2_api') +@dependency.requires('catalog_api', 'ec2_api', 'token_provider_api') class Ec2Controller(controller.V2Controller): def check_signature(self, creds_ref, credentials): signer = ec2_utils.Ec2Signer(creds_ref['secret']) @@ -172,17 +172,16 @@ class Ec2Controller(controller.V2Controller): tenant_id=tenant_ref['id'], metadata=metadata_ref) - token_ref = self.token_api.create_token( - token_id, dict(id=token_id, - user=user_ref, - tenant=tenant_ref, - metadata=metadata_ref)) - - # TODO(termie): i don't think the ec2 middleware currently expects a - # full return, but it contains a note saying that it - # would be better to expect a full return - return token.controllers.Auth.format_authenticate( - token_ref, roles_ref, catalog_ref) + auth_token_data = dict(user=user_ref, + tenant=tenant_ref, + metadata=metadata_ref, + id='placeholder') + (token_id, token_data) = self.token_provider_api.issue_token( + version=token.provider.V2, + token_ref=auth_token_data, + roles_ref=roles_ref, + catalog_ref=catalog_ref) + return token_data def create_credential(self, context, user_id, tenant_id): """Create a secret/access pair for use with ec2 style auth. |