diff options
Diffstat (limited to 'nova/consoleauth/manager.py')
-rw-r--r-- | nova/consoleauth/manager.py | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/nova/consoleauth/manager.py b/nova/consoleauth/manager.py new file mode 100644 index 000000000..8f86b4b8c --- /dev/null +++ b/nova/consoleauth/manager.py @@ -0,0 +1,74 @@ +#!/usr/bin/env python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright (c) 2012 Openstack, LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Auth Components for Consoles.""" + +import os +import sys +import time + +from nova import flags +from nova import log as logging +from nova import manager +from nova import utils + + +LOG = logging.getLogger('nova.consoleauth') +FLAGS = flags.FLAGS +flags.DEFINE_integer('console_token_ttl', 600, + 'How many seconds before deleting tokens') +flags.DEFINE_string('consoleauth_manager', + 'nova.consoleauth.manager.ConsoleAuthManager', + 'Manager for console auth') + + +class ConsoleAuthManager(manager.Manager): + """Manages token based authentication.""" + + def __init__(self, scheduler_driver=None, *args, **kwargs): + super(ConsoleAuthManager, self).__init__(*args, **kwargs) + self.tokens = {} + utils.LoopingCall(self._delete_expired_tokens).start(1) + + def _delete_expired_tokens(self): + now = time.time() + to_delete = [] + for k, v in self.tokens.items(): + if now - v['last_activity_at'] > FLAGS.console_token_ttl: + to_delete.append(k) + + for k in to_delete: + LOG.audit(_("Deleting Expired Token: (%s)"), k) + del self.tokens[k] + + def authorize_console(self, context, token, console_type, host, port, + internal_access_path): + self.tokens[token] = {'token': token, + 'console_type': console_type, + 'host': host, + 'port': port, + 'internal_access_path': internal_access_path, + 'last_activity_at': time.time()} + token_dict = self.tokens[token] + LOG.audit(_("Received Token: %(token)s, %(token_dict)s)"), locals()) + + def check_token(self, context, token): + token_valid = token in self.tokens + LOG.audit(_("Checking Token: %(token)s, %(token_valid)s)"), locals()) + if token_valid: + return self.tokens[token] |