Seed code for yarf

[ta/yarf.git] / src / yarf / authentication / keystone.py

diff --git a/src/yarf/authentication/keystone.py b/src/yarf/authentication/keystone.py
new file mode 100644 (file)
index 0000000..0d0c8fd
--- /dev/null
+++ b/src/yarf/authentication/keystone.py
@@ -0,0 +1,72 @@
+# Copyright 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+from keystoneauth1.identity import v3
+from keystoneauth1 import session
+from keystoneclient.v3 import client
+from keystoneclient.v3.tokens import TokenManager
+from keystoneauth1.exceptions.http import Unauthorized, NotFound
+
+import yarf.restfullogger as logger
+
+from yarf.authentication.base_auth import BaseAuthMethod
+from yarf.restfulargs import RestConfig
+
+
+class KeystoneAuth(BaseAuthMethod):
+    def __init__(self):
+        super(KeystoneAuth, self).__init__()
+        self.logger = logger.get_logger()
+        config = RestConfig()
+        config.parse()
+        conf = config.get_section("keystone", format='dict')
+        try:
+            self.user = conf["user"]
+            self.password = conf["password"]
+            self.uri = conf["auth_uri"] + '/v3'
+            self.domain = "default"
+        except KeyError as error:
+            self.logger.error("Failed to find all the needed parameters. Authentication with Keystone not possible: {}"
+                              .format(str(error)))
+        self.auth = v3.Password(auth_url=self.uri,
+                                username=self.user,
+                                password=self.password,
+                                user_domain_id=self.domain)
+        self.sess = session.Session(auth=self.auth)
+        self.keystone = client.Client(session=self.sess)
+        self.tokenmanager = TokenManager(self.keystone)
+
+    def get_authentication(self, req):
+        try:
+            token = req.headers.get("X-Auth-Token", type=str)
+        except KeyError:
+            self.logger.error("Failed to get the authentication token from request")
+            return (False, "")
+
+        try:
+            tokeninfo = self.tokenmanager.validate(token)
+        except Unauthorized:
+            self.logger.error("Failed to authenticate with given credentials")
+            return (False, "")
+        except NotFound:
+            self.logger.error("Unauthorized token")
+            return (False, "")
+        except Exception as error:
+            self.logger.error("Failure: {}".format(str(error)))
+            return (False, "")
+
+        if 'admin' in tokeninfo.role_names:
+            return (True, 'admin')
+        return (False, "")