diff options
author | Luis Pabon <lpabon@redhat.com> | 2013-10-10 16:53:28 -0400 |
---|---|---|
committer | Luis Pabon <lpabon@redhat.com> | 2013-10-13 19:36:20 -0700 |
commit | ac1ac5bd2171e61ba4332dcae33d8a433cef7a4f (patch) | |
tree | 9d836201435c83cf59a659124f004a03f488c1f5 /gluster/swift/common/middleware/gswauth/bin | |
parent | 46cd43fdf401b16f9e1b588e5fc8d2c5dd599b37 (diff) |
GSWauth authentication to be based on SWauth
We are planning on creating a GlusterFS aware authentication
system for gluster-swift based on SWauth.
We forked from SWauth commit
41d36ebe160aa3346f6f45197fff0c80f38fde58
Change-Id: Ia28730d21e04fc8d9ce0cb317fc04d0d97583fca
Signed-off-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6069
Diffstat (limited to 'gluster/swift/common/middleware/gswauth/bin')
8 files changed, 671 insertions, 0 deletions
diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-add-account b/gluster/swift/common/middleware/gswauth/bin/swauth-add-account new file mode 100755 index 0000000..88f8010 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-add-account @@ -0,0 +1,69 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options] <account>') + parser.add_option('-s', '--suffix', dest='suffix', + default='', help='The suffix to use with the reseller prefix as the ' + 'storage account name (default: <randomly-generated-uuid4>) Note: If ' + 'the account already exists, this will have no effect on existing ' + 'service URLs. Those will need to be updated with ' + 'swauth-set-account-service') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/)') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 1: + parser.parse_args(['-h']) + account = args[0] + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key, + 'Content-Length': '0'} + if options.suffix: + headers['X-Account-Suffix'] = options.suffix + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + exit('Account creation failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-add-user b/gluster/swift/common/middleware/gswauth/bin/swauth-add-user new file mode 100755 index 0000000..81eeac7 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-add-user @@ -0,0 +1,99 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser( + usage='Usage: %prog [options] <account> <user> <password>') + parser.add_option('-a', '--admin', dest='admin', action='store_true', + default=False, help='Give the user administrator access; otherwise ' + 'the user will only have access to containers specifically allowed ' + 'with ACLs.') + parser.add_option('-r', '--reseller-admin', dest='reseller_admin', + action='store_true', default=False, help='Give the user full reseller ' + 'administrator access, giving them full access to all accounts within ' + 'the reseller, including the ability to create new accounts. Creating ' + 'a new reseller admin requires super_admin rights.') + parser.add_option('-s', '--suffix', dest='suffix', + default='', help='The suffix to use with the reseller prefix as the ' + 'storage account name (default: <randomly-generated-uuid4>) Note: If ' + 'the account already exists, this will have no effect on existing ' + 'service URLs. Those will need to be updated with ' + 'swauth-set-account-service') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 3: + parser.parse_args(['-h']) + account, user, password = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + # Ensure the account exists + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + if options.suffix: + headers['X-Account-Suffix'] = options.suffix + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + headers['Content-Length'] = '0' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + print 'Account creation failed: %s %s' % (resp.status, resp.reason) + # Add the user + path = '%sv2/%s/%s' % (parsed_path, account, user) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key, + 'X-Auth-User-Key': password, + 'Content-Length': '0'} + if options.admin: + headers['X-Auth-User-Admin'] = 'true' + if options.reseller_admin: + headers['X-Auth-User-Reseller-Admin'] = 'true' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + exit('User creation failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens b/gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens new file mode 100755 index 0000000..54bed9d --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens @@ -0,0 +1,165 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import simplejson as json +except ImportError: + import json +import gettext +import re +from datetime import datetime, timedelta +from optparse import OptionParser +from sys import argv, exit +from time import sleep, time + +from swiftclient.client import Connection, ClientException + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options]') + parser.add_option('-t', '--token-life', dest='token_life', + default='86400', help='The expected life of tokens; token objects ' + 'modified more than this number of seconds ago will be checked for ' + 'expiration (default: 86400).') + parser.add_option('-s', '--sleep', dest='sleep', + default='0.1', help='The number of seconds to sleep between token ' + 'checks (default: 0.1)') + parser.add_option('-v', '--verbose', dest='verbose', action='store_true', + default=False, help='Outputs everything done instead of just the ' + 'deletions.') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/)') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for .super_admin.') + parser.add_option('', '--purge', dest='purge_account', help='Purges all ' + 'tokens for a given account whether the tokens have expired or not.') + parser.add_option('', '--purge-all', dest='purge_all', action='store_true', + default=False, help='Purges all tokens for all accounts and users ' + 'whether the tokens have expired or not.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 0: + parser.parse_args(['-h']) + options.admin_url = options.admin_url.rstrip('/') + if not options.admin_url.endswith('/v1.0'): + options.admin_url += '/v1.0' + options.admin_user = '.super_admin:.super_admin' + options.token_life = timedelta(0, float(options.token_life)) + options.sleep = float(options.sleep) + conn = Connection(options.admin_url, options.admin_user, options.admin_key) + if options.purge_account: + marker = None + while True: + if options.verbose: + print 'GET %s?marker=%s' % (options.purge_account, marker) + objs = conn.get_container(options.purge_account, marker=marker)[1] + if objs: + marker = objs[-1]['name'] + else: + if options.verbose: + print 'No more objects in %s' % options.purge_account + break + for obj in objs: + if options.verbose: + print 'HEAD %s/%s' % (options.purge_account, obj['name']) + headers = conn.head_object(options.purge_account, obj['name']) + if 'x-object-meta-auth-token' in headers: + token = headers['x-object-meta-auth-token'] + container = '.token_%s' % token[-1] + if options.verbose: + print '%s/%s purge account %r; deleting' % \ + (container, token, options.purge_account) + print 'DELETE %s/%s' % (container, token) + try: + conn.delete_object(container, token) + except ClientException, err: + if err.http_status != 404: + raise + continue + if options.verbose: + print 'Done.' + exit(0) + for x in xrange(16): + container = '.token_%x' % x + marker = None + while True: + if options.verbose: + print 'GET %s?marker=%s' % (container, marker) + try: + objs = conn.get_container(container, marker=marker)[1] + except ClientException, e: + if e.http_status == 404: + exit('Container %s not found. swauth-prep needs to be ' + 'rerun' % (container)) + else: + exit('Object listing on container %s failed with status ' + 'code %d' % (container, e.http_status)) + if objs: + marker = objs[-1]['name'] + else: + if options.verbose: + print 'No more objects in %s' % container + break + for obj in objs: + if options.purge_all: + if options.verbose: + print '%s/%s purge all; deleting' % \ + (container, obj['name']) + print 'DELETE %s/%s' % (container, obj['name']) + try: + conn.delete_object(container, obj['name']) + except ClientException, err: + if err.http_status != 404: + raise + continue + last_modified = datetime(*map(int, re.split('[^\d]', + obj['last_modified'])[:-1])) + ago = datetime.utcnow() - last_modified + if ago > options.token_life: + if options.verbose: + print '%s/%s last modified %ss ago; investigating' % \ + (container, obj['name'], + ago.days * 86400 + ago.seconds) + print 'GET %s/%s' % (container, obj['name']) + detail = conn.get_object(container, obj['name'])[1] + detail = json.loads(detail) + if detail['expires'] < time(): + if options.verbose: + print '%s/%s expired %ds ago; deleting' % \ + (container, obj['name'], + time() - detail['expires']) + print 'DELETE %s/%s' % (container, obj['name']) + try: + conn.delete_object(container, obj['name']) + except ClientException, e: + if e.http_status != 404: + print 'DELETE of %s/%s failed with status ' \ + 'code %d' % (container, obj['name'], + e.http_status) + elif options.verbose: + print "%s/%s won't expire for %ds; skipping" % \ + (container, obj['name'], + detail['expires'] - time()) + elif options.verbose: + print '%s/%s last modified %ss ago; skipping' % \ + (container, obj['name'], + ago.days * 86400 + ago.seconds) + sleep(options.sleep) + if options.verbose: + print 'Done.' diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-delete-account b/gluster/swift/common/middleware/gswauth/bin/swauth-delete-account new file mode 100755 index 0000000..224e3b3 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-delete-account @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options] <account>') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 1: + parser.parse_args(['-h']) + account = args[0] + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + exit('Account deletion failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-delete-user b/gluster/swift/common/middleware/gswauth/bin/swauth-delete-user new file mode 100755 index 0000000..3991d9a --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-delete-user @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options] <account> <user>') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 2: + parser.parse_args(['-h']) + account, user = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s/%s' % (parsed_path, account, user) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + exit('User deletion failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-list b/gluster/swift/common/middleware/gswauth/bin/swauth-list new file mode 100755 index 0000000..c49af04 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-list @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import simplejson as json +except ImportError: + import json +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage=''' +Usage: %prog [options] [account] [user] + +If [account] and [user] are omitted, a list of accounts will be output. + +If [account] is included but not [user], an account's information will be +output, including a list of users within the account. + +If [account] and [user] are included, the user's information will be output, +including a list of groups the user belongs to. + +If the [user] is '.groups', the active groups for the account will be listed. +'''.strip()) + parser.add_option('-p', '--plain-text', dest='plain_text', + action='store_true', default=False, help='Changes the output from ' + 'JSON to plain text. This will cause an account to list only the ' + 'users and a user to list only the groups.') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) > 2: + parser.parse_args(['-h']) + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s' % (parsed_path, '/'.join(args)) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + body = resp.read() + if resp.status // 100 != 2: + exit('List failed: %s %s' % (resp.status, resp.reason)) + if options.plain_text: + info = json.loads(body) + for group in info[['accounts', 'users', 'groups'][len(args)]]: + print group['name'] + else: + print body diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-prep b/gluster/swift/common/middleware/gswauth/bin/swauth-prep new file mode 100755 index 0000000..bf2384f --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-prep @@ -0,0 +1,59 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options]') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if args: + parser.parse_args(['-h']) + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/.prep' % parsed_path + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + exit('Auth subsystem prep failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service b/gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service new file mode 100755 index 0000000..b0bed38 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service @@ -0,0 +1,73 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import simplejson as json +except ImportError: + import json +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('swauth', unicode=1) + parser = OptionParser(usage=''' +Usage: %prog [options] <account> <service> <name> <value> + +Sets a service URL for an account. Can only be set by a reseller admin. + +Example: %prog -K swauthkey test storage local http://127.0.0.1:8080/v1/AUTH_018c3946-23f8-4efb-a8fb-b67aae8e4162 +'''.strip()) + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/)') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 4: + parser.parse_args(['-h']) + account, service, name, url = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s/.services' % (parsed_path, account) + body = json.dumps({service: {name: url}}) + headers = {'Content-Length': str(len(body)), + 'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, + ssl=(parsed.scheme == 'https')) + conn.send(body) + resp = conn.getresponse() + if resp.status // 100 != 2: + exit('Service set failed: %s %s' % (resp.status, resp.reason)) |