2017-02-10 00:30:07 +00:00
|
|
|
from util.config.validators import BaseValidator, ConfigValidationException
|
|
|
|
from data.users.keystone import get_keystone_users
|
|
|
|
|
|
|
|
class KeystoneValidator(BaseValidator):
|
|
|
|
name = "keystone"
|
|
|
|
|
|
|
|
@classmethod
|
2018-05-25 19:42:27 +00:00
|
|
|
def validate(cls, validator_context):
|
2017-02-10 00:30:07 +00:00
|
|
|
""" Validates the Keystone authentication system. """
|
2018-05-25 19:42:27 +00:00
|
|
|
config = validator_context.config
|
|
|
|
user = validator_context.user
|
|
|
|
user_password = validator_context.user_password
|
|
|
|
|
2017-02-10 00:30:07 +00:00
|
|
|
if config.get('AUTHENTICATION_TYPE', 'Database') != 'Keystone':
|
|
|
|
return
|
|
|
|
|
|
|
|
auth_url = config.get('KEYSTONE_AUTH_URL')
|
|
|
|
auth_version = int(config.get('KEYSTONE_AUTH_VERSION', 2))
|
|
|
|
admin_username = config.get('KEYSTONE_ADMIN_USERNAME')
|
|
|
|
admin_password = config.get('KEYSTONE_ADMIN_PASSWORD')
|
|
|
|
admin_tenant = config.get('KEYSTONE_ADMIN_TENANT')
|
|
|
|
|
|
|
|
if not auth_url:
|
|
|
|
raise ConfigValidationException('Missing authentication URL')
|
|
|
|
|
|
|
|
if not admin_username:
|
|
|
|
raise ConfigValidationException('Missing admin username')
|
|
|
|
|
|
|
|
if not admin_password:
|
|
|
|
raise ConfigValidationException('Missing admin password')
|
|
|
|
|
|
|
|
if not admin_tenant:
|
|
|
|
raise ConfigValidationException('Missing admin tenant')
|
|
|
|
|
|
|
|
requires_email = config.get('FEATURE_MAILING', True)
|
|
|
|
users = get_keystone_users(auth_version, auth_url, admin_username, admin_password, admin_tenant,
|
|
|
|
requires_email)
|
|
|
|
|
|
|
|
# Verify that the superuser exists. If not, raise an exception.
|
|
|
|
username = user.username
|
|
|
|
(result, err_msg) = users.verify_credentials(username, user_password)
|
|
|
|
if not result:
|
|
|
|
msg = ('Verification of superuser %s failed: %s \n\nThe user either does not ' +
|
|
|
|
'exist in the remote authentication system ' +
|
|
|
|
'OR Keystone auth is misconfigured.') % (username, err_msg)
|
|
|
|
raise ConfigValidationException(msg)
|