Merge pull request #197 from coreos-inc/keystone

Add Keystone Auth
2015-07-22 13:38:47 -04:00 · 2015-07-22 13:38:47 -04:00 · 5d86fa80e7
commit 5d86fa80e7
parent 5a9d4155ad 38a6b3621c
19 changed files with 684 additions and 456 deletions
--- a/endpoints/api/suconfig.py
+++ b/endpoints/api/suconfig.py
@ -13,10 +13,12 @@ from app import app, CONFIG_PROVIDER, superusers
 from data import model
 from data.database import configure
 from auth.permissions import SuperUserPermission
+from auth.auth_context import get_authenticated_user
 from data.database import User
 from util.config.configutil import add_enterprise_config_defaults
 from util.config.validator import validate_service_for_config, CONFIG_FILENAMES
 from data.runmigration import run_alembic_migration
+from data.users import get_federated_service_name

 import features

@ -208,6 +210,13 @@ class SuperUserConfig(ApiResource):
      # Write the configuration changes to the YAML file.
      CONFIG_PROVIDER.save_yaml(config_object)

+      # If the authentication system is not the database, link the superuser account to the
+      # the authentication system chosen.
+      if config_object.get('AUTHENTICATION_TYPE', 'Database') != 'Database':
+        service_name = get_federated_service_name(config_object['AUTHENTICATION_TYPE'])
+        current_user = get_authenticated_user()
+        model.user.confirm_attached_federated_login(current_user, service_name)
+
      return {
        'exists': True,
        'config': config_object
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -395,7 +395,7 @@ def conduct_signin(username_or_email, password):

  verified = None
  try:
-    (verified, error_message) = authentication.verify_user(username_or_email, password)
+    (verified, error_message) = authentication.verify_and_link_user(username_or_email, password)
  except model.user.TooManyUsersException as ex:
    raise license_error(exception=ex)

@ -457,7 +457,7 @@ class ConvertToOrganization(ApiResource):
    # Ensure that the sign in credentials work.
    admin_username = convert_data['adminUser']
    admin_password = convert_data['adminPassword']
-    (admin_user, _) = authentication.verify_user(admin_username, admin_password)
+    (admin_user, _) = authentication.verify_and_link_user(admin_username, admin_password)
    if not admin_user:
      raise request_error(reason='invaliduser',
                          message='The admin user credentials are not valid')