How to use the keystonemiddleware.i18n._LI function in keystonemiddleware
To help you get started, we’ve selected a few keystonemiddleware examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
openstack / keystonemiddleware / keystonemiddleware / auth_token / __init__.py View on Github 
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info(_LI('Named bind mode %s not in bind information'),
name)
self._invalid_user_token()
for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
'not present.'))
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info(_LI('Kerberos credentials do not match '
'those in bind.'))
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.')
elif self._enforce_token_bind == _BIND_MODE.PERMISSIVE:
self.log.debug('Ignoring Unknown bind for permissive mode: '
'%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type,
'identifier': identifier})
else:
self.log.info(
_LI('Couldn`t verify unknown bind: %(bind_type)s: '
'%(identifier)s.'),
{'bind_type': bind_type, 'identifier': identifier})# if no user token is present then that's an invalid request
request.user_token_valid = False
# NOTE(jamielennox): The service status is allowed to be missing if a
# service token is not passed. If the service status is missing that's
# a valid request. We should find a better way to expose this from the
# request object.
user_status = request.user_token and request.user_token_valid
service_status = request.headers.get('X-Service-Identity-Status',
'Confirmed')
if not (user_status and service_status == 'Confirmed'):
if self._delay_auth_decision:
self.log.info(_LI('Deferring reject downstream'))
else:
self.log.info(_LI('Rejecting request'))
self._reject_request()
if request.user_token_valid:
user_auth_ref = request.token_auth._user_auth_ref
request.set_user_headers(user_auth_ref)
if self._include_service_catalog:
request.set_service_catalog_headers(user_auth_ref)
if request.service_token and request.service_token_valid:
request.set_service_headers(request.token_auth._serv_auth_ref)
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug('Received request from %s',
request.token_auth._log_format)# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info(_LI('Named bind mode %s not in bind information'),
name)
self._invalid_user_token()
for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
'not present.'))
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info(_LI('Kerberos credentials do not match '
'those in bind.'))
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.')
elif self._enforce_token_bind == _BIND_MODE.PERMISSIVE:
self.log.debug('Ignoring Unknown bind for permissive mode: '
'%(bind_type)s: %(identifier)s.',
{'bind_type': bind_type,
'identifier': identifier})if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
else:
self.log.info(_LI('No bind information present in token.'))
self._invalid_user_token()
# get the named mode if bind_mode is not one of the predefined
if permissive or self._enforce_token_bind == _BIND_MODE.REQUIRED:
name = None
else:
name = self._enforce_token_bind
if name and name not in auth_ref.bind:
self.log.info(_LI('Named bind mode %s not in bind information'),
name)
self._invalid_user_token()
for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
'not present.'))
self._invalid_user_token()
if req.remote_user != identifier:
self.log.info(_LI('Kerberos credentials do not match '
'those in bind.'))
self._invalid_user_token()
self.log.debug('Kerberos bind authentication successful.'):param request: Incoming request
:type request: _request.AuthTokenRequest
"""
user_auth_ref = None
serv_auth_ref = None
if request.user_token:
self.log.debug('Authenticating user token')
try:
data, user_auth_ref = self._do_fetch_token(request.user_token)
self._validate_token(user_auth_ref)
self._confirm_token_bind(user_auth_ref, request)
except ksm_exceptions.InvalidToken:
self.log.info(_LI('Invalid user token'))
request.user_token_valid = False
else:
request.user_token_valid = True
request.token_info = data
if request.service_token:
self.log.debug('Authenticating service token')
try:
_, serv_auth_ref = self._do_fetch_token(request.service_token)
self._validate_token(serv_auth_ref)
self._confirm_token_bind(serv_auth_ref, request)
except ksm_exceptions.InvalidToken:
self.log.info(_LI('Invalid service token'))
request.service_token_valid = False
else:
request.service_token_valid = Trueself._confirm_token_bind(user_auth_ref, request)
except ksm_exceptions.InvalidToken:
self.log.info(_LI('Invalid user token'))
request.user_token_valid = False
else:
request.user_token_valid = True
request.token_info = data
if request.service_token:
self.log.debug('Authenticating service token')
try:
_, serv_auth_ref = self._do_fetch_token(request.service_token)
self._validate_token(serv_auth_ref)
self._confirm_token_bind(serv_auth_ref, request)
except ksm_exceptions.InvalidToken:
self.log.info(_LI('Invalid service token'))
request.service_token_valid = False
else:
request.service_token_valid = True
request.token_auth = _user_plugin.UserAuthPlugin(user_auth_ref,
serv_auth_ref)def __init__(self, app, conf):
log = logging.getLogger(conf.get('log_name', __name__))
log.info(_LI('Starting Keystone auth_token middleware'))
# NOTE(wanghong): If options are set in paste file, all the option
# values passed into conf are string type. So, we should convert the
# conf value into correct type.
self._conf = _conf_values_type_convert(conf)
# NOTE(sileht): If we don't want to use oslo.config global object
# we can set the paste "oslo_config_project" and the middleware
# will load the configuration with a local oslo.config object.
self._local_oslo_config = None
if 'oslo_config_project' in conf:
if 'oslo_config_file' in conf:
default_config_files = [conf['oslo_config_file']]
else:
default_config_files = Nonekeystonemiddleware
Middleware for OpenStack Identity
Package Health Score
82 / 100Popular keystonemiddleware functions
- keystonemiddleware.auth_token
- keystonemiddleware.auth_token.__init__._BIND_MODE
- keystonemiddleware.auth_token._auth
- keystonemiddleware.auth_token._base
- keystonemiddleware.auth_token._base.AUTHTOKEN_GROUP
- keystonemiddleware.auth_token._cache.SecureTokenCache
- keystonemiddleware.auth_token._cache.TokenCache
- keystonemiddleware.auth_token._exceptions
- keystonemiddleware.auth_token._exceptions.ConfigurationError
- keystonemiddleware.auth_token._exceptions.InvalidToken
- keystonemiddleware.auth_token._exceptions.ServiceError
- keystonemiddleware.auth_token._user_plugin.UserAuthPlugin
- keystonemiddleware.auth_token.AuthProtocol
- keystonemiddleware.auth_token.filter_factory
- keystonemiddleware.i18n._
- keystonemiddleware.i18n._LI
- keystonemiddleware.i18n._LW
- keystonemiddleware.openstack.common.gettextutils.Message