Example 1 with AuthTokenResponse
use of com.emc.storageos.keystone.restapi.model.response.AuthTokenResponse in project coprhd-controller by CoprHD.
the class AbstractRequestWrapperFilter method createStorageOSUserUsingKeystone.
private StorageOSUser createStorageOSUserUsingKeystone(String keystoneUserAuthToken) {
_log.debug("START - createStorageOSUserUsingKeystone ");
StorageOSUser osUser = null;
// Get the required AuthenticationProvider
List<URI> authProvidersUri = _dbClient.queryByType(AuthnProvider.class, true);
List<AuthnProvider> allProviders = _dbClient.queryObject(AuthnProvider.class, authProvidersUri);
AuthnProvider keystoneAuthProvider = null;
for (AuthnProvider provider : allProviders) {
if (AuthnProvider.ProvidersType.keystone.toString().equalsIgnoreCase(provider.getMode())) {
keystoneAuthProvider = provider;
// We are interested in keystone provider only
break;
}
}
if (null != keystoneAuthProvider) {
// From the AuthProvider, get the, managedDn, password, server URL and the admin token
Set<String> serverUris = keystoneAuthProvider.getServerUrls();
URI baseUri = null;
for (String uri : serverUris) {
baseUri = URI.create(uri);
// Single URI will be present
break;
}
String managerDn = keystoneAuthProvider.getManagerDN();
String password = keystoneAuthProvider.getManagerPassword();
Set<String> domains = keystoneAuthProvider.getDomains();
String adminToken = keystoneAuthProvider.getKeys().get(KeystoneConstants.AUTH_TOKEN);
String userName = managerDn.split(",")[0].split("=")[1];
String tenantName = managerDn.split(",")[1].split("=")[1];
// Invoke keystone API to validate the token
KeystoneApiClient apiClient = (KeystoneApiClient) _keystoneFactory.getRESTClient(baseUri, userName, password);
apiClient.setTenantName(tenantName);
apiClient.setAuthToken(adminToken);
// From the validation result, read the user role and tenantId
AuthTokenResponse validToken = apiClient.validateUserToken(keystoneUserAuthToken);
String openstackTenantId = validToken.getAccess().getToken().getTenant().getId();
String tempDomain = "";
for (String domain : domains) {
tempDomain = domain;
userName = userName + "@" + domain;
// There will be a single domain
break;
}
// convert the openstack tenant id to vipr tenant id
String viprTenantId = getViPRTenantId(openstackTenantId, tempDomain);
if (null == viprTenantId) {
_log.warn("There is no mapping for the OpenStack Tenant in ViPR");
throw APIException.notFound.openstackTenantNotFound(openstackTenantId);
}
_log.debug("Creating OSuser with userName:" + userName + " tenantId:" + viprTenantId);
osUser = new StorageOSUser(userName, viprTenantId);
// TODO - remove this once the keystone api is fixed to is_admin=1|0 based on the roles in OpenStack
osUser.addRole(Role.TENANT_ADMIN.toString());
// Map the role to ViPR role
int role_num = validToken.getAccess().getMetadata().getIs_admin();
if (role_num == 1) {
osUser.addRole(Role.TENANT_ADMIN.toString());
}
}
_log.debug("END - createStorageOSUserUsingKeystone ");
return osUser;
}
Also used :
AuthTokenResponse(com.emc.storageos.keystone.restapi.model.response.AuthTokenResponse)
KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient)
URI(java.net.URI)
Aggregations
KeystoneApiClient (com.emc.storageos.keystone.restapi.KeystoneApiClient)1
AuthTokenResponse (com.emc.storageos.keystone.restapi.model.response.AuthTokenResponse)1
URI (java.net.URI)1
