1. 身份认证
在前一章中, 介绍了路由的过程, 这样我们就能URL中轻易地找到所对应的需要执行的代码。在这一章中, 我们看看具体的一个认证请求是如何被处理的。
假设有如下一个请求:
$ curl -s -X POST http://8.21.28.222:35357/v2.0/tokens \
-H "Content-Type: application/json" \
-d '{"auth": {"tenantName": "'"$OS_TENANT_NAME"'", "passwordCredentials":
{"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' \
| python -m json.tool
从Keystone.paste.ini中/v2.0 = admin_api
, 可以找出对应的流水线为admin_api
, 然后找到流水线的最一个点如下:
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
最后可以在token/routers可以找到如下一条路由:
from keystone.token import controllers
...
token_controller = controllers.Auth()
mapper.connect('/tokens',
controller=token_controller,
action='authenticate',
conditions=dict(method=['POST']))
所以对应的controller为keystone.token.controllers.Auth, action为authenticate,找到对应的方法, 其代码如下:
def authenticate(self, context, auth=None):
"""Authenticate credentials and return a token.
Accept auth as a dict that looks like::
{
"auth":{
"passwordCredentials":{
"username":"test_user",
"password":"mypass"
},
"tenantName":"customer-x"
}
}
In this case, tenant is optional, if not provided the token will be
considered "unscoped" and can later be used to get a scoped token.
Alternatively, this call accepts auth with only a token and tenant
that will return a token that is scoped to that tenant.
"""
if auth is None:
raise exception.ValidationError(attribute='auth',
target='request body')
auth_token_data = None
if "token" in auth:
# Try to authenticate using a token
auth_info = self._authenticate_token(
context, auth)
else:
# Try external authentication
try:
auth_info = self._authenticate_external(