if cherrypy.session.get('Authorization'):
del cherrypy.session['Authorization']
cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
+ elif self.config.get("user_not_authorized"):
+ # TODO provide user_id, roles id (not name), project_id
+ return {"id": "fake-token-id-for-test",
+ "project_id": self.config.get("project_not_authorized", "admin"),
+ "username": self.config["user_not_authorized"],
+ "roles": ["system_admin"]}
raise
def new_token(self, token_info, indata, remote):
self.logger = logging.getLogger("nbi.authenticator.internal")
- # Get Configuration
- # self.xxx = config.get("xxx", "default")
-
self.db = db
self.token_cache = token_cache
else:
raise
except AuthException:
- if self.config["global"].get("test.user_not_authorized"):
- return {"id": "fake-token-id-for-test",
- "project_id": self.config["global"].get("test.project_not_authorized", "admin"),
- "username": self.config["global"]["test.user_not_authorized"], "admin": True}
- else:
- raise
+ raise
except Exception:
self.logger.exception("Error during token validation using internal backend")
raise AuthException("Error during token validation using internal backend",
server.ssl_pass_phrase: "osm4u"
server.thread_pool: 10
-# Only for test. It works without authorization using the provided user and project:
-# test.user_not_authorized: "admin"
-# test.project_not_authorized: "admin"
-
# Uncomment for allow basic authentication apart from bearer
# auth.allow_basic_authentication: True
group_id: "nbi-server"
[authentication]
-backend: "internal"
+backend: "internal" # internal or keystone
+# Only for test. It works without authorization using the provided user and project:
+# user_not_authorized: "admin"
+# project_not_authorized: "admin"
[rbac]
# roles_to_operations: "roles_to_operations.yml" # initial role generation when database
projects / osm / NBI.git / commitdiff