from os import path
from base_topic import BaseTopic # To allow project names in project_id
-from authconn import AuthException
+from authconn import AuthException, AuthExceptionUnauthorized
from authconn_keystone import AuthconnKeystone
from osm_common import dbmongo
from osm_common import dbmemory
if not token:
raise AuthException("Needed a token or Authorization http header",
http_code=HTTPStatus.UNAUTHORIZED)
- try:
- token_info = self.backend.validate_token(token)
- # TODO add to token info remote host, port
-
- self.check_permissions(token_info, cherrypy.request.path_info,
- cherrypy.request.method)
- return token_info
- except AuthException:
- self.del_token(token)
- raise
+ token_info = self.backend.validate_token(token)
+ # TODO add to token info remote host, port
+
+ self.check_permissions(token_info, cherrypy.request.path_info,
+ cherrypy.request.method)
+ return token_info
except AuthException as e:
- if cherrypy.session.get('Authorization'):
- del cherrypy.session['Authorization']
- cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
- raise AuthException(str(e))
+ if not isinstance(e, AuthExceptionUnauthorized):
+ if cherrypy.session.get('Authorization'):
+ del cherrypy.session['Authorization']
+ cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
+ raise
def new_token(self, session, indata, remote):
if self.config["authentication"]["backend"] == "internal":
if role in roles_required:
return
- raise AuthException("Access denied: lack of permissions.")
+ raise AuthExceptionUnauthorized("Access denied: lack of permissions.")
def get_user_list(self):
return self.backend.get_user_list()
class AuthException(Exception):
"""
- Authentication error.
+ Authentication error, because token, user password not recognized
"""
def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
super(AuthException, self).__init__(message)
self.http_code = http_code
+class AuthExceptionUnauthorized(AuthException):
+ """
+ Authentication error, because not having rights to make this operation
+ """
+ pass
+
+
class AuthconnException(Exception):
"""
Common and base class Exception for all authconn exceptions.
"POST /nslcm/v1/ns_instances/<nsInstanceId>/scale": "ns_instances:id:scale:post"
- "GET /nslcm/v1/ns_instances/<nsInstanceId>/ns_lcm_op_occs": "ns_instances:id:opps:get"
+ "GET /nslcm/v1/ns_lcm_op_occs": "ns_instances:opps:get"
- "GET /nslcm/v1/ns_instances/<nsInstanceId>/ns_lcm_op_occs/<nsLcmOpOccId>": "ns_instances:id:opps:id:get"
+ "GET /nslcm/v1/ns_lcm_op_occs/<nsLcmOpOccId>": "ns_instances:opps:id:get"
################################################################################
################################# VNF Instances ################################
"POST /nsilcm/v1/netslice_instances/<SliceInstanceId>/action": "slice_instances:id:action:post"
- "GET /nsilcm/v1/netslice_instances/<SliceInstanceId>/nsi_lcm_op_occs": "slice_instances:id:opps:get"
+ "GET /nsilcm/v1/nsi_lcm_op_occs": "slice_instances:opps:get"
- "GET /nsilcm/v1/netslice_instances/<SliceInstanceId>/nsi_lcm_op_occs/<nsiLcmOpOccId>": "slice_instances:id:opps:id:get"
+ "GET /nsilcm/v1/nsi_lcm_op_occs/<nsiLcmOpOccId>": "slice_instances:opps:id:get"
################################################################################
-############################ Admin ####################################
+############################ QUERY STRING admin operations #####################
################################################################################
"GET ADMIN": "admin"
projects / osm / NBI.git / commitdiff