keystone.contrib.ec2 package¶
Submodules¶
keystone.contrib.ec2.controllers module¶
Main entry point into the EC2 Credentials service.
This service allows the creation of access/secret credentials used for the ec2 interop layer of OpenStack.
A user can create as many access/secret pairs, each of which is mapped to a specific project. This is required because OpenStack supports a user belonging to multiple projects, whereas the signatures created on ec2-style requests don’t allow specification of which project the user wishes to act upon.
To complete the cycle, we provide a method that OpenStack services can use to validate a signature and get a corresponding OpenStack token. This token allows method calls to other services within the context the access/secret was created. As an example, Nova requests Keystone to validate the signature of a request, receives a token, and then makes a request to Glance to list images needed to perform the requested task.
-
class
keystone.contrib.ec2.controllers.Ec2Controller(*args, **kwargs)[source]¶ Bases:
keystone.contrib.ec2.controllers.Ec2ControllerCommon,keystone.common.controller.V2Controller
-
class
keystone.contrib.ec2.controllers.Ec2ControllerCommon(*args, **kwargs)[source]¶ Bases:
object-
authenticate(context, credentials=None, ec2Credentials=None)[source]¶ Validate a signed EC2 request and provide a token.
Other services (such as Nova) use this admin call to determine if a request they signed received is from a valid user.
If it is a valid signature, an OpenStack token that maps to the user/tenant is returned to the caller, along with all the other details returned from a normal token validation call.
The returned token is useful for making calls to other OpenStack services within the context of the request.
Parameters: - context – standard context
- credentials – dict of ec2 signature
- ec2Credentials – DEPRECATED dict of ec2 signature
Returns: token: OpenStack token equivalent to access key along with the corresponding service catalog and roles
-
create_credential(request, user_id, tenant_id)[source]¶ Create a secret/access pair for use with ec2 style auth.
Generates a new set of credentials that map the user/tenant pair.
Parameters: - request – current request
- user_id – id of user
- tenant_id – id of tenant
Returns: credential: dict of ec2 credential
-
delete_credential(user_id, credential_id)[source]¶ Delete a user’s access/secret pair.
Used to revoke a user’s access/secret pair
Parameters: - user_id – id of user
- credential_id – access key for credentials
Returns: bool: success
-
get_credential(user_id, credential_id)[source]¶ Retrieve a user’s access/secret pair by the access key.
Grab the full access/secret pair for a given access key.
Parameters: - user_id – id of user
- credential_id – access key for credentials
Returns: credential: dict of ec2 credential
-
-
class
keystone.contrib.ec2.controllers.Ec2ControllerV3(*args, **kwargs)[source]¶ Bases:
keystone.contrib.ec2.controllers.Ec2ControllerCommon,keystone.common.controller.V3Controller-
collection_name= 'credentials'¶
-
member_name= 'credential'¶
-