Skip to content

Commit 0d09c7d

Browse files
author
Rudolf Vriend
committed
also detect keystone ec2/s3 token authentications
1 parent c1904f5 commit 0d09c7d

File tree

3 files changed

+62
-0
lines changed

3 files changed

+62
-0
lines changed

etc/keystone.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ path_keywords:
22
- application_credentials
33
- credentials
44
- domains
5+
- ec2tokens
56
- endpoints
67
- groups
78
- implies
@@ -14,6 +15,7 @@ path_keywords:
1415
- role_assignments
1516
- role_inferences
1617
- roles
18+
- s3tokens
1719
- services
1820
- tags
1921
- tokens

watcher/cadf_strategy.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,12 @@ def _cadf_action_from_method_and_target_type_uri(self, method, path):
186186
if method == 'POST' and 'auth/tokens' in path:
187187
return taxonomy.ACTION_AUTHENTICATE
188188

189+
if method == 'POST' and 's3tokens' in path:
190+
return taxonomy.ACTION_AUTHENTICATE
191+
192+
if method == 'POST' and 'ec2tokens' in path:
193+
return taxonomy.ACTION_AUTHENTICATE
194+
189195
if method == 'GET':
190196
if path.endswith('/detail'):
191197
return taxonomy.ACTION_LIST

watcher/tests/test_keystone.py

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,52 @@ def test_cadf_action(self):
6262
),
6363
'expected': 'authenticate'
6464
},
65+
{
66+
'request': fake.create_request(
67+
path='/v3/ec2tokens',
68+
method='POST',
69+
body_dict={
70+
"credentials": {
71+
"access": "8cff51dc66594df4a2ae121f796df36c",
72+
"host": "localhost",
73+
"params": {
74+
"Action": "Test",
75+
"SignatureMethod": "HmacSHA256",
76+
"SignatureVersion": "2",
77+
"Timestamp": "2007-01-31T23:59:59Z"
78+
},
79+
"path": "/",
80+
"secret": "df8daeaa981b40cea1217fead123bc64",
81+
"signature": "Fra2UBKKtqy3GQ0mj+JqzR8GTGsbWQW+yN5Nih9ThfI=",
82+
"verb": "GET"
83+
}
84+
}
85+
),
86+
'expected': 'authenticate'
87+
},
88+
{
89+
'request': fake.create_request(
90+
path='/v3/s3tokens',
91+
method='POST',
92+
body_dict={
93+
"credentials": {
94+
"access": "8cff51dc66594df4a2ae121f796df36c",
95+
"host": "localhost",
96+
"params": {
97+
"Action": "Test",
98+
"SignatureMethod": "HmacSHA256",
99+
"SignatureVersion": "2",
100+
"Timestamp": "2007-01-31T23:59:59Z"
101+
},
102+
"path": "/",
103+
"secret": "df8daeaa981b40cea1217fead123bc64",
104+
"signature": "Fra2UBKKtqy3GQ0mj+JqzR8GTGsbWQW+yN5Nih9ThfI=",
105+
"verb": "GET"
106+
}
107+
}
108+
),
109+
'expected': 'authenticate'
110+
},
65111
{
66112
'request': fake.create_request(
67113
path='/v3/domains/b206a1900310484f8a9504754c84b067/config/b206a1900310484f8a9504754c84b067/ldap'
@@ -139,6 +185,14 @@ def test_target_type_uri(self):
139185
'request': fake.create_request(path='/v3/auth/tokens'),
140186
'expected': 'data/security/auth/tokens'
141187
},
188+
{
189+
'request': fake.create_request(path='/v3/ec2tokens'),
190+
'expected': 'data/security/ec2tokens'
191+
},
192+
{
193+
'request': fake.create_request(path='/v3/s3tokens'),
194+
'expected': 'data/security/s3tokens'
195+
},
142196
{
143197
'request': fake.create_request(
144198
path='/v3/domains/b206a1900310484f8a9504754c84b067/config/b206a1900310484f8a9504754c84b067/ldap'

0 commit comments

Comments
 (0)