def authenticate(self, req, resp):
"""
Implements the authentication logic.
:param req: Request instance that will be passed through.
:type req: falcon.Request
:param resp: Response instance that will be passed through.
:type resp: falcon.Response
:raises: falcon.HTTPForbidden
"""
token = self._decode_bearer_auth(req)
if token is not None:
self.logger.debug('Token found: {0}'.format(token))
try:
# NOTE: We are assuming that if the user has access to
# the resource they should be granted access to commissaire
endpoint = self._kubernetes.base_uri + self.resource_check
self.logger.debug('Checking against {0}.'.format(endpoint))
resp = requests.get(
endpoint, headers={'Authentication': 'Bearer ' + token})
self.logger.debug('Kubernetes response: {0}'.format(
resp.json()))
# If we get a 200 then the user is valid. Anything else is
# a failure
if resp.status_code == 200:
self.logger.info(
'Accepted Kubernetes token for {0}'.format(
req.remote_addr))
return
self.logger.debug('Rejecting Kubernetes token for {0}'.format(
req.remote_addr))
except Exception as error:
self.logger.warn(
'Encountered {0} while attempting to '
'authenticate. {1}'.format(type(error), error))
raise error
# Forbid by default
raise falcon.HTTPForbidden('Forbidden', 'Forbidden')
评论列表
文章目录
