def ec3_refresh(
checkin_client_id,
checkin_client_secret,
checkin_refresh_token,
checkin_url,
auth_file,
):
# Get the right endpoint from GOCDB
access_token = refresh_access_token(checkin_client_id,
checkin_client_secret,
checkin_refresh_token, checkin_url)
auth_file_contents = []
with open(auth_file, "r") as f:
for raw_line in f.readlines():
line = raw_line.strip()
if 'OpenStack' in line:
auth_tokens = []
for token in line.split(";"):
if token.strip().startswith("password"):
access_token = token.split("=")[1].strip()
if access_token[0] in ["'", '"']:
access_token = access_token[1:-1]
# FIXME(enolfc): add verification
payload = jwt.decode(access_token, verify=False)
now = int(time.time())
expires = int(payload['exp'])
if expires - now < 300:
access_token = refresh_access_token(
checkin_client_id, checkin_client_secret,
checkin_refresh_token, checkin_url)
auth_tokens.append("password = %s" % access_token)
else:
auth_tokens.append(token.strip())
auth_file_contents.append("; ".join(auth_tokens))
elif line:
auth_file_contents.append(line)
with open(auth_file, "w+") as f:
f.write("\n".join(auth_file_contents))
def projects(checkin_client_id, checkin_client_secret, checkin_refresh_token,
checkin_url, site):
# Get the right endpoint from GOCDB
project_list = []
access_token = refresh_access_token(checkin_client_id,
checkin_client_secret,
checkin_refresh_token, checkin_url)
for ep in find_endpoint("org.openstack.nova", site=site):
os_auth_url = ep[2]
unscoped_token, _ = get_unscoped_token(os_auth_url, access_token)
project_list.extend([[p["id"], p["name"], p["enabled"], ep[0]]
for p in get_projects(os_auth_url, unscoped_token)
])
print(tabulate(project_list, headers=["id", "Name", "enabled", "site"]))
def token(
checkin_client_id,
checkin_client_secret,
checkin_refresh_token,
checkin_url,
project_id,
site,
):
# Get the right endpoint from GOCDB
access_token = refresh_access_token(checkin_client_id,
checkin_client_secret,
checkin_refresh_token, checkin_url)
# assume first one is ok
ep = find_endpoint("org.openstack.nova", site=site).pop()
os_auth_url = ep[2]
token, _ = get_scoped_token(os_auth_url, access_token, project_id)
print('export OS_TOKEN="%s"' % token)
def ec3(
checkin_client_id,
checkin_client_secret,
checkin_refresh_token,
checkin_url,
site,
project_id,
auth_file,
template_dir,
force,
):
if os.path.exists(auth_file) and not force:
print(
"Auth file already exists, not replacing unless --force option is included"
)
raise click.Abort()
access_token = refresh_access_token(checkin_client_id,
checkin_client_secret,
checkin_refresh_token, checkin_url)
# Get the right endpoint from GOCDB
# assume first one is ok
ep = find_endpoint("org.openstack.nova", site=site).pop()
os_auth_url = ep[2]
site_auth = [
"id = %s" % site, "type = OpenStack", "username = egi.eu",
"tenant = openid", "auth_version = 3.x_oidc_access_token",
"host = %s" % os_auth_url,
"domain = %s" % project_id,
"password = '******'" % access_token
]
auth_file_contents = [";".join(site_auth)]
if os.path.exists(auth_file):
with open(auth_file, "r") as f:
for line in f.readlines():
if 'OpenStack' in line:
continue
auth_file_contents.append(line)
with open(auth_file, "w+") as f:
f.write("\n".join(auth_file_contents))
if not os.path.exists(template_dir):
os.mkdir(template_dir)
with open(os.path.join(template_dir, "refresh.radl"), "w+") as f:
v = dict(client_id=checkin_client_id,
client_secret=checkin_client_secret,
refresh_token=checkin_refresh_token)
f.write(EC3_REFRESHTOKEN_TEMPLATE % v)
def env(
checkin_client_id,
checkin_client_secret,
checkin_refresh_token,
checkin_url,
project_id,
site,
):
# Get the right endpoint from GOCDB
access_token = refresh_access_token(checkin_client_id,
checkin_client_secret,
checkin_refresh_token, checkin_url)
# assume first one is ok
ep = find_endpoint("org.openstack.nova", site=site).pop()
os_auth_url = ep[2]
token, protocol = get_scoped_token(os_auth_url, access_token, project_id)
print("# environment for %s" % site)
print('export OS_AUTH_URL="%s"' % os_auth_url)
print('export OS_AUTH_TYPE="v3oidcaccesstoken"')
print('export OS_IDENTITY_PROVIDER="egi.eu"')
print('export OS_PROTOCOL="%s"' % protocol)
print('export OS_ACCESS_TOKEN="%s"' % access_token)
print('export OS_PROJECT_ID="%s"' % project_id)
