def Client(self): sess = None keystone = None version = self.conf.os_identity_api_version # switch on keystoneauth1 if self.conf.use_keystoneauth1: globals()['v2'] = authv2 globals()['v3'] = authv3 globals()['session'] = auth_session if self.conf.keystoneauth1.use_loading: if self.conf.debug: plugin_loaders = loading.get_available_plugin_loaders() avail_plugins = loading.get_available_plugin_names() logger.debug('Available plugin loaders: %s' % sorted(plugin_loaders.iteritems())) logger.debug('Available plugins: %s' % sorted(avail_plugins)) loader = loading.get_plugin_loader('password') self.logger.debug('loader: %s' % loader) auth_args = self._get_auth_args() auth = loader.load_from_options(**auth_args) # Discover with session if self.conf.keystoneauth1.use_discovery: if self.conf.null_session_discovery: # gem from ceilometerclient.client... s = session.Session() else: s = session.Session(auth=auth) url = self.os_service_endpoint discover = kauth_discover.Discover(session=s, url=url) self.logger.debug('discover: %s' % discover) self.logger.debug('discovered version data: %s' % discover.version_data()) disc_auth_url = discover.url_for(version) self.logger.debug('discovered urls: %s' % disc_auth_url) # Re-init auth args and auth... # Not doing this generates interesting error using Identity v3: (remove and attempt v2 for magic!!) # keystoneauth1.exceptions.http.Forbidden: You are not authorized to perform the requested action: identity:list_projects auth_kwargs = self._get_auth_args(auth_url=disc_auth_url, version=version) auth = loader.load_from_options(**auth_kwargs) else: raise Exception('Non-discovery approach not implemented.') else: auth = self._get_password_auth() if not self.conf.keystoneauth1.use_sessions: raise Exception('Non-session approach not supported.') sess = session.Session(auth=auth) keystone = keystoneclient.client.Client(version, session=sess) else: # Using deprecated keystoneclient mechanisms # TODO: try generic passwords -- not possible w/o keystoneauth1 auth = self._get_password_auth() if self.conf.keystoneclient.use_sessions: # TODO: use discovery if self.conf.keystoneclient.use_discovery: # ^^^ seems not possible without versioned urls? auth_args = self._get_auth_args() # TODO: could i use keystoneauth1 loading here...? auth = self._get_password_auth(**auth_args) sess = legacy_session.Session(auth=auth) # /home/kmidzi/projects/rdtibcc-679/local/lib/python2.7/site-packages/keystoneclient/session.py:17 # what is implication of import keystoneauth1? advent? try: url = self.os_service_endpoint discover = ks_discover.Discover(session=sess, url=url) self.logger.debug('discover: %s' % discover) self.logger.debug('discovered version data: %s' % discover.version_data()) disc_auth_url = discover.url_for(version) self.logger.debug('discovered urls: %s' % disc_auth_url) except Exception as e: raise (Exception('Could not discover: %s' % e.message)) else: sess = keystoneclient.session.Session(auth=auth) # keystoneclient.exceptions.DiscoveryFailure: Not enough information to determine URL. Provide either auth_url or endpoint keystone = keystoneclient.client.Client(version, session=sess) else: raise Exception('Non-session approach not implemented.') self._sess = sess self.logger.info('Auth object: %s' % auth) self.logger.info('Session object: %s' % sess) return keystone
def register_argparse_arguments(self, parser, argv, service_keys=None): """Register all of the common argparse options needed. Given an argparse parser, register the keystoneauth Session arguments, the keystoneauth Auth Plugin Options and os-cloud. Also, peek in the argv to see if all of the auth plugin options should be registered or merely the ones already configured. :param argparse.ArgumentParser: parser to attach argparse options to :param list argv: the arguments provided to the application :param string service_keys: Service or list of services this argparse should be specialized for, if known. The first item in the list will be used as the default value for service_type (optional) :raises exceptions.OpenStackConfigException if an invalid auth-type is requested """ if service_keys is None: service_keys = [] # Fix argv in place - mapping any keys with embedded _ in them to - _fix_argv(argv) local_parser = argparse_mod.ArgumentParser(add_help=False) for p in (parser, local_parser): p.add_argument('--os-cloud', metavar='<name>', default=os.environ.get('OS_CLOUD', None), help='Named cloud to connect to') # we need to peek to see if timeout was actually passed, since # the keystoneauth declaration of it has a default, which means # we have no clue if the value we get is from the ksa default # for from the user passing it explicitly. We'll stash it for later local_parser.add_argument('--timeout', metavar='<timeout>') # We need for get_one_cloud to be able to peek at whether a token # was passed so that we can swap the default from password to # token if it was. And we need to also peek for --os-auth-token # for novaclient backwards compat local_parser.add_argument('--os-token') local_parser.add_argument('--os-auth-token') # Peek into the future and see if we have an auth-type set in # config AND a cloud set, so that we know which command line # arguments to register and show to the user (the user may want # to say something like: # openstack --os-cloud=foo --os-oidctoken=bar # although I think that user is the cause of my personal pain options, _args = local_parser.parse_known_args(argv) if options.timeout: self._argv_timeout = True # validate = False because we're not _actually_ loading here # we're only peeking, so it's the wrong time to assert that # the rest of the arguments given are invalid for the plugin # chosen (for instance, --help may be requested, so that the # user can see what options he may want to give cloud = self.get_one_cloud(argparse=options, validate=False) default_auth_type = cloud.config['auth_type'] try: loading.register_auth_argparse_arguments(parser, argv, default=default_auth_type) except Exception: # Hidiing the keystoneauth exception because we're not actually # loading the auth plugin at this point, so the error message # from it doesn't actually make sense to os-client-config users options, _args = parser.parse_known_args(argv) plugin_names = loading.get_available_plugin_names() raise exceptions.OpenStackConfigException( "An invalid auth-type was specified: {auth_type}." " Valid choices are: {plugin_names}.".format( auth_type=options.os_auth_type, plugin_names=",".join(plugin_names))) if service_keys: primary_service = service_keys[0] else: primary_service = None loading.register_session_argparse_arguments(parser) adapter.register_adapter_argparse_arguments( parser, service_type=primary_service) for service_key in service_keys: # legacy clients have un-prefixed api-version options parser.add_argument('--{service_key}-api-version'.format( service_key=service_key.replace('_', '-'), help=argparse_mod.SUPPRESS)) adapter.register_service_adapter_argparse_arguments( parser, service_type=service_key) # Backwards compat options for legacy clients parser.add_argument('--http-timeout', help=argparse_mod.SUPPRESS) parser.add_argument('--os-endpoint-type', help=argparse_mod.SUPPRESS) parser.add_argument('--endpoint-type', help=argparse_mod.SUPPRESS)
def register_argparse_arguments(self, parser, argv, service_keys=[]): """Register all of the common argparse options needed. Given an argparse parser, register the keystoneauth Session arguments, the keystoneauth Auth Plugin Options and os-cloud. Also, peek in the argv to see if all of the auth plugin options should be registered or merely the ones already configured. :param argparse.ArgumentParser: parser to attach argparse options to :param list argv: the arguments provided to the application :param string service_keys: Service or list of services this argparse should be specialized for, if known. The first item in the list will be used as the default value for service_type (optional) :raises exceptions.OpenStackConfigException if an invalid auth-type is requested """ local_parser = argparse_mod.ArgumentParser(add_help=False) for p in (parser, local_parser): p.add_argument( '--os-cloud', metavar='<name>', default=os.environ.get('OS_CLOUD', None), help='Named cloud to connect to') # we need to peek to see if timeout was actually passed, since # the keystoneauth declaration of it has a default, which means # we have no clue if the value we get is from the ksa default # for from the user passing it explicitly. We'll stash it for later local_parser.add_argument('--timeout', metavar='<timeout>') # Peek into the future and see if we have an auth-type set in # config AND a cloud set, so that we know which command line # arguments to register and show to the user (the user may want # to say something like: # openstack --os-cloud=foo --os-oidctoken=bar # although I think that user is the cause of my personal pain options, _args = local_parser.parse_known_args(argv) if options.timeout: self._argv_timeout = True # validate = False because we're not _actually_ loading here # we're only peeking, so it's the wrong time to assert that # the rest of the arguments given are invalid for the plugin # chosen (for instance, --help may be requested, so that the # user can see what options he may want to give cloud = self.get_one_cloud(argparse=options, validate=False) default_auth_type = cloud.config['auth_type'] try: loading.register_auth_argparse_arguments( parser, argv, default=default_auth_type) except Exception: # Hidiing the keystoneauth exception because we're not actually # loading the auth plugin at this point, so the error message # from it doesn't actually make sense to os-client-config users options, _args = parser.parse_known_args(argv) plugin_names = loading.get_available_plugin_names() raise exceptions.OpenStackConfigException( "An invalid auth-type was specified: {auth_type}." " Valid choices are: {plugin_names}.".format( auth_type=options.os_auth_type, plugin_names=",".join(plugin_names))) if service_keys: primary_service = service_keys[0] else: primary_service = None loading.register_session_argparse_arguments(parser) adapter.register_adapter_argparse_arguments( parser, service_type=primary_service) for service_key in service_keys: # legacy clients have un-prefixed api-version options parser.add_argument( '--{service_key}-api-version'.format( service_key=service_key.replace('_', '-'), help=argparse_mod.SUPPRESS)) adapter.register_service_adapter_argparse_arguments( parser, service_type=service_key) # Backwards compat options for legacy clients parser.add_argument('--http-timeout', help=argparse_mod.SUPPRESS) parser.add_argument('--os-endpoint-type', help=argparse_mod.SUPPRESS) parser.add_argument('--endpoint-type', help=argparse_mod.SUPPRESS)