def __init__(self,
host='127.0.0.1',
version='2',
port=None,
user='******',
password=None,
debug=False,
project=None,
domain='Default',
auth_url=None):
self.debug = debug
self.host = host
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=auth_url,
username=user,
password=password,
project_name=project,
user_domain_name=domain,
project_domain_name=domain)
sess = session.Session(auth=auth)
self.nova = novaclient.Client(version, session=sess)
self.glance = glanceclient(version, session=sess)
self.cinder = cinderclient.Client(version, session=sess)
self.neutron = neutronclient(session=sess)
self.conn = self.nova
self.project = project
return
def add_auth_opts(options, service_type=None):
"""Add auth options to sample config
As these are dynamically registered at runtime,
this adds options for most used auth_plugins
when generating sample config.
"""
def add_options(opts, opts_to_add):
for new_opt in opts_to_add:
for opt in opts:
if opt.name == new_opt.name:
break
else:
opts.append(new_opt)
opts = copy.deepcopy(options)
opts.insert(0, ks_loading.get_auth_common_conf_options()[0])
# NOTE(dims): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
plugin = ks_loading.get_plugin_loader(name)
add_options(opts, ks_loading.get_auth_plugin_conf_options(plugin))
add_options(opts, ks_loading.get_session_conf_options())
if service_type:
adapter_opts = ks_loading.get_adapter_conf_options(
include_deprecated=False)
# adding defaults for valid interfaces
cfg.set_defaults(adapter_opts,
service_type=service_type,
valid_interfaces=DEFAULT_VALID_INTERFACES)
add_options(opts, adapter_opts)
opts.sort(key=lambda x: x.name)
return opts
def test_client_manager_k2k_auth_setup(self):
loader = loading.get_plugin_loader('password')
auth_plugin = loader.load_from_options(**AUTH_DICT)
cli_options = defaults.get_defaults()
cli_options.update({
'auth_type': 'password',
'auth': AUTH_DICT,
'interface': fakes.INTERFACE,
'region_name': fakes.REGION_NAME,
'service_provider': fakes.SERVICE_PROVIDER_ID,
'remote_project_id': fakes.PROJECT_ID
})
client_manager = self._clientmanager_class()(
cli_options=cloud_config.CloudConfig(
name='t1',
region='1',
config=cli_options,
auth_plugin=auth_plugin,
),
api_version={
'identity': '3',
},
)
self.assertFalse(client_manager._auth_setup_completed)
client_manager.setup_auth()
# Note(knikolla): Make sure that the auth object is of the correct
# type and that the service_provider is correctly set.
self.assertIsInstance(client_manager.auth, k2k.Keystone2Keystone)
self.assertEqual(client_manager.auth._sp_id, fakes.SERVICE_PROVIDER_ID)
self.assertEqual(client_manager.auth.project_id, fakes.PROJECT_ID)
self.assertTrue(client_manager._auth_setup_completed)
def get_keystone_plugin_loader(auth, keystone_session):
cred = parse_auth_credential_to_dict(auth)
auth_plugin = ks_loading.get_plugin_loader(
cred.get('auth_type')).load_from_options(
**cred.get('auth'))
validate_auth_plugin(auth_plugin, keystone_session)
return auth_plugin
def __init_keystone_session_v2(self, check=False):
"""Create and return a session object using Keystone API v2."""
from keystoneauth1 import loading as keystone_v2
loader = keystone_v2.get_plugin_loader('password')
auth = loader.load_from_options(
auth_url=self._os_auth_url,
username=self._os_username,
password=self._os_password,
project_name=self._os_tenant_name,
)
sess = keystoneauth1.session.Session(auth=auth, verify=self._os_cacert)
if check:
log.debug("Checking that Keystone API v2 session works...")
try:
# if session is invalid, the following will raise some exception
nova = nova_client.Client(self._compute_api_version, session=sess, cacert=self._os_cacert)
nova.flavors.list()
except keystoneauth1.exceptions.NotFound as err:
log.warning("Creating Keystone v2 session failed: %s", err)
return None
except keystoneauth1.exceptions.ClientException as err:
log.error("OpenStack server rejected request (likely configuration error?): %s", err)
return None # FIXME: should we be raising an error instead?
# if we got to this point, v2 session is valid
log.info("Using Keystone API v2 session to authenticate to OpenStack")
return sess
def start_heat_connection(AUTH_URL=None,
USERNAME=None,
PASSWORD=None,
PROJECT_NAME=None,
TENANT_ID=None,
TENANT_NAME=None,
USER_DOMAIN_ID="default",
USER_DOMAIN_NAME="default",
PROJECT_DOMAIN_ID="default"):
from heatclient import client
from keystoneauth1 import loading
from keystoneauth1 import session
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=AUTH_URL,
username=USERNAME,
password=PASSWORD,
project_name=PROJECT_NAME,
user_domain_name=USER_DOMAIN_NAME,
user_domain_id=USER_DOMAIN_ID,
project_domain_id=PROJECT_DOMAIN_ID)
# auth = loader.load_from_options(auth_url=AUTH_URL,
# username=USERNAME,
# password=PASSWORD,
# tenant_id=TENANT_ID,
# tenant_name=TENANT_NAME,
# project_name=PROJECT_NAME)
sess = session.Session(auth=auth)
heat = client.Client('1', session=sess)
heat.stacks.list()
return heat
def get_openstack_clients(config):
""" gets a tuple of various openstack clients.
(novaclient, neutronclient, cinderclient).
Caller can pick up one or all of the returned clients.
"""
if config:
if config.get('M2M_CREDENTIAL_STORE'):
logging.debug("loading credentials from %s" % config.get('M2M_CREDENTIAL_STORE'))
m2m_config = json.load(open(config.get('M2M_CREDENTIAL_STORE')))
source_config = m2m_config
else:
logging.debug("using config as provided")
source_config = config
else:
logging.debug("no config, trying environment vars")
source_config = os.environ
os_username = source_config['OS_USERNAME']
os_password = source_config['OS_PASSWORD']
os_tenant_name = source_config['OS_TENANT_NAME']
os_auth_url = source_config['OS_AUTH_URL']
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=os_auth_url,
username=os_username,
password=os_password,
project_name=os_tenant_name
)
sess = session.Session(auth=auth, verify=False)
return (novaclient.client.Client(NOVACLIENT_VERSION,
session=sess),
neutronclient.v2_0.client.Client(session=sess),
cinderclient.v2.client.Client(NOVACLIENT_VERSION, session=sess)
)
def test_client_manager_k2k_auth_setup(self):
loader = loading.get_plugin_loader('password')
auth_plugin = loader.load_from_options(**AUTH_DICT)
cli_options = defaults.get_defaults()
cli_options.update({
'auth_type': 'password',
'auth': AUTH_DICT,
'interface': fakes.INTERFACE,
'region_name': fakes.REGION_NAME,
'service_provider': fakes.SERVICE_PROVIDER_ID,
'remote_project_id': fakes.PROJECT_ID
})
client_manager = self._clientmanager_class()(
cli_options=cloud_config.CloudConfig(
name='t1',
region='1',
config=cli_options,
auth_plugin=auth_plugin,
),
api_version={
'identity': '3',
},
)
self.assertFalse(client_manager._auth_setup_completed)
client_manager.setup_auth()
# Note(knikolla): Make sure that the auth object is of the correct
# type and that the service_provider is correctly set.
self.assertIsInstance(client_manager.auth, k2k.Keystone2Keystone)
self.assertEqual(client_manager.auth._sp_id, fakes.SERVICE_PROVIDER_ID)
self.assertEqual(client_manager.auth.project_id, fakes.PROJECT_ID)
self.assertTrue(client_manager._auth_setup_completed)
def add_auth_opts(options):
"""Add auth options to sample config
As these are dynamically registered at runtime,
this adds options for most used auth_plugins
when generating sample config.
"""
def add_options(opts, opts_to_add):
for new_opt in opts_to_add:
for opt in opts:
if opt.name == new_opt.name:
break
else:
opts.append(new_opt)
opts = copy.deepcopy(options)
opts.insert(0, kaloading.get_auth_common_conf_options()[0])
# NOTE(dims): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
plugin = kaloading.get_plugin_loader(name)
add_options(opts, kaloading.get_auth_plugin_conf_options(plugin))
add_options(opts, kaloading.get_session_conf_options())
opts.sort(key=lambda x: x.name)
return opts
def upload_to_glance(image, image_name_in_glance, provider, disk_format, url):
"""
Upload iso/qcow2/ova images to Glance.
"""
api_version = '2' # python-glanceclient API version
provider_dict = cfme_data['template_upload'][provider]
creds_key = provider_dict['credentials']
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(
auth_url=provider_dict['auth_url'],
username=credentials[creds_key]['username'],
password=credentials[creds_key]['password'],
tenant_name=credentials[creds_key]['tenant'])
glance_session = session.Session(auth=auth)
glance = Client(api_version, session=glance_session)
# Two images on Glance could have the same name since Glance assigns them different IDS.
# So, we are running a check to make sure an image with the same name doesn't already exist.
for img in glance.images.list():
if img.name == image_name_in_glance:
print("image_upload_glance: Image already exists on Glance server")
return
glance_img = glance.images.create(name=image_name_in_glance)
# Update image properties before uploading the image.
glance.images.update(glance_img.id, container_format="bare")
glance.images.update(glance_img.id, disk_format=disk_format)
glance.images.update(glance_img.id, visibility="public")
if image:
glance.images.upload(glance_img.id, open(image, 'rb'))
elif url:
glance.images.add_location(glance_img.id, url, {})
def _get_session(self, auth_args):
""" Return Keystone API session object."""
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**auth_args)
sess = session.Session(auth=auth, verify=False)
return sess
def add_auth_opts(options, service_type=None):
"""Add auth options to sample config
As these are dynamically registered at runtime,
this adds options for most used auth_plugins
when generating sample config.
"""
def add_options(opts, opts_to_add):
for new_opt in opts_to_add:
for opt in opts:
if opt.name == new_opt.name:
break
else:
opts.append(new_opt)
opts = copy.deepcopy(options)
opts.insert(0, kaloading.get_auth_common_conf_options()[0])
# NOTE(dims): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
plugin = kaloading.get_plugin_loader(name)
add_options(opts, kaloading.get_auth_plugin_conf_options(plugin))
add_options(opts, kaloading.get_session_conf_options())
if service_type:
adapter_opts = kaloading.get_adapter_conf_options(
include_deprecated=False)
# adding defaults for valid interfaces
cfg.set_defaults(adapter_opts, service_type=service_type,
valid_interfaces=DEFAULT_VALID_INTERFACES)
add_options(opts, adapter_opts)
opts.sort(key=lambda x: x.name)
return opts
def _get_legacy_auth():
"""Load auth from keystone_authtoken config section
Used only to provide backward compatibility with old configs.
"""
conf = getattr(CONF, ironic_auth.LEGACY_SECTION)
# NOTE(pas-ha) first try to load auth from legacy section
# using the new keystoneauth options that might be already set there
auth = ironic_auth.load_auth(CONF, ironic_auth.LEGACY_SECTION)
if auth:
return auth
# NOTE(pas-ha) now we surely have legacy config section for auth
# and with legacy options set in it, deal with it.
legacy_loader = kaloading.get_plugin_loader('password')
auth_params = {
'auth_url': conf.auth_uri,
'username': conf.admin_user,
'password': conf.admin_password,
'tenant_name': conf.admin_tenant_name
}
api_v3 = _is_apiv3(conf.auth_uri, conf.auth_version)
if api_v3:
# NOTE(pas-ha): mimic defaults of keystoneclient
auth_params.update({
'project_domain_id': 'default',
'user_domain_id': 'default',
})
return legacy_loader.load_from_options(**auth_params)
def test_client_manager_auth_setup_once(self, check_authn_options_func):
loader = loading.get_plugin_loader('password')
auth_plugin = loader.load_from_options(**AUTH_DICT)
cli_options = defaults.get_defaults()
cli_options.update({
'auth_type': 'password',
'auth': AUTH_DICT,
'interface': fakes.INTERFACE,
'region_name': fakes.REGION_NAME,
})
client_manager = self._clientmanager_class()(
cli_options=cloud_config.CloudConfig(
name='t1',
region='1',
config=cli_options,
auth_plugin=auth_plugin,
),
api_version={
'identity': '2.0',
},
)
self.assertFalse(client_manager._auth_setup_completed)
client_manager.setup_auth()
self.assertTrue(check_authn_options_func.called)
self.assertTrue(client_manager._auth_setup_completed)
# now make sure we don't do auth setup the second time around
# by checking whether check_valid_auth_options() gets called again
check_authn_options_func.reset_mock()
client_manager.auth_ref
check_authn_options_func.assert_not_called()
def test_client_manager_auth_setup_once(self, check_authn_options_func):
loader = loading.get_plugin_loader('password')
auth_plugin = loader.load_from_options(**AUTH_DICT)
cli_options = defaults.get_defaults()
cli_options.update({
'auth_type': 'password',
'auth': AUTH_DICT,
'interface': fakes.INTERFACE,
'region_name': fakes.REGION_NAME,
})
client_manager = self._clientmanager_class()(
cli_options=cloud_config.CloudConfig(
name='t1',
region='1',
config=cli_options,
auth_plugin=auth_plugin,
),
api_version={
'identity': '2.0',
},
)
self.assertFalse(client_manager._auth_setup_completed)
client_manager.setup_auth()
self.assertTrue(check_authn_options_func.called)
self.assertTrue(client_manager._auth_setup_completed)
# now make sure we don't do auth setup the second time around
# by checking whether check_valid_auth_options() gets called again
check_authn_options_func.reset_mock()
client_manager.auth_ref
check_authn_options_func.assert_not_called()
def test_base_options_are_there(self):
options = loading.get_plugin_loader(self.plugin_name).get_options()
self.assertTrue(
set(['client-id', 'client-secret', 'access-token-endpoint',
'access-token-type']).issubset(
set([o.name for o in options]))
)
def session(self):
if self._session:
return self._session
auth_type = 'password'
auth_kwargs = {
'auth_url': self.opts.os_auth_url,
'project_id': self.opts.os_project_id,
'project_name': self.opts.os_project_name,
'project_domain_id': self.opts.os_project_domain_id,
'project_domain_name': self.opts.os_project_domain_name,
}
if self.opts.os_username and self.opts.os_password:
auth_kwargs.update({
'username': self.opts.os_username,
'password': self.opts.os_password,
'tenant_name': self.opts.os_tenant_name,
'user_domain_id': self.opts.os_user_domain_id,
'user_domain_name': self.opts.os_user_domain_name,
})
elif self.opts.os_token:
auth_type = 'token'
auth_kwargs.update({
'token': self.opts.os_token,
})
loader = kaloading.get_plugin_loader(auth_type)
auth_plugin = loader.load_from_options(**auth_kwargs)
# Let keystoneauth do the necessary parameter conversions
session = kaloading.session.Session().load_from_options(
auth=auth_plugin, insecure=self.opts.insecure, cacert=self.cacert,
cert=self.cert)
return session
def create_keystone_session(ctxt, connection_info={}):
allow_untrusted = connection_info.get("allow_untrusted",
CONF.keystone.allow_untrusted)
# TODO(alexpilotti): add "ca_cert" to connection_info
verify = not allow_untrusted
username = connection_info.get("username")
auth = None
if not username:
# Using directly the caller's token is not feasible for long running
# tasks as once it expires it cannot be automatically renewed. This is
# solved by using a Keystone trust, which must have been set priorly.
if ctxt.trust_id:
auth = _get_trusts_auth_plugin(ctxt.trust_id)
else:
plugin_name = "token"
plugin_args = {"token": ctxt.auth_token}
else:
plugin_name = "password"
password = connection_info.get("password")
plugin_args = {
"username": username,
"password": password,
}
if not auth:
project_name = connection_info.get("project_name", ctxt.project_name)
auth_url = connection_info.get("auth_url", CONF.keystone.auth_url)
if not auth_url:
raise exception.CoriolisException(
'"auth_url" not provided in "connection_info" and option '
'"auth_url" in group "[openstack_migration_provider]" '
'not set')
plugin_args.update({
"auth_url": auth_url,
"project_name": project_name,
})
keystone_version = connection_info.get(
"identity_api_version", CONF.keystone.identity_api_version)
if keystone_version == 3:
plugin_name = "v3" + plugin_name
project_domain_name = connection_info.get("project_domain_name",
ctxt.project_domain)
plugin_args["project_domain_name"] = project_domain_name
user_domain_name = connection_info.get("user_domain_name",
ctxt.user_domain)
plugin_args["user_domain_name"] = user_domain_name
loader = loading.get_plugin_loader(plugin_name)
auth = loader.load_from_options(**plugin_args)
return ks_session.Session(auth=auth, verify=verify)
def create_keystone_session(ctxt):
allow_untrusted = CONF.keystone.allow_untrusted
# TODO(gsamfira): add "ca_cert" to connection_info
verify = not allow_untrusted
plugin_name = "token"
plugin_args = {"token": ctxt.auth_token}
project_name = ctxt.project_name
auth_url = CONF.keystone.auth_url
if not auth_url:
raise exception.NovaGuestException(
'"auth_url" in group "[keystone]" not set')
plugin_args.update({
"auth_url": auth_url,
"project_name": project_name,
})
keystone_version = CONF.keystone.identity_api_version
if keystone_version == 3:
plugin_name = "v3" + plugin_name
project_domain_name = ctxt.project_domain_name
# NOTE: only set the kwarg if proper argument is provided:
if project_domain_name:
plugin_args["project_domain_name"] = project_domain_name
project_domain_id = ctxt.project_domain_id
if project_domain_id:
plugin_args["project_domain_id"] = project_domain_id
if not project_domain_name and not project_domain_id:
raise exception.NovaGuestException(
"Either 'project_domain_name' or 'project_domain_id' is "
"required for Keystone v3 Auth.")
# NOTE: The v3token plugin does not allow the user_domain_name
# or user_domain_id options, while the v3password plugin
# requires at least any of these.
if plugin_name != "v3token":
user_domain_name = ctxt.user_domain_name
if user_domain_name:
plugin_args["user_domain_name"] = user_domain_name
user_domain_id = ctxt.user_domain_id
if user_domain_id:
plugin_args["user_domain_id"] = user_domain_id
if not user_domain_name and not user_domain_id:
raise exception.NovaGuestException(
"Either 'user_domain_name' or 'user_domain_id' is "
"required for Keystone v3 Auth.")
loader = loading.get_plugin_loader(plugin_name)
auth = loader.load_from_options(**plugin_args)
return ks_session.Session(auth=auth, verify=verify)
def create_worker():
flavor = "ssc.small"
private_net = "SNIC 2017/13-45 Internal IPv4 Network"
floating_ip_pool_name = "Public External IPv4 Network"
floating_ip = None
image_name = "Ubuntu 16.04 LTS (Xenial Xerus) - latest"
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(
auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
project_name=env['OS_PROJECT_NAME'],
project_domain_name=env['OS_USER_DOMAIN_NAME'],
project_id=env['OS_PROJECT_ID'],
user_domain_name=env['OS_USER_DOMAIN_NAME'])
sess = session.Session(auth=auth)
nova = client.Client('2.1', session=sess)
print "user authorization completed."
image = nova.glance.find_image(image_name)
flavor = nova.flavors.find(name=flavor)
if private_net != None:
net = nova.neutron.find_network(private_net)
nics = [{'net-id': net.id}]
else:
sys.exit("private-net not defined.")
#print("Path at terminal when executing this file")
#print(os.getcwd() + "\n")
cfg_file_path = os.getcwd() + '/cloud-config.txt'
if os.path.isfile(cfg_file_path):
userdata = open(cfg_file_path)
else:
sys.exit("cloud-cfg.txt is not in current working directory")
secgroups = ['hoyhoy2']
print "Creating instance ... "
instance = nova.servers.create(name='ACC-1 worker',
image=image,
flavor=flavor,
userdata=userdata,
nics=nics,
security_groups=secgroups)
inst_status = instance.status
while inst_status == 'BUILD':
print "Instance: " + instance.name + " is in " + inst_status + " state, sleeping for 5 seconds more..."
time.sleep(.5)
instance = nova.servers.get(instance.id)
inst_status = instance.status
print "Instance: " + instance.name + " is in " + inst_status + "state"
def getUtilizationV0():
auth = get_keystone_creds()
loader = loading.get_plugin_loader('password')
keystone = loader.load_from_options(
auth_url=auth['OS_AUTH_URL'],
username=auth['OS_USERNAME'],
password=auth['OS_PASSWORD'],
project_name=auth['OS_PROJECT_NAME'],
user_domain_name=auth['OS_USER_DOMAIN_NAME'],
project_domain_name=auth['OS_PROJECT_DOMAIN_NAME'])
sess = session.Session(auth=keystone)
nova = nova_client.Client(2.1, session=sess)
# Docs stink
# get field names from json output of openstack command line
# or look here: nova/api/openstack/compute/hypervisors.py
# or here: nova/objects/compute_node.py
hvs = []
hv_total = {}
hv_total['vcpus'] = 0
hv_total['vcpus_used'] = 0
hv_total['memory_mb'] = 0
hv_total['memory_mb_used'] = 0
hv_total['free_ram_mb'] = 0
hv_total['running_vms'] = 0
hv_total['hypervisors'] = 0
for nc in nova.hypervisors.list(detailed=True):
hv = {}
hv_total['hypervisors'] += 1
hv['id'] = nc.id
hv['hypervisor_hostname'] = nc.hypervisor_hostname
hv['vcpus'] = nc.vcpus
hv_total['vcpus'] += hv['vcpus']
hv['vcpus_used'] = nc.vcpus_used
hv_total['vcpus_used'] += hv['vcpus_used']
hv['memory_mb'] = nc.memory_mb
hv_total['memory_mb'] += hv['memory_mb']
hv['memory_mb_used'] = nc.memory_mb_used
hv_total['memory_mb_used'] += hv['memory_mb_used']
hv['free_ram_mb'] = nc.free_ram_mb
hv_total['free_ram_mb'] += hv['free_ram_mb']
hv['running_vms'] = nc.running_vms
hv_total['running_vms'] += hv['running_vms']
hvs.append(hv)
#print json.dumps(hvs,indent=2)
hv_total['vcpus_percent'] = int(100 * hv_total['vcpus_used'] /
hv_total['vcpus'])
hv_total['memory_percent'] = int(100 * hv_total['memory_mb_used'] /
hv_total['memory_mb'])
#print json.dumps(hv_total,indent=2)
ts = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
hv_total['ts'] = ts
return hv_total
def keystone_auth(self, domain="default", project="default"):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=self.AUTH_URL, username=self.USERNAME, password=self.PASSWORD,
project_name=self.PROJECT_NAME, user_domain_name=domain,
project_domain_name=project)
sess = session.Session(auth=auth)
nova = client.Client(self.VERSION, session=sess)
return nova
def ks_session(auth_url, username, password, project_id):
loader = ks_loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=auth_url,
username=username,
password=password,
project_id=project_id)
sess = keystoneauth1.session.Session(auth=auth)
return sess
def get_loader(auth_type):
if auth_type not in list_auth_types():
raise ValueError(
"'auth_type' has to be one of %s (received %s)" % (
list_auth_types(), auth_type
)
)
return loading.get_plugin_loader(auth_type)
def test_options(self):
options = loading.get_plugin_loader(self.plugin_name).get_options()
self.assertTrue(
set(['username', 'password', 'openid-scope']).issubset(
set([o.name for o in options]))
)
# openid-scope gets renamed into "scope"
self.assertIn('scope', [o.dest for o in options])
def get_nova_client(self):
creds = self.get_nova_credentials()
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**creds)
sess = session.Session(auth=auth)
nova_client = novaclient.Client(NOVA_CLIENT_API_VERSION, session=sess)
return nova_client
def __init__(self, auth_config_json_file=None):
with open(auth_config_json_file, 'r') as _f:
auth_config_dict = json.load(_f)
# Openstack API version
version = '2.0' #FIXME
if version == '2.0':
loader = loading.get_plugin_loader('v2password')
elif version >= '3.0':
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**auth_config_dict)
#sess = keystoneauth1.session.Session(auth=auth)
sess = session.Session(auth=auth)
#self.nova = novaclient.client.Client(version, session=sess)
self.nova = nova_cl.Client(version, session=sess)
def __init__(self):
loader = loading.get_plugin_loader(constants.OPENSTACK_PASSWORD)
auth = loader.load_from_options(
auth_url=constants.OPENSTACK_URL,
username=constants.OPENSTACK_USER,
password=constants.OPENSTACK_PASSWORD,
project_id=constants.OPENSTACK_PROJECT_ID)
self.sess = session.Session(auth=auth)
def __init__(self, auth_config_json_file=None):
with open(auth_config_json_file, 'r') as _f:
auth_config_dict = json.load(_f)
# Openstack API version
version = '2.0' #FIXME
if version == '2.0':
loader = loading.get_plugin_loader('v2password')
elif version >= '3.0':
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**auth_config_dict)
#sess = keystoneauth1.session.Session(auth=auth)
sess = session.Session(auth=auth)
#self.nova = novaclient.client.Client(version, session=sess)
self.nova = nova_cl.Client(version, session=sess)
def auth(self):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(
auth_url=self.auth_url,
username=self.username,
password=self.password,
project_id=self.tenant_id)
return auth
def ks_session(auth_url, username, password, project_id):
loader = ks_loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=auth_url,
username=username,
password=password,
project_id=project_id)
sess = keystoneauth1.session.Session(auth=auth)
return sess
def __password_session_setup(self, node):
creds = node.runtime_properties['auth_properties']
if 'region_name' in creds:
del creds['region_name']
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**creds)
sess = session.Session(auth=auth)
return sess
def _constructClient(client_version, username, password, project_name,
auth_url):
"""Return a novaclient from the given args."""
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=auth_url, username=username,
password=password, project_name=project_name)
sess = session.Session(auth=auth)
return client.Client(client_version, session=sess)
def nova_login(username, password, projectname, auth_url, user_domain_name,
project_domain_name, ssl_insecure, cacert, apitimeout):
legacy_import = False
try:
from keystoneauth1 import loading
from keystoneauth1 import session as ksc_session
from keystoneauth1.exceptions.discovery import DiscoveryFailure
from keystoneauth1.exceptions.http import Unauthorized
except ImportError:
try:
from keystoneclient import session as ksc_session
from keystoneclient.auth.identity import v3
legacy_import = True
except ImportError:
fail_usage("Failed: Keystone client not found or not accessible")
if not legacy_import:
loader = loading.get_plugin_loader("password")
auth = loader.load_from_options(
auth_url=auth_url,
username=username,
password=password,
project_name=projectname,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
)
else:
auth = v3.Password(
auth_url=auth_url,
username=username,
password=password,
project_name=projectname,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
cacert=cacert,
)
caverify=True
if ssl_insecure:
caverify=False
elif cacert:
caverify=cacert
session = ksc_session.Session(auth=auth, verify=caverify, timeout=apitimeout)
nova = client.Client("2", session=session, timeout=apitimeout)
apiversion = None
try:
apiversion = nova.versions.get_current()
except DiscoveryFailure as e:
fail_usage("Failed: Discovery Failure: " + str(e))
except Unauthorized as e:
fail_usage("Failed: Unauthorized: " + str(e))
except Exception as e:
logging.error(e)
logging.debug("Nova version: %s", apiversion)
return nova
def create_session(self, user_id, password):
user = self.get_user(user_id)
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(
auth_url=CONF.watcher_clients_auth.auth_url,
password=password,
user_id=user_id,
project_id=user.default_project_id)
return session.Session(auth=auth)
def _create_keystone_session(self):
"""
Return a keystone session used to
connect to other Openstack services
"""
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**self._creds)
sess = session.Session(auth=auth, verify=_OPENSTACK_VERIFY_SSL)
return sess
def connect(self):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=self.auth_url,
username=self.username,
password=self.password,
project_name=self.project_name)
sess = session.Session(auth=auth)
nova = client.Client(2, session=sess)
return nova
def get_nova_client(self, tenant_id, username, password):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url='http://' + self.ip +
':5000/v2.0',
username=username,
password=password,
project_id=tenant_id)
sess = session.Session(auth=auth)
return nova_client.Client(2, session=sess)
def getAuth(self):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(
auth_url=self._auth_url,
username=self._username,
password=self._password,
project_id=self._project_id,
user_domain_name=self._user_domain_name)
return auth
def test_base_options_are_there(self):
options = loading.get_plugin_loader(self.plugin_name).get_options()
self.assertTrue(
set([
'client-id', 'client-secret', 'access-token-endpoint',
'access-token-type', 'openid-scope', 'discovery-endpoint'
]).issubset(set([o.name for o in options])))
# openid-scope gets renamed into "scope"
self.assertIn('scope', [o.dest for o in options])
def __init__(self, params):
super(AodhClient, self).__init__(params)
self.params = params
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**self.aodh_credential)
sess = session.Session(auth)
version = self.params.get('version', 2)
self.aodhclient = aodhclient.Client(version, sess)
self.alarm_utils = self.aodhclient.alarm
def _make_clientmanager(
self,
auth_args=None,
config_args=None,
identity_api_version=None,
auth_plugin_name=None,
auth_required=None,
):
if identity_api_version is None:
identity_api_version = '2.0'
if auth_plugin_name is None:
auth_plugin_name = 'password'
if auth_plugin_name.endswith('password'):
auth_dict = copy.deepcopy(self.default_password_auth)
elif auth_plugin_name.endswith('token'):
auth_dict = copy.deepcopy(self.default_token_auth)
else:
auth_dict = {}
if auth_args is not None:
auth_dict = auth_args
cli_options = defaults.get_defaults()
cli_options.update({
'auth_type': auth_plugin_name,
'auth': auth_dict,
'interface': fakes.INTERFACE,
'region_name': fakes.REGION_NAME,
# 'workflow_api_version': '2',
})
if config_args is not None:
cli_options.update(config_args)
loader = loading.get_plugin_loader(auth_plugin_name)
auth_plugin = loader.load_from_options(**auth_dict)
client_manager = self._clientmanager_class()(
cli_options=cloud_region.CloudRegion(
name='t1',
region_name='1',
config=cli_options,
auth_plugin=auth_plugin,
),
api_version={
'identity': identity_api_version,
},
)
client_manager._auth_required = auth_required is True
client_manager.setup_auth()
client_manager.auth_ref
self.assertEqual(
auth_plugin_name,
client_manager.auth_plugin_name,
)
return client_manager
def test_options(self):
options = loading.get_plugin_loader('v3oauth1').get_options()
self.assertEqual(set([o.name for o in options]),
set(['auth-url',
'access-key',
'access-secret',
'consumer-key',
'consumer-secret']))
def _make_clientmanager(
self,
auth_args=None,
config_args=None,
identity_api_version=None,
auth_plugin_name=None,
auth_required=None,
):
if identity_api_version is None:
identity_api_version = '2.0'
if auth_plugin_name is None:
auth_plugin_name = 'password'
if auth_plugin_name.endswith('password'):
auth_dict = copy.deepcopy(self.default_password_auth)
elif auth_plugin_name.endswith('token'):
auth_dict = copy.deepcopy(self.default_token_auth)
else:
auth_dict = {}
if auth_args is not None:
auth_dict = auth_args
cli_options = defaults.get_defaults()
cli_options.update({
'auth_type': auth_plugin_name,
'auth': auth_dict,
'interface': fakes.INTERFACE,
'region_name': fakes.REGION_NAME,
# 'workflow_api_version': '2',
})
if config_args is not None:
cli_options.update(config_args)
loader = loading.get_plugin_loader(auth_plugin_name)
auth_plugin = loader.load_from_options(**auth_dict)
client_manager = self._clientmanager_class()(
cli_options=cloud_region.CloudRegion(
name='t1',
region_name='1',
config=cli_options,
auth_plugin=auth_plugin,
),
api_version={
'identity': identity_api_version,
},
)
client_manager._auth_required = auth_required is True
client_manager.setup_auth()
client_manager.auth_ref
self.assertEqual(
auth_plugin_name,
client_manager.auth_plugin_name,
)
return client_manager
def setup(keystone_url="", admin="admin", password="******", project="admin"):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=keystone_url,
username="******",
password="******",
project_name="admin")
sess = session.Session(auth=auth, verify=False)
cinder = client.Client(version="2.0", session=sess)
return cinder
def setup(url):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=url,
username="******",
password="******",
project_name="admin")
sess = session.Session(auth=auth)
glance = Gclient.Client(version="2", session=sess)
return glance
def __init__(self, label, **kwargs):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**kwargs)
session2 = session.Session(auth=auth)
LOG.info('Creating Nova client for %s using keystone: %s', label,
kwargs.pop('auth_url'))
self.nova = client.Client(2, session=session2)
def get_session(username, password, project_name, auth_url):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_id='default',
project_domain_id='default')
return session.Session(auth=auth)
def get_admin_auth_session():
global ADMIN_SESSION
if not ADMIN_SESSION:
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**admin_auth_info)
ADMIN_SESSION = session.Session(auth=auth)
headers = {"Content-Type": "application/json", }
ADMIN_SESSION.additional_headers.update(headers)
return ADMIN_SESSION
def get_sess(self):
if not self.have_sess:
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=self.authsettings['AUTH_URL'],
username=self.authsettings['AUTH_NAME'],
password=self.authsettings['AUTH_PASSWORD'],
project_name=self.authsettings['TENANT_NAME'])
self.sess = session.Session(auth=auth)
self.have_sess = True
return self.sess
def test_base_options_are_there(self):
options = loading.get_plugin_loader(self.plugin_name).get_options()
self.assertTrue(
set(['client-id', 'client-secret', 'access-token-endpoint',
'access-token-type', 'openid-scope',
'discovery-endpoint']).issubset(
set([o.name for o in options]))
)
# openid-scope gets renamed into "scope"
self.assertIn('scope', [o.dest for o in options])
def get_session(self):
"""Get a keystone auth session.
:returns: keystoneauth1.session.Session
"""
if self.session is None:
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**self.auth_kwargs)
self.session = session.Session(auth=auth)
return self.session
def list_auth_opts():
# Inspired by similar code in neutron
opt_list = []
for plugin in ['password', 'v2password', 'v3password']:
plugin_options = ks_loading.get_plugin_loader(plugin).get_options()
for plugin_option in plugin_options:
if all(option.name != plugin_option.name for option in opt_list):
opt_list.append(plugin_option)
opt_list.sort(key=operator.attrgetter('name'))
return opt_list
def test_can_load(self):
loader = loading.get_plugin_loader('v1password')
self.assertIsInstance(loader, authv1.PasswordLoader)
auth_plugin = loader.load_from_options(**self.options)
self.assertIsInstance(auth_plugin, authv1.PasswordPlugin)
self.assertEqual(self.options['auth_url'], auth_plugin.auth_url)
self.assertEqual(self.options['username'], auth_plugin.user)
self.assertEqual(self.options.get('project_name'), auth_plugin.account)
self.assertEqual(self.options['password'], auth_plugin.key)
def __init__(self, session):
loader = keystone_loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=session.auth_url,
username=session.username,
password=session.password,
project_name=session.project_name,
user_domain_name=session.user_domain_name,
project_domain_name=session.project_domain_name)
sess = keystone_session.Session(auth=auth)
self.client = glance_client.Client("2", session=sess)
self.project_id = session.project_id
def connect(self, cfg):
client_kwargs = {field: cfg[field] for field in
self.REQUIRED_CONFIG_PARAMS}
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(**client_kwargs)
sess = session.Session(auth=auth)
client_kwargs.update(
cfg.get('custom_configuration', {}).get('keystone_client', {}))
client_kwargs['session'] = sess
return KeystoneClientWithSugar(**client_kwargs)
def getClient(service):
loader = loading.get_plugin_loader('password')
auth = loader.load_from_options(auth_url=auth_url, username=username, password=password, project_id=project_id)
sess = session.Session(auth=auth)
if service=='nova':
myclient = nova_client.Client(version, session=sess)
elif service=='keystone':
myclient = keystone_client.Client(version,session=sess)
elif service=='glance':
myclient = glance_client.Client(Config.get('Glance','VERSION'),session=sess)
return myclient
def list_auth_opts():
opt_list = copy.deepcopy(_nova_options)
opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
# NOTE(mhickey): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
for plugin_option in ks_loading.get_plugin_loader(name).get_options():
if all(option.name != plugin_option.name for option in opt_list):
opt_list.append(plugin_option)
opt_list.sort(key=operator.attrgetter('name'))
return [(NOVA_GROUP, opt_list)]
