def test_will_expire_soon(self):
     expires = timeutils.utcnow() + datetime.timedelta(minutes=5)
     UNSCOPED_TOKEN['access']['token']['expires'] = expires.isoformat()
     auth_ref = access.AccessInfo(UNSCOPED_TOKEN['access'])
     self.assertFalse(auth_ref.will_expire_soon(stale_duration=120))
     self.assertTrue(auth_ref.will_expire_soon(stale_duration=300))
     self.assertFalse(auth_ref.will_expire_soon())
    def test_building_scoped_accessinfo(self):
        auth_ref = access.AccessInfo(PROJECT_SCOPED_TOKEN['access'])

        self.assertTrue(auth_ref)
        self.assertIn('token', auth_ref)
        self.assertIn('serviceCatalog', auth_ref)
        self.assertTrue(auth_ref['serviceCatalog'])

        self.assertEquals(auth_ref.auth_token,
                          '04c7d5ffaeef485f9dc69c06db285bdb')
        self.assertEquals(auth_ref.username, 'exampleuser')
        self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')

        self.assertEquals(auth_ref.tenant_name, 'exampleproject')
        self.assertEquals(auth_ref.tenant_id,
                          '225da22d3ce34b15877ea70b2a575f58')

        self.assertEquals(auth_ref.tenant_name, auth_ref.project_name)
        self.assertEquals(auth_ref.tenant_id, auth_ref.project_id)

        self.assertEquals(auth_ref.auth_url,
                          ('http://public.com:5000/v2.0',))
        self.assertEquals(auth_ref.management_url,
                          ('http://admin:35357/v2.0',))

        self.assertTrue(auth_ref.scoped)
    def test_building_unscoped_accessinfo(self):
        auth_ref = access.AccessInfo(UNSCOPED_TOKEN['access'])

        self.assertTrue(auth_ref)
        self.assertIn('token', auth_ref)
        self.assertIn('serviceCatalog', auth_ref)
        self.assertFalse(auth_ref['serviceCatalog'])

        self.assertEquals(auth_ref.auth_token,
                          '3e2813b7ba0b4006840c3825860b86ed')
        self.assertEquals(auth_ref.username, 'exampleuser')
        self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')

        self.assertEquals(auth_ref.tenant_name, None)
        self.assertEquals(auth_ref.tenant_id, None)

        self.assertEquals(auth_ref.auth_url, None)
        self.assertEquals(auth_ref.management_url, None)

        self.assertFalse(auth_ref.scoped)

        self.assertEquals(
            auth_ref.expires,
            timeutils.parse_isotime(
                UNSCOPED_TOKEN['access']['token']['expires']))
    def authenticate(self, username=None, password=None, tenant_name=None,
                     tenant_id=None, auth_url=None, token=None):
        """ Authenticate against the Keystone API.

        Uses the data provided at instantiation to authenticate against
        the Keystone server. This may use either a username and password
        or token for authentication. If a tenant name or id was provided
        then the resulting authenticated client will be scoped to that
        tenant and contain a service catalog of available endpoints.

        With the v2.0 API, if a tenant name or ID is not provided, the
        authenication token returned will be 'unscoped' and limited in
        capabilities until a fully-scoped token is acquired.

        If successful, sets the self.auth_ref and self.auth_token with
        the returned token. If not already set, will also set
        self.management_url from the details provided in the token.

        :returns: ``True`` if authentication was successful.
        :raises: AuthorizationFailure if unable to authenticate or validate
                 the existing authorization token
        :raises: ValueError if insufficient parameters are used.
        """
        auth_url = auth_url or self.auth_url
        username = username or self.username
        password = password or self.password
        tenant_name = tenant_name or self.tenant_name
        tenant_id = tenant_id or self.tenant_id
        token = token or self.auth_token

        try:
            raw_token = self._base_authN(auth_url,
                                         username=username,
                                         tenant_id=tenant_id,
                                         tenant_name=tenant_name,
                                         password=password,
                                         token=token)
            self.auth_ref = access.AccessInfo(**raw_token)
            # if we got a response without a service catalog, set the local
            # list of tenants for introspection, and leave to client user
            # to determine what to do. Otherwise, load up the service catalog
            self.auth_token = self.auth_ref.auth_token
            if self.auth_ref.scoped:
                if self.management_url is None:
                    self.management_url = self.auth_ref.management_url[0]
                self.tenant_name = self.auth_ref.tenant_name
                self.tenant_id = self.auth_ref.tenant_id
                self.user_id = self.auth_ref.user_id
            self._extract_service_catalog(self.auth_url, self.auth_ref)
            return True
        except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
            _logger.debug("Authorization Failed.")
            raise
        except Exception as e:
            raise exceptions.AuthorizationFailure("Authorization Failed: "
                                                  "%s" % e)
Beispiel #5
0
    def __init__(self, username=None, tenant_id=None, tenant_name=None,
                 password=None, auth_url=None, region_name=None, timeout=None,
                 endpoint=None, token=None, cacert=None, key=None,
                 cert=None, insecure=False, original_ip=None, debug=False,
                 auth_ref=None, use_keyring=False, force_new_token=False,
                 stale_duration=None):
        """Construct a new http client

        @param: timeout the request libary timeout in seconds (default None)

        """
        self.version = 'v2.0'
        # set baseline defaults
        self.username = None
        self.tenant_id = None
        self.tenant_name = None
        self.auth_url = None
        self.management_url = None
        if timeout is not None:
            self.timeout = float(timeout)
        else:
            self.timeout = None
        # if loading from a dictionary passed in via auth_ref,
        # load values from AccessInfo parsing that dictionary
        self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None
        if self.auth_ref:
            self.username = self.auth_ref.username
            self.tenant_id = self.auth_ref.tenant_id
            self.tenant_name = self.auth_ref.tenant_name
            self.auth_url = self.auth_ref.auth_url[0]
            self.management_url = self.auth_ref.management_url[0]
        # allow override of the auth_ref defaults from explicit
        # values provided to the client
        if username:
            self.username = username
        if tenant_id:
            self.tenant_id = tenant_id
        if tenant_name:
            self.tenant_name = tenant_name
        if auth_url:
            self.auth_url = auth_url.rstrip('/')
        if token:
            self.auth_token_from_user = token
        else:
            self.auth_token_from_user = None
        if endpoint:
            self.management_url = endpoint.rstrip('/')
        self.password = password
        self.original_ip = original_ip
        self.region_name = region_name
        if cacert:
            self.verify_cert = cacert
        else:
            self.verify_cert = True
        if insecure:
            self.verify_cert = False
        self.cert = cert
        if cert and key:
            self.cert = (cert, key,)
        self.domain = ''

        # logging setup
        self.debug_log = debug
        if self.debug_log:
            ch = logging.StreamHandler()
            _logger.setLevel(logging.DEBUG)
            _logger.addHandler(ch)
            if hasattr(requests, 'logging'):
                requests.logging.getLogger(requests.__name__).addHandler(ch)

        # keyring setup
        self.use_keyring = use_keyring and try_import_keyring()
        self.force_new_token = force_new_token
        self.stale_duration = stale_duration or access.STALE_TOKEN_DURATION
        self.stale_duration = int(self.stale_duration)
Beispiel #6
0
    def authenticate(self, username=None, password=None, tenant_name=None,
                     tenant_id=None, auth_url=None, token=None):
        """ Authenticate user.

        Uses the data provided at instantiation to authenticate against
        the Keystone server. This may use either a username and password
        or token for authentication. If a tenant name or id was provided
        then the resulting authenticated client will be scoped to that
        tenant and contain a service catalog of available endpoints.

        With the v2.0 API, if a tenant name or ID is not provided, the
        authenication token returned will be 'unscoped' and limited in
        capabilities until a fully-scoped token is acquired.

        If successful, sets the self.auth_ref and self.auth_token with
        the returned token. If not already set, will also set
        self.management_url from the details provided in the token.

        :returns: ``True`` if authentication was successful.
        :raises: AuthorizationFailure if unable to authenticate or validate
                 the existing authorization token
        :raises: ValueError if insufficient parameters are used.

        If keyring is used, token is retrieved from keyring instead.
        Authentication will only be necessary if any of the following
        conditions are met:

        * keyring is not used
        * if token is not found in keyring
        * if token retrieved from keyring is expired or about to
          expired (as determined by stale_duration)
        * if force_new_token is true

        """
        auth_url = auth_url or self.auth_url
        username = username or self.username
        password = password or self.password
        tenant_name = tenant_name or self.tenant_name
        tenant_id = tenant_id or self.tenant_id

        if not token:
            token = self.auth_token_from_user
            if (not token and self.auth_ref
                and not self.auth_ref.will_expire_soon(self.stale_duration)):
                token = self.auth_ref.auth_token

        (keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url,
                                                                 username,
                                                                 tenant_name,
                                                                 tenant_id,
                                                                 token)
        new_token_needed = False
        if auth_ref is None or self.force_new_token:
            new_token_needed = True
            raw_token = self.get_raw_token_from_identity_service(auth_url,
                                                                 username,
                                                                 password,
                                                                 tenant_name,
                                                                 tenant_id,
                                                                 token)
            self.auth_ref = access.AccessInfo(**raw_token)
        else:
            self.auth_ref = auth_ref
        self.process_token()
        if new_token_needed:
            self.store_auth_ref_into_keyring(keyring_key)
        return True
Beispiel #7
0
    def __init__(self,
                 username=None,
                 tenant_id=None,
                 tenant_name=None,
                 password=None,
                 auth_url=None,
                 region_name=None,
                 timeout=None,
                 endpoint=None,
                 token=None,
                 cacert=None,
                 key=None,
                 cert=None,
                 insecure=False,
                 original_ip=None,
                 debug=False,
                 auth_ref=None):
        super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
        if cert:
            if key:
                self.add_certificate(key=key, cert=cert, domain='')
            else:
                self.add_certificate(key=cert, cert=cert, domain='')
        self.version = 'v2.0'
        # set baseline defaults
        self.username = None
        self.tenant_id = None
        self.tenant_name = None
        self.auth_url = None
        self.token = None
        self.auth_token = None
        self.management_url = None
        # if loading from a dictionary passed in via auth_ref,
        # load values from AccessInfo parsing that dictionary
        self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None
        if self.auth_ref:
            self.username = self.auth_ref.username
            self.tenant_id = self.auth_ref.tenant_id
            self.tenant_name = self.auth_ref.tenant_name
            self.auth_url = self.auth_ref.auth_url[0]
            self.management_url = self.auth_ref.management_url[0]
            self.auth_token = self.auth_ref.auth_token
        # allow override of the auth_ref defaults from explicit
        # values provided to the client
        if username:
            self.username = username
        if tenant_id:
            self.tenant_id = tenant_id
        if tenant_name:
            self.tenant_name = tenant_name
        if auth_url:
            self.auth_url = auth_url.rstrip('/')
        if token:
            self.auth_token = token
        if endpoint:
            self.management_url = endpoint.rstrip('/')
        self.password = password
        self.original_ip = original_ip
        self.region_name = region_name

        # httplib2 overrides
        self.force_exception_to_status_code = True
        self.disable_ssl_certificate_validation = insecure

        # logging setup
        self.debug_log = debug
        if self.debug_log:
            ch = logging.StreamHandler()
            _logger.setLevel(logging.DEBUG)
            _logger.addHandler(ch)