def check_valid(context, target_project_id, valid_quotas, project_quotas):
for k in valid_quotas.keys():
if valid_quotas[k] == int(project_quotas[k]):
valid_quotas.pop(k)
if valid_quotas:
if 'snapshots' in valid_quotas:
valid_quotas['volume_snapshots'] = valid_quotas.pop('snapshots')
project_quotas['volume_snapshots'] = (project_quotas.
pop('snapshots'))
if 'gigabytes' in valid_quotas:
valid_quotas['volume_gigabytes'] = valid_quotas.pop('gigabytes')
project_quotas['volume_gigabytes'] = (project_quotas.
pop('gigabytes'))
try:
auth_uri = CONF.keystone_authtoken.auth_uri
auth_plugin = token.Token(
auth_url=auth_uri,
token=context.auth_token,
project_id=context.project_id)
client_session = session.Session(auth=auth_plugin)
keystone = client.Client(auth_url=auth_uri,
session=client_session)
if keystone.version == 'v3':
kwargs = {}
kwargs['project_id'] = target_project_id
# get region name
kwargs['region'] = CONF.os_region_name
kwargs['project_quotas'] = project_quotas
kwargs['valid_quotas'] = valid_quotas
keystone.domain_quotas.domain_usage_sync(**kwargs)
except Exception as e:
msg = e.message
raise webob.exc.HTTPBadRequest(explanation=msg)
def _keystone_client(self, context):
"""Creates and returns an instance of a generic keystone client.
:param context: The request context
:return: keystoneclient.client.Client object
"""
auth_plugin = token.Token(auth_url=CONF.keystone_authtoken.auth_uri,
token=context.auth_token,
project_id=context.project_id)
client_session = session.Session(auth=auth_plugin)
return client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
session=client_session)
def _get_keystone_auth(self, session, auth_url, **kwargs):
auth_token = kwargs.pop('auth_token', None)
if auth_token:
return token.Token(
auth_url,
auth_token,
project_id=kwargs.pop('project_id'),
project_name=kwargs.pop('project_name'),
project_domain_id=kwargs.pop('project_domain_id'),
project_domain_name=kwargs.pop('project_domain_name'))
# NOTE(starodubcevna): this is a workaround for the bug:
# https://bugs.launchpad.net/python-openstackclient/+bug/1447704
# Change that fix this error in keystoneclient was abandoned,
# so we should use workaround until we move to keystoneauth.
# The idea of the code came from glanceclient.
(v2_auth_url, v3_auth_url) = self._discover_auth_versions(
session=session,
auth_url=auth_url)
if v3_auth_url:
# NOTE(starodubcevna): set user_domain_id and project_domain_id
# to default as it done in other projects.
return password.Password(auth_url,
username=kwargs.pop('username'),
user_id=kwargs.pop('user_id'),
password=kwargs.pop('password'),
user_domain_id=kwargs.pop(
'user_domain_id') or 'default',
user_domain_name=kwargs.pop(
'user_domain_name'),
project_id=kwargs.pop('project_id'),
project_name=kwargs.pop('project_name'),
project_domain_id=kwargs.pop(
'project_domain_id') or 'default')
elif v2_auth_url:
return password.Password(auth_url,
username=kwargs.pop('username'),
user_id=kwargs.pop('user_id'),
password=kwargs.pop('password'),
project_id=kwargs.pop('project_id'),
project_name=kwargs.pop('project_name'))
else:
# if we get here it means domain information is provided
# (caller meant to use Keystone V3) but the auth url is
# actually Keystone V2. Obviously we can't authenticate a V3
# user using V2.
exc.CommandError("Credential and auth_url mismatch. The given "
"auth_url is using Keystone V2 endpoint, which "
"may not able to handle Keystone V3 credentials. "
"Please provide a correct Keystone V3 auth_url.")
def _get_keystone_auth(self, session, auth_url, **kwargs):
auth_token = kwargs.pop('auth_token', None)
if auth_token:
return token.Token(auth_url, auth_token, **kwargs)
else:
return password.Password(
auth_url,
username=kwargs.pop('username'),
user_id=kwargs.pop('user_id'),
password=kwargs.pop('password'),
user_domain_id=kwargs.pop('user_domain_id'),
user_domain_name=kwargs.pop('user_domain_name'),
**kwargs)
def _keystone_client(self, context):
"""Creates and returns an instance of a generic keystone client.
:param context: The request context
:return: keystoneclient.client.Client object
"""
auth_plugin = token.Token(auth_url=CONF.keystone_authtoken.auth_uri,
token=context.auth_token,
project_id=context.project_id)
ca_check = CONF.keystone_authtoken.cafile or True
client_session = session.Session(
auth=auth_plugin,
verify=False if CONF.keystone_authtoken.insecure else ca_check)
return client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
session=client_session)
def _keystone_client(context, version=(3, 0)):
"""Creates and returns an instance of a generic keystone client.
:param context: The request context
:param version: version of Keystone to request
:return: keystoneclient.client.Client object
"""
auth_plugin = token.Token(
auth_url=CONF.keystone_authtoken.auth_uri,
token=context.auth_token,
project_id=context.project_id)
client_session = session.Session(auth=auth_plugin,
verify=False if
CONF.keystone_authtoken.insecure else
(CONF.keystone_authtoken.cafile or True))
return client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
session=client_session, version=version)
def get_keystone_client(auth_token):
sess = init_keystone_session()
url = CONF['keystone_authtoken']['auth_uri']
# Create token to get available service version
generic_token = token.Token(url, token=auth_token)
generic_token.reauthenticate = False
version = generic_token.get_auth_ref(sess)['version']
# update auth url aith version if needed
if version not in url.split('/'):
url = url + '/' + version
# create endpoint token using right url and provided auth token
auth = token_endpoint.Token(url, auth_token)
# create keystone client
if version == 'v3':
k_client = client_3.Client(session=sess, auth=auth)
else:
k_client = client_2_0.Client(session=sess, auth=auth)
return k_client
def _get_project(self, context, id, subtree_as_ids=False):
"""A Helper method to get the project hierarchy.
Along with Hierachical Multitenancy, projects can be hierarchically
organized. Therefore, we need to know the project hierarchy, if any, in
order to do quota operations properly.
"""
try:
auth_plugin = token.Token(
auth_url=CONF.keystone_authtoken.auth_uri,
token=context.auth_token,
project_id=context.project_id)
client_session = session.Session(auth=auth_plugin)
keystone = client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
session=client_session)
project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids)
except exceptions.NotFound:
msg = (_("Tenant ID: %s does not exist.") % id)
raise webob.exc.HTTPNotFound(explanation=msg)
return project
