def get_session_v3(self): """Get a v3 session. See get_session for more details about sessions :return: a session object """ if self._session_v3: return self._session_v3 if not self.auth_url: m = 'auth_url parameter must be provided or OS_AUTH_URL be defined' raise Exception(m) if self.auth_url.endswith('/v2.0/'): auth_url = self.auth_url[0:-4] + '3' elif self.auth_url.endswith('/v2.0'): auth_url = self.auth_url[0:-3] + '3' else: auth_url = self.auth_url if not self.__username and not self._token: raise Exception( 'Username and password or a token must be provided') other_params = dict() if self.__trust_id: other_params['trust_id'] = self.__trust_id elif self.__tenant_name: other_params['project_name'] = self.__tenant_name elif self.__tenant_id: other_params['project_id'] = self.__tenant_id if self.__username: if self.__project_domain_id: other_params['project_domain_id'] = self.__project_domain_id elif self.__project_domain_name: other_params[ 'project_domain_name'] = self.__project_domain_name else: other_params['project_domain_id'] = 'default' if self.__user_domain_id: other_params['user_domain_id'] = self.__user_domain_id elif self.__user_domain_name: other_params['user_domain_name'] = self.__user_domain_name else: other_params['user_domain_id'] = 'default' auth = v3.Password(auth_url=auth_url, username=self.__username, password=self.__password, **other_params) else: auth = v3.Token(auth_url=auth_url, token=self._token) self._session_v3 = session.Session(auth=auth) # apply override endpoints if self.use_v3: for override in self.endpoints_to_override: self._apply_override_endpoint(**override) return self._session_v3
def get_auth_plugin(opts): auth_version = guess_auth_version(opts) if opts.os_username: if auth_version == '3': return v3.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, project_name=opts.os_project_name, user_domain_name=opts.os_user_domain_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, tenant_name=opts.os_tenant_name) elif opts.os_token: if auth_version == '3': return v3.Token(auth_url=opts.os_auth_url, token=opts.os_token, project_name=opts.os_project_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Token(auth_url=opts.os_auth_url, token=opts.os_token, tenant_name=opts.os_tenant_name) raise Exception('Unable to determine correct auth method, please provide' ' either username or token')
def get_auth_plugin(opts): """Create the right keystone connection depending on the version for the api, if username/password and token are provided, username and password takes precedence. """ auth_version = guess_auth_version(opts) if opts.os_username: if auth_version == '3': return v3.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, project_name=opts.os_project_name, user_domain_name=opts.os_user_domain_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, tenant_name=opts.os_tenant_name) elif opts.os_token: if auth_version == '3': return v3.Token(auth_url=opts.os_auth_url, token=opts.os_token, project_name=opts.os_project_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Token(auth_url=opts.os_auth_url, token=opts.os_token, tenant_name=opts.os_tenant_name) raise Exception('Unable to determine correct auth method, please provide' ' either username or token')
def remote_login(provider, idp_s_auth): sp_session = session.Session(verify=False) sp_u_auth = v3.Keystone2Keystone(idp_s_auth, provider.id) sp_u_auth_ref = sp_u_auth.get_access(sp_session) sp_u_client = client.Client(session=sp_session, auth=sp_u_auth) projects = sp_u_client.federation.projects.list() # As a shortcut just take the first one # Robust processing includes checking each project # to make sure user is authorized and project is # enabled sp_project = projects[0] sp_s_auth = v3.Token(sp_u_auth.auth_url, sp_u_auth_ref.auth_token, project_id=sp_project.id) sp_s_auth.get_access(sp_session) sp_s_client = client.Client(session=sp_session, auth=sp_s_auth) # Proof that it works! print("services on remote machine:") print(sp_s_client.services.list())
def _get_domain_session(token, domain_name=None): """ Return v3 session for token """ domain_name = domain_name or 'default' auth = v3.Token(auth_url=get_auth_url(), domain_id=domain_name, token=token) return session.Session(auth=auth, user_agent=USER_AGENT, verify=verify())
def _get_token_auth_ks_session(**kwargs): cacert = kwargs.pop('cacert', None) cert = kwargs.pop('cert', None) key = kwargs.pop('key', None) insecure = kwargs.pop('insecure', False) auth_url = kwargs.pop('auth_url', None) project_id = kwargs.pop('project_id', None) project_name = kwargs.pop('project_name', None) timeout = kwargs.get('timeout') token = kwargs['token'] if insecure: verify = False else: verify = cacert or True if cert and key: # passing cert and key together is deprecated in favour of the # requests lib form of having the cert and key as a tuple cert = (cert, key) # create the keystone client session ks_session = session.Session(verify=verify, cert=cert, timeout=timeout) v2_auth_url, v3_auth_url = _discover_auth_versions(ks_session, auth_url) user_domain_name = kwargs.pop('user_domain_name', None) user_domain_id = kwargs.pop('user_domain_id', None) project_domain_name = kwargs.pop('project_domain_name', None) project_domain_id = kwargs.pop('project_domain_id', None) auth = None use_domain = (user_domain_id or user_domain_name or project_domain_id or project_domain_name) use_v3 = v3_auth_url and (use_domain or (not v2_auth_url)) use_v2 = v2_auth_url and not use_domain if use_v3: auth = v3_auth.Token(v3_auth_url, token=token, project_name=project_name, project_id=project_id, project_domain_name=project_domain_name, project_domain_id=project_domain_id) elif use_v2: auth = v2_auth.Token(v2_auth_url, token=token, tenant_id=project_id, tenant_name=project_name) else: raise exc.CommandError('Unable to determine the Keystone version ' 'to authenticate with using the given ' 'auth_url.') ks_session.auth = auth return ks_session
def _get_session(token): """ Return v3 session for token """ auth_ref = get_appropriate_auth_ref(token) auth = v3.Token(auth_url=get_auth_url(), project_id=auth_ref.project_id, token=token) return session.Session(auth=auth, user_agent=USER_AGENT, verify=verify())
def url_for(self, **kwargs): def get_endpoint(): auth_plugin = self.context.auth_plugin return auth_plugin.get_endpoint(self._keystone_session, **kwargs) # NOTE(jamielennox): use the session defined by the keystoneclient # options as traditionally the token was always retrieved from # keystoneclient. try: kwargs.setdefault('interface', kwargs.pop('endpoint_type')) except KeyError: pass reg = self.context.region_name or cfg.CONF.region_name_for_services kwargs.setdefault('region_name', reg) try: url = get_endpoint() except exceptions.EmptyCatalog: kc = self.clients.client('keystone').client auth_plugin = self.context.auth_plugin endpoint = auth_plugin.get_endpoint(None, interface=auth.AUTH_INTERFACE) token = auth_plugin.get_token(None) project_id = auth_plugin.get_project_id(None) if kc.version == 'v3': token_obj = v3.Token(endpoint, token, project_id=project_id) catalog_key = 'catalog' access_key = 'token' elif kc.version == 'v2.0': endpoint = endpoint.replace('v3', 'v2.0') token_obj = v2.Token(endpoint, token, tenant_id=project_id) catalog_key = 'serviceCatalog' access_key = 'access' else: raise exceptions.Error(_("Unknown Keystone version")) auth_ref = token_obj.get_auth_ref(self._keystone_session) if catalog_key in auth_ref: cxt = self.context.to_dict() access_info = cxt['auth_token_info'][access_key] access_info[catalog_key] = auth_ref[catalog_key] self.context = context.RequestContext.from_dict(cxt) url = get_endpoint() # NOTE(jamielennox): raising exception maintains compatibility with # older keystoneclient service catalog searching. if url is None: raise exceptions.EndpointNotFound() return url
def _create_token_auth(self, project_id=None, token=None, url=None): if not token: token = self.data.federated_unscoped_access_info.auth_token if not url: url = settings.OPENSTACK_KEYSTONE_URL return auth_v3.Token(auth_url=url, token=token, project_id=project_id, reauthenticate=False)
def get_token_auth_plugin(auth_url, token, project_id=None): if get_keystone_version() >= 3: return v3_auth.Token(auth_url=auth_url, token=token, project_id=project_id, reauthenticate=False) else: return v2_auth.Token(auth_url=auth_url, token=token, tenant_id=project_id, reauthenticate=False)
def barbicanclient(request): project_id = request.user.project_id if keystone.get_version() < 3: auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL, request.user.token.id, tenant_id=project_id) else: domain_id = request.session.get('domain_context') auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL, request.user.token.id, project_id=project_id, project_domain_id=domain_id) return barbican_client.Client(session=session.Session(auth=auth))
def main(): auth_url = os.environ.get("OS_AUTH_URL") username = os.environ.get("OS_USERNAME") password = os.environ.get("OS_PASSWORD") domain = os.environ.get("OS_DOMAIN") or "Default" if auth_url is None or username is None or password is None: print("need to set env variables") return idp_session = session.Session(verify=False) # Get authorization plugin for unscoped password idp_u_auth = v3.Password(auth_url=auth_url, username=username, password=password, user_domain_name=domain) # Get idp unscoped token idp_u_auth_ref = idp_u_auth.get_access(idp_session) # Get unscoped client idp_u_client = client.Client(session=idp_session, auth=idp_u_auth) # Find projects idp_projects = idp_u_client.projects.list(user=idp_u_auth_ref.user_id) # As a shortcut just take the first one # Robust processing includes checking each project # to make sure user is authorized and project is # enabled idp_project = idp_projects[0] # Get a project scoped auth idp_s_auth = v3.Token(auth_url=auth_url, token=idp_u_auth_ref.auth_token, project_id=idp_project.id) # Get project scoped token idp_s_auth.get_access(idp_session) # Get project scoped client idp_s_client = client.Client(session=idp_session, auth=idp_s_auth) idp_manager = service_providers.ServiceProviderManager(idp_s_client) # Get a list of sp keystones for provider in idp_manager.list(): try: remote_login(provider, idp_s_auth) except Exception as e: print(e)
def test_authenticate_with_token(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v3.Token(self.TEST_URL, self.TEST_TOKEN) s = session.Session(auth=a) s.get_token() req = {'auth': {'identity': {'methods': ['token'], 'token': {'id': self.TEST_TOKEN}}}} self.assertRequestBodyIs(json=req) self.assertRequestHeaderEqual('Content-Type', 'application/json') self.assertRequestHeaderEqual('Accept', 'application/json') self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
def get_plugin(self, auth_url=None, token=None, project_id=None, **kwargs): if not all((auth_url, token)): return None if utils.get_keystone_version() >= 3: return v3_auth.Token(auth_url=auth_url, token=token, project_id=project_id, reauthenticate=False) else: return v2_auth.Token(auth_url=auth_url, token=token, tenant_id=project_id, reauthenticate=False)
def __init__(self, auth_url=None, user_data=None, username=None, password=None, user_domain_name=None, project_domain_name=None, project_name=None): # sanity check. Either token or user/pass pair is needed to continue if not (user_data or (username and password)): raise IllegalArgument("[TOTPOracle.__init__()]: One either of token or username/password are required") self.__auth_url = auth_url if user_data: self.__plugin = v3.Token(auth_url=self.__auth_url, token=user_data.token.id) else: self.__plugin = v3.Password(auth_url=self.__auth_url, username=username, password=password, user_domain_name=user_domain_name, project_domain_name=project_domain_name, project_name=project_name, reauthenticate=True)
def _get_auth_ref(token, project_name, domain_name='Default'): """ Return auth ref for the given token and project_name """ LOG.debug("Obtaining scoped keystone client with token, project %s", project_name) auth = v3.Token(auth_url=get_auth_url(), project_name=project_name, project_domain_name=domain_name, token=token) project_session = session.Session(auth=auth, verify=verify_https(), user_agent=USER_AGENT) # Trigger the generation of the new token project_session.get_auth_headers() return project_session.auth.auth_ref
def cueclient(request): cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) auth_url = getattr(settings, 'OPENSTACK_KEYSTONE_URL') auth_version = getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 2.0) if auth_version == 3: auth = v3.Token(auth_url, request.user.token.id, project_id=request.user.project_id, project_name=request.user.project_name) elif auth_version == 2 or auth_version == 2.0: auth = v2.Token(auth_url, request.user.token.id, tenant_id=request.user.tenant_id, tenant_name=request.user.tenant_name) session = ksc_session.Session(auth=auth, verify=cacert) return client.Client(session=session)
def get_appropriate_auth_ref(token): """ The incoming token does not indicate which project it is for. Therefore we find the appropriate project (normally one for which the token's user has admin privilege for) and return an auth_ref. The auth_ref can then be used to instantiate a Keystone object without requiring an additional round-trip to authenticate against keystone """ LOG.debug("Obtaining unscoped keystone client with token") auth = v3.Token(auth_url=get_auth_url(), token=token, unscoped=True) sess = session.Session(auth=auth, user_agent=USER_AGENT, verify=verify_https()) ks = ksclient3.Client(session=sess, user_agent=USER_AGENT) project_list = [t.name for t in ks.projects.list(user=sess.get_user_id())] auth_ref = _find_appropriate_project(token, project_list) # Verify that the user is a 'cloud admin', i.e. that they have the # admin role on the default domain. Domain roles are only valid in # keystone v3, so make sure to use an appropriate auth URL role_names = [] try: ks = ksclient3.Client(token=token, auth_url=get_auth_url(), domain_name='default', verify=verify_https()) role_names = ks.auth_ref.role_names except Exception: raise BllAuthenticationFailedException( "User is not authorized on the default domain") if 'admin' not in role_names: raise BllAuthenticationFailedException( "User is not an admin of the default domain") return auth_ref
def scoped_login_v3(protocol, host, port, token, project_id): LOGGER.info("Executing scoped_login_v3 with args : " + str(protocol) + "\t" + str(host) + "\t" + str(port) + "\t" + str(token) + "\t" + str(project_id)) try: url = protocol + "://" + host + ":" + port + "/v3" auth = v3.Token(auth_url=url, token=token, project_id=project_id) session = keystone_session.Session(auth=auth) connection = v3_client.Client(session=session) token = connection.session.get_token(auth) try: services = connection.services.list() except Exception as e: if 'You are not authorized to perform' in e.message: return {'client': connection, 'token': token} raise e endpoints = connection.endpoints.list(interface="public") endpoint_urls = [] for service in services: for endpoint in endpoints: if endpoint.service_id == service.id: endpoint_urls.append({ "endpoint_name": str(service.name), "endpoint_url": str(endpoint.url) }) break return { 'client': connection, 'token': token, 'endpoint_urls': endpoint_urls } except Exception as e: raise OpenstackException("Exception while performing scoped login : " + e.message, exception=e, logger=LOGGER)
def _get_keystone_session(**kwargs): # TODO(fabgia): the heavy lifting here should be really done by Keystone. # Unfortunately Keystone does not support a richer method to perform # discovery and return a single viable URL. A bug against Keystone has # been filed: https://bugs.launchpad.net/python-keystoneclient/+bug/1330677 # first create a Keystone session cacert = kwargs.pop('cacert', None) cert = kwargs.pop('cert', None) key = kwargs.pop('key', None) insecure = kwargs.pop('insecure', False) auth_url = kwargs.pop('auth_url', None) project_id = kwargs.pop('project_id', None) project_name = kwargs.pop('project_name', None) token = kwargs['token'] timeout = kwargs.get('timeout') if insecure: verify = False else: verify = cacert or True if cert and key: # passing cert and key together is deprecated in favour of the # requests lib form of having the cert and key as a tuple cert = (cert, key) # create the keystone client session ks_session = session.Session(verify=verify, cert=cert, timeout=timeout) v2_auth_url, v3_auth_url = _discover_auth_versions(ks_session, auth_url) username = kwargs.pop('username', None) user_id = kwargs.pop('user_id', None) user_domain_name = kwargs.pop('user_domain_name', None) user_domain_id = kwargs.pop('user_domain_id', None) project_domain_name = kwargs.pop('project_domain_name', None) project_domain_id = kwargs.pop('project_domain_id', None) auth = None use_domain = (user_domain_id or user_domain_name or project_domain_id or project_domain_name) use_v3 = v3_auth_url and (use_domain or (not v2_auth_url)) use_v2 = v2_auth_url and not use_domain if use_v3 and token: auth = v3_auth.Token(v3_auth_url, token=token, project_name=project_name, project_id=project_id, project_domain_name=project_domain_name, project_domain_id=project_domain_id) elif use_v2 and token: auth = v2_auth.Token(v2_auth_url, token=token, tenant_id=project_id, tenant_name=project_name) elif use_v3: # the auth_url as v3 specified # e.g. http://no.where:5000/v3 # Keystone will return only v3 as viable option auth = v3_auth.Password(v3_auth_url, username=username, password=kwargs.pop('password', None), user_id=user_id, user_domain_name=user_domain_name, user_domain_id=user_domain_id, project_name=project_name, project_id=project_id, project_domain_name=project_domain_name, project_domain_id=project_domain_id) elif use_v2: # the auth_url as v2 specified # e.g. http://no.where:5000/v2.0 # Keystone will return only v2 as viable option auth = v2_auth.Password(v2_auth_url, username, kwargs.pop('password', None), tenant_id=project_id, tenant_name=project_name) else: raise exc.CommandError('Unable to determine the Keystone version ' 'to authenticate with using the given ' 'auth_url.') ks_session.auth = auth return ks_session
def _authenticate(auth_url, username=None, password=None, user_domain_name='Default'): """Authenticate with keystone Creates an unscoped token using the given credentials (which validates them), and then uses that token to get a project-scoped token. """ unscoped_auth = v3.Password(auth_url, username=username, password=password, user_domain_name=user_domain_name, unscoped=True) session = ks_session.Session(user_agent=USER_AGENT, verify=not CONF.keystone_authtoken.insecure) try: # Trigger keystone to verify the credentials unscoped_auth_ref = unscoped_auth.get_access(session) except exc.connection.ConnectFailure as e: abort(503, str(e)) except exc.http.HttpError as e: abort(e.http_status, e.message) except exc.ClientException as e: abort(401, str(e)) except Exception as e: LOG.exception(e) abort(500, "Unable to authenticate") client = ks_client.Client(session=session, auth=unscoped_auth, user_agent=USER_AGENT) auth_url = unscoped_auth.auth_url projects = client.projects.list(user=unscoped_auth_ref.user_id) # Filter out disabled projects projects = [project for project in projects if project.enabled] # Prioritize the admin project by putting it at the beginning of the list for pos, project in enumerate(projects): if project.name == 'admin': projects.pop(pos) projects.insert(0, project) break # Return the first project token that we have the admin role on, otherwise # return the first project token we have any role on. fallback_auth_ref = None for project in projects: auth = v3.Token(auth_url=auth_url, token=unscoped_auth_ref.auth_token, project_id=project.id, reauthenticate=False) try: auth_ref = auth.get_access(session) if 'admin' in auth_ref.role_names: return { 'token': auth_ref.auth_token, 'expires': auth_ref.expires.isoformat() } elif not fallback_auth_ref: fallback_auth_ref = auth_ref except Exception as e: pass if fallback_auth_ref: return { 'token': fallback_auth_ref.auth_token, 'expires': fallback_auth_ref.expires.isoformat() } # TODO(gary): Consider as a secondary fallback to return a domain-scoped # token abort(403, "Not authorized for any project")
def displayInstance(self, datacenter, auth,instance): self.datacenter = datacenter self.auth = auth self.instance = instance current_dir = os.environ["HOME"] for key, value in self.auth.iteritems(): if key == 'token': token = value if key == 'username': username = value if key == 'project_name': project_name = value if key == 'region': region = value if key == 'project_domain_name': project_domain_name = value print('\n') print '- LOADING : ........ ', sys.stdout.flush() try: if region == 'SCL1': novaauth = v3.Token(auth_url='http://expostack.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name) if region == 'LA1': novaauth = v3.Token(auth_url='http://expostack-02.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name) novasession = session.Session(auth=novaauth) keystone = client.Client(session=novasession) nova = novaClient.Client('2', session=novasession) except(exceptions.AuthorizationFailure): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Unable to authenticate or validate the existing authorization token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(exceptions.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Authentication failed due to invalid token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 try: servers = nova.servers.list(search_opts={'all_tenants': 1}) except(exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(e.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(e.from_response): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter,username,prompt) print(prompt) return 1 try: for myNode in range(len(servers)): s = servers[myNode] if s.name.lstrip() == self.instance.strip(): instance_id = s.id break except(exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 try: display = nova.servers.get(instance_id) except(exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(IOError,IndexError,KeyError,NameError,OSError,RuntimeError,SyntaxError,IndentationError,TypeError,UnboundLocalError,ValueError): self.progress() print ' [DONE]' print('\n') error = '- Error: Instance Name : ' + self.instance + ' is Invalid. Please try Again.' prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(error) return 1 try: d = dumps(display._info, sort_keys=True, indent=4, separators=(',', ': ')) username = username.lower() chk = username.find('@') if chk != -1: storeusername = username.split('@') uname = storeusername[0] if chk == -1: uname = username fileName = self.random_with_N_digits(4) fopen = open(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName), 'w') fopen.write('[') fopen.write(d) fopen.write(']') fopen.close() userDisplay = prettytable.PrettyTable(["INSTANCE ID", "INSTANCE NAME", "IP ADDRESS", "STATUS"]) userDisplay.align["INSTANCE ID"] = "l" userDisplay.align["INSTANCE NAME"] = "l" userDisplay.align["IP ADDRESS"] = "l" userDisplay.align["STATUS"] = "l" userDisplay.padding_width = 1 fileSize = os.stat(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName)).st_size != 0 if fileSize: with open(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName), 'r') as f: data = load(f) j = 0 ipAddr = [] instance_id = [] instance_name = [] stat = [] for item in data: for key, value in item.items(): if key == 'addresses': for k, v in value.iteritems(): if type(k): for each in v: for column, row in each.items(): if column == 'addr': ipAddr.insert(j,row) if key == 'id': instance_id.insert(j,value) if key == 'name': instance_name.insert(j,value) if key == 'status': stat.insert(j,value) j = j + 1 for j,k,l,m in map(None,instance_id,instance_name,ipAddr,stat): userDisplay.add_row([j,k,l,m]) self.progress() print ' [DONE]' print('\n') print(userDisplay) fileToRemove = current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName) os.remove(fileToRemove) except(IOError,IndexError,KeyError,NameError,OSError,RuntimeError,SyntaxError,IndentationError,TypeError,UnboundLocalError,ValueError): prompt = '- Error: Unknown Error, Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 else: return 0
def create_plugin(self, session, version, url, raw_status=None): if _discover.version_match((2, ), version): return v2.Token(url, self._token, **self._v2_params) elif _discover.version_match((3, ), version): return v3.Token(url, self._token, **self._v3_params)
def _get_keystone_v3_auth(self, v3_auth_url, **kwargs): auth_token = kwargs.pop('auth_token', None) if auth_token: return v3_auth.Token(v3_auth_url, auth_token) else: return v3_auth.Password(v3_auth_url, **kwargs)
def expiryInstances(self,datacenter,auth,instance): self.datacenter = datacenter self.auth = auth self.instance = instance current_dir = os.environ["HOME"] if self.instance != 'list': print '- Error: Invalid Command, Please try again.' sys.exit() for key, value in self.auth.iteritems(): if key == 'token': token = value if key == 'id': userid = value if key == 'username': username = value if key == 'project_name': project_name = value if key == 'region': region = value if key == 'project_domain_name': project_domain_name = value print('\n') print '- LOADING : ........ ', sys.stdout.flush() try: if region == 'SCL1': novaauth = v3.Token(auth_url='http://expostack.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name) if region == 'LA1': novaauth = v3.Token(auth_url='http://expostack-02.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name) novasession = session.Session(auth=novaauth) keystone = client.Client(session=novasession) nova = novaClient.Client('2', session=novasession) except(exceptions.AuthorizationFailure): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Unable to authenticate or validate the existing authorization token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(exceptions.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = '- Error : Authentication failed due to invalid token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 userDisplay = prettytable.PrettyTable(["INSTANCE ID", "INSTANCE NAME", "IP ADDRESS", "STATUS", "LEASE", "LEASE TYPE","CREATED ON"]) userDisplay.align["INSTANCE ID"] = "l" userDisplay.align["INSTANCE NAME"] = "l" userDisplay.align["IP ADDRESS"] = "l" userDisplay.align["STATUS"] = "l" userDisplay.align["LEASE"] = "l" userDisplay.align["LEASE TYPE"] = "l" userDisplay.align["CREATED ON"] = "l" userDisplay.padding_width = 1 try: servers = nova.servers.list(search_opts={'all_tenants': 1}) except(exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(exceptions.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = '- Error : Authentication failed due to invalid token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(e.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter,username,prompt) print(prompt) return 1 except(e.from_response): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter,username,prompt) print(prompt) return 1 callLease = self.callExpiryTime(self.datacenter,username) if callLease != False: try: for myNode in range(len(servers)): s = servers[myNode] if userid == s.user_id: for key, value in s.addresses.iteritems(): for item in value: for hay,stack in item.iteritems(): if hay == 'addr': ip = stack for item in callLease: for key, value in item.items(): if key == 'hostname': node = value if key == 'ipaddress': ipaddr = value if key == 'leasedays': lease = value if key == 'requesttype': request = value if key == 'created_on': create = value if str(node.strip()) == str(s.name.strip()): server = str(node.strip()) ipadd = str(ip) userDisplay.add_row([s.id,server,ipadd,s.status,str(lease),str(request),str(create)]) self.progress() print ' [DONE]' print('\n') print(userDisplay) except(IOError,IndexError,KeyError,NameError,OSError,RuntimeError,SyntaxError,IndentationError,TypeError,UnboundLocalError,ValueError): self.progress() print ' [DONE]' print('\n') prompt = '- Error : Unknown Error Occured while fetching Lease for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1 else: prompt = '- Info : Lease Information fetch successful for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 0 else: self.progress() print ' [DONE]' print('\n') prompt = '- Error : Unknown Error Occured while fetching Lease for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter,username,prompt) print(prompt) return 1
def createInstance(self, datacenter, auth, **command): self.auth = auth self.datacenter = datacenter self.command = command current_dir = os.environ["HOME"] property_dict = None user_data = None for key, value in self.auth.iteritems(): if key == 'token': token = value if key == 'username': username = value if key == 'project_name': project_name = value if key == 'region': region = value if key == 'project_domain_name': project_domain_name = value print('\n') print '- LOADING : ........ ', sys.stdout.flush() try: if region == 'SCL1': novaauth = v3.Token( auth_url='http://expostack.tf-net.mydomain.com:35357/v3', token=token, project_name=project_name, project_domain_name=project_domain_name) if region == 'LA1': novaauth = v3.Token( auth_url='http://expostack-02.tf-net.mydomain.com:35357/v3', token=token, project_name=project_name, project_domain_name=project_domain_name) novasession = session.Session(auth=novaauth) keystone = client.Client(session=novasession) nova = novaClient.Client('2', session=novasession) except (exceptions.AuthorizationFailure): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Unable to authenticate or validate the existing authorization token for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 except (exceptions.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Authentication failed due to invalid token for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 for hay, stack in self.command.iteritems(): if hay == 'instanceName': instanceName = stack if hay == 'instances': instance = stack if hay == 'tag': tag = stack if hay == 'flavor': flv = stack if hay == 'image': image = stack if hay == 'lease': lease = stack if hay == 'user-data': user_data_file = stack if hay == 'property': property = stack if property: property_dict = dict() # assume kvp's separated by , for kvp in property.split(','): (k, v) = kvp.split('=') property_dict[k] = v if instance > 1: min_count = 1 max_count = instance if instance == 1: min_count = 1 max_count = 1 try: servers = nova.servers.list(search_opts={'all_tenants': 1}) except (e.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter, username, prompt) print(prompt) return 1 except (e.from_response): self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter, username, prompt) print(prompt) return 1 find = '<Server:' replace = '' listServer = [] createFiles = [] create = 0 ser = 0 exists = False myFile = '' p = 0 processNodes = [] hyfen = [] current_dir = os.environ["HOME"] chk = username.find('@') if chk != -1: storeusername = username.split('@') uname = storeusername[0] if chk == -1: uname = username try: for server in servers: host = re.sub(find, replace, str(server)) host = re.sub('>', '', str(host)) listServer.insert(ser, host) ser = ser + 1 findNode = instanceName.strip() findNode = findNode[2:] userDisplay = PrettyTable(["S.NO", "INSTANCE NAME"]) userDisplay.align["S.NO"] = "m" userDisplay.align["INSTANCE NAME"] = "m" userDisplay.padding_width = 20 id_inst = 1 for node in listServer: v = node.rfind('-') if v != -1: verifyNode = node[:v] verifyNode = verifyNode[3:] if verifyNode.strip() == findNode: userDisplay.add_row([id_inst, node]) hyfen.append(node) id_inst = id_inst + 1 if len(hyfen) > 0: print ' [DONE]' print('\n') print( "- Info: Instances with the same name exists, please try again." ) print(userDisplay) print('\n') return False except (IOError, IndexError, KeyError, NameError, OSError, RuntimeError, SyntaxError, IndentationError, TypeError, UnboundLocalError, ValueError): prompt = "- Error: Instances could not be found for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) return 1 try: img = nova.images.find(name=image) except (exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Image : " + image + " could not be found for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 try: fl = nova.flavors.find(name=flv) except (exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Flavor : " + flv + " could not be found for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 try: nets = nova.networks.list() except (exceptions.NotFound): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Network : " + nic + " could not be found for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 nics = list() # find nic to apply # [XXX] find a way to do it automatically itprojects = ['ITOps', 'IT LAB'] if project_name in itprojects: pseudo_project_name = 'Dev' else: pseudo_project_name = project_name for net in nets: proj = net.label.split('-')[0] if proj.lower() in pseudo_project_name.lower(): nics = [{'net-id': net.id}] if user_data_file: try: user_data = io.open(user_data_file) except IOError: self.progress() print ' [DONE]' print('\n') prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.' self.log(self.datacenter, username, prompt) print(prompt) return 1 try: initialize = nova.servers.create(name=instanceName, image=img, flavor=fl, min_count=min_count, max_count=max_count, nics=nics, userdata=user_data, meta=property_dict) if hasattr(user_data, 'close'): user_data.close() except (exceptions.Unauthorized): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Access denied, Please provide valid credentials for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 except (exceptions.BadRequest): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Supplied data is Invalid for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 except (exceptions.Conflict): self.progress() print ' [DONE]' print('\n') prompt = "- Info: Instance Name provided already exists for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 except (exceptions.Forbidden): self.progress() print ' [DONE]' print('\n') prompt = "- Error: Quota exceeded for instances for user: "******" at " + time.strftime( "%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.' self.log(self.datacenter, username, prompt) print(prompt) return 1 else: uname = uname.lower() path = current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname chkDir = os.path.dirname(path) if not os.path.exists(path): os.chdir(current_dir) os.mkdir('.' + self.datacenter) os.chdir('.' + self.datacenter) os.mkdir('.' + uname) if os.path.exists(chkDir): for myNode in range(int(max_count)): fileName = self.random_with_N_digits(4) fopen = open( current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName) + '.create', 'w') fopen.write('[') s = nova.servers.list()[myNode] d = dumps(s._info, sort_keys=True, indent=4, separators=(',', ': ')) fopen.write(d) fopen.write(']') fopen.close() processNodes.insert(p, s) p = p + 1 hold = Base(object) hold.hold_server(processNodes) userDisplay = PrettyTable(["ID", "INSTANCE NAME", "STATUS"]) userDisplay.align["ID"] = "l" userDisplay.align["INSTANCE NAME"] = "l" userDisplay.align["STATUS"] = "l" userDisplay.padding_width = 1 current_dir = current_dir = os.environ["HOME"] for file in os.listdir(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname): if file.endswith(".create"): createFiles.insert(create, file) create = create + 1 for c in createFiles: fileSize = os.stat(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + c).st_size != 0 if fileSize: with open( current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + c, 'r') as f: data = load(f) for item in data: for key, value in item.items(): if key == 'id': instance_id = value if key == 'name': instances = value if key == 'status': instance_s = value userDisplay.add_row( [instance_id, instances, instance_s]) self.progress() print ' [DONE]' print('\n') print(userDisplay) leaseRegion = self.datacenter self.addLease(leaseRegion, lease, username, fl, instances) return data
def __init__(self, token=None, url=None, auth_url=None, domain_id=None, domain_name=None, project_name=None, project_id=None, username=None, password=None, user_domain_id=None, user_domain_name=None, project_domain_id=None, project_domain_name=None, region_name=None, api_version=None, verify=True, trust_id=None, timing=None): self._token = token self._url = url self._auth_url = auth_url self._domain_id = domain_id self._domain_name = domain_name self._project_name = project_name self._project_id = project_id self._username = username self._password = password self._user_domain_id = user_domain_id self._user_domain_name = user_domain_name self._project_domain_id = project_domain_id self._project_domain_name = project_domain_name self._region_name = region_name self._api_version = api_version self._trust_id = trust_id self._service_catalog = None self.timing = timing # verify is the Requests-compatible form self._verify = verify # also store in the form used by the legacy client libs self._cacert = None if verify is True or verify is False: self._insecure = not verify else: self._cacert = verify self._insecure = False ver_prefix = identity_client.AUTH_VERSIONS[ self._api_version[identity_client.API_NAME] ] # Get logging from root logger root_logger = logging.getLogger('') LOG.setLevel(root_logger.getEffectiveLevel()) # NOTE(dtroyer): These plugins are hard-coded for the first step # in using the new Keystone auth plugins. if self._url: LOG.debug('Using token auth %s', ver_prefix) if ver_prefix == 'v2': self.auth = v2_auth.Token( auth_url=url, token=token, ) else: self.auth = v3_auth.Token( auth_url=url, token=token, ) else: LOG.debug('Using password auth %s', ver_prefix) if ver_prefix == 'v2': self.auth = v2_auth.Password( auth_url=auth_url, username=username, password=password, trust_id=trust_id, tenant_id=project_id, tenant_name=project_name, ) else: self.auth = v3_auth.Password( auth_url=auth_url, username=username, password=password, trust_id=trust_id, user_domain_id=user_domain_id, user_domain_name=user_domain_name, domain_id=domain_id, domain_name=domain_name, project_id=project_id, project_name=project_name, project_domain_id=project_domain_id, project_domain_name=project_domain_name, ) self.session = session.Session( auth=self.auth, verify=verify, ) self.auth_ref = None if not self._url: # Trigger the auth call self.auth_ref = self.session.auth.get_auth_ref(self.session) # Populate other password flow attributes self._token = self.session.auth.get_token(self.session) self._service_catalog = self.auth_ref.service_catalog return