def test_service_catalog_regions(self):
sc = service_catalog.ServiceCatalog(SERVICE_CATALOG['access'],
region_name="North")
url = sc.url_for(service_type='image', endpoint_type='publicURL')
self.assertEquals(url, "https://image.north.host/v1/")
sc = service_catalog.ServiceCatalog(SERVICE_CATALOG['access'],
region_name="South")
url = sc.url_for(service_type='image', endpoint_type='internalURL')
self.assertEquals(url, "https://image-internal.south.host/v1/")
def _extract_service_catalog(self, url, body):
""" Set the client's service catalog from the response data. """
self.service_catalog = service_catalog.ServiceCatalog(body)
try:
sc = self.service_catalog.get_token()
self.auth_token = sc['id']
# Save these since we have them and they'll be useful later
self.auth_tenant_id = sc.get('tenant_id')
self.auth_user_id = sc.get('user_id')
except KeyError:
raise exceptions.AuthorizationFailure()
# FIXME(ja): we should be lazy about setting managment_url.
# in fact we should rewrite the client to support the service
# catalog (api calls should be directable to any endpoints)
try:
self.management_url = self.service_catalog.url_for(
attr='region',
filter_value=self.region_name,
endpoint_type='adminURL')
except exceptions.EmptyCatalog:
# Unscoped tokens don't return a service catalog;
# allow those to pass while any other errors bubble up.
pass
except exceptions.EndpointNotFound:
# the client shouldn't expect the authenticating user to
# be authorized to view adminURL's, nor expect the identity
# endpoint to publish one
pass
def token_create_scoped(request, tenant, token):
'''
Creates a scoped token using the tenant id and unscoped token; retrieves
the service catalog for the given tenant.
'''
if hasattr(request, '_keystone'):
del request._keystone
c = keystoneclient(request,
tenant_id=tenant,
token_id=token,
endpoint=_get_endpoint_url(request, 'internalURL'))
raw_token = c.tokens.authenticate(tenant_id=tenant,
token=token,
return_raw=True)
c.service_catalog = service_catalog.ServiceCatalog(raw_token)
if request.user.is_admin():
c.management_url = c.service_catalog.url_for(service_type='identity',
endpoint_type='adminURL')
else:
endpoint_type = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE',
'internalURL')
c.management_url = c.service_catalog.url_for(
service_type='identity', endpoint_type=endpoint_type)
scoped_token = tokens.Token(tokens.TokenManager, raw_token)
return scoped_token
def _extract_service_catalog(self, url, body):
""" Set the client's service catalog from the response data. """
self.service_catalog = service_catalog.ServiceCatalog(body)
try:
sc = self.service_catalog.get_token()
self.auth_token = sc['id']
# Save these since we have them and they'll be useful later
# NOTE(termie): these used to be in the token and then were removed
# ... why?
self.auth_tenant_id = sc.get('tenant_id')
self.auth_user_id = sc.get('user_id')
except KeyError:
raise exceptions.AuthorizationFailure()
# FIXME(ja): we should be lazy about setting managment_url.
# in fact we should rewrite the client to support the service
# catalog (api calls should be directable to any endpoints)
try:
self.management_url = self.service_catalog.url_for(
attr='region',
filter_value=self.region_name,
endpoint_type='adminURL')
except:
# Unscoped tokens don't return a service catalog
_logger.exception("unable to retrieve service catalog with token")
def test_service_catalog_endpoints(self):
sc = service_catalog.ServiceCatalog(SERVICE_CATALOG['access'])
public_ep = sc.get_endpoints(service_type='compute',
endpoint_type='publicURL')
self.assertEquals(public_ep['compute'][1]['tenantId'], '2')
self.assertEquals(public_ep['compute'][1]['versionId'], '1.1')
self.assertEquals(public_ep['compute'][1]['internalURL'],
"https://compute.north.host/v1.1/3456")
def _extract_service_catalog(self, url, body):
""" Set the client's service catalog from the response data. """
self.service_catalog = service_catalog.ServiceCatalog(body)
try:
sc = self.service_catalog.get_token()
# Save these since we have them and they'll be useful later
self.auth_tenant_id = sc.get('tenant_id')
self.auth_user_id = sc.get('user_id')
except KeyError:
raise exceptions.AuthorizationFailure()
def test_token(self):
sc = service_catalog.ServiceCatalog(SERVICE_CATALOG['access'])
self.assertEquals(sc.get_token(), {
'id': 'ab48a9efdfedb23ty3494',
'tenant_id': '345',
'user_id': '123',
'expires': '2010-11-01T03:32:15-05:00'})
self.assertEquals(sc.catalog['token']['expires'],
"2010-11-01T03:32:15-05:00")
self.assertEquals(sc.catalog['token']['tenant']['id'], '345')
def test_building_a_service_catalog(self):
sc = service_catalog.ServiceCatalog(SERVICE_CATALOG['access'])
self.assertEquals(sc.url_for(service_type='compute'),
"https://compute.north.host/v1/1234")
self.assertEquals(sc.url_for('tenantId', '1', service_type='compute'),
"https://compute.north.host/v1/1234")
self.assertEquals(sc.url_for('tenantId', '2', service_type='compute'),
"https://compute.north.host/v1.1/3456")
self.assertRaises(exceptions.EndpointNotFound,
sc.url_for, "region", "South", service_type='compute')
def _extract_service_catalog(self, url, body):
""" Set the client's service catalog from the response data. """
self.service_catalog = service_catalog.ServiceCatalog(body)
try:
self.auth_token = self.service_catalog.get_token()
except KeyError:
raise exceptions.AuthorizationFailure()
if self.project_id:
# Unscoped tokens don't return a service catalog
self.management_url = self.service_catalog.url_for(
attr='region', filter_value=self.region_name)
return self.service_catalog
def _extract_service_catalog(self, url, body):
""" Set the client's service catalog from the response data. """
self.service_catalog = service_catalog.ServiceCatalog(body)
try:
self.auth_token = self.service_catalog.get_token()
except KeyError:
raise exceptions.AuthorizationFailure()
# FIXME(ja): we should be lazy about setting managment_url.
# in fact we should rewrite the client to support the service
# catalog (api calls should be directable to any endpoints)
try:
self.management_url = self.service_catalog.url_for(
attr='region',
filter_value=self.region_name,
endpoint_type='adminURL')
except:
# Unscoped tokens don't return a service catalog
_logger.exception("unable to retrieve service catalog with token")
def token_create_scoped(request, tenant, token):
'''
Creates a scoped token using the tenant id and unscoped token; retrieves
the service catalog for the given tenant.
'''
if hasattr(request, '_keystone'):
del request._keystone
c = keystoneclient(request, tenant_id=tenant, token_id=token,
endpoint=settings.OPENSTACK_KEYSTONE_URL)
raw_token = c.tokens.authenticate(tenant=tenant,
token=token,
return_raw=True)
c.service_catalog = service_catalog.ServiceCatalog(raw_token)
if request.user.is_admin():
c.management_url = c.service_catalog.url_for(service_type='identity',
endpoint_type='adminURL')
else:
c.management_url = c.service_catalog.url_for(service_type='identity',
endpoint_type='publicURL')
scoped_token = tokens.Token(tokens.TokenManager, raw_token)
return Token(scoped_token)
def novaclient(cred):
if cred.get("token", None) and cred.get("tenant_id", None):
token = cred["token"]
tenant_id = cred["tenant_id"]
else:
# Create scoped token for admin.
unscoped_token = token_create(cred['username'], cred['password'])
tenants = tenant_list_for_token(unscoped_token.id)
tenant_id = tenants[0].id
token = token_create(cred['username'], cred['password'], tenant_id)
# Get service catalog
catalog = service_catalog.ServiceCatalog(token)
s_catalog = catalog.catalog.serviceCatalog
management_url = url_for(s_catalog, 'compute')
c = nova_client.Client(cred['username'],
token.id,
tenant_id,
management_url)
c.client.auth_token = token.id
c.client.management_url = management_url
return c
def __init__(self, *args, **kwargs):
super(AccessInfo, self).__init__(*args, **kwargs)
self.service_catalog = service_catalog.ServiceCatalog(
resource_dict=self, region_name=self.get('region_name'))
