def create_context(trust_id, project_id):
"""Creates Mistral security context.
:param trust_id: Trust Id.
:param project_id: Project Id.
:return: Mistral security context.
"""
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(trust_id)
return auth_ctx.MistralContext(
user_id=client.user_id,
project_id=project_id,
auth_token=client.auth_token,
is_trust_scoped=True,
trust_id=trust_id,
)
return auth_ctx.MistralContext(
user_id=None,
project_id=None,
auth_token=None,
is_admin=True
)
def create_context(trust_id, project_id):
"""Creates Mistral security context.
:param trust_id: Trust Id.
:param project_id: Project Id.
:return: Mistral security context.
"""
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(trust_id)
if client.session:
# Method get_token is deprecated, using get_auth_headers.
token = client.session.get_auth_headers().get('X-Auth-Token')
user_id = client.session.get_user_id()
else:
token = client.auth_token
user_id = client.user_id
return auth_ctx.MistralContext(
user=user_id,
tenant=project_id,
auth_token=token,
is_trust_scoped=True,
trust_id=trust_id,
)
return auth_ctx.MistralContext(
user=None,
tenant=None,
auth_token=None,
is_admin=True
)
def create_context(trust_id, project_id):
"""Creates Mistral security context.
:param trust_id: Trust Id.
:param project_id: Project Id.
:return: Mistral security context.
"""
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(trust_id)
return auth_ctx.MistralContext(
user_id=client.user_id,
project_id=project_id,
auth_token=client.auth_token,
is_trust_scoped=True,
trust_id=trust_id,
)
return auth_ctx.MistralContext(
user_id=None,
project_id=None,
auth_token=None,
is_admin=True
)
def create_context(workbook):
if 'trust_id' not in workbook:
return
admin_user = CONF.keystone.admin_user
admin_password = CONF.keystone.admin_password
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(
admin_user,
admin_password,
trust_id=workbook['trust_id'],
project_id=workbook['project_id'])
return context.MistralContext(
user_id=client.user_id,
project_id=workbook['project_id'],
auth_token=client.auth_token
)
else:
return context.MistralContext(
user_id=None,
project_id=None,
auth_token=None
)
def create_context(trust_id, project_id):
"""Creates Mistral security context.
:param trust_id: Trust Id.
:param project_id: Project Id.
:return: Mistral security context.
"""
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(trust_id)
if client.session:
# Method get_token is deprecated, using get_auth_headers.
token = client.session.get_auth_headers().get('X-Auth-Token')
user_id = client.session.get_user_id()
else:
token = client.auth_token
user_id = client.user_id
return auth_ctx.MistralContext(
user=user_id,
tenant=project_id,
auth_token=token,
is_trust_scoped=True,
trust_id=trust_id,
)
return auth_ctx.MistralContext(user=None,
tenant=None,
auth_token=None,
is_admin=True)
def delete_trust(trust_id):
if not trust_id:
return
keystone_client = keystone.client_for_trusts(trust_id)
try:
keystone_client.trusts.delete(trust_id)
except Exception as e:
LOG.warning("Failed to delete trust [id=%s]: %s" % (trust_id, e))
def delete_trust(workbook):
if 'trust_id' not in workbook:
return
admin_user = CONF.keystone.admin_user
admin_password = CONF.keystone.admin_password
keystone_client = keystone.client_for_trusts(
admin_user,
admin_password,
workbook.trust_id)
keystone_client.trusts.delete(workbook.trust_id)
def create_context(workbook):
if 'trust_id' not in workbook:
return
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(workbook['trust_id'])
return context.MistralContext(user_id=client.user_id,
project_id=workbook['project_id'],
auth_token=client.auth_token)
else:
return context.MistralContext(user_id=None,
project_id=None,
auth_token=None)
def delete_trust(trust_id=None):
if not trust_id:
# Try to retrieve trust from context.
if auth_ctx.has_ctx():
trust_id = auth_ctx.ctx().trust_id
if not trust_id:
return
keystone_client = keystone.client_for_trusts(trust_id)
try:
keystone_client.trusts.delete(trust_id)
except Exception as e:
LOG.warning("Failed to delete trust [id=%s]: %s", trust_id, e)
def delete_trust(trust_id=None):
if not trust_id:
# Try to retrieve trust from context.
if auth_ctx.has_ctx():
trust_id = auth_ctx.ctx().trust_id
if not trust_id:
return
keystone_client = keystone.client_for_trusts(trust_id)
try:
keystone_client.trusts.delete(trust_id)
except Exception as e:
LOG.warning("Failed to delete trust [id=%s]: %s", trust_id, e)
def delete_trust(trust_id):
if not trust_id:
return
ctx = auth_ctx.ctx()
# If this trust is already in the context then it means that
# context already has trust scoped token from exactly this trust_id.
# So we don't need request the token from the trust one more time.
if ctx.is_trust_scoped and ctx.trust_id == trust_id:
keystone_client = keystone.client()
else:
keystone_client = keystone.client_for_trusts(trust_id)
try:
keystone_client.trusts.delete(trust_id)
except Exception as e:
LOG.warning("Failed to delete trust [id=%s]: %s" % (trust_id, e))
def create_trust(workbook):
client = keystone.client()
ctx = context.ctx()
admin_user = CONF.keystone.admin_user
admin_password = CONF.keystone.admin_password
admin_tenant_name = CONF.keystone.admin_tenant_name
trustee_id = keystone.client_for_trusts(
admin_user,
admin_password,
project_name=admin_tenant_name).user_id
trust = client.trusts.create(trustor_user=client.user_id,
trustee_user=trustee_id,
impersonation=True,
role_names=ctx['roles'],
project=ctx['project_id'])
return db_api.workbook_update(workbook['name'],
{'trust_id': trust.id,
'project_id': ctx['project_id']})
def delete_trust(workbook):
if 'trust_id' not in workbook:
return
keystone_client = keystone.client_for_trusts(workbook['trust_id'])
keystone_client.trusts.delete(workbook.trust_id)
def delete_trust(workbook):
if not workbook.trust_id:
return
keystone_client = keystone.client_for_trusts(workbook.trust_id)
keystone_client.trusts.delete(workbook.trust_id)
def delete_trust(workbook):
if not workbook.trust_id:
return
keystone_client = keystone.client_for_trusts(workbook.trust_id)
keystone_client.trusts.delete(workbook.trust_id)
def delete_trust(workbook):
if 'trust_id' not in workbook:
return
keystone_client = keystone.client_for_trusts(workbook['trust_id'])
keystone_client.trusts.delete(workbook.trust_id)