def get_cinder_client(cls, region, service_name=None, endpoint=None,
endpoint_type='publicURL', insecure=False,
cacert=None):
"""Create cinder client object.
:param region: The region of the service
:param service_name: The name of the cinder service in the catalog
:param endpoint: The endpoint of the service
:param endpoint_type: The endpoint type of the service
:param insecure: Turn off certificate validation
:param cacert: CA Cert file path
:return: a Cinder Client object
:raise Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.cinder_client:
kwargs = {'region_name': region,
'session': ksession.get_session(),
'interface': endpoint_type}
if service_name:
kwargs['service_name'] = service_name
if endpoint:
kwargs['endpoint'] = endpoint
if endpoint.startwith("https"):
kwargs['insecure'] = insecure
kwargs['cacert'] = cacert
try:
cls.cinder_client = cinder_client.Client(
CINDER_VERSION, **kwargs
)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception("Error creating Cinder client.")
return cls.cinder_client
def get_user_neutron_client(cls, context):
"""Get neutron client for request user.
It's possible that the token in the context is a trust scoped
which can't be used to initialize a keystone session.
We directly use the token and endpoint_url to initialize neutron
client.
"""
neutron_endpoint = CONF.neutron.endpoint
if not neutron_endpoint:
session = keystone.KeystoneSession().get_session()
endpoint_data = session.get_endpoint_data(
service_type='network',
interface=CONF.neutron.endpoint_type,
region_name=CONF.neutron.region_name)
neutron_endpoint = endpoint_data.catalog_url
kwargs = {
'token': context.auth_token,
'endpoint_url': neutron_endpoint,
'insecure': CONF.neutron.insecure,
'ca_cert': CONF.neutron.ca_certificates_file
}
return neutron_client.Client(NEUTRON_VERSION, **kwargs)
def get_neutron_client(cls, region, service_name=None, endpoint=None,
endpoint_type='publicURL', insecure=False,
ca_cert=None):
"""Create neutron client object.
:param region: The region of the service
:param service_name: The name of the neutron service in the catalog
:param endpoint: The endpoint of the service
:param endpoint_type: The endpoint_type of the service
:param insecure: Turn off certificate validation
:param ca_cert: CA Cert file path
:return: a Neutron Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.neutron_client:
kwargs = {'region_name': region,
'session': ksession.get_session(),
'endpoint_type': endpoint_type,
'insecure': insecure}
if service_name:
kwargs['service_name'] = service_name
if endpoint:
kwargs['endpoint_override'] = endpoint
if ca_cert:
kwargs['ca_cert'] = ca_cert
try:
cls.neutron_client = neutron_client.Client(
NEUTRON_VERSION, **kwargs)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception("Error creating Neutron client.")
return cls.neutron_client
def get_parent_project(project_id):
key_session = keystone.KeystoneSession().get_session()
key_client = keystone_client.Client(session=key_session)
try:
project = key_client.projects.get(project_id)
return project.parent_id
except keystone_exception.NotFound:
return None
def revoke_secret_access(cls, context, ref):
# get a normal session
ksession = keystone.KeystoneSession()
user_id = ksession.get_service_user_id()
# use barbican client to set the ACLs
bc = cls.get_barbican_client_user_auth(context)
acl = bc.acls.get(ref)
read_oper = acl.get('read')
if user_id in read_oper.users:
read_oper.users.remove(user_id)
acl.submit()
def get_barbican_client(cls, project_id=None):
if not cls._barbican_client:
try:
ksession = keystone.KeystoneSession()
cls._barbican_client = barbican_client.Client(
session=ksession.get_session(),
region_name=CONF.certificates.region_name,
interface=CONF.certificates.endpoint_type)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception("Error creating Barbican client")
return cls._barbican_client
def get_barbican_client_user_auth(cls, context):
# get a normal session
ksession = keystone.KeystoneSession()
service_auth = ksession.get_auth()
# make our own auth and swap it in
user_auth = token.Token(auth_url=service_auth.auth_url,
token=context.auth_token,
project_id=context.project_id)
user_session = session.Session(auth=user_auth)
# create a special barbican client with our user's session
return barbican_client.Client(session=user_session)
def get_user_neutron_client(cls, context):
# get a normal session
ksession = keystone.KeystoneSession()
service_auth = ksession.get_auth()
# make user auth and swap it in session
user_auth = token.Token(auth_url=service_auth.auth_url,
token=context.auth_token,
project_id=context.project_id)
user_session = session.Session(auth=user_auth)
kwargs = {
'session': user_session,
'region_name': CONF.neutron.region_name,
'endpoint_type': CONF.neutron.endpoint_type,
'service_name': CONF.neutron.service_name,
'insecure': CONF.neutron.insecure,
'ca_cert': CONF.neutron.ca_certificates_file
}
if CONF.neutron.endpoint:
kwargs['endpoint_override'] = CONF.neutron.endpoint
# create neutron client using user's session
return neutron_client.Client(NEUTRON_VERSION, **kwargs)
def get_parent_project(project_id):
key_session = keystone.KeystoneSession().get_session()
key_client = keystone_client.Client(session=key_session)
project = key_client.projects.get(project_id)
if project.parent_id != 'default':
return project.parent_id
