def _keystone_session(self):
# FIXME(jamielennox): This session object is essentially static as the
# options won't change. Further it is allowed to be shared by multiple
# authentication requests so there is no reason to construct it fresh
# for every client plugin. It should be global and shared amongst them.
if not self._keystone_session_obj:
self._keystone_session_obj = session.Session(
**config.get_ssl_options('keystone'))
return self._keystone_session_obj
def _keystone_session(self):
# FIXME(jamielennox): This session object is essentially static as the
# options won't change. Further it is allowed to be shared by multiple
# authentication requests so there is no reason to construct it fresh
# for every client plugin. It should be global and shared amongst them.
if not self._keystone_session_obj:
self._keystone_session_obj = session.Session(
**config.get_ssl_options('keystone'))
return self._keystone_session_obj
def __init__(self, username=None, password=None, aws_creds=None,
auth_url=None, roles=None, is_admin=None, read_only=False,
show_deleted=False, overwrite=True, trust_id=None,
trustor_user_id=None, request_id=None, auth_token_info=None,
region_name=None, auth_plugin=None, trusts_auth_plugin=None,
user_domain_id=None, project_domain_id=None,
project_name=None, **kwargs):
"""Initialisation of the request context.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
if user_domain_id:
kwargs['user_domain'] = user_domain_id
if project_domain_id:
kwargs['project_domain'] = project_domain_id
super(RequestContext, self).__init__(is_admin=is_admin,
read_only=read_only,
show_deleted=show_deleted,
request_id=request_id,
roles=roles,
overwrite=overwrite,
**kwargs)
self.username = username
self.password = password
self.region_name = region_name
self.aws_creds = aws_creds
self.project_name = project_name
self.auth_token_info = auth_token_info
self.auth_url = auth_url
self._session = None
self._clients = None
self._keystone_session = session.Session(
**config.get_ssl_options('keystone'))
self.trust_id = trust_id
self.trustor_user_id = trustor_user_id
self.policy = policy.Enforcer()
self._auth_plugin = auth_plugin
self._trusts_auth_plugin = trusts_auth_plugin
if is_admin is None:
self.is_admin = self.policy.check_is_admin(self)
else:
self.is_admin = is_admin
# context scoped cache dict where the key is a class of the type of
# object being cached and the value is the cache implementation class
self._object_cache = {}
def get_auth_uri(v3=True):
# Look for the keystone auth_uri in the configuration. First we
# check the [clients_keystone] section, and if it is not set we
# look in [keystone_authtoken]
if cfg.CONF.clients_keystone.auth_uri:
session = ks_session.Session(**config.get_ssl_options('keystone'))
discover = ks_discover.Discover(session=session,
url=cfg.CONF.clients_keystone.auth_uri)
return discover.url_for('3.0')
else:
# Import auth_token to have keystone_authtoken settings setup.
importutils.import_module('keystonemiddleware.auth_token')
auth_uri = cfg.CONF.keystone_authtoken.www_authenticate_uri
return auth_uri.replace('v2.0', 'v3') if auth_uri and v3 else auth_uri
def __init__(self, username=None, password=None, aws_creds=None,
auth_url=None, roles=None, is_admin=None, read_only=False,
show_deleted=False, overwrite=True, trust_id=None,
trustor_user_id=None, request_id=None, auth_token_info=None,
region_name=None, auth_plugin=None, trusts_auth_plugin=None,
user_domain_id=None, project_domain_id=None,
project_name=None, **kwargs):
"""Initialisation of the request context.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
if user_domain_id:
kwargs['user_domain'] = user_domain_id
if project_domain_id:
kwargs['project_domain'] = project_domain_id
super(RequestContext, self).__init__(is_admin=is_admin,
read_only=read_only,
show_deleted=show_deleted,
request_id=request_id,
roles=roles,
overwrite=overwrite,
**kwargs)
self.username = username
self.password = password
self.region_name = region_name
self.aws_creds = aws_creds
self.project_name = project_name
self.auth_token_info = auth_token_info
self.auth_url = auth_url
self._session = None
self._clients = None
self._keystone_session = session.Session(
**config.get_ssl_options('keystone'))
self.trust_id = trust_id
self.trustor_user_id = trustor_user_id
self.policy = policy.Enforcer()
self._auth_plugin = auth_plugin
self._trusts_auth_plugin = trusts_auth_plugin
if is_admin is None:
self.is_admin = self.policy.check_is_admin(self)
else:
self.is_admin = is_admin
# context scoped cache dict where the key is a class of the type of
# object being cached and the value is the cache implementation class
self._object_cache = {}
def setUp(self):
self.credential = (
'{"auth_type": "v3applicationcredential", '
'"auth": {"auth_url": "http://192.168.1.101/identity/v3", '
'"application_credential_id": '
'"9dfa187e5a354484bf9c49a2b674333a", '
'"application_credential_secret": "sec"} }')
self.m_plugin = mock.Mock()
self.m_loader = self.patchobject(ks_loading,
'get_plugin_loader',
return_value=self.m_plugin)
self.patchobject(policy.Enforcer, 'check_is_admin')
self.secret_id = '0eca0615-c330-41aa-b0cb-a2493a770409'
self.session = session.Session(**config.get_ssl_options('keystone'))
super(TestAuthPlugin, self).setUp()
def get_auth_uri(v3=True):
# Look for the keystone auth_uri in the configuration. First we
# check the [clients_keystone] section, and if it is not set we
# look in [keystone_authtoken]
if cfg.CONF.clients_keystone.auth_uri:
session = ks_session.Session(**config.get_ssl_options('keystone'))
discover = ks_discover.Discover(
session=session,
url=cfg.CONF.clients_keystone.auth_uri)
return discover.url_for('3.0')
else:
# Import auth_token to have keystone_authtoken settings setup.
importutils.import_module('keystonemiddleware.auth_token')
auth_uri = cfg.CONF.keystone_authtoken.www_authenticate_uri
return auth_uri.replace('v2.0', 'v3') if auth_uri and v3 else auth_uri
def setUp(self):
self.credential = (
'{"auth_type": "v3applicationcredential", '
'"auth": {"auth_url": "http://192.168.1.101/identity/v3", '
'"application_credential_id": '
'"9dfa187e5a354484bf9c49a2b674333a", '
'"application_credential_secret": "sec"} }')
self.m_plugin = mock.Mock()
self.m_loader = self.patchobject(
ks_loading, 'get_plugin_loader', return_value=self.m_plugin)
self.patchobject(policy.Enforcer, 'check_is_admin')
self.secret_id = '0eca0615-c330-41aa-b0cb-a2493a770409'
self.session = session.Session(
**config.get_ssl_options('keystone'))
super(TestAuthPlugin, self).setUp()
def __init__(self, context):
# If a trust_id is specified in the context, we immediately
# authenticate so we can populate the context with a trust token
# otherwise, we delay client authentication until needed to avoid
# unnecessary calls to keystone.
#
# Note that when you obtain a token using a trust, it cannot be
# used to reauthenticate and get another token, so we have to
# get a new trust-token even if context.auth_token is set.
#
# - context.auth_url is expected to contain a versioned keystone
# path, we will work with either a v2.0 or v3 path
self._context = weakref.ref(context)
self._client = None
self._admin_auth = None
self._domain_admin_auth = None
self._domain_admin_client = None
self.session = session.Session(**config.get_ssl_options('keystone'))
self.v3_endpoint = self.context.keystone_v3_endpoint
if self.context.trust_id:
# Create a client with the specified trust_id, this
# populates self.context.auth_token with a trust-scoped token
self._client = self._v3_client_init()
# The stack domain user ID should be set in heat.conf
# It can be created via python-openstackclient
# openstack --os-identity-api-version=3 domain create heat
# If the domain is specified, then you must specify a domain
# admin user. If no domain is specified, we fall back to
# legacy behavior with warnings.
self._stack_domain_id = cfg.CONF.stack_user_domain_id
self.stack_domain_name = cfg.CONF.stack_user_domain_name
self.domain_admin_user = cfg.CONF.stack_domain_admin
self.domain_admin_password = cfg.CONF.stack_domain_admin_password
LOG.debug('Using stack domain %s' % self.stack_domain)
def __init__(self, context):
# If a trust_id is specified in the context, we immediately
# authenticate so we can populate the context with a trust token
# otherwise, we delay client authentication until needed to avoid
# unnecessary calls to keystone.
#
# Note that when you obtain a token using a trust, it cannot be
# used to reauthenticate and get another token, so we have to
# get a new trust-token even if context.auth_token is set.
#
# - context.auth_url is expected to contain a versioned keystone
# path, we will work with either a v2.0 or v3 path
self._context = weakref.ref(context)
self._client = None
self._admin_auth = None
self._domain_admin_auth = None
self._domain_admin_client = None
self.session = session.Session(**config.get_ssl_options('keystone'))
self.v3_endpoint = self.context.keystone_v3_endpoint
if self.context.trust_id:
# Create a client with the specified trust_id, this
# populates self.context.auth_token with a trust-scoped token
self._client = self._v3_client_init()
# The stack domain user ID should be set in heat.conf
# It can be created via python-openstackclient
# openstack --os-identity-api-version=3 domain create heat
# If the domain is specified, then you must specify a domain
# admin user. If no domain is specified, we fall back to
# legacy behavior with warnings.
self._stack_domain_id = cfg.CONF.stack_user_domain_id
self.stack_domain_name = cfg.CONF.stack_user_domain_name
self.domain_admin_user = cfg.CONF.stack_domain_admin
self.domain_admin_password = cfg.CONF.stack_domain_admin_password
LOG.debug('Using stack domain %s' % self.stack_domain)
def __init__(self, app, conf):
self.app = app
self.conf = conf
self.session = session.Session(**config.get_ssl_options('keystone'))
def __init__(self, app, conf):
self.app = app
self.conf = conf
self.session = session.Session(**config.get_ssl_options('keystone'))
