def test_password_cache_id(self):
username = uuid.uuid4().hex
the_password = uuid.uuid4().hex
project_name = uuid.uuid4().hex
default_domain_id = uuid.uuid4().hex
a = password.Password(self.TEST_URL,
username=username,
password=the_password,
project_name=project_name,
default_domain_id=default_domain_id)
b = password.Password(self.TEST_URL,
username=username,
password=the_password,
project_name=project_name,
default_domain_id=default_domain_id)
a_id = a.get_cache_id()
b_id = b.get_cache_id()
self.assertEqual(a_id, b_id)
c = password.Password(
self.TEST_URL,
username=username,
password=uuid.uuid4().hex, # different
project_name=project_name,
default_domain_id=default_domain_id)
c_id = c.get_cache_id()
self.assertNotEqual(a_id, c_id)
def get_trusted_client(conf, trust_id):
# Ideally we would use load_session_from_conf_options, but we can't do that
# *and* specify a trust, so let's create the object manually.
if conf[CFG_GROUP].auth_type == "password-aodh-legacy":
auth_url = conf[CFG_GROUP].os_auth_url
try:
auth_url_noneversion = auth_url.replace('/v2.0', '/')
discover = ka_discover.Discover(auth_url=auth_url_noneversion)
v3_auth_url = discover.url_for('3.0')
if v3_auth_url:
auth_url = v3_auth_url
else:
auth_url = auth_url
except Exception:
auth_url = auth_url.replace('/v2.0', '/v3')
auth_plugin = password.Password(username=conf[CFG_GROUP].os_username,
password=conf[CFG_GROUP].os_password,
auth_url=auth_url,
user_domain_id='default',
trust_id=trust_id)
else:
auth_plugin = password.Password(
username=conf[CFG_GROUP].username,
password=conf[CFG_GROUP].password,
auth_url=conf[CFG_GROUP].auth_url,
user_domain_id=conf[CFG_GROUP].user_domain_id,
trust_id=trust_id)
sess = session.Session(auth=auth_plugin)
return ks_client_v3.Client(session=sess)
def _get_identity_client(self):
user_domain_id = self.conf.user_domain_id
project_domain_id = self.conf.project_domain_id
user_domain_name = self.conf.user_domain_name
project_domain_name = self.conf.project_domain_name
kwargs = {
'username': self._username(),
'password': self._password(),
'project_name': self._project_name(),
'auth_url': self.conf.auth_url
}
# keystone v2 can't ignore domain details
if self.auth_version == '3':
kwargs.update({
'user_domain_id': user_domain_id,
'project_domain_id': project_domain_id,
'user_domain_name': user_domain_name,
'project_domain_name': project_domain_name})
auth = password.Password(**kwargs)
if self.insecure:
verify_cert = False
else:
verify_cert = self.ca_file or True
return KeystoneWrapperClient(auth, verify_cert)
def create_post_delete(queue_name, messages):
"""Auth example
Creates a queue, posts messages to it and finally deletes it with
keystone auth strategy enabled on Zaqar server side.
:params queue_name: The name of the queue
:type queue_name: `six.text_type`
:params messages: Messages to post.
:type messages: list
"""
auth = password.Password("http://127.0.0.1/identity_v2_admin",
username="******",
password="******",
user_domain_name='default',
project_name='admin',
project_domain_name='default')
keystone_session = session.Session(verify=False, cert=None, auth=auth)
cli = client.Client(session=keystone_session)
queue = cli.queue(queue_name)
queue.post(messages)
for msg in queue.messages(echo=True):
print(msg.body)
msg.delete()
queue.delete()
def endpoint(self):
if self._endpoint is None:
conf = self.nabu_conf.keystone_authtoken
auth_plugin = password.Password(username=conf.username,
password=conf.password,
auth_url=conf.auth_url,
project_name=conf.project_name)
sess = session.Session(auth=auth_plugin)
self._endpoint = sess.get_endpoint(service_type='messaging')
return self._endpoint
def _make_client(self):
auth = ks_password.Password(
auth_url=CONF.api.auth_url,
username=CONF.api.username,
password=CONF.api.password,
user_domain_id=CONF.api.user_domain_id,
project_name=CONF.api.project_name,
project_domain_id=CONF.api.project_domain_id)
session = ks_session.Session(auth=auth)
conn = connection.Connection(session=session)
return conn.instance_ha
def get_trusted_client(conf, trust_id):
# Ideally we would use load_session_from_conf_options, but we can't do that
# *and* specify a trust, so let's create the object manually.
auth_plugin = password.Password(
username=conf[CFG_GROUP].username,
password=conf[CFG_GROUP].password,
auth_url=conf[CFG_GROUP].auth_url,
user_domain_id=conf[CFG_GROUP].user_domain_id,
trust_id=trust_id)
sess = session.Session(auth=auth_plugin)
return ks_client_v3.Client(session=sess)
def _get_keystone_auth(self, session, auth_url, **kwargs):
auth_token = kwargs.pop('auth_token', None)
if auth_token:
return token.Token(auth_url, auth_token, **kwargs)
else:
return password.Password(
auth_url,
username=kwargs.pop('username'),
user_id=kwargs.pop('user_id'),
password=kwargs.pop('password'),
user_domain_id=kwargs.pop('user_domain_id'),
user_domain_name=kwargs.pop('user_domain_name'),
**kwargs)
def __init__(self, **kwargs):
auth = ks_password.Password(
auth_url=kwargs.get('auth_url'),
username=kwargs.get('username'),
password=kwargs.get('password'),
user_domain_id=kwargs.get('user_domain_id'),
project_name=kwargs.get('project_name'),
project_domain_id=kwargs.get('project_domain_id'))
session = ks_session.Session(auth=auth)
self.con = connection.Connection(session=session)
self.service = self.con.instance_ha
def get_clients(context):
global _SESSION
if not _SESSION:
_SESSION = session.Session()
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
client = d_client.Client(session=_SESSION, auth=auth)
admin_auth = password.Password(
auth_url=CONF.designate.admin_auth_url,
username=CONF.designate.admin_username,
password=CONF.designate.admin_password,
tenant_name=CONF.designate.admin_tenant_name,
tenant_id=CONF.designate.admin_tenant_id)
admin_client = d_client.Client(session=_SESSION, auth=admin_auth)
return client, admin_client
def __init__(self, **kwargs):
session = kwargs.get('session')
if session is None:
auth = ks_password.Password(
auth_url=kwargs.get('auth_url'),
username=kwargs.get('username'),
password=kwargs.get('password'),
user_domain_id=kwargs.get('user_domain_id'),
project_name=kwargs.get('project_name'),
project_domain_id=kwargs.get('project_domain_id'))
session = ks_session.Session(auth=auth)
con = connection.Connection(session=session,
interface=kwargs.get('interface'),
region_name=kwargs.get('region_name'),
ha_api_version=kwargs.get('api_version'))
self.service = con.instance_ha
def _basic_authenticate(self, auth_info, req):
try:
project_domain_id, project_name, user_domain_id = \
self._get_auth_params()
auth = password.Password(auth_url=self.auth_url,
username=auth_info.username,
password=auth_info.password,
user_domain_id=user_domain_id,
project_domain_id=project_domain_id,
project_name=project_name)
sess = session.Session(auth=auth)
token = sess.get_token()
project_id = str(auth.get_project_id(sess))
roles = str(auth.get_auth_ref(sess).role_names[0])
self._set_req_headers(req, token, project_id, roles)
except Exception as e:
to_unicode = encodeutils.exception_to_unicode(e)
message = 'Authorization exception: %s' % to_unicode
self._unauthorized(message)
def get_clients(context):
global _SESSION
if not _SESSION:
_SESSION = loading.load_session_from_conf_options(CONF, 'designate')
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
client = d_client.Client(session=_SESSION, auth=auth)
if CONF.designate.auth_type:
admin_auth = loading.load_auth_from_conf_options(CONF, 'designate')
else:
admin_auth = password.Password(
auth_url=CONF.designate.admin_auth_url,
username=CONF.designate.admin_username,
password=CONF.designate.admin_password,
tenant_name=CONF.designate.admin_tenant_name,
tenant_id=CONF.designate.admin_tenant_id)
admin_client = d_client.Client(session=_SESSION, auth=admin_auth)
return client, admin_client
def get_clients(context):
global _SESSION
if not _SESSION:
if CONF.designate.insecure:
verify = False
else:
verify = CONF.designate.ca_cert or True
_SESSION = session.Session(verify=verify)
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
client = d_client.Client(session=_SESSION, auth=auth)
admin_auth = password.Password(
auth_url=CONF.designate.admin_auth_url,
username=CONF.designate.admin_username,
password=CONF.designate.admin_password,
tenant_name=CONF.designate.admin_tenant_name,
tenant_id=CONF.designate.admin_tenant_id)
admin_client = d_client.Client(session=_SESSION, auth=admin_auth)
return client, admin_client
def _make_client_new(self):
auth = ks_password.Password(
auth_url=CONF.api.auth_url,
username=CONF.api.username,
password=CONF.api.password,
user_domain_id=CONF.api.user_domain_id,
project_name=CONF.api.project_name,
project_domain_id=CONF.api.project_domain_id)
session = ks_session.Session(auth=auth)
desc = service_description.ServiceDescription(service_type='ha',
proxy_class=_proxy.Proxy)
conn = connection.Connection(session=session, extra_services=[desc])
conn.add_service(desc)
if version.__version__.find('0.11.0') == 0:
client = conn.ha
else:
client = conn.ha.proxy_class(session=session, service_type='ha')
return client
def get_clients(context):
global _SESSION
if not _SESSION:
_SESSION = loading.load_session_from_conf_options(CONF, 'designate')
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
client = d_client.Client(session=_SESSION, auth=auth)
if CONF.designate.auth_type:
admin_auth = loading.load_auth_from_conf_options(CONF, 'designate')
else:
# TODO(tkajinam): Make this fail when admin_* parameters are removed.
admin_auth = password.Password(
auth_url=CONF.designate.admin_auth_url,
username=CONF.designate.admin_username,
password=CONF.designate.admin_password,
tenant_name=CONF.designate.admin_tenant_name,
tenant_id=CONF.designate.admin_tenant_id)
admin_client = d_client.Client(session=_SESSION,
auth=admin_auth,
endpoint_override=CONF.designate.url)
return client, admin_client
