def main():
CONF(sys.argv[1:], project='get_auth_token')
user = CONF.username or CONF.os_admin_username
password = CONF.password or CONF.os_admin_password
tenant = CONF.tenant or CONF.os_admin_tenant_name
protocol = CONF.os_auth_protocol
host = CONF.os_auth_host
port = CONF.os_auth_port
auth_url = "%s://%s:%s/v2.0/" % (protocol, host, port)
print "User: %s" % user
print "Password: %s" % password
print "Tenant: %s" % tenant
print "Auth URL: %s" % auth_url
keystone = keystone_client(
username=user,
password=password,
tenant_name=tenant,
auth_url=auth_url
)
result = keystone.authenticate()
print "Auth succeed: %s" % result
print "Auth token: %s" % keystone.auth_token
print "Tenant [%s] id: %s" % (tenant, keystone.tenant_id)
def main():
dev_conf = os.path.join(possible_topdir, "etc", "sahara", "sahara.conf")
config_files = None
if os.path.exists(dev_conf):
config_files = [dev_conf]
CONF(sys.argv[1:], project="get_auth_token", default_config_files=config_files)
auth_uri = CONF.keystone_authtoken.auth_uri
user = CONF.username or CONF.keystone_authtoken.admin_user
password = CONF.password or CONF.keystone_authtoken.admin_password
tenant = CONF.tenant or CONF.keystone_authtoken.admin_tenant_name
print "User: %s" % user
print "Password: %s" % password
print "Tenant: %s" % tenant
print "Auth URI: %s" % auth_uri
keystone = keystone_client(username=user, password=password, tenant_name=tenant, auth_url=auth_uri)
result = keystone.authenticate()
print "Auth succeed: %s" % result
print "Auth token: %s" % keystone.auth_token
print "Tenant [%s] id: %s" % (tenant, keystone.tenant_id)
print "For bash:"
print "export TOKEN=%s" % keystone.auth_token
print "export TENANT_ID=%s" % keystone.tenant_id
def main():
dev_conf = os.path.join(possible_topdir, 'etc', 'sahara', 'sahara.conf')
config_files = None
if os.path.exists(dev_conf):
config_files = [dev_conf]
CONF(sys.argv[1:],
project='get_auth_token',
default_config_files=config_files)
auth_uri = CONF.keystone_authtoken.auth_uri
user = CONF.username or CONF.keystone_authtoken.admin_user
password = CONF.password or CONF.keystone_authtoken.admin_password
tenant = CONF.tenant or CONF.keystone_authtoken.admin_tenant_name
print "User: %s" % user
print "Password: %s" % password
print "Tenant: %s" % tenant
print "Auth URI: %s" % auth_uri
keystone = keystone_client(username=user,
password=password,
tenant_name=tenant,
auth_url=auth_uri)
result = keystone.authenticate()
print "Auth succeed: %s" % result
print "Auth token: %s" % keystone.auth_token
print "Tenant [%s] id: %s" % (tenant, keystone.tenant_id)
print "For bash:"
print "export TOKEN=%s" % keystone.auth_token
print "export TENANT_ID=%s" % keystone.tenant_id
def main():
dev_conf = os.path.join(possible_topdir, 'etc', 'savanna', 'savanna.conf')
config_files = None
if os.path.exists(dev_conf):
config_files = [dev_conf]
CONF(sys.argv[1:],
project='get_auth_token',
default_config_files=config_files)
user = CONF.username or CONF.os_admin_username
password = CONF.password or CONF.os_admin_password
tenant = CONF.tenant or CONF.os_admin_tenant_name
protocol = CONF.os_auth_protocol
host = CONF.os_auth_host
port = CONF.os_auth_port
auth_url = "%s://%s:%s/v2.0/" % (protocol, host, port)
print "User: %s" % user
print "Password: %s" % password
print "Tenant: %s" % tenant
print "Auth URL: %s" % auth_url
keystone = keystone_client(username=user,
password=password,
tenant_name=tenant,
auth_url=auth_url)
result = keystone.authenticate()
print "Auth succeed: %s" % result
print "Auth token: %s" % keystone.auth_token
print "Tenant [%s] id: %s" % (tenant, keystone.tenant_id)
def keystone(self):
''' Keystone client '''
if self._keystone is None:
self._keystone = keystone_client(auth_url=self.auth_url,
tenant_id=self.tenant_id(),
token=self.auth_token())
return self._keystone
def tenants_create_tenant(request):
if request.method == "GET":
return render(request,
'create_tenant.html',
{
})
elif request.method == "POST":
auth_ref = request.session.get('auth_ref', None)
username = request.session.get('username', None)
password = request.session.get('password', None)
current_project_name = request.session.get('project_name', None)
input_name = request.POST.get('inputName', None)
input_description = request.POST.get('inputDescription', None)
try:
keystone_client_1 = \
keystone_client(username=username,
password=password,
tenant_name=current_project_name,
auth_url=AUTH_URL_V2)
tenant_1 = keystone_client_1.tenants.create(input_name,
input_description,
True)
except Exception, e:
print e.message
retval = {'retval':'failed', 'data':'failed'}
retval = {'retval':'success', 'data':'ok'}
return HttpResponse(json.dumps(retval, ensure_ascii=False))
def project(request, optype):
"""project request"""
username = request.session.get("username", None)
password = request.session.get("password", None)
tenant_name = request.session.get("tenant_name", None)
# print username, password, tenant_name
try:
keystone_client_1 = keystone_client(
username=username,
password=password,
tenant_name=tenant_name,
auth_url=AUTH_URL_V2)
except Exception as exc:
print exc.message
django_messages.add_message(
request,
50,
"Permission deny! ",
extra_tags="danger")
return redirect(reverse(
'dashboard_auth:login') +
"?redirect=" + request.build_absolute_uri())
return route_to(
optype, request, "project.html", {
"username": username,
"tenant_name": tenant_name,
"keystone_client": keystone_client_1,
})
"""
def users_create_user(request):
"""创建用户"""
if request.method == "POST":
input_name = request.POST.get('inputName', None)
input_email = request.POST.get('inputEmail', None)
input_tenant = request.POST.get('inputTenant', None)
auth_ref = request.session.get('auth_ref', None)
username = request.session.get('username', None)
password = request.session.get('password', None)
current_project_name = request.session.get('project_name', None)
try:
keystone_client_1 = keystone_client(username=username,
password=password,
tenant_name=current_project_name,
auth_url=AUTH_URL_V2)
user_manager_1 = keystone_client_1.users
user1 = user_manager_1.create(name=input_name,
password="******",
tenant_id=input_tenant,
email=input_email)
retval = {'retval':'success', 'data':'ok'}
except Exception, e:
retval = {'retval':'failed', 'data':'create user failed'}
print e.message
return HttpResponse(json.dumps(retval, ensure_ascii=False))
def tenants_delete_tenant(request):
"""delete tenant """
if request.method == "POST":
username = request.session.get("username", None)
password = request.session.get("password", None)
current_project_name = \
request.session.get("project_name", None)
keystone_client_1 = \
keystone_client(username=username,
password=password,
tenant_name=current_project_name,
auth_url=AUTH_URL_V2)
for tenant_id in request.POST.getlist("selectuser", None):
keystone_client_1.tenants.delete(tenant_id)
retval = {'retval':'success', 'data':'ok'}
return HttpResponse(json.dumps(retval, ensure_ascii=False))
def main():
if len(sys.argv) > 1 and len(sys.argv) != 4:
print "You must either specify no parameters or exactly 3: <username> <password> <tenant>.\n" \
"If you specify no parameters, credentials and tenant will be taken from config"
exit
scriptDir = os.path.dirname(os.path.realpath(__file__))
config = Config(scriptDir + '/../etc')
config.from_pyfile('local.cfg')
print "Configuration has been loaded from 'etc/local.cfg'"
if len(sys.argv) == 4:
user = sys.argv[1]
password = sys.argv[2]
tenant = sys.argv[3]
else:
print "You didn't provided credentials, using ones found in config"
user = config['OS_ADMIN_USER']
password = config['OS_ADMIN_PASSWORD']
tenant = config['OS_ADMIN_TENANT']
protocol = config['OS_AUTH_PROTOCOL']
host = config['OS_AUTH_HOST']
port = config['OS_AUTH_PORT']
auth_url = "%s://%s:%s/v2.0/" % (protocol, host, port)
print "User: %s" % user
print "Password: %s" % password
print "Tenant: %s" % tenant
print "Auth URL: %s" % auth_url
keystone = keystone_client(
username=user,
password=password,
tenant_name=tenant,
auth_url=auth_url
)
result = keystone.authenticate()
print "Auth succeed: %s" % result
print "Auth token: %s" % keystone.auth_token
print "Tenant [%s] id: %s" % (tenant, keystone.tenant_id)
def main():
dev_conf = os.path.join(possible_topdir,
'etc',
'sahara',
'sahara.conf')
config_files = None
if os.path.exists(dev_conf):
config_files = [dev_conf]
CONF(sys.argv[1:], project='get_auth_token',
default_config_files=config_files)
user = CONF.username or CONF.os_admin_username
password = CONF.password or CONF.os_admin_password
tenant = CONF.tenant or CONF.os_admin_tenant_name
protocol = CONF.os_auth_protocol
host = CONF.os_auth_host
port = CONF.os_auth_port
auth_url = "%s://%s:%s/v2.0/" % (protocol, host, port)
print "User: %s" % user
print "Password: %s" % password
print "Tenant: %s" % tenant
print "Auth URL: %s" % auth_url
keystone = keystone_client(
username=user,
password=password,
tenant_name=tenant,
auth_url=auth_url
)
result = keystone.authenticate()
print "Auth succeed: %s" % result
print "Auth token: %s" % keystone.auth_token
print "Tenant [%s] id: %s" % (tenant, keystone.tenant_id)
def _get_conf(key, default):
return getattr(_CONF, key) if _CONF and hasattr(_CONF, key) else default
OS_USERNAME = _get_conf("OS_USERNAME", "admin")
OS_PASSWORD = _get_conf("OS_PASSWORD", "nova")
OS_TENANT_NAME = _get_conf("OS_TENANT_NAME", "admin")
OS_AUTH_URL = _get_conf("OS_AUTH_URL", "http://localhost:35357/v2.0/")
SAVANNA_HOST = _get_conf("SAVANNA_HOST", "192.168.1.1")
SAVANNA_PORT = _get_conf("SAVANNA_PORT", "8080")
SAVANNA_IMAGE_ID = _get_conf("SAVANNA_IMAGE_ID", "42")
keystone = keystone_client(
username=OS_USERNAME,
password=OS_PASSWORD,
tenant_name=OS_TENANT_NAME,
auth_url=OS_AUTH_URL
)
class ValidationTestCase(unittest.TestCase):
def setUp(self):
self.host = SAVANNA_HOST
self.maxDiff = None
self.port = SAVANNA_PORT
self.baseurl = 'http://' + self.host + ':' + self.port
self.tenant = keystone.tenant_id
self.token = keystone.auth_token
self.flavor_id = 'm1.medium'
self.image_id = SAVANNA_IMAGE_ID
self.url_nt = '/v0.2/%s/node-templates' % self.tenant
def token_request():
''' Intercept a token request and use that to talk to multiple clouds
based on values stored in the database.
request data format will be:
{"auth": {"passwordCredentials": {
"password": "******",
"username": "******"
}}}
tukeyPassword is a password shared between the middleware and the portal to
prevent anyone from talking to the middleware and impersonating users.
method can be shibboleth or openid.
identifier is looked up in the tukey auth db which stores users openstack
credentials. Those credentials are used to talk to the Keystone service
for each cloud. The auth tokens from each keystone request are stored in
memcached with one of the tokens used as the key and returned back to
Horizon. '''
token_store = TokenStore(memcache.Client(['127.0.0.1:11211']))
logger = utils.get_logger()
try:
token_id = flask.request.headers["x-auth-token"]
token_info = token_store.get(str(token_id))
return json.dumps(token_info["__tukey_internal"])
except KeyError:
pass
pw_creds = json.loads(flask.request.data)["auth"]["passwordCredentials"]
# string equality in Python is probably a side-channel vector
if pw_creds["password"] != settings["shared_password"]:
return ("Wrong credentials", 401)
method, userid = pw_creds["username"].split()
user_info_query = '''
select username, password, cloud_name, display_name, auth_url, login_url,
instance_keypairs.cloud_id
from
login join
login_enabled on login.id = login_enabled.login_id join
login_identifier on login.userid = login_identifier.userid join
login_identifier_enabled on login_identifier.id =
login_identifier_enabled.login_identifier_id join
login_method on login_method.method_id = login_identifier.method_id
join
cloud on cloud.cloud_id = login.cloud_id
left outer join
instance_keypairs on instance_keypairs.cloud_id = cloud.cloud_id
where login_method.method_name='%(method)s'
and LOWER(login_identifier.identifier)=LOWER('%(id)s');
''' % {"method": method, "id": userid}
engine = sqlalchemy.create_engine(settings["auth_db_str"])
with engine.begin() as connection:
results = connection.execute(sqlalchemy.text(user_info_query))
roles = []
info_by_cloud = {}
tenant = None
endpoints = {}
for (_username, password, cloud, display_name, auth_url, login_url,
instance_keypairs) in results:
if auth_url:
try:
try:
ksc = keystone_client(auth_url=auth_url, username=_username,
password=password)
except keystoneclient.apiclient.exceptions.Unauthorized:
# this should be a valid username so let Horizon know
logger.info(("Cloud %s Keystone at %s ",
"rejected username password: %s %s"), cloud,
auth_url, _username, password)
# this is probably not the best or clearest, just different
flask.abort(403)
tenants = [t for t in ksc.tenants.list() if t.enabled]
if len(tenants) < 1:
logger.info("Cloud %s username: %s has no tenants", cloud,
_username)
continue
for tenant in tenants:
if tenant.name == _username:
break
token_response = ksc.get_raw_token_from_identity_service(
auth_url, username=_username, password=password,
tenant_name=tenant.name)
try:
# this should work if keystoneclient version <= 0.6.0
response, raw_token = token_response
response_status = response.status_code
except ValueError:
# this should work if keystoneclient version >= 0.7.0
raw_token = token_response
response_status = 200
# handle changes between 0.6.0 and 0.7.0
if "access" not in raw_token:
raw_token = {"access": raw_token}
if response_status != 200:
logger.info(("Cloud %s Keystone at %s ",
"rejected username: %s with status code: %s"),
cloud, auth_url, _username, response_status)
flask.abort(403)
# add enpoints
for endpoint in raw_token["access"]["serviceCatalog"]:
endpoints[endpoint["type"]] = endpoint["name"]
token_id = ksc.auth_token
user_id = ksc.user_id
username = _username
raw_token["cloud"] = display_name
if instance_keypairs:
raw_token["instance_keypairs"] = True
info_by_cloud[cloud] = raw_token
info_by_cloud["login" + cloud] = login_url
roles += raw_token["access"]["user"]["roles"]
raw_token["cloud"] = display_name
except AuthorizationFailure:
logger.info("Keystone failed for %s", cloud)
else:
info_by_cloud[cloud] = {"username": _username,
"cloud": display_name,
"instance_keypairs": True if instance_keypairs else False}
info_by_cloud["login" + cloud] = login_url
if tenant is None:
logger.info("Login failed for %s using method %s", userid, method)
flask.abort(401)
region = "RegionOne"
host, port = "localhost", LOCAL_PORT
allowed_services = ['compute', 'image', 'volume', 'object-store']
# glance assumes that it is at /v1 so we will give it that
#service_paths = {k: K for k in allowed_services}
#service_paths["image"] = "v1"
services = [("http://%s:%s/%s/%s" % (host, port, service, tenant.id),
service, service_name)
for service, service_name in endpoints.items()
if service in allowed_services]
services += [("http://%s:%s/v2.0" % (host, port), "identity", "keystone")]
catalog = {
"access": {
"token": {
"expires": expiration(43200),
"id": token_id,
"tenant": format_tenant(tenant.name, tenant.id)
},
"serviceCatalog": [
service_catalog_entry(url, region, url, url, service_type, name)
for url, service_type, name in services] + [
service_catalog_entry(
"http://%s:%s/services/Admin" % (host, port), region,
"http://%s:%s/services/Cloud" % (host, port),
"http://%s:%s/services/Cloud" % (host, port), "ec2",
"ec2")],
"user": {
"username": username,
"roles_links": [],
"id": user_id,
"roles": roles,
"name": username
}},
"path": "", "host": host, "port": port}
info_by_cloud["__tukey_internal"] = catalog
# TODO:
# see what the shortest expiration is in the set of expirations
# then set the returned expiration to that and make sure that
# the memcache expiration is greater than that but has a value so
# that memcached entries don't fill everything up
token_store.set(str(token_id), info_by_cloud, 172800)
logger.info("Login succeeded for %s using method %s" % (userid, method))
return json.dumps(catalog)
def setUp(self):
self.host = SAVANNA_HOST
self.maxDiff = None
self.port = SAVANNA_PORT
self.baseurl = 'http://' + self.host + ':' + self.port
self.keystone = keystone_client(
username=OS_USERNAME,
password=OS_PASSWORD,
tenant_name=OS_TENANT_NAME,
auth_url=OS_AUTH_URL
)
self.tenant = self.keystone.tenant_id
self.token = self.keystone.auth_token
self.flavor_id = 'm1.medium'
self.image_id = SAVANNA_IMAGE_ID
self.url_nt = '/v0.2/%s/node-templates' % self.tenant
self.url_nt_not_json = '/v0.2/%s/node-templates/' % self.tenant
#----------------------add_value_for_node_templates----------------------------
self.jtnn = dict(
node_template=dict(
name='test-template-1',
node_type='JT+NN',
flavor_id=self.flavor_id,
job_tracker={
'heap_size': '1234'
},
name_node={
'heap_size': '2345'
}
))
self.ttdn = dict(
node_template=dict(
name='test-template-2',
node_type='TT+DN',
flavor_id=self.flavor_id,
task_tracker={
'heap_size': '1234'
},
data_node={
'heap_size': '2345'
}
))
self.jt = dict(
node_template=dict(
name='test-template-3',
node_type='JT',
flavor_id=self.flavor_id,
job_tracker={
'heap_size': '1234'
}
))
self.nn = dict(
node_template=dict(
name='test-template-4',
node_type='NN',
flavor_id=self.flavor_id,
name_node={
'heap_size': '2345'
}
))
self.tt = dict(
node_template=dict(
name='test-template-5',
node_type='TT',
flavor_id=self.flavor_id,
task_tracker={
'heap_size': '2345'
}
))
self.dn = dict(
node_template=dict(
name='test-template-6',
node_type='DN',
flavor_id=self.flavor_id,
data_node={
'heap_size': '2345'
}
))
self.get_ttdn = {
u'name': u'test-template-2',
u'data_node': {u'heap_size': u'2345'},
u'task_tracker': {u'heap_size': u'1234'},
u'node_type': {
u'processes': [u'task_tracker',
u'data_node'],
u'name': u'TT+DN'},
u'flavor_id': u'm1.medium'
}
self.get_jtnn = {
u'name': u'test-template-1',
u'name_node': {u'heap_size': u'2345'},
u'job_tracker': {u'heap_size': u'1234'},
u'node_type': {
u'processes': [u'job_tracker',
u'name_node'],
u'name': u'JT+NN'},
u'flavor_id': u'm1.medium'
}
self.get_nn = {
u'name': u'test-template-4',
u'name_node': {u'heap_size': u'2345'},
u'node_type': {
u'processes': [u'name_node'],
u'name': u'NN'},
u'flavor_id': u'm1.medium'
}
self.get_jt = {
u'name': u'test-template-3',
u'job_tracker': {u'heap_size': u'1234'},
u'node_type': {
u'processes': [u'job_tracker'],
u'name': u'JT'},
u'flavor_id': u'm1.medium'
}
#----------------------add_value_for_clusters----------------------------------
self.url_cluster = '/v0.2/%s/clusters' % self.tenant
self.url_cluster_without_json = '/v0.2/%s/clusters/' % self.tenant
self.cluster_data_jtnn_ttdn = dict(
cluster=dict(
name='QA-test-cluster',
base_image_id=self.image_id,
node_templates={
'jt_nn.medium': 1,
'tt_dn.medium': 2
}
))
self.cluster_data_jtnn_ttdn_small = dict(
cluster=dict(
name='QA-test-cluster',
base_image_id=self.image_id,
node_templates={
'jt_nn.small': 1,
'tt_dn.small': 1
}
))
self.cluster_data_jtnn = dict(
cluster=dict(
name='test-cluster',
base_image_id=self.image_id,
node_templates={
'jt_nn.medium': 1
}
))
self.get_cluster_data_jtnn_ttdn = {
u'status': u'Starting',
u'service_urls': {},
u'name': u'QA-test-cluster',
u'base_image_id': u'%s' % self.image_id,
u'node_templates':
{
u'jt_nn.medium': 1,
u'tt_dn.medium': 2
},
u'nodes': []
}
self.get_cluster_data_jtnn_ttdn_small = {
u'status': u'Starting',
u'service_urls': {},
u'name': u'QA-test-cluster',
u'base_image_id': u'%s' % self.image_id,
u'node_templates':
{
u'jt_nn.small': 1,
u'tt_dn.small': 1
},
u'nodes': []
}
self.get_cluster_data_jtnn = {
u'status': u'Starting',
u'service_urls': {},
u'name': u'test-cluster',
u'base_image_id': u'%s' % self.image_id,
u'node_templates':
{
u'jt_nn.medium': 1
},
u'nodes': []
}
