def _extract_service_catalog(self, url, resp, body, extract_token=True): """See what the auth service told us and process the response. We may get redirected to another site, fail or actually get back a service catalog with a token and our endpoints.""" if resp.status == 200: # content must always present try: self.auth_url = url self.service_catalog = \ service_catalog.ServiceCatalog(body) if extract_token: self.auth_token = self.service_catalog.get_token() self.management_url = self.service_catalog.url_for( attr='region', filter_value=self.region_name, endpoint_type=self.endpoint_name) return None except KeyError: raise exceptions.AuthorizationFailure() except exceptions.EndpointNotFound: print "Could not find any suitable endpoint. Correct region?" raise elif resp.status == 305: return resp['location'] else: raise exceptions.from_response(resp, body)
def _extract_service_catalog(self, url, resp, body, extract_token=True): """See what the auth service told us and process the response. We may get redirected to another site, fail or actually get back a service catalog with a token and our endpoints. """ # content must always present if resp.status_code == 200 or resp.status_code == 201: try: self.auth_url = url self.service_catalog = \ service_catalog.ServiceCatalog(body) if extract_token: self.auth_token = self.service_catalog.get_token() self.tenant_id = self.service_catalog.get_tenant_id() self.management_url = self.get_service_url(self.service_type) return None except exceptions.AmbiguousEndpoints: print( _("Found more than one valid endpoint. Use a more " "restrictive filter")) raise except KeyError: raise exceptions.AuthorizationFailure() except exceptions.EndpointNotFound: print( _("Could not find any suitable endpoint. Correct " "region?")) raise elif resp.status_code == 305: return resp.headers['location'] else: raise exceptions.from_response(resp, body, url)
def _extract_service_catalog(self, url, resp, body, extract_token=True): """See what the auth service told us and process the response. We may get redirected to another site, fail or actually get back a service catalog with a token and our endpoints.""" if resp.status == 200: # content must always present try: self.auth_url = url self.service_catalog = \ service_catalog.ServiceCatalog(body) if extract_token: self.auth_token = self.service_catalog.get_token() self.management_url = self.service_catalog.url_for( attr='region', filter_value=self.region_name, endpoint_type=self.endpoint_type, service_name=self.service_name) return None except exceptions.AmbiguousEndpoints, exc: print "Found more than one valid endpoint. Use a more " \ "restrictive filter" raise except KeyError: raise exceptions.AuthorizationFailure()
def test_building_a_service_catalog_insensitive_case(self): sc = service_catalog.ServiceCatalog(SERVICE_CATALOG) # Matching south (and catalog has South). self.assertRaises(exceptions.AmbiguousEndpoints, sc.url_for, 'region', 'south', service_type='volume')
def novaclient(context, admin=False): # FIXME: the novaclient ServiceCatalog object is mis-named. # It actually contains the entire access blob. # Only needed parts of the service catalog are passed in, see # nova/context.py. compat_catalog = { 'access': { 'serviceCatalog': context.service_catalog or [] } } sc = service_catalog.ServiceCatalog(compat_catalog) nova_endpoint_template = CONF.nova_endpoint_template nova_catalog_info = CONF.nova_catalog_info if admin: nova_endpoint_template = CONF.nova_endpoint_admin_template nova_catalog_info = CONF.nova_catalog_admin_info if nova_endpoint_template: url = nova_endpoint_template % context.to_dict() else: info = nova_catalog_info service_type, service_name, endpoint_type = info.split(':') # extract the region if set in configuration if CONF.os_region_name: attr = 'region' filter_value = CONF.os_region_name else: attr = None filter_value = None url = sc.url_for(attr=attr, filter_value=filter_value, service_type=service_type, service_name=service_name, endpoint_type=endpoint_type) LOG.debug(_('Novaclient connection created using URL: %s') % url) extensions = [] if assisted_volume_snapshots: extensions.append(assisted_volume_snapshots) c = nova_client.Client(context.user_id, context.auth_token, context.project_id, auth_url=url, insecure=CONF.nova_api_insecure, cacert=CONF.nova_ca_certificates_file, extensions=extensions) # noauth extracts user_id:project_id from auth_token c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id, context.project_id) c.client.management_url = url return c
def test_building_a_service_catalog(self): sc = service_catalog.ServiceCatalog(SERVICE_CATALOG) self.assertRaises(exceptions.AmbiguousEndpoints, sc.url_for) self.assertEquals(sc.url_for('tenantId', '1'), "https://compute1.host/v1/1234") self.assertEquals(sc.url_for('tenantId', '2'), "https://compute1.host/v1.1/3456") self.assertRaises(exceptions.EndpointNotFound, sc.url_for, "region", "South")
def test_alternate_service_type(self): sc = service_catalog.ServiceCatalog(SERVICE_CATALOG) self.assertRaises(exceptions.AmbiguousEndpoints, sc.url_for, service_type='volume') self.assertEquals(sc.url_for('tenantId', '1', service_type='volume'), "https://volume1.host/v1/1") self.assertEquals(sc.url_for('tenantId', '2', service_type='volume'), "https://volume1.host/v1.1/2") self.assertRaises(exceptions.EndpointNotFound, sc.url_for, "region", "North", service_type='volume')
def novaclient(context): if context.is_admin and context.project_id is None: c = nova_client.Client( CONF.nova_api_microversion, CONF.nova_admin_username, CONF.nova_admin_password, CONF.nova_admin_tenant_name, CONF.nova_admin_auth_url, ) c.authenticate() return c compat_catalog = { 'access': { 'serviceCatalog': context.service_catalog or [] } } sc = service_catalog.ServiceCatalog(compat_catalog) nova_catalog_info = CONF.nova_catalog_info info = nova_catalog_info service_type, service_name, endpoint_type = info.split(':') # extract the region if set in configuration if CONF.os_region_name: attr = 'region' filter_value = CONF.os_region_name else: attr = None filter_value = None url = sc.url_for(attr=attr, filter_value=filter_value, service_type=service_type, service_name=service_name, endpoint_type=endpoint_type) LOG.debug('Novaclient connection created using URL: %s', url) c = nova_client.Client(context.user_id, context.auth_token, context.project_id, auth_url=url, insecure=CONF.nova_api_insecure, cacert=CONF.nova_ca_certificates_file, extensions=[]) # noauth extracts user_id:project_id from auth_token c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id, context.project_id) c.client.management_url = url return c
def test_building_a_service_catalog(self): sc = service_catalog.ServiceCatalog(SERVICE_CATALOG) self.assertRaises(exceptions.AmbiguousEndpoints, sc.url_for, service_type='compute') self.assertEqual("https://compute1.host/v2/1", sc.url_for('tenantId', '1', service_type='compute')) self.assertEqual("https://compute1.host/v1.1/2", sc.url_for('tenantId', '2', service_type='compute')) self.assertRaises(exceptions.EndpointNotFound, sc.url_for, "region", "South", service_type='compute')
def novaclient(context): compat_catalog = { # TODO(gbasava): Check this... 'access': {'serviceCatalog': context.service_catalog or []} 'access': [] } sc = service_catalog.ServiceCatalog(compat_catalog) if CONF.nova_endpoint_template: url = CONF.nova_endpoint_template % context.to_dict() else: info = CONF.nova_catalog_info service_type, service_name, endpoint_type = info.split(':') # extract the region if set in configuration if CONF.os_region_name: attr = 'region' filter_value = CONF.os_region_name else: attr = None filter_value = None url = sc.url_for(attr=attr, filter_value=filter_value, service_type=service_type, service_name=service_name, endpoint_type=endpoint_type) LOG.debug(_('Novaclient connection created using URL: %s') % url) c = nova_client.Client(context.user_id, context.auth_token, project_id=context.project_id, auth_url=url, insecure=CONF.nova_api_insecure) # noauth extracts user_id:tenant_id from auth_token c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id, context.project_id) c.client.management_url = url return c
def novaclient(context, admin_endpoint=False, privileged_user=False, timeout=None): """Returns a Nova client @param admin_endpoint: If True, use the admin endpoint template from configuration ('nova_endpoint_admin_template' and 'nova_catalog_info') @param privileged_user: If True, use the account from configuration (requires 'os_privileged_user_name', 'os_privileged_user_password' and 'os_privileged_user_tenant' to be set) @param timeout: Number of seconds to wait for an answer before raising a Timeout exception (None to disable) """ # FIXME: the novaclient ServiceCatalog object is mis-named. # It actually contains the entire access blob. # Only needed parts of the service catalog are passed in, see # nova/context.py. compat_catalog = { 'access': {'serviceCatalog': context.service_catalog or []} } sc = service_catalog.ServiceCatalog(compat_catalog) nova_endpoint_template = CONF.nova_endpoint_template nova_catalog_info = CONF.nova_catalog_info if admin_endpoint: nova_endpoint_template = CONF.nova_endpoint_admin_template nova_catalog_info = CONF.nova_catalog_admin_info service_type, service_name, endpoint_type = nova_catalog_info.split(':') # Extract the region if set in configuration if CONF.os_region_name: region_filter = {'attr': 'region', 'filter_value': CONF.os_region_name} else: region_filter = {} if privileged_user and CONF.os_privileged_user_name: context = ctx.RequestContext( CONF.os_privileged_user_name, None, auth_token=CONF.os_privileged_user_password, project_name=CONF.os_privileged_user_tenant, service_catalog=context.service_catalog) # When privileged_user is used, it needs to authenticate to Keystone # before querying Nova, so we set auth_url to the identity service # endpoint. if CONF.os_privileged_user_auth_url: url = CONF.os_privileged_user_auth_url else: # We then pass region_name, endpoint_type, etc. to the # Client() constructor so that the final endpoint is # chosen correctly. url = sc.url_for(service_type='identity', endpoint_type=endpoint_type, **region_filter) LOG.debug('Creating a Nova client using "%s" user', CONF.os_privileged_user_name) else: if nova_endpoint_template: url = nova_endpoint_template % context.to_dict() else: url = sc.url_for(service_type=service_type, service_name=service_name, endpoint_type=endpoint_type, **region_filter) LOG.debug('Nova client connection created using URL: %s', url) # Now that we have the correct auth_url, username, password and # project_name, let's build a Keystone session. loader = keystoneauth1.loading.get_plugin_loader('password') auth = loader.load_from_options(auth_url=url, username=context.user_id, password=context.auth_token, project_name=context.project_name) keystone_session = keystoneauth1.session.Session(auth=auth) c = nova_client.Client(api_versions.APIVersion(NOVA_API_VERSION), session=keystone_session, insecure=CONF.nova_api_insecure, timeout=timeout, region_name=CONF.os_region_name, endpoint_type=endpoint_type, cacert=CONF.nova_ca_certificates_file, extensions=nova_extensions) if not privileged_user: # noauth extracts user_id:project_id from auth_token c.client.auth_token = (context.auth_token or '%s:%s' % (context.user_id, context.project_id)) c.client.management_url = url return c