def _auth_default_domain(self, config):
"""Set a default domain from available arguments
Migrated from clientmanager.setup_auth()
"""
identity_version = config.get('identity_api_version', '')
auth_type = config.get('auth_type', None)
# TODO(mordred): This is a usability improvement that's broadly useful
# We should port it back up into os-client-config.
default_domain = config.get('default_domain', None)
if (identity_version == '3' and not auth_type.startswith('v2')
and default_domain):
# NOTE(stevemar): If PROJECT_DOMAIN_ID or PROJECT_DOMAIN_NAME is
# present, then do not change the behaviour. Otherwise, set the
# PROJECT_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
if (not config['auth'].get('project_domain_id')
and not config['auth'].get('project_domain_name')):
config['auth']['project_domain_id'] = default_domain
# NOTE(stevemar): If USER_DOMAIN_ID or USER_DOMAIN_NAME is present,
# then do not change the behaviour. Otherwise, set the
# USER_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
# NOTE(aloga): this should only be set if there is a username.
# TODO(dtroyer): Move this to os-client-config after the plugin has
# been loaded so we can check directly if the options are accepted.
if (auth_type in ("password", "v3password", "v3totp")
and not config['auth'].get('user_domain_id')
and not config['auth'].get('user_domain_name')):
config['auth']['user_domain_id'] = default_domain
return config
def _validate_auth(self, config, loader, fixed_argparse=None):
"""Validate auth plugin arguments"""
# May throw a keystoneauth1.exceptions.NoMatchingPlugin
plugin_options = loader.get_options()
msgs = []
prompt_options = []
for p_opt in plugin_options:
# if it's in config, win, move it and kill it from config dict
# if it's in config.auth but not in config we're good
# deprecated loses to current
# provided beats default, deprecated or not
winning_value = self._find_winning_auth_value(p_opt, config)
if not winning_value:
winning_value = self._find_winning_auth_value(
p_opt, config['auth'])
# if the plugin tells us that this value is required
# then error if it's doesn't exist now
if not winning_value and p_opt.required:
msgs.append(
'Missing value {auth_key}'
' required for auth plugin {plugin}'.format(
auth_key=p_opt.name, plugin=config.get('auth_type'),
)
)
# Clean up after ourselves
for opt in [p_opt.name] + [o.name for o in p_opt.deprecated]:
opt = opt.replace('-', '_')
config.pop(opt, None)
config['auth'].pop(opt, None)
if winning_value:
# Prefer the plugin configuration dest value if the value's key
# is marked as depreciated.
if p_opt.dest is None:
config['auth'][p_opt.name.replace('-', '_')] = (
winning_value)
else:
config['auth'][p_opt.dest] = winning_value
# See if this needs a prompting
if (
'prompt' in vars(p_opt) and
p_opt.prompt is not None and
p_opt.dest not in config['auth'] and
self._pw_callback is not None
):
# Defer these until we know all required opts are present
prompt_options.append(p_opt)
if msgs:
raise occ_exceptions.OpenStackConfigException('\n'.join(msgs))
else:
for p_opt in prompt_options:
config['auth'][p_opt.dest] = self._pw_callback(p_opt.prompt)
return config
def _auth_select_default_plugin(self, config):
"""Select a default plugin based on supplied arguments
Migrated from auth.select_auth_plugin()
"""
identity_version = config.get('identity_api_version', '')
if config.get('username', None) and not config.get('auth_type', None):
if identity_version == '3':
config['auth_type'] = 'v3password'
elif identity_version.startswith('2'):
config['auth_type'] = 'v2password'
else:
# let keystoneauth figure it out itself
config['auth_type'] = 'password'
elif config.get('token', None) and not config.get('auth_type', None):
if identity_version == '3':
config['auth_type'] = 'v3token'
elif identity_version.startswith('2'):
config['auth_type'] = 'v2token'
else:
# let keystoneauth figure it out itself
config['auth_type'] = 'token'
else:
# The ultimate default is similar to the original behaviour,
# but this time with version discovery
if not config.get('auth_type', None):
config['auth_type'] = 'password'
LOG.debug("Auth plugin %s selected" % config['auth_type'])
return config
def _auth_v2_ignore_v3(self, config):
"""Remove v3 arguemnts if present for v2 plugin
Migrated from clientmanager.setup_auth()
"""
# NOTE(hieulq): If USER_DOMAIN_NAME, USER_DOMAIN_ID, PROJECT_DOMAIN_ID
# or PROJECT_DOMAIN_NAME is present and API_VERSION is 2.0, then
# ignore all domain related configs.
if (config.get('identity_api_version', '').startswith('2') and
config.get('auth_type', None).endswith('password')):
domain_props = [
'project_domain_id',
'project_domain_name',
'user_domain_id',
'user_domain_name',
]
for prop in domain_props:
if config['auth'].pop(prop, None) is not None:
LOG.warning("Ignoring domain related config " +
prop + " because identity API version is 2.0")
return config
def _auth_default_domain(self, config):
"""Set a default domain from available arguments
Migrated from clientmanager.setup_auth()
"""
identity_version = config.get('identity_api_version', '')
auth_type = config.get('auth_type', None)
# TODO(mordred): This is a usability improvement that's broadly useful
# We should port it back up into os-client-config.
default_domain = config.get('default_domain', None)
if (identity_version == '3' and
not auth_type.startswith('v2') and
default_domain):
# NOTE(stevemar): If PROJECT_DOMAIN_ID or PROJECT_DOMAIN_NAME is
# present, then do not change the behaviour. Otherwise, set the
# PROJECT_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
if (
auth_type in ("password", "v3password", "v3totp") and
not config['auth'].get('project_domain_id') and
not config['auth'].get('project_domain_name')
):
config['auth']['project_domain_id'] = default_domain
# NOTE(stevemar): If USER_DOMAIN_ID or USER_DOMAIN_NAME is present,
# then do not change the behaviour. Otherwise, set the
# USER_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
# NOTE(aloga): this should only be set if there is a username.
# TODO(dtroyer): Move this to os-client-config after the plugin has
# been loaded so we can check directly if the options are accepted.
if (
auth_type in ("password", "v3password", "v3totp") and
not config['auth'].get('user_domain_id') and
not config['auth'].get('user_domain_name')
):
config['auth']['user_domain_id'] = default_domain
return config
