def test_call_ok_auth_uri_ks_authtoken(self): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') dummy_url = 'http://123:5000/v2.0' cfg.CONF.set_override('auth_uri', dummy_url, group='keystone_authtoken') ec2 = ec2token.EC2Token(app='woot', conf={}) params = {'AWSAccessKeyId': 'foo', 'Signature': 'xyz'} req_env = { 'SERVER_NAME': 'heat', 'SERVER_PORT': '8000', 'PATH_INFO': '/v1' } dummy_req = self._dummy_GET_request(params, req_env) ok_resp = json.dumps({ 'access': { 'metadata': {}, 'token': { 'id': 123, 'tenant': { 'name': 'tenant', 'id': 'abcd1234' } } } }) self._stub_http_connection(response=ok_resp, params={'AWSAccessKeyId': 'foo'}) self.m.ReplayAll() self.assertEqual('woot', ec2.__call__(dummy_req)) self.m.VerifyAll()
def __init__(self, context): # If a trust_id is specified in the context, we immediately # authenticate so we can populate the context with a trust token # otherwise, we delay client authentication until needed to avoid # unnecessary calls to keystone. # # Note that when you obtain a token using a trust, it cannot be # used to reauthenticate and get another token, so we have to # get a new trust-token even if context.auth_token is set. # # - context.auth_url is expected to contain a versioned keystone # path, we will work with either a v2.0 or v3 path self.context = context self._client_v3 = None self._admin_client = None self._stack_domain = None if self.context.auth_url: self.v3_endpoint = self.context.auth_url.replace('v2.0', 'v3') else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') self.v3_endpoint = cfg.CONF.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3') if self.context.trust_id: # Create a client with the specified trust_id, this # populates self.context.auth_token with a trust-scoped token self._client_v3 = self._v3_client_init()
def _get_auth_url(self): if 'auth_uri' in self.conf: return self.conf['auth_uri'] else: # Import auth_token to have keystone_authtoken settings setup. auth_token_module = 'keystoneclient.middleware.auth_token' importutils.import_module(auth_token_module) return cfg.CONF.keystone_authtoken.auth_uri
def _conf_get_auth_uri(self): auth_uri = self._conf_get('auth_uri') if auth_uri: return auth_uri else: # Import auth_token to have keystone_authtoken settings setup. # We can use the auth_uri from the keystone_authtoken section importutils.import_module('keystoneclient.middleware.auth_token') return cfg.CONF.keystone_authtoken['auth_uri']
def __init__(self, context): # If a trust_id is specified in the context, we immediately # authenticate so we can populate the context with a trust token # otherwise, we delay client authentication until needed to avoid # unnecessary calls to keystone. # # Note that when you obtain a token using a trust, it cannot be # used to reauthenticate and get another token, so we have to # get a new trust-token even if context.auth_token is set. # # - context.auth_url is expected to contain a versioned keystone # path, we will work with either a v2.0 or v3 path self.context = context self._client = None self._admin_client = None self._domain_admin_client = None if self.context.auth_url: self.v3_endpoint = self.context.auth_url.replace('v2.0', 'v3') else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') self.v3_endpoint = cfg.CONF.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3') if self.context.trust_id: # Create a client with the specified trust_id, this # populates self.context.auth_token with a trust-scoped token self._client = self._v3_client_init() # The stack domain user ID should be set in heat.conf # It can be created via python-openstackclient # openstack --os-identity-api-version=3 domain create heat # If the domain is specified, then you must specify a domain # admin user. If no domain is specified, we fall back to # legacy behavior with warnings. self._stack_domain_is_id = True self._stack_domain_id = None self.stack_domain = cfg.CONF.stack_user_domain_id if not self.stack_domain and cfg.CONF.stack_user_domain_name: self.stack_domain = cfg.CONF.stack_user_domain_name self._stack_domain_is_id = False self.domain_admin_user = cfg.CONF.stack_domain_admin self.domain_admin_password = cfg.CONF.stack_domain_admin_password if self.stack_domain: if not (self.domain_admin_user and self.domain_admin_password): raise exception.Error( _('heat.conf misconfigured, cannot ' 'specify "stack_user_domain_id" or ' '"stack_user_domain_name" without ' '"stack_domain_admin" and ' '"stack_domain_admin_password"')) else: LOG.warn( _LW('stack_user_domain_id or stack_user_domain_name not ' 'set in heat.conf falling back to using default')) LOG.debug('Using stack domain %s' % self.stack_domain)
def __init__(self, app, conf): self.app = app self.conf = conf if 'auth_uri' in self.conf: auth_url = self.conf['auth_uri'] else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') auth_url = cfg.CONF.keystone_authtoken['auth_uri'] self.auth_url = auth_url
def _service_admin_creds(self): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') creds = { 'username': cfg.CONF.keystone_authtoken.admin_user, 'password': cfg.CONF.keystone_authtoken.admin_password, 'auth_url': self.v3_endpoint, 'endpoint': self.v3_endpoint, 'project_name': cfg.CONF.keystone_authtoken.admin_tenant_name} return creds
def __init__(self, app, conf): self.app = app self.conf = conf if "auth_uri" in self.conf: auth_url = self.conf["auth_uri"] else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module("keystoneclient.middleware.auth_token") auth_url = cfg.CONF.keystone_authtoken["auth_uri"] self.auth_url = auth_url
def __init__(self, context): # If a trust_id is specified in the context, we immediately # authenticate so we can populate the context with a trust token # otherwise, we delay client authentication until needed to avoid # unnecessary calls to keystone. # # Note that when you obtain a token using a trust, it cannot be # used to reauthenticate and get another token, so we have to # get a new trust-token even if context.auth_token is set. # # - context.auth_url is expected to contain a versioned keystone # path, we will work with either a v2.0 or v3 path self.context = context self._client = None self._admin_client = None self._domain_admin_client = None if self.context.auth_url: self.v3_endpoint = self.context.auth_url.replace('v2.0', 'v3') else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') self.v3_endpoint = cfg.CONF.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3') if self.context.trust_id: # Create a client with the specified trust_id, this # populates self.context.auth_token with a trust-scoped token self._client = self._v3_client_init() # The stack domain user ID should be set in heat.conf # It can be created via python-openstackclient # openstack --os-identity-api-version=3 domain create heat # If the domain is specified, then you must specify a domain # admin user. If no domain is specified, we fall back to # legacy behavior with warnings. self._stack_domain_is_id = True self._stack_domain_id = None self.stack_domain = cfg.CONF.stack_user_domain_id if not self.stack_domain and cfg.CONF.stack_user_domain_name: self.stack_domain = cfg.CONF.stack_user_domain_name self._stack_domain_is_id = False self.domain_admin_user = cfg.CONF.stack_domain_admin self.domain_admin_password = cfg.CONF.stack_domain_admin_password if self.stack_domain: if not (self.domain_admin_user and self.domain_admin_password): raise exception.Error(_('heat.conf misconfigured, cannot ' 'specify "stack_user_domain_id" or ' '"stack_user_domain_name" without ' '"stack_domain_admin" and ' '"stack_domain_admin_password"')) else: LOG.warning(_('stack_user_domain_id or stack_user_domain_name not ' 'set in heat.conf falling back to using default')) LOG.debug('Using stack domain %s' % self.stack_domain)
def _v3_client_init(self): if self.context.auth_url: v3_endpoint = self.context.auth_url.replace('v2.0', 'v3') else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') v3_endpoint = self.conf.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3') kwargs = { 'auth_url': v3_endpoint, 'endpoint': v3_endpoint } # Note try trust_id first, as we can't reuse auth_token in that case if self.context.trust_id is not None: # We got a trust_id, so we use the admin credentials # to authenticate with the trust_id so we can use the # trust impersonating the trustor user. kwargs.update(self._service_admin_creds()) kwargs['trust_id'] = self.context.trust_id elif self.context.auth_token is not None: kwargs['project_name'] = self.context.tenant kwargs['token'] = self.context.auth_token elif self.context.password is not None: kwargs['username'] = self.context.username kwargs['password'] = self.context.password kwargs['project_name'] = self.context.tenant kwargs['project_id'] = self.context.tenant_id else: logger.error(_("Keystone v3 API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure() kwargs['cacert'] = self._get_client_option('ca_file') kwargs['insecure'] = self._get_client_option('insecure') kwargs['cert'] = self._get_client_option('cert_file') kwargs['key'] = self._get_client_option('key_file') client_v3 = kc_v3.Client(**kwargs) client_v3.authenticate() # If we are authenticating with a trust set the context auth_token # with the trust scoped token if 'trust_id' in kwargs: # Sanity check if not client_v3.auth_ref.trust_scoped: logger.error(_("trust token re-scoping failed!")) raise exception.AuthorizationFailure() # All OK so update the context with the token self.context.auth_token = client_v3.auth_ref.auth_token self.context.auth_url = kwargs.get('auth_url') # Sanity check that impersonation is effective if self.context.trustor_user_id != client_v3.auth_ref.user_id: logger.error("Trust impersonation failed") raise exception.AuthorizationFailure() return client_v3
def _service_admin_creds(self): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') creds = { 'username': self.conf.keystone_authtoken.admin_user, 'password': self.conf.keystone_authtoken.admin_password, 'auth_url': self.conf.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3'), 'project_name': self.conf.keystone_authtoken.admin_tenant_name} return creds
def _get_impl(): """Delay import of rpc_backend until configuration is loaded.""" global _RPCIMPL if _RPCIMPL is None: try: _RPCIMPL = importutils.import_module(cfg.CONF.rpc_backend) except ImportError: # For backwards compatibility with older nova config. impl = cfg.CONF.rpc_backend.replace("nova.rpc", "nova.openstack.common.rpc") _RPCIMPL = importutils.import_module(impl) return _RPCIMPL
def _v3_client_init(self): if self.context.auth_url: v3_endpoint = self.context.auth_url.replace('v2.0', 'v3') else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') v3_endpoint = self.conf.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3') kwargs = {'auth_url': v3_endpoint, 'endpoint': v3_endpoint} # Note try trust_id first, as we can't reuse auth_token in that case if self.context.trust_id is not None: # We got a trust_id, so we use the admin credentials # to authenticate with the trust_id so we can use the # trust impersonating the trustor user. kwargs.update(self._service_admin_creds()) kwargs['trust_id'] = self.context.trust_id elif self.context.auth_token is not None: kwargs['project_name'] = self.context.tenant kwargs['token'] = self.context.auth_token elif self.context.password is not None: kwargs['username'] = self.context.username kwargs['password'] = self.context.password kwargs['project_name'] = self.context.tenant kwargs['project_id'] = self.context.tenant_id else: logger.error( _("Keystone v3 API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure() kwargs['cacert'] = self._get_client_option('ca_file') kwargs['insecure'] = self._get_client_option('insecure') kwargs['cert'] = self._get_client_option('cert_file') kwargs['key'] = self._get_client_option('key_file') client_v3 = kc_v3.Client(**kwargs) client_v3.authenticate() # If we are authenticating with a trust set the context auth_token # with the trust scoped token if 'trust_id' in kwargs: # Sanity check if not client_v3.auth_ref.trust_scoped: logger.error(_("trust token re-scoping failed!")) raise exception.AuthorizationFailure() # All OK so update the context with the token self.context.auth_token = client_v3.auth_ref.auth_token self.context.auth_url = kwargs.get('auth_url') # Sanity check that impersonation is effective if self.context.trustor_user_id != client_v3.auth_ref.user_id: logger.error("Trust impersonation failed") raise exception.AuthorizationFailure() return client_v3
def setUp(self): super(KeystoneClientTest, self).setUp() # Import auth_token to have keystone_authtoken settings setup. importutils.import_module("keystoneclient.middleware.auth_token") dummy_url = "http://server.test:5000/v2.0" cfg.CONF.set_override("auth_uri", dummy_url, group="keystone_authtoken") cfg.CONF.set_override("admin_user", "heat", group="keystone_authtoken") cfg.CONF.set_override("admin_password", "verybadpass", group="keystone_authtoken") cfg.CONF.set_override("admin_tenant_name", "service", group="keystone_authtoken") self.addCleanup(self.m.VerifyAll)
def _get_impl(): """Delay import of rpc_backend until configuration is loaded.""" global _RPCIMPL if _RPCIMPL is None: try: _RPCIMPL = importutils.import_module(CONF.rpc_backend) except ImportError: # For backwards compatibility with older nova config. impl = CONF.rpc_backend.replace('nova.rpc', 'nova.openstack.common.rpc') _RPCIMPL = importutils.import_module(impl) return _RPCIMPL
def _service_admin_creds(self): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') creds = { 'username': self.conf.keystone_authtoken.admin_user, 'password': self.conf.keystone_authtoken.admin_password, 'auth_url': self.conf.keystone_authtoken.auth_uri.replace('v2.0', 'v3'), 'project_name': self.conf.keystone_authtoken.admin_tenant_name } return creds
def __init__(self, app, conf): self.app = app self.conf = conf auth_url = None if not cfg.CONF.auth_password.multi_cloud: if 'auth_uri' in self.conf: auth_url = self.conf['auth_uri'] else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module( 'keystoneclient.middleware.auth_token') auth_url = cfg.CONF.keystone_authtoken['auth_uri'] self.auth_url = auth_url
def register_opts(conf): """Registration of options for this driver.""" #NOTE(ewindisch): ZMQ_CTX and matchmaker # are initialized here as this is as good # an initialization method as any. # We memoize through these globals global ZMQ_CTX global matchmaker global CONF if not CONF: conf.register_opts(zmq_opts) CONF = conf # Don't re-set, if this method is called twice. if not ZMQ_CTX: ZMQ_CTX = zmq.Context(conf.rpc_zmq_contexts) if not matchmaker: # rpc_zmq_matchmaker should be set to a 'module.Class' mm_path = conf.rpc_zmq_matchmaker.split('.') mm_module = '.'.join(mm_path[:-1]) mm_class = mm_path[-1] # Only initialize a class. if mm_path[-1][0] not in string.ascii_uppercase: LOG.error( _("Matchmaker could not be loaded.\n" "rpc_zmq_matchmaker is not a class.")) raise RPCException(_("Error loading Matchmaker.")) mm_impl = importutils.import_module(mm_module) mm_constructor = getattr(mm_impl, mm_class) matchmaker = mm_constructor()
def register_opts(conf): """Registration of options for this driver.""" #NOTE(ewindisch): ZMQ_CTX and matchmaker # are initialized here as this is as good # an initialization method as any. # We memoize through these globals global ZMQ_CTX global matchmaker global FLAGS if not FLAGS: conf.register_opts(zmq_opts) FLAGS = conf # Don't re-set, if this method is called twice. if not ZMQ_CTX: ZMQ_CTX = zmq.Context(conf.rpc_zmq_contexts) if not matchmaker: # rpc_zmq_matchmaker should be set to a 'module.Class' mm_path = conf.rpc_zmq_matchmaker.split('.') mm_module = '.'.join(mm_path[:-1]) mm_class = mm_path[-1] # Only initialize a class. if mm_path[-1][0] not in string.ascii_uppercase: LOG.error(_("Matchmaker could not be loaded.\n" "rpc_zmq_matchmaker is not a class.")) raise RPCException(_("Error loading Matchmaker.")) mm_impl = importutils.import_module(mm_module) mm_constructor = getattr(mm_impl, mm_class) matchmaker = mm_constructor()
def setUp(self): super(KeystoneClientTest, self).setUp() # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') dummy_url = 'http://server.test:5000/v2.0' cfg.CONF.set_override('auth_uri', dummy_url, group='keystone_authtoken') cfg.CONF.set_override('admin_user', 'heat', group='keystone_authtoken') cfg.CONF.set_override('admin_password', 'verybadpass', group='keystone_authtoken') cfg.CONF.set_override('admin_tenant_name', 'service', group='keystone_authtoken') self.addCleanup(self.m.VerifyAll)
def _service_admin_creds(api_version=2): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module("keystoneclient.middleware.auth_token") creds = { "username": cfg.CONF.keystone_authtoken.admin_user, "password": cfg.CONF.keystone_authtoken.admin_password, } if api_version >= 3: creds["auth_url"] = cfg.CONF.keystone_authtoken.auth_uri.replace("v2.0", "v3") creds["project_name"] = cfg.CONF.keystone_authtoken.admin_tenant_name else: creds["auth_url"] = cfg.CONF.keystone_authtoken.auth_uri creds["tenant_name"] = cfg.CONF.keystone_authtoken.admin_tenant_name return creds
def _load_backend(self): with self._lock: if not self._backend: # Import the untranslated name if we don't have a mapping backend_path = self._backend_mapping.get(self._backend_name, self._backend_name) backend_mod = importutils.import_module(backend_path) self._backend = backend_mod.get_backend()
def _load_backend(self): with self._lock: if not self._backend: # Import the untranslated name if we don't have a mapping backend_path = self._backend_mapping.get( self._backend_name, self._backend_name) backend_mod = importutils.import_module(backend_path) self._backend = backend_mod.get_backend()
def __init__(self, backend_mapping=None): if backend_mapping is None: backend_mapping = {} backend_name = CONF.database.backend # Import the untranslated name if we don't have a # mapping. backend_path = backend_mapping.get(backend_name, backend_name) backend_mod = importutils.import_module(backend_path) self.__backend = backend_mod.get_backend()
def _service_admin_creds(api_version=2): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') creds = { 'username': cfg.CONF.keystone_authtoken.admin_user, 'password': cfg.CONF.keystone_authtoken.admin_password, } if api_version >= 3: creds['auth_url'] =\ cfg.CONF.keystone_authtoken.auth_uri.replace('v2.0', 'v3') creds['project_name'] =\ cfg.CONF.keystone_authtoken.admin_tenant_name else: creds['auth_url'] = cfg.CONF.keystone_authtoken.auth_uri creds['tenant_name'] =\ cfg.CONF.keystone_authtoken.admin_tenant_name return creds
def _import_module(mod_str): try: if mod_str.startswith('bin.'): imp.load_source(mod_str[4:], os.path.join('bin', mod_str[4:])) return sys.modules[mod_str[4:]] else: return importutils.import_module(mod_str) except Exception as e: sys.stderr.write("Error importing module %s: %s\n" % (mod_str, str(e))) return None
def _get_drivers(): """Instantiates and returns drivers based on the flag values.""" global drivers if drivers is None: drivers = [] for notification_driver in CONF.list_notifier_drivers: try: drivers.append(importutils.import_module(notification_driver)) except ImportError as e: drivers.append(ImportFailureNotifier(e)) return drivers
def startup_notify(notify_param): if not notify_param or notify_param == "": return try: notifier = importutils.import_module(notify_param) except ImportError: try: processutils.execute(notify_param, shell=True) except Exception as e: LOG.error(_('Failed to execute onready command: %s') % e) else: notifier.notify()
def _import_module(mod_str): try: if mod_str.startswith('bin.'): imp.load_source(mod_str[4:], os.path.join('bin', mod_str[4:])) return sys.modules[mod_str[4:]] else: return importutils.import_module(mod_str) except ImportError as ie: sys.stderr.write("%s\n" % str(ie)) return None except Exception: return None
def notify(context, publisher_id, event_type, priority, payload): """Sends a notification using the specified driver :param publisher_id: the source worker_type.host of the message :param event_type: the literal type of event (ex. Instance Creation) :param priority: patterned after the enumeration of Python logging levels in the set (DEBUG, WARN, INFO, ERROR, CRITICAL) :param payload: A python dictionary of attributes Outgoing message format includes the above parameters, and appends the following: message_id a UUID representing the id for this notification timestamp the GMT timestamp the notification was sent at The composite message will be constructed as a dictionary of the above attributes, which will then be sent via the transport mechanism defined by the driver. Message example:: {'message_id': str(uuid.uuid4()), 'publisher_id': 'compute.host1', 'timestamp': timeutils.utcnow(), 'priority': 'WARN', 'event_type': 'compute.create_instance', 'payload': {'instance_id': 12, ... }} """ if priority not in log_levels: raise BadPriorityException( _('%s not in valid priorities') % priority) # Ensure everything is JSON serializable. payload = jsonutils.to_primitive(payload, convert_instances=True) driver = importutils.import_module(CONF.notification_driver) msg = dict(message_id=str(uuid.uuid4()), publisher_id=publisher_id, event_type=event_type, priority=priority, payload=payload, timestamp=str(timeutils.utcnow())) try: driver.notify(context, msg) except Exception, e: LOG.exception(_("Problem '%(e)s' attempting to " "send to notification system. Payload=%(payload)s") % locals())
def test_call_ok_auth_uri_ks_authtoken(self): # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') dummy_url = 'http://123:5000/v2.0' cfg.CONF.set_override('auth_uri', dummy_url, group='keystone_authtoken') ec2 = ec2token.EC2Token(app='woot', conf={}) params = {'AWSAccessKeyId': 'foo', 'Signature': 'xyz'} req_env = {'SERVER_NAME': 'heat', 'SERVER_PORT': '8000', 'PATH_INFO': '/v1'} dummy_req = self._dummy_GET_request(params, req_env) ok_resp = json.dumps({'access': {'metadata': {}, 'token': { 'id': 123, 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) self._stub_http_connection(response=ok_resp, params={'AWSAccessKeyId': 'foo'}) self.m.ReplayAll() self.assertEqual(ec2.__call__(dummy_req), 'woot') self.m.VerifyAll()
def add_driver(notification_driver): """Add a notification driver at runtime.""" # Make sure the driver list is initialized. _get_drivers() if isinstance(notification_driver, basestring): # Load and add try: drivers.append(importutils.import_module(notification_driver)) except ImportError as e: drivers.append(ImportFailureNotifier(e)) else: # Driver is already loaded; just add the object. drivers.append(notification_driver)
def __init__(self, context): # If a trust_id is specified in the context, we immediately # authenticate so we can populate the context with a trust token # otherwise, we delay client authentication until needed to avoid # unnecessary calls to keystone. # # Note that when you obtain a token using a trust, it cannot be # used to reauthenticate and get another token, so we have to # get a new trust-token even if context.auth_token is set. # # - context.auth_url is expected to contain a versioned keystone # path, we will work with either a v2.0 or v3 path self.context = context self._client_v3 = None self._admin_client = None self._domain_admin_client = None if self.context.auth_url: self.v3_endpoint = self.context.auth_url.replace('v2.0', 'v3') else: # Import auth_token to have keystone_authtoken settings setup. importutils.import_module('keystoneclient.middleware.auth_token') self.v3_endpoint = cfg.CONF.keystone_authtoken.auth_uri.replace( 'v2.0', 'v3') if self.context.trust_id: # Create a client with the specified trust_id, this # populates self.context.auth_token with a trust-scoped token self._client_v3 = self._v3_client_init() # The stack domain user ID must be set in heat.conf # It can be created via python-openstackclient # openstack --os-identity-api-version=3 domain create heat stack_domain = cfg.CONF.stack_user_domain if not stack_domain: raise exception.Error("stack_user_domain ID not set in heat.conf") logger.debug(_("Using stack domain %s") % stack_domain) self.stack_domain_id = stack_domain
def _get_drivers(): """Instantiate, cache, and return drivers based on the CONF.""" global _drivers if _drivers is None: _drivers = {} for notification_driver in CONF.notification_driver: try: driver = importutils.import_module(notification_driver) _drivers[notification_driver] = driver except ImportError: LOG.exception(_LE("Failed to load notifier %s. " "These notifications will not be sent.") % notification_driver) return _drivers.values()
def _get_drivers(): """Instantiate, cache, and return drivers based on the CONF.""" global _drivers if _drivers is None: _drivers = {} for notification_driver in CONF.notification_driver: try: driver = importutils.import_module(notification_driver) _drivers[notification_driver] = driver except ImportError: LOG.exception(_("Failed to load notifier %s. " "These notifications will not be sent.") % notification_driver) return _drivers.values()
def add_driver(notification_driver): """Add a notification driver at runtime.""" # Make sure the driver list is initialized. _get_drivers() if isinstance(notification_driver, basestring): # Load and add try: driver = importutils.import_module(notification_driver) _drivers[notification_driver] = driver except ImportError as e: LOG.exception(_("Failed to load notifier %s. " "These notifications will not be sent.") % notification_driver) else: # Driver is already loaded; just add the object. _drivers[notification_driver] = notification_driver
def add_driver(notification_driver): """Add a notification driver at runtime.""" # Make sure the driver list is initialized. _get_drivers() if isinstance(notification_driver, basestring): # Load and add try: driver = importutils.import_module(notification_driver) _drivers[notification_driver] = driver except ImportError: LOG.exception(_("Failed to load notifier %s. " "These notifications will not be sent.") % notification_driver) else: # Driver is already loaded; just add the object. _drivers[notification_driver] = notification_driver
def _get_matchmaker(): global matchmaker if not matchmaker: # rpc_zmq_matchmaker should be set to a 'module.Class' mm_path = CONF.rpc_zmq_matchmaker.split('.') mm_module = '.'.join(mm_path[:-1]) mm_class = mm_path[-1] # Only initialize a class. if mm_path[-1][0] not in string.ascii_uppercase: LOG.error(_("Matchmaker could not be loaded.\n" "rpc_zmq_matchmaker is not a class.")) raise RPCException(_("Error loading Matchmaker.")) mm_impl = importutils.import_module(mm_module) mm_constructor = getattr(mm_impl, mm_class) matchmaker = mm_constructor() return matchmaker
def deserialize_remote_exception(conf, data): failure = jsonutils.loads(str(data)) trace = failure.get('tb', []) message = failure.get('message', "") + "\n" + "\n".join(trace) name = failure.get('class') module = failure.get('module') # NOTE(ameade): We DO NOT want to allow just any module to be imported, in # order to prevent arbitrary code execution. if module not in conf.allowed_rpc_exception_modules: return RemoteError(name, failure.get('message'), trace) try: mod = importutils.import_module(module) klass = getattr(mod, name) if not issubclass(klass, Exception): raise TypeError("Can only deserialize Exceptions") failure = klass(*failure.get('args', []), **failure.get('kwargs', {})) except (AttributeError, TypeError, ImportError): return RemoteError(name, failure.get('message'), trace) ex_type = type(failure) str_override = lambda self: message new_ex_type = type(ex_type.__name__ + _REMOTE_POSTFIX, (ex_type, ), { '__str__': str_override, '__unicode__': str_override }) new_ex_type.__module__ = '%s%s' % (module, _REMOTE_POSTFIX) try: # NOTE(ameade): Dynamically create a new exception type and swap it in # as the new type for the exception. This only works on user defined # Exceptions and not core python exceptions. This is important because # we cannot necessarily change an exception message so we must override # the __str__ method. failure.__class__ = new_ex_type except TypeError: # NOTE(ameade): If a core exception then just add the traceback to the # first exception argument. failure.args = (message, ) + failure.args[1:] return failure
def __get_backend(self): """Get the actual backend. May be a module or an instance of a class. Doesn't matter to us. We do this synchronized as it's possible multiple greenthreads started very quickly trying to do DB calls and eventlet can switch threads before self.__backend gets assigned. """ if self.__backend: # Another thread assigned it return self.__backend backend_name = CONF.database.backend self.__use_tpool = CONF.database.use_tpool if self.__use_tpool: from eventlet import tpool self.__tpool = tpool # Import the untranslated name if we don't have a # mapping. backend_path = self.__backend_mapping.get(backend_name, backend_name) backend_mod = importutils.import_module(backend_path) self.__backend = backend_mod.get_backend() return self.__backend
def deserialize_remote_exception(conf, data): failure = jsonutils.loads(str(data)) trace = failure.get('tb', []) message = failure.get('message', "") + "\n" + "\n".join(trace) name = failure.get('class') module = failure.get('module') # NOTE(ameade): We DO NOT want to allow just any module to be imported, in # order to prevent arbitrary code execution. if module not in conf.allowed_rpc_exception_modules: return RemoteError(name, failure.get('message'), trace) try: mod = importutils.import_module(module) klass = getattr(mod, name) if not issubclass(klass, Exception): raise TypeError("Can only deserialize Exceptions") failure = klass(*failure.get('args', []), **failure.get('kwargs', {})) except (AttributeError, TypeError, ImportError): return RemoteError(name, failure.get('message'), trace) ex_type = type(failure) str_override = lambda self: message new_ex_type = type(ex_type.__name__ + _REMOTE_POSTFIX, (ex_type,), {'__str__': str_override, '__unicode__': str_override}) new_ex_type.__module__ = '%s%s' % (module, _REMOTE_POSTFIX) try: # NOTE(ameade): Dynamically create a new exception type and swap it in # as the new type for the exception. This only works on user defined # Exceptions and not core python exceptions. This is important because # we cannot necessarily change an exception message so we must override # the __str__ method. failure.__class__ = new_ex_type except TypeError: # NOTE(ameade): If a core exception then just add the traceback to the # first exception argument. failure.args = (message,) + failure.args[1:] return failure
def __init__(self, enctype='AES', hashtype='SHA256'): self.cipher = importutils.import_module('Crypto.Cipher.' + enctype) self.hashfn = importutils.import_module('Crypto.Hash.' + hashtype)
def __init__(self, hashtype='SHA256'): self.hashfn = importutils.import_module('Crypto.Hash.' + hashtype) self.max_okm_length = 255 * self.hashfn.digest_size
volume_id) except novaclient.exceptions.NotFound: logger.warning('Deleting VolumeAttachment %s %s - not found' % (server_id, volume_id)) try: logger.info('un-attaching %s, status %s' % (volume_id, vol.status)) while vol.status == 'in-use': logger.info('trying to un-attach %s, but still %s' % (volume_id, vol.status)) eventlet.sleep(1) try: self.nova().volumes.delete_server_volume( server_id, volume_id) except Exception: pass vol.get() logger.info('volume status of %s now %s' % (volume_id, vol.status)) except cinderclient.exceptions.NotFound: logger.warning('Volume %s - not found' % (volume_id)) if cfg.CONF.cloud_backend: cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend) Clients = cloud_backend_module.Clients else: Clients = OpenStackClients logger.debug('Using backend %s' % Clients)