def test_legacy_loading_v3(self, load_auth_mock, load_mock): self.config(auth_version='v3.0', group=ironic_auth.LEGACY_SECTION) self.expected.update( dict(project_domain_id='default', user_domain_id='default')) keystone.get_session(self.test_group) load_mock.assert_called_once_with(**self.expected) self.assertEqual(2, load_auth_mock.call_count)
def test_legacy_loading_v3(self, load_auth_mock, load_mock): self.config( auth_version='v3.0', group=ironic_auth.LEGACY_SECTION) self.expected.update(dict( project_domain_id='default', user_domain_id='default')) keystone.get_session(self.test_group) load_mock.assert_called_once_with(**self.expected) self.assertEqual(2, load_auth_mock.call_count)
def _get_api_server_iterator(): """Return iterator over shuffled API servers. Shuffle a list of CONF.glance.glance_api_servers and return an iterator that will cycle through the list, looping around to the beginning if necessary. If CONF.glance.glance_api_servers isn't set, we fall back to using this as the server: CONF.glance.glance_host:CONF.glance.glance_port. If CONF.glance.glance_host is also not set, fetch the endpoint from the service catalog. :returns: iterator that cycles (indefinitely) over shuffled glance API servers. """ api_servers = [] if not CONF.glance.glance_api_servers and not CONF.glance.glance_host: session = keystone.get_session('glance', auth=keystone.get_auth('glance')) api_servers = [keystone.get_service_url(session, service_type='image', endpoint_type='public')] else: configured_servers = (CONF.glance.glance_api_servers or ['%s:%s' % (CONF.glance.glance_host, CONF.glance.glance_port)]) for api_server in configured_servers: if '//' not in api_server: api_server = '%s://%s' % (CONF.glance.glance_protocol, api_server) api_servers.append(api_server) random.shuffle(api_servers) return itertools.cycle(api_servers)
def _get_api_server_iterator(): """Return iterator over shuffled API servers. Shuffle a list of CONF.glance.glance_api_servers and return an iterator that will cycle through the list, looping around to the beginning if necessary. If CONF.glance.glance_api_servers isn't set, fetch the endpoint from the service catalog. :returns: iterator that cycles (indefinitely) over shuffled glance API servers. """ api_servers = [] if not CONF.glance.glance_api_servers: session = keystone.get_session('glance', auth=keystone.get_auth('glance')) api_servers = [ keystone.get_service_url(session, service_type='image', endpoint_type='public') ] else: api_servers = random.sample(CONF.glance.glance_api_servers, len(CONF.glance.glance_api_servers)) return itertools.cycle(api_servers)
def _get_session(): global _SESSION if _SESSION is None: kwargs = {} auth_strategy = json_rpc.auth_strategy() if auth_strategy != 'keystone': auth_type = 'none' if auth_strategy == 'noauth' else auth_strategy CONF.set_default('auth_type', auth_type, group='json_rpc') # Deprecated, remove in W if auth_strategy == 'http_basic': if CONF.json_rpc.http_basic_username: kwargs['username'] = CONF.json_rpc.http_basic_username if CONF.json_rpc.http_basic_password: kwargs['password'] = CONF.json_rpc.http_basic_password auth = keystone.get_auth('json_rpc', **kwargs) session = keystone.get_session('json_rpc', auth=auth) headers = {'Content-Type': 'application/json'} # Adds options like connect_retries _SESSION = keystone.get_adapter('json_rpc', session=session, additional_headers=headers) return _SESSION
def _get_neutron_session(): global _NEUTRON_SESSION if not _NEUTRON_SESSION: _NEUTRON_SESSION = keystone.get_session( 'neutron', timeout=CONF.neutron.timeout) return _NEUTRON_SESSION
def wrapper(self, *args, **kwargs): """Wrapper around methods calls. :param image_href: href that describes the location of an image """ if self.client: return func(self, *args, **kwargs) global _GLANCE_SESSION if not _GLANCE_SESSION: _GLANCE_SESSION = keystone.get_session('glance') # NOTE(pas-ha) glanceclient uses Adapter-based SessionClient, # so we can pass session and auth separately, makes things easier service_auth = keystone.get_auth('glance') self.endpoint = keystone.get_endpoint('glance', session=_GLANCE_SESSION, auth=service_auth) user_auth = None # NOTE(pas-ha) our ContextHook removes context.auth_token in noauth # case, so when ironic is in noauth but glance is not, we will not # enter the next if-block and use auth from [glance] config section if self.context.auth_token: user_auth = keystone.get_service_auth(self.context, self.endpoint, service_auth) self.client = client.Client(2, session=_GLANCE_SESSION, auth=user_auth or service_auth, endpoint_override=self.endpoint, global_request_id=self.context.global_id) return func(self, *args, **kwargs)
def _get_session(): global _SESSION if _SESSION is None: auth_strategy = json_rpc.auth_strategy() if auth_strategy == 'keystone': auth = keystone.get_auth('json_rpc') else: auth = None session = keystone.get_session('json_rpc', auth=auth) headers = {'Content-Type': 'application/json'} if auth_strategy == 'http_basic': token = '{}:{}'.format( CONF.json_rpc.http_basic_username, CONF.json_rpc.http_basic_password).encode('utf-8') encoded = base64.b64encode(token).decode('utf-8') headers['Authorization'] = 'Basic {}'.format(encoded) # Adds options like connect_retries _SESSION = keystone.get_adapter('json_rpc', session=session, additional_headers=headers) return _SESSION
def get_client(token=None, context=None, auth_from_config=False): """Retrieve a neutron client connection. :param context: request context, instance of ironic.common.context.RequestContext :param auth_from_config: (boolean) When True, use auth values from conf parameters :returns: A neutron client. """ if not context: context = ironic_context.RequestContext(auth_token=token) session = _get_neutron_session() service_auth = keystone.get_auth('neutron') endpoint = keystone.get_endpoint('neutron', session=session, auth=service_auth) user_auth = None if (not auth_from_config and CONF.neutron.auth_type != 'none' and context.auth_token): user_auth = keystone.get_service_auth(context, endpoint, service_auth) sess = keystone.get_session('neutron', timeout=CONF.neutron.timeout, auth=user_auth or service_auth) conn = openstack.connection.Connection(session=sess, oslo_conf=CONF) return conn.global_request(context.global_id).network
def _get_inspector_session(): if CONF.auth_strategy != 'keystone': return global _INSPECTOR_SESSION if not _INSPECTOR_SESSION: _INSPECTOR_SESSION = keystone.get_session('inspector') return _INSPECTOR_SESSION
def test_get_adapter_from_config(self): self.config(valid_interfaces=['internal', 'public'], group=self.test_group) session = keystone.get_session(self.test_group) adapter = keystone.get_adapter(self.test_group, session=session, interface='admin') self.assertEqual('admin', adapter.interface) self.assertEqual(session, adapter.session)
def _get_neutron_session(): global _NEUTRON_SESSION if not _NEUTRON_SESSION: _NEUTRON_SESSION = keystone.get_session( 'neutron', # TODO(pas-ha) remove in Rocky timeout=CONF.neutron.timeout or CONF.neutron.url_timeout) return _NEUTRON_SESSION
def test_legacy_loading_new_in_legacy(self, load_auth_mock, load_mock): # NOTE(pas-ha) this is due to auth_plugin options # being dynamically registered on first load, # but we need to set the config before plugin = kaloading.get_plugin_loader('password') opts = kaloading.get_auth_plugin_conf_options(plugin) self.cfg_fixture.register_opts(opts, group=ironic_auth.LEGACY_SECTION) self.config(group=ironic_auth.LEGACY_SECTION, auth_uri='http://127.0.0.1:9898', username='******', password='******', project_name='fake_tenant', auth_url='http://127.0.0.1:9898', auth_type='password') load_auth_mock.side_effect = [None, mock.Mock()] keystone.get_session(self.test_group) self.assertFalse(load_mock.called) self.assertEqual(2, load_auth_mock.call_count)
def _get_nova_adapter(): global _NOVA_ADAPTER if not _NOVA_ADAPTER: _NOVA_ADAPTER = keystone.get_adapter( 'nova', session=keystone.get_session('nova'), auth=keystone.get_auth('nova'), version=NOVA_API_VERSION) return _NOVA_ADAPTER
def _get_inspector_session(**kwargs): global _INSPECTOR_SESSION if not _INSPECTOR_SESSION: if CONF.auth_strategy != 'keystone': # NOTE(dtantsur): using set_default instead of set_override because # the native keystoneauth option must have priority. CONF.set_default('auth_type', 'none', group='inspector') service_auth = keystone.get_auth('inspector') _INSPECTOR_SESSION = keystone.get_session('inspector', auth=service_auth, **kwargs) return _INSPECTOR_SESSION
def _get_session(): global _SESSION if _SESSION is None: if json_rpc.require_authentication(): auth = keystone.get_auth('json_rpc') else: auth = None _SESSION = keystone.get_session('json_rpc', auth=auth) _SESSION.headers = {'Content-Type': 'application/json'} return _SESSION
def _get_session(): global _SESSION if _SESSION is None: if json_rpc.require_authentication(): auth = keystone.get_auth('json_rpc') else: auth = None _SESSION = keystone.get_session('json_rpc', auth=auth) _SESSION.headers = { 'Content-Type': 'application/json' } return _SESSION
def _get_session(): global _SESSION if _SESSION is None: if json_rpc.require_authentication(): auth = keystone.get_auth('json_rpc') else: auth = None session = keystone.get_session('json_rpc', auth=auth) session.headers = {'Content-Type': 'application/json'} # Adds options like connect_retries _SESSION = keystone.get_adapter('json_rpc', session=session) return _SESSION
def test_get_session_failed_new_auth(self, legacy_get_mock, load_mock): legacy_mock = mock.Mock() legacy_get_mock.return_value = legacy_mock load_mock.side_effect = [None, ksexception.MissingRequiredOptions] self.assertEqual(legacy_mock, keystone.get_session(self.test_group).auth)
def _get_swift_session(): global _SWIFT_SESSION if not _SWIFT_SESSION: _SWIFT_SESSION = keystone.get_session('swift') return _SWIFT_SESSION
def _get_cinder_session(): global _CINDER_SESSION if not _CINDER_SESSION: auth = keystone.get_auth('cinder') _CINDER_SESSION = keystone.get_session('cinder', auth=auth) return _CINDER_SESSION
def _get_swift_session(): global _SWIFT_SESSION if not _SWIFT_SESSION: auth = keystone.get_auth('swift') _SWIFT_SESSION = keystone.get_session('swift', auth=auth) return _SWIFT_SESSION
def _get_glance_session(): global _GLANCE_SESSION if not _GLANCE_SESSION: auth = keystone.get_auth('glance') _GLANCE_SESSION = keystone.get_session('glance', auth=auth) return _GLANCE_SESSION
def test_legacy_loading_v2(self, load_auth_mock, load_mock): keystone.get_session(self.test_group) load_mock.assert_called_once_with(**self.expected) self.assertEqual(2, load_auth_mock.call_count)
def test_get_session(self, auth_get_mock): auth_mock = mock.Mock() auth_get_mock.return_value = auth_mock session = keystone.get_session(self.test_group) self.assertEqual(auth_mock, session.auth)
def _get_ironic_session(): global _IRONIC_SESSION if not _IRONIC_SESSION: _IRONIC_SESSION = keystone.get_session('service_catalog') return _IRONIC_SESSION
def _get_inspector_session(**kwargs): global _INSPECTOR_SESSION if not _INSPECTOR_SESSION: _INSPECTOR_SESSION = keystone.get_session('inspector', **kwargs) return _INSPECTOR_SESSION
def _get_glance_session(**session_kwargs): global _GLANCE_SESSION if not _GLANCE_SESSION: _GLANCE_SESSION = keystone.get_session('glance', **session_kwargs) return _GLANCE_SESSION
def _get_cinder_session(): global _CINDER_SESSION if not _CINDER_SESSION: _CINDER_SESSION = keystone.get_session('cinder') return _CINDER_SESSION
def test_get_session(self): self.config(timeout=10, group=self.test_group) session = keystone.get_session(self.test_group, timeout=20) self.assertEqual(20, session.timeout)
def _get_neutron_session(): global _NEUTRON_SESSION if not _NEUTRON_SESSION: auth = keystone.get_auth('neutron') _NEUTRON_SESSION = keystone.get_session('neutron', auth=auth) return _NEUTRON_SESSION
def _get_neutron_session(): global _NEUTRON_SESSION if not _NEUTRON_SESSION: _NEUTRON_SESSION = keystone.get_session('neutron') return _NEUTRON_SESSION
def _get_glance_session(): global _GLANCE_SESSION if not _GLANCE_SESSION: _GLANCE_SESSION = keystone.get_session('glance') return _GLANCE_SESSION
def get_swift_session(): global _SWIFT_SESSION if not _SWIFT_SESSION: auth = keystone.get_auth('swift') _SWIFT_SESSION = keystone.get_session('swift', auth=auth) return _SWIFT_SESSION
def _get_glance_session(): global _GLANCE_SESSION if not _GLANCE_SESSION: _GLANCE_SESSION = keystone.get_session("glance") return _GLANCE_SESSION