def test_password_cache_id(self): username = uuid.uuid4().hex the_password = uuid.uuid4().hex project_name = uuid.uuid4().hex default_domain_id = uuid.uuid4().hex a = password.Password(self.TEST_URL, username=username, password=the_password, project_name=project_name, default_domain_id=default_domain_id) b = password.Password(self.TEST_URL, username=username, password=the_password, project_name=project_name, default_domain_id=default_domain_id) a_id = a.get_cache_id() b_id = b.get_cache_id() self.assertEqual(a_id, b_id) c = password.Password( self.TEST_URL, username=username, password=uuid.uuid4().hex, # different project_name=project_name, default_domain_id=default_domain_id) c_id = c.get_cache_id() self.assertNotEqual(a_id, c_id)
def get_trusted_client(conf, trust_id): # Ideally we would use load_session_from_conf_options, but we can't do that # *and* specify a trust, so let's create the object manually. if conf[CFG_GROUP].auth_type == "password-aodh-legacy": auth_url = conf[CFG_GROUP].os_auth_url try: auth_url_noneversion = auth_url.replace('/v2.0', '/') discover = ka_discover.Discover(auth_url=auth_url_noneversion) v3_auth_url = discover.url_for('3.0') if v3_auth_url: auth_url = v3_auth_url else: auth_url = auth_url except Exception: auth_url = auth_url.replace('/v2.0', '/v3') auth_plugin = password.Password(username=conf[CFG_GROUP].os_username, password=conf[CFG_GROUP].os_password, auth_url=auth_url, user_domain_id='default', trust_id=trust_id) else: auth_plugin = password.Password( username=conf[CFG_GROUP].username, password=conf[CFG_GROUP].password, auth_url=conf[CFG_GROUP].auth_url, user_domain_id=conf[CFG_GROUP].user_domain_id, trust_id=trust_id) sess = session.Session(auth=auth_plugin) return ks_client_v3.Client(session=sess)
def _get_identity_client(self): user_domain_id = self.conf.user_domain_id project_domain_id = self.conf.project_domain_id user_domain_name = self.conf.user_domain_name project_domain_name = self.conf.project_domain_name kwargs = { 'username': self._username(), 'password': self._password(), 'project_name': self._project_name(), 'auth_url': self.conf.auth_url } # keystone v2 can't ignore domain details if self.auth_version == '3': kwargs.update({ 'user_domain_id': user_domain_id, 'project_domain_id': project_domain_id, 'user_domain_name': user_domain_name, 'project_domain_name': project_domain_name}) auth = password.Password(**kwargs) if self.insecure: verify_cert = False else: verify_cert = self.ca_file or True return KeystoneWrapperClient(auth, verify_cert)
def create_post_delete(queue_name, messages): """Auth example Creates a queue, posts messages to it and finally deletes it with keystone auth strategy enabled on Zaqar server side. :params queue_name: The name of the queue :type queue_name: `six.text_type` :params messages: Messages to post. :type messages: list """ auth = password.Password("http://127.0.0.1/identity_v2_admin", username="******", password="******", user_domain_name='default', project_name='admin', project_domain_name='default') keystone_session = session.Session(verify=False, cert=None, auth=auth) cli = client.Client(session=keystone_session) queue = cli.queue(queue_name) queue.post(messages) for msg in queue.messages(echo=True): print(msg.body) msg.delete() queue.delete()
def endpoint(self): if self._endpoint is None: conf = self.nabu_conf.keystone_authtoken auth_plugin = password.Password(username=conf.username, password=conf.password, auth_url=conf.auth_url, project_name=conf.project_name) sess = session.Session(auth=auth_plugin) self._endpoint = sess.get_endpoint(service_type='messaging') return self._endpoint
def _make_client(self): auth = ks_password.Password( auth_url=CONF.api.auth_url, username=CONF.api.username, password=CONF.api.password, user_domain_id=CONF.api.user_domain_id, project_name=CONF.api.project_name, project_domain_id=CONF.api.project_domain_id) session = ks_session.Session(auth=auth) conn = connection.Connection(session=session) return conn.instance_ha
def get_trusted_client(conf, trust_id): # Ideally we would use load_session_from_conf_options, but we can't do that # *and* specify a trust, so let's create the object manually. auth_plugin = password.Password( username=conf[CFG_GROUP].username, password=conf[CFG_GROUP].password, auth_url=conf[CFG_GROUP].auth_url, user_domain_id=conf[CFG_GROUP].user_domain_id, trust_id=trust_id) sess = session.Session(auth=auth_plugin) return ks_client_v3.Client(session=sess)
def _get_keystone_auth(self, session, auth_url, **kwargs): auth_token = kwargs.pop('auth_token', None) if auth_token: return token.Token(auth_url, auth_token, **kwargs) else: return password.Password( auth_url, username=kwargs.pop('username'), user_id=kwargs.pop('user_id'), password=kwargs.pop('password'), user_domain_id=kwargs.pop('user_domain_id'), user_domain_name=kwargs.pop('user_domain_name'), **kwargs)
def __init__(self, **kwargs): auth = ks_password.Password( auth_url=kwargs.get('auth_url'), username=kwargs.get('username'), password=kwargs.get('password'), user_domain_id=kwargs.get('user_domain_id'), project_name=kwargs.get('project_name'), project_domain_id=kwargs.get('project_domain_id')) session = ks_session.Session(auth=auth) self.con = connection.Connection(session=session) self.service = self.con.instance_ha
def get_clients(context): global _SESSION if not _SESSION: _SESSION = session.Session() auth = token_endpoint.Token(CONF.designate.url, context.auth_token) client = d_client.Client(session=_SESSION, auth=auth) admin_auth = password.Password( auth_url=CONF.designate.admin_auth_url, username=CONF.designate.admin_username, password=CONF.designate.admin_password, tenant_name=CONF.designate.admin_tenant_name, tenant_id=CONF.designate.admin_tenant_id) admin_client = d_client.Client(session=_SESSION, auth=admin_auth) return client, admin_client
def __init__(self, **kwargs): session = kwargs.get('session') if session is None: auth = ks_password.Password( auth_url=kwargs.get('auth_url'), username=kwargs.get('username'), password=kwargs.get('password'), user_domain_id=kwargs.get('user_domain_id'), project_name=kwargs.get('project_name'), project_domain_id=kwargs.get('project_domain_id')) session = ks_session.Session(auth=auth) con = connection.Connection(session=session, interface=kwargs.get('interface'), region_name=kwargs.get('region_name'), ha_api_version=kwargs.get('api_version')) self.service = con.instance_ha
def _basic_authenticate(self, auth_info, req): try: project_domain_id, project_name, user_domain_id = \ self._get_auth_params() auth = password.Password(auth_url=self.auth_url, username=auth_info.username, password=auth_info.password, user_domain_id=user_domain_id, project_domain_id=project_domain_id, project_name=project_name) sess = session.Session(auth=auth) token = sess.get_token() project_id = str(auth.get_project_id(sess)) roles = str(auth.get_auth_ref(sess).role_names[0]) self._set_req_headers(req, token, project_id, roles) except Exception as e: to_unicode = encodeutils.exception_to_unicode(e) message = 'Authorization exception: %s' % to_unicode self._unauthorized(message)
def get_clients(context): global _SESSION if not _SESSION: _SESSION = loading.load_session_from_conf_options(CONF, 'designate') auth = token_endpoint.Token(CONF.designate.url, context.auth_token) client = d_client.Client(session=_SESSION, auth=auth) if CONF.designate.auth_type: admin_auth = loading.load_auth_from_conf_options(CONF, 'designate') else: admin_auth = password.Password( auth_url=CONF.designate.admin_auth_url, username=CONF.designate.admin_username, password=CONF.designate.admin_password, tenant_name=CONF.designate.admin_tenant_name, tenant_id=CONF.designate.admin_tenant_id) admin_client = d_client.Client(session=_SESSION, auth=admin_auth) return client, admin_client
def get_clients(context): global _SESSION if not _SESSION: if CONF.designate.insecure: verify = False else: verify = CONF.designate.ca_cert or True _SESSION = session.Session(verify=verify) auth = token_endpoint.Token(CONF.designate.url, context.auth_token) client = d_client.Client(session=_SESSION, auth=auth) admin_auth = password.Password( auth_url=CONF.designate.admin_auth_url, username=CONF.designate.admin_username, password=CONF.designate.admin_password, tenant_name=CONF.designate.admin_tenant_name, tenant_id=CONF.designate.admin_tenant_id) admin_client = d_client.Client(session=_SESSION, auth=admin_auth) return client, admin_client
def _make_client_new(self): auth = ks_password.Password( auth_url=CONF.api.auth_url, username=CONF.api.username, password=CONF.api.password, user_domain_id=CONF.api.user_domain_id, project_name=CONF.api.project_name, project_domain_id=CONF.api.project_domain_id) session = ks_session.Session(auth=auth) desc = service_description.ServiceDescription(service_type='ha', proxy_class=_proxy.Proxy) conn = connection.Connection(session=session, extra_services=[desc]) conn.add_service(desc) if version.__version__.find('0.11.0') == 0: client = conn.ha else: client = conn.ha.proxy_class(session=session, service_type='ha') return client
def get_clients(context): global _SESSION if not _SESSION: _SESSION = loading.load_session_from_conf_options(CONF, 'designate') auth = token_endpoint.Token(CONF.designate.url, context.auth_token) client = d_client.Client(session=_SESSION, auth=auth) if CONF.designate.auth_type: admin_auth = loading.load_auth_from_conf_options(CONF, 'designate') else: # TODO(tkajinam): Make this fail when admin_* parameters are removed. admin_auth = password.Password( auth_url=CONF.designate.admin_auth_url, username=CONF.designate.admin_username, password=CONF.designate.admin_password, tenant_name=CONF.designate.admin_tenant_name, tenant_id=CONF.designate.admin_tenant_id) admin_client = d_client.Client(session=_SESSION, auth=admin_auth, endpoint_override=CONF.designate.url) return client, admin_client