def __init__(self, auth_url, username, password, tenant_name, cacert):
auth = v2.Password(auth_url=auth_url,
username=username,
password=password,
tenant_name=tenant_name)
sess = session.Session(auth=auth, verify=cacert)
self.cinder = client.Client("2", session=sess)
def get_session(role):
d = cc.conf['keystone'][role]
return session.Session(auth=v2.Password(
auth_url=d['auth_url'],
username=d['username'],
password=d['password'],
tenant_name=d['tenant_name']))
def do_setup(self, context):
"""Any initialization the destination driver does while starting."""
super(OpenStackDestinationDriver, self).do_setup(context)
auth_url = self.configuration.auth_url
if auth_url is None:
raise ValueError(_("Cannot authenticate without an auth_url"))
username = self.configuration.username
password = self.configuration.password
tenant_name = self.configuration.tenant_name
project_id = self.configuration.project_id
user_domain_name = self.configuration.user_domain_name
nova_api_version = self.configuration.nova_api_version
cinder_api_version = self.configuration.cinder_api_version
glance_api_version = self.configuration.glance_api_version
keystone_version = self.configuration.keystone_version
if keystone_version == 'v3':
auth = v3.Password(auth_url=auth_url, username=username,
password=password, project_id=project_id,
user_domain_name=user_domain_name)
sess = v3_session.Session(auth=auth)
elif keystone_version == 'v2':
auth = v2.Password(auth_url, username=username,
password=password, tenant_name=tenant_name)
sess = v2_session.Session(auth=auth)
self.nova = nova_client.Client(nova_api_version, session=sess)
self.cinder = cinder_client.Client(cinder_api_version, session=sess)
self.glance = glance_client.Client(glance_api_version, session=sess)
self._initialized = True
def get_heat_client(username,
password,
tenant_name,
auth_url,
cacert=None,
region_name='regionOne'):
LOG.debug('Creating Keystone session to fetch Heat endpoint.')
auth = v2.Password(auth_url=auth_url,
username=username,
password=password,
tenant_name=tenant_name)
ks_session = session.Session(auth=auth)
endpoint = ks_session.get_endpoint(service_type='orchestration',
interface='public',
region_name=region_name)
LOG.debug('Creating heat client.')
kwargs = {
'username': username,
'password': password,
'tenant_name': tenant_name,
'auth': auth,
'auth_url': auth_url,
'session': ks_session,
'include_pass': False,
'ca_cert': cacert
}
return heatclient.Client('1', endpoint, **kwargs)
def get_auth_plugin(opts):
auth_version = guess_auth_version(opts)
if opts.os_username:
if auth_version == '3':
return v3.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
project_name=opts.os_project_name,
user_domain_name=opts.os_user_domain_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
tenant_name=opts.os_tenant_name)
elif opts.os_token:
if auth_version == '3':
return v3.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
project_name=opts.os_project_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
tenant_name=opts.os_tenant_name)
raise Exception('Unable to determine correct auth method, please provide'
' either username or token')
def _get_client(self):
if self._client is not None:
return self._client
if (self.tenant_id is not None or self.tenant_name is not None):
auth = v2_auth.Password(auth_url=self.auth_url,
username=self.username,
password=self.password,
tenant_id=self.tenant_id,
tenant_name=self.tenant_name)
elif self.project_name is not None:
auth = v3_auth.Password(
auth_url=self.auth_url,
username=self.username,
password=self.password,
project_name=self.project_name,
project_domain_name=self.project_domain_name,
user_domain_name=self.user_domain_name)
else:
auth = None
session = ks_session.Session(auth=auth)
self._client = client.Client(session=session,
service_type=self.service_type)
return self._client
def get_v2_auth(self, v2_auth_url):
return v2_auth.Password(
v2_auth_url,
username=self.options.os_username,
password=self.options.os_password,
tenant_id=self.options.os_tenant_id,
tenant_name=self.options.os_tenant_name)
def _get_openswift_connection(self):
auth = v2.Password(auth_url=self.conohaparams.authurl,
username=self.conohaparams.username,
password=self.conohaparams.key,
tenant_name=self.conohaparams.tenant_name)
ss = session.Session(auth=auth)
return client.Connection(session=ss)
def _get_keystone_session(self, **kwargs):
ks_session = session.Session.construct(kwargs)
# discover the supported keystone versions using the given auth url
auth_url = kwargs.pop('auth_url', None)
(v2_auth_url,
v3_auth_url) = self._discover_auth_versions(session=ks_session,
auth_url=auth_url)
# Determine which authentication plugin to use. First inspect the
# auth_url to see the supported version. If both v3 and v2 are
# supported, then use the highest version if possible.
user_id = kwargs.pop('user_id', None)
username = kwargs.pop('username', None)
password = kwargs.pop('password', None)
user_domain_name = kwargs.pop('user_domain_name', None)
user_domain_id = kwargs.pop('user_domain_id', None)
# project and tenant can be used interchangeably
project_id = (kwargs.pop('project_id', None)
or kwargs.pop('tenant_id', None))
project_name = (kwargs.pop('project_name', None)
or kwargs.pop('tenant_name', None))
project_domain_id = kwargs.pop('project_domain_id', None)
project_domain_name = kwargs.pop('project_domain_name', None)
auth = None
use_domain = (user_domain_id or user_domain_name or project_domain_id
or project_domain_name)
use_v3 = v3_auth_url and (use_domain or (not v2_auth_url))
use_v2 = v2_auth_url and not use_domain
if use_v3:
auth = v3_auth.Password(v3_auth_url,
user_id=user_id,
username=username,
password=password,
user_domain_id=user_domain_id,
user_domain_name=user_domain_name,
project_id=project_id,
project_name=project_name,
project_domain_id=project_domain_id,
project_domain_name=project_domain_name)
elif use_v2:
auth = v2_auth.Password(v2_auth_url,
username,
password,
tenant_id=project_id,
tenant_name=project_name)
else:
# if we get here it means domain information is provided
# (caller meant to use Keystone V3) but the auth url is
# actually Keystone V2. Obviously we can't authenticate a V3
# user using V2.
exc.CommandError("Credential and auth_url mismatch. The given "
"auth_url is using Keystone V2 endpoint, which "
"may not able to handle Keystone V3 credentials. "
"Please provide a correct Keystone V3 auth_url.")
ks_session.auth = auth
return ks_session
def getSession(self):
self.auth = v2.Password(auth_url=self.auth_url,
username=self.username,
password=self.password,
tenant_name=self.tenant)
return session.Session(auth=self.auth)
def _get_keystone_session(cloud):
authsplit = cloud.authurl.split('/')
version = int(float(authsplit[-1][1:])) if len(authsplit[-1]) > 0 else int(
float(authsplit[-2][1:]))
if version == 2:
try:
auth = v2.Password(auth_url=cloud.authurl,
username=cloud.username,
password=cloud.password,
tenant_name=cloud.project)
sess = session.Session(auth=auth,
verify=config.cert_auth_bundle_path)
except Exception as exc:
print(
"Problem importing keystone modules, and getting session: %s" %
exc)
return sess
elif version == 3:
#connect using keystone v3
try:
auth = v3.Password(auth_url=cloud.authurl,
username=cloud.username,
password=cloud.password,
project_name=cloud.project,
user_domain_name=cloud.user_domain_name,
project_domain_name=cloud.project_domain_name)
sess = session.Session(auth=auth,
verify=config.cert_auth_bundle_path)
except Exception as exc:
print(
"Problem importing keystone modules, and getting session: %s" %
exc)
return sess
def __init__(self, endpoint, **kwargs):
try:
from keystoneclient.v2_0 import client
from keystoneclient.auth.identity import v2
from keystoneclient import session
except ImportError:
if six.PY2:
apt_install(["python-keystoneclient"], fatal=True)
else:
apt_install(["python3-keystoneclient"], fatal=True)
from keystoneclient.v2_0 import client
from keystoneclient.auth.identity import v2
from keystoneclient import session
self.api_version = 2
token = kwargs.get("token", None)
if token:
api = client.Client(endpoint=endpoint, token=token)
else:
auth = v2.Password(username=kwargs.get("username"),
password=kwargs.get("password"),
tenant_name=kwargs.get("tenant_name"),
auth_url=endpoint)
sess = session.Session(auth=auth)
api = client.Client(session=sess)
self.api = api
def __init__(self, authurl, tenant_name, username, password):
from keystoneclient.auth.identity import v2
from keystoneclient import session
from keystoneclient.v2_0 import client as ksclient
from novaclient import client
from neutronclient.neutron import client as nclient
from cinderclient import client as cclient
auth = v2.Password(auth_url=authurl,
user_id=username,
password=password,
tenant_name=tenant_name)
sess = session.Session(auth=auth)
self.__auth = auth
self.__sess = sess
__nova = client.Client('2', session=sess)
__cinder = cclient.Client('2', session=sess)
__neutron = nclient.Client('2.0', session=sess)
__keystone = ksclient.Client(session=sess)
self.__conn = ConnectionWrapper(__nova, __cinder, __neutron,
__keystone)
self.conn = ConnectionWrapper(__nova, __cinder, __neutron, __keystone)
self.userid = self.__conn.nova.client.get_user_id()
self.user_is_project_admin = self.__conn.user_is_project_admin = bool(
self.get_user_roles().count('admin'))
# FIXME Retain these lines during testing only
self.nova = self.__conn.nova
self.cinder = self.__conn.cinder
self.neutron = self.__conn.neutron
self.auth = auth
self.sess = sess
self.keystone = self.__conn.keystone
def _get_keystone_session(self):
if self.version == 2:
try:
auth = v2.Password(auth_url=self.auth_url,
username=self.username,
password=self.password,
tenant_name=self.project)
sess = session.Session(auth=auth, verify=self.cacert)
except Exception as exc:
print(
"Problem importing keystone modules, and getting session: %s"
% exc)
return sess
elif self.version == 3:
#connect using keystone v3
try:
auth = v3.Password(
auth_url=self.auth_url,
username=self.username,
password=self.password,
project_name=self.project,
user_domain_name=self.user_domain_name,
project_domain_name=self.project_domain_name)
sess = session.Session(auth=auth, verify=self.cacert)
except Exception as exc:
print(
"Problem importing keystone modules, and getting session: %s"
% exc)
return sess
def _get_auth_plugin(self, version, **kwargs):
if version == 'v2.0':
auth_plugin = v2.Password(**kwargs)
else:
auth_plugin = v3.Password(**kwargs)
return auth_plugin
def network_name_to_id(host_vars, user, password, tenant, auth_url):
""" Accept one name of network or list of names of networks and return the same
structure, but names replaced by ids of the network(s). """
auth = identity.Password(auth_url=auth_url,
username=user,
password=password,
tenant_name=tenant)
sess = session.Session(auth=auth)
token = auth.get_token(sess)
endpoint = auth.get_endpoint(sess,
service_name='neutron',
service_type='network')
neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token)
result_as_list = isinstance(host_vars, list)
if not result_as_list:
host_vars = [host_vars]
result = []
for net in host_vars:
networks = neutron.list_networks(name=net, fields='name')["networks"]
if networks:
result += [networks[0]['id']]
else:
raise errors.AnsibleFilterError(
'There is no network of name {0} accessible for tenant {1}'.
format(net, tenant))
if result_as_list:
return result
else:
return result[0]
class OSVM:
def __init__(self, InstanceName):
self._InstanceName = InstanceName
self._Credentials = {}
def getNovaCreds(self):
print "Gathering credentials..."
self._Credentials['username'] = os.environ['OS_USERNAME']
self._Credentials['password'] = os.environ['OS_PASSWORD']
self._Credentials['auth_url'] = os.environ['OS_AUTH_URL']
self._Credentials['tenant_id'] = os.environ['OS_TENANT_ID']
def setNova(self):
print "Setting up authentication session..."
try:
self.getNovaCreds()
print "Credentials are set! :). \n"
except Exception, e:
print "==> error: You need to source the des_labs-openrc file in order to set up your environment.\n Please do that and run your fab command again."
exit()
auth = v2.Password(**self._Credentials)
VERSION = "2"
sess = session.Session(auth=auth)
self._Nova = client.Client(VERSION, session=sess)
print "Choosing flavor, image and ssh key..."
self._Flavor = self._Nova.flavors.find(name="m1.medium")
self._Image = self._Nova.images.find(name="Ubuntu 14.04.2 LTS")
self._Key = self._Nova.keypairs.find(name="acx")
def get_auth_plugin(opts):
"""Create the right keystone connection depending on the version
for the api, if username/password and token are provided, username and
password takes precedence.
"""
auth_version = guess_auth_version(opts)
if opts.os_username:
if auth_version == '3':
return v3.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
project_name=opts.os_project_name,
user_domain_name=opts.os_user_domain_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
tenant_name=opts.os_tenant_name)
elif opts.os_token:
if auth_version == '3':
return v3.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
project_name=opts.os_project_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
tenant_name=opts.os_tenant_name)
raise Exception('Unable to determine correct auth method, please provide'
' either username or token')
def execute(args):
"""keystone execution."""
missing_environment = [
var for var in (REQUIRED_ENVIRONMENT_REPORTING +
REQUIRED_ENVIRONMENT_OPENSTACK)
if var not in os.environ
]
if len(missing_environment) > 0:
sys.exit("Missing environment variables: %s" %
" ".join(missing_environment))
api_config = {
"server": os.getenv("REPORTING_SERVER"),
"username": os.getenv("REPORTING_USERNAME"),
"token": os.getenv("REPORTING_TOKEN"),
"https_verify": not args.insecure
}
auth = v2.Password(auth_url=os.getenv("OS_AUTH_URL"),
username=os.getenv("OS_USERNAME"),
password=os.getenv("OS_PASSWORD"),
tenant_name=os.getenv("OS_TENANT_NAME"))
keystone_session = session.Session(auth=auth)
keystone = client.Client(session=keystone_session)
kafka = api.API(**api_config)
users = [user._info for user in keystone.users.list()]
tenants = ThreadPool().map(process, keystone.tenants.list())
payload = {"users": users, "tenants": tenants}
kafka.put(args.topic, SCHEMA, payload)
def get_nova_admin(request):
auth = v2.Password(auth_url=settings.AUTH_URL,
username=settings.ADMIN_NAME,
password=settings.ADMIN_PASS,
tenant_name=settings.ADMIN_TENANT_NAME)
sess = session.Session(auth=auth)
novaClient = Client(settings.NOVA_VERSION, session=sess)
return novaClient
def __init__(self, args):
credentials = get_credentials()
ksclient.Client(**credentials)
auth = v2.Password(**credentials)
sess = session.Session(auth=auth)
self.nova = nclient.Client(2, session=sess)
self.json = args.json
def get_keystone_session(env):
"""Return a keystone session."""
from keystoneclient.auth.identity import v2
from keystoneclient.session import Session
auth = v2.Password(auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
tenant_name=env['OS_TENANT_NAME'])
return Session(auth=auth)
def Login(user, password, tenant, authURL=auth_url):
auth = v2.Password(username=user,
auth_url=auth_url,
password=password,
tenant_name=tenant)
auth_session = session.Session(auth=auth)
nt2 = nova_client.Client(2, session=auth_session)
return nt2
def get_nova_admin(instance):
auth = v2.Password(auth_url=settings.AUTH_URL,
username=settings.ADMIN_NAME,
password=settings.ADMIN_PASS,
tenant_name=settings.ADMIN_TENANT_NAME)
sess = session.Session(auth=auth)
#this should read from settings
novaClient = Client(settings.NOVA_VERSION, session=sess)
return novaClient
def test_doesnt_log_password(self):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
password = uuid.uuid4().hex
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
password=password)
s = session.Session(auth=a)
self.assertEqual(self.TEST_TOKEN, s.get_token())
self.assertNotIn(password, self.logger.output)
def test_invalid_auth_response_type(self):
self.stub_url('POST', ['tokens'], text='testdata')
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
password=self.TEST_PASS)
s = session.Session(auth=a)
self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any',
authenticated=True)
def test_invalid_auth_response_dict(self):
self.stub_auth(json={'hello': 'world'})
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
password=self.TEST_PASS)
s = session.Session(auth=a)
self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any',
authenticated=True)
def test_endpoint_filter_without_service_type_fails(self):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
password=self.TEST_PASS)
s = session.Session(auth=a)
self.assertRaises(exceptions.EndpointNotFound, s.get, '/path',
endpoint_filter={'interface': 'admin'})
def __init__(self, auth_url, username, api_key, tenant_id=None, **kwargs):
self.tenant_id = tenant_id
self.client = KeystoneClient(session=KeystoneClient.Session(
auth=v2.Password(auth_url, username, api_key)))
self.backups = self._get_resources('VolumeBackup')
self.restores = self._get_resources('VolumeRestore')
self.volumes = self._get_resources('Volume')
self.volume_snapshots = self._get_resources('VolumeSnapshot')
self.quotas = self._get_resources('Quota')
def get_keystone_sess():
auth_details = get_auths()
auth = v2.Password(auth_url=auth_details[0]['auth_url'],
username=auth_details[0]['username'],
password=auth_details[0]['password'],
tenant_id=config.PROJECT_ID)
ks_session = session.Session(auth=auth)
return ks_session
