Example #1
0
    def _create(self):
        endpoint_type = self._get_client_option('nova', 'endpoint_type')
        management_url = self.url_for(service_type=self.COMPUTE,
                                      endpoint_type=endpoint_type)

        if hasattr(nc, 'discover_extensions'):
            extensions = nc.discover_extensions(NOVACLIENT_VERSION)
        else:
            # TODO(lyj): The else condition is for backward compatibility,
            #            once novaclient bump to a newer version with
            #            discover_extensions exists, this should be safely
            #            removed.
            from novaclient import shell as novashell
            computeshell = novashell.OpenStackComputeShell()
            extensions = computeshell._discover_extensions(NOVACLIENT_VERSION)

        args = {
            'project_id': self.context.tenant,
            'auth_url': self.context.auth_url,
            'service_type': self.COMPUTE,
            'username': None,
            'api_key': None,
            'extensions': extensions,
            'endpoint_type': endpoint_type,
            'http_log_debug': self._get_client_option('nova',
                                                      'http_log_debug'),
            'cacert': self._get_client_option('nova', 'ca_file'),
            'insecure': self._get_client_option('nova', 'insecure')
        }

        client = nc.Client(NOVACLIENT_VERSION, **args)
        client.client.auth_token = self.auth_token
        client.client.management_url = management_url

        return client
Example #2
0
File: nova.py Project: aaratn/heat
    def _create(self, version=None):
        if not version:
            # TODO(prazumovsky): remove all unexpected calls from tests and
            # add default_version after that.
            version = self.NOVA_API_VERSION
        endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
        extensions = nc.discover_extensions(version)

        args = {
            'session': self.context.keystone_session,
            'extensions': extensions,
            'endpoint_type': endpoint_type,
            'service_type': self.COMPUTE,
            'region_name': self._get_region_name(),
            'http_log_debug': self._get_client_option(CLIENT_NAME,
                                                      'http_log_debug')
        }

        client = nc.Client(version, **args)
        # NOTE: check for microversion availability
        if version in self.validate_versions:
            try:
                client.versions.get_current()
            except exceptions.NotAcceptable:
                raise exception.InvalidServiceVersion(service=self.COMPUTE,
                                                      version=version)

        return client
Example #3
0
def make_client(instance):
    """Returns a compute service client."""

    # Defer client import until we actually need them
    from novaclient import client as nova_client

    if _compute_api_version is not None:
        version = _compute_api_version
    else:
        version = instance._api_version[API_NAME]

    LOG.debug('Instantiating compute client for V%s', version)

    # Set client http_log_debug to True if verbosity level is high enough
    http_log_debug = utils.get_effective_log_level() <= logging.DEBUG

    extensions = [ext for ext in nova_client.discover_extensions(version)
                  if ext.name == "list_extensions"]

    # Remember interface only if it is set
    kwargs = utils.build_kwargs_dict('endpoint_type', instance._interface)

    client = nova_client.Client(
        version,
        session=instance.session,
        extensions=extensions,
        http_log_debug=http_log_debug,
        timings=instance.timing,
        region_name=instance._region_name,
        **kwargs
    )

    return client
Example #4
0
    def __init__(self):
        # FIXME(jamielennox): A notifier is being created for each Controller
        # and each Notifier is handling it's own auth. That means that we are
        # authenticating the exact same thing len(controllers) times. This
        # should be an easy thing to optimize.
        # FIXME(kevinbenton): remove this comment and the one above once the
        # switch to pecan is complete since only one notifier is constructed
        # in the pecan notification hook.
        auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')

        session = ks_loading.load_session_from_conf_options(
            cfg.CONF,
            'nova',
            auth=auth)

        extensions = [
            ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
            if ext.name == "server_external_events"]
        self.nclient = nova_client.Client(
            NOVA_API_VERSION,
            session=session,
            region_name=cfg.CONF.nova.region_name,
            endpoint_type=cfg.CONF.nova.endpoint_type,
            extensions=extensions)
        self.batch_notifier = batch_notifier.BatchNotifier(
            cfg.CONF.send_events_interval, self.send_events)

        # register callbacks for events pertaining resources affecting Nova
        callback_resources = (
            resources.FLOATING_IP,
            resources.PORT,
        )
        for resource in callback_resources:
            registry.subscribe(self._send_nova_notification,
                               resource, events.BEFORE_RESPONSE)
Example #5
0
    def __init__(self):
        auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')

        session = ks_loading.load_session_from_conf_options(
            cfg.CONF,
            'nova',
            auth=auth)

        extensions = [
            ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
            if ext.name == "server_external_events"]
        self.nclient = nova_client.Client(
            NOVA_API_VERSION,
            session=session,
            region_name=cfg.CONF.nova.region_name,
            endpoint_type=cfg.CONF.nova.endpoint_type,
            extensions=extensions)
        self.batch_notifier = batch_notifier.BatchNotifier(
            cfg.CONF.send_events_interval, self.send_events)

        # register callbacks for events pertaining resources affecting Nova
        callback_resources = (
            resources.FLOATING_IP,
            resources.PORT,
        )
        for resource in callback_resources:
            registry.subscribe(self._send_nova_notification,
                               resource, events.BEFORE_RESPONSE)
Example #6
0
File: nova.py Project: toby82/heat
    def _create(self):
        endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
        management_url = self.url_for(service_type=self.COMPUTE,
                                      endpoint_type=endpoint_type)
        extensions = nc.discover_extensions(NOVACLIENT_VERSION)

        args = {
            'project_id': self.context.tenant_id,
            'auth_url': self.context.auth_url,
            'auth_token': self.auth_token,
            'service_type': self.COMPUTE,
            'username': None,
            'api_key': None,
            'extensions': extensions,
            'endpoint_type': endpoint_type,
            'http_log_debug': self._get_client_option(CLIENT_NAME,
                                                      'http_log_debug'),
            'cacert': self._get_client_option(CLIENT_NAME, 'ca_file'),
            'insecure': self._get_client_option(CLIENT_NAME, 'insecure')
        }

        client = nc.Client(NOVACLIENT_VERSION, **args)

        client.client.set_management_url(management_url)

        return client
Example #7
0
def make_client(instance):
    """Returns a compute service client."""

    # Defer client import until we actually need them
    from novaclient import client as nova_client

    if _compute_api_version is not None:
        version = _compute_api_version
    else:
        version = instance._api_version[API_NAME]
        from novaclient import api_versions
        # convert to APIVersion object
        version = api_versions.get_api_version(version)

    if version.is_latest():
        import novaclient
        # NOTE(RuiChen): executing version discovery make sense, but that need
        #                an initialized REST client, it's not available now,
        #                fallback to use the max version of novaclient side.
        version = novaclient.API_MAX_VERSION

    LOG.debug('Instantiating compute client for %s', version)

    compute_api = utils.get_client_class(
        API_NAME,
        version.ver_major,
        COMPUTE_API_VERSIONS,
    )
    LOG.debug('Instantiating compute api: %s', compute_api)

    # Set client http_log_debug to True if verbosity level is high enough
    http_log_debug = utils.get_effective_log_level() <= logging.DEBUG

    extensions = [ext for ext in nova_client.discover_extensions(version)
                  if ext.name == "list_extensions"]

    # Remember interface only if it is set
    kwargs = utils.build_kwargs_dict('endpoint_type', instance.interface)

    client = nova_client.Client(
        version,
        session=instance.session,
        extensions=extensions,
        http_log_debug=http_log_debug,
        timings=instance.timing,
        region_name=instance.region_name,
        **kwargs
    )

    client.api = compute_api(
        session=instance.session,
        service_type=COMPUTE_API_TYPE,
        endpoint=instance.get_endpoint_for_service_type(
            COMPUTE_API_TYPE,
            region_name=instance.region_name,
            interface=instance.interface,
        )
    )

    return client
 def test():
     extensions = client.discover_extensions('1.1')
     self.assertEqual(3, len(extensions))
     names = sorted(['foo', 'bar', 'baz'])
     sorted_extensions = sorted(extensions, key=lambda ext: ext.name)
     for i in range(len(names)):
         ext = sorted_extensions[i]
         name = names[i]
         self.assertEqual(ext.name, name)
         self.assertTrue(inspect.ismodule(ext.module))
Example #9
0
 def __init__(self):
     auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
     self.session = ks_loading.load_session_from_conf_options(
         cfg.CONF,
         'nova',
         auth=auth)
     self.extensions = [
         ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
         if ext.name == "server_external_events"]
     self.batch_notifier = batch_notifier.BatchNotifier(
         cfg.CONF.send_events_interval, self.send_events)
Example #10
0
    def _get_args(self, version):
        endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
        extensions = nc.discover_extensions(version)

        return {
            'session': self.context.keystone_session,
            'extensions': extensions,
            'endpoint_type': endpoint_type,
            'service_type': self.COMPUTE,
            'region_name': self._get_region_name(),
            'http_log_debug': self._get_client_option(CLIENT_NAME,
                                                      'http_log_debug')
            }
Example #11
0
    def __init__(self):
        # FIXME(jamielennox): A notifier is being created for each Controller
        # and each Notifier is handling it's own auth. That means that we are
        # authenticating the exact same thing len(controllers) times. This
        # should be an easy thing to optimize.
        auth = ks_auth.load_from_conf_options(cfg.CONF, "nova")

        session = ks_session.Session.load_from_conf_options(cfg.CONF, "nova", auth=auth)

        extensions = [
            ext for ext in nova_client.discover_extensions(NOVA_API_VERSION) if ext.name == "server_external_events"
        ]
        self.nclient = nova_client.Client(
            NOVA_API_VERSION, session=session, region_name=cfg.CONF.nova.region_name, extensions=extensions
        )
        self.batch_notifier = batch_notifier.BatchNotifier(cfg.CONF.send_events_interval, self.send_events)
Example #12
0
    def _create(self):
        endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
        extensions = nc.discover_extensions(NOVA_API_VERSION)

        args = {
            'session': self.context.keystone_session,
            'extensions': extensions,
            'interface': endpoint_type,
            'service_type': self.COMPUTE,
            'region_name': self._get_region_name(),
            'http_log_debug': self._get_client_option(CLIENT_NAME,
                                                      'http_log_debug')
        }

        client = nc.Client(NOVA_API_VERSION, **args)
        return client
Example #13
0
def nova_notify(device_owner, device_id, port_id, event):
    VERSION = "2"
    # Docs say this, but this is not right:
    #    # TODO load of config here, note
    #    loader = loading.get_plugin_loader('password')
    #    auth = loader.Password(auth_url='http://127.0.0.1:35357',
    #                           username='nova',
    #                           password='iheartksl',
    #                           project_id='service')
    #    sess = session.Session(auth=auth)
    #    nova = nova_client.Client(VERSION, session=sess)
    extensions = [ext for ext in nova_client.discover_extensions(VERSION) if ext.name == "server_external_events"]
    nova = nova_client.Client(
        VERSION, "nova", "iheartksl", "service", auth_url="http://127.0.0.1:5000/v2.0", extensions=extensions
    )
    nova.server_external_events.create(
        [{"server_uuid": device_id, "name": event, "status": "completed", "tag": port_id}]
    )
Example #14
0
    def _create(self, version=None):
        version = self.os_context.version

        extensions = nc.discover_extensions(version)

        kwargs = self.os_context.to_dict()
        kwargs.update(
            {
                'extensions': extensions,
                'http_log_debug': self._get_client_option(self.CLIENT_NAME,
                                                          'http_log_debug')
            }
        )
        kwargs.pop('version')

        kwargs['api_key'] = kwargs.pop("password")

        client = nc.Client(version, **kwargs)
        return client
Example #15
0
    def __init__(self):
        auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')

        session = ks_loading.load_session_from_conf_options(
            cfg.CONF,
            'nova',
            auth=auth)

        extensions = [
            ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
            if ext.name == "server_external_events"]
        self.nclient = nova_client.Client(
            api_versions.APIVersion(NOVA_API_VERSION),
            session=session,
            region_name=cfg.CONF.nova.region_name,
            endpoint_type=cfg.CONF.nova.endpoint_type,
            extensions=extensions)
        self.batch_notifier = batch_notifier.BatchNotifier(
            cfg.CONF.send_events_interval, self.send_events)
Example #16
0
    def _get_clients(self):
        p_client = placement_client.PlacementAPIClient(cfg.CONF)

        n_auth = ks_loading.load_auth_from_conf_options(cfg.CONF, 'nova')
        n_session = ks_loading.load_session_from_conf_options(
            cfg.CONF,
            'nova',
            auth=n_auth)
        extensions = [
            ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
            if ext.name == "server_external_events"]
        n_client = nova_client.Client(
            NOVA_API_VERSION,
            session=n_session,
            region_name=cfg.CONF.nova.region_name,
            endpoint_type=cfg.CONF.nova.endpoint_type,
            extensions=extensions)

        return p_client, n_client
Example #17
0
    def __init__(self):
        # FIXME(jamielennox): A notifier is being created for each Controller
        # and each Notifier is handling it's own auth. That means that we are
        # authenticating the exact same thing len(controllers) times. This
        # should be an easy thing to optimize.
        auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova')
        endpoint_override = None

        if not auth:
            LOG.warning(_LW('Authenticating to nova using nova_admin_* options'
                            ' is deprecated. This should be done using'
                            ' an auth plugin, like password'))

            if cfg.CONF.nova_admin_tenant_id:
                endpoint_override = "%s/%s" % (cfg.CONF.nova_url,
                                               cfg.CONF.nova_admin_tenant_id)

            auth = DefaultAuthPlugin(
                auth_url=cfg.CONF.nova_admin_auth_url,
                username=cfg.CONF.nova_admin_username,
                password=cfg.CONF.nova_admin_password,
                tenant_id=cfg.CONF.nova_admin_tenant_id,
                tenant_name=cfg.CONF.nova_admin_tenant_name,
                endpoint_override=endpoint_override)

        session = ks_session.Session.load_from_conf_options(cfg.CONF,
                                                            'nova',
                                                            auth=auth)

        extensions = [
            ext for ext in nova_client.discover_extensions(NOVA_API_VERSION)
            if ext.name == "server_external_events"]
        self.nclient = nova_client.Client(
            NOVA_API_VERSION,
            session=session,
            region_name=cfg.CONF.nova.region_name,
            extensions=extensions)
        self.batch_notifier = batch_notifier.BatchNotifier(
            cfg.CONF.send_events_interval, self.send_events)
Example #18
0
def create(context, conf):
    conf.register_opts(nova_client_opts, group=SERVICE + '_client')
    try:
        url = utils.get_url(SERVICE, context, conf, append_project=True)
    except Exception:
        LOG.error(_LE("Get nova service endpoint url failed."))
        raise

    LOG.info(_LI('Creating nova client with url %s.'), url)

    extensions = nc.discover_extensions(NOVACLIENT_VERSION)

    args = {
        'project_id': context.project_id,
        'auth_token': context.auth_token,
        'extensions': extensions,
    }

    client = nc.Client(NOVACLIENT_VERSION, **args)
    client.client.set_management_url(url)

    return client
Example #19
0
def create(context, conf):
    conf.register_opts(nova_client_opts, group=SERVICE + "_client")
    try:
        url = utils.get_url(SERVICE, context, conf, append_project_fmt="%(url)s/%(project)s")
    except Exception:
        LOG.error(_LE("Get nova service endpoint url failed."))
        raise

    LOG.info(_LI("Creating nova client with url %s."), url)

    extensions = nc.discover_extensions(NOVACLIENT_VERSION)

    args = {
        "project_id": context.project_id,
        "auth_token": context.auth_token,
        "extensions": extensions,
        "cacert": conf.nova_client.nova_ca_cert_file,
        "insecure": conf.nova_client.nova_auth_insecure,
    }

    client = nc.Client(NOVACLIENT_VERSION, **args)
    client.client.set_management_url(url)

    return client
Example #20
0
File: nova.py Project: dims/heat
    def _create(self):
        endpoint_type = self._get_client_option(CLIENT_NAME, "endpoint_type")
        management_url = self.url_for(service_type=self.COMPUTE, endpoint_type=endpoint_type)
        extensions = nc.discover_extensions(NOVACLIENT_VERSION)

        args = {
            "project_id": self.context.tenant_id,
            "auth_url": self.context.auth_url,
            "auth_token": self.auth_token,
            "service_type": self.COMPUTE,
            "username": None,
            "api_key": None,
            "extensions": extensions,
            "endpoint_type": endpoint_type,
            "http_log_debug": self._get_client_option(CLIENT_NAME, "http_log_debug"),
            "cacert": self._get_client_option(CLIENT_NAME, "ca_file"),
            "insecure": self._get_client_option(CLIENT_NAME, "insecure"),
        }

        client = nc.Client(NOVACLIENT_VERSION, **args)

        client.client.set_management_url(management_url)

        return client
Example #21
0
                    'requests.'),
    cfg.BoolOpt('nova_api_insecure',
                default=False,
                help='Allow to perform insecure SSL requests to nova'),
]

CONF = cfg.CONF
CONF.register_opts(nova_opts)

LOG = logging.getLogger(__name__)

# TODO(e0ne): Make Nova version configurable in Mitaka.
NOVA_API_VERSION = "2.1"

nova_extensions = [ext for ext in
                   nova_client.discover_extensions(NOVA_API_VERSION)
                   if ext.name in ("assisted_volume_snapshots",
                                   "list_extensions")]


def novaclient(context, admin_endpoint=False, privileged_user=False,
               timeout=None):
    """Returns a Nova client

    @param admin_endpoint: If True, use the admin endpoint template from
        configuration ('nova_endpoint_admin_template' and 'nova_catalog_info')
    @param privileged_user: If True, use the account from configuration
        (requires 'os_privileged_user_name', 'os_privileged_user_password' and
        'os_privileged_user_tenant' to be set)
    @param timeout: Number of seconds to wait for an answer before raising a
        Timeout exception (None to disable)
Example #22
0
    def main(self, argv):
        # Parse args once to find version and debug settings
        parser = self.get_base_parser()

        # NOTE(dtroyer): Hackery to handle --endpoint_type due to argparse
        #                thinking usage-list --end is ambiguous; but it
        #                works fine with only --endpoint-type present
        #                Go figure.
        if "--endpoint_type" in argv:
            spot = argv.index("--endpoint_type")
            argv[spot] = "--endpoint-type"

        (args, args_list) = parser.parse_known_args(argv)

        self.setup_debugging(args.debug)
        self.extensions = []
        do_help = ("help" in argv) or not argv

        # Discover available auth plugins
        novaclient.auth_plugin.discover_auth_systems()

        if not args.os_compute_api_version:
            api_version = api_versions.get_api_version(DEFAULT_MAJOR_OS_COMPUTE_API_VERSION)
        else:
            api_version = api_versions.get_api_version(args.os_compute_api_version)

        os_username = args.os_username
        os_user_id = args.os_user_id
        os_password = None  # Fetched and set later as needed
        os_tenant_name = args.os_tenant_name
        os_tenant_id = args.os_tenant_id
        os_auth_url = args.os_auth_url
        os_region_name = args.os_region_name
        os_auth_system = args.os_auth_system
        endpoint_type = args.endpoint_type
        insecure = args.insecure
        service_type = args.service_type
        service_name = args.service_name
        volume_service_name = args.volume_service_name
        bypass_url = args.bypass_url
        os_cache = args.os_cache
        cacert = args.os_cacert
        timeout = args.timeout

        keystone_session = None
        keystone_auth = None

        # We may have either, both or none of these.
        # If we have both, we don't need USERNAME, PASSWORD etc.
        # Fill in the blanks from the SecretsHelper if possible.
        # Finally, authenticate unless we have both.
        # Note if we don't auth we probably don't have a tenant ID so we can't
        # cache the token.
        auth_token = args.os_auth_token if args.os_auth_token else None
        management_url = bypass_url if bypass_url else None

        if os_auth_system and os_auth_system != "keystone":
            auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_system)
        else:
            auth_plugin = None

        if not endpoint_type:
            endpoint_type = DEFAULT_NOVA_ENDPOINT_TYPE

        # This allow users to use endpoint_type as (internal, public or admin)
        # just like other openstack clients (glance, cinder etc)
        if endpoint_type in ["internal", "public", "admin"]:
            endpoint_type += "URL"

        if not service_type:
            # Note(alex_xu): We need discover version first, so if there isn't
            # service type specified, we use default nova service type.
            service_type = DEFAULT_NOVA_SERVICE_TYPE

        # If we have an auth token but no management_url, we must auth anyway.
        # Expired tokens are handled by client.py:_cs_request
        must_auth = not (auth_token and management_url)

        # Do not use Keystone session for cases with no session support. The
        # presence of auth_plugin means os_auth_system is present and is not
        # keystone.
        use_session = True
        if auth_plugin or bypass_url or os_cache or volume_service_name:
            use_session = False

        # FIXME(usrleon): Here should be restrict for project id same as
        # for os_username or os_password but for compatibility it is not.
        if must_auth and not do_help:
            if auth_plugin:
                auth_plugin.parse_opts(args)

            if not auth_plugin or not auth_plugin.opts:
                if not os_username and not os_user_id:
                    raise exc.CommandError(
                        _(
                            "You must provide a username "
                            "or user id via --os-username, --os-user-id, "
                            "env[OS_USERNAME] or env[OS_USER_ID]"
                        )
                    )

            if not any([args.os_tenant_name, args.os_tenant_id, args.os_project_id, args.os_project_name]):
                raise exc.CommandError(
                    _(
                        "You must provide a project name or"
                        " project id via --os-project-name,"
                        " --os-project-id, env[OS_PROJECT_ID]"
                        " or env[OS_PROJECT_NAME]. You may"
                        " use os-project and os-tenant"
                        " interchangeably."
                    )
                )

            if not os_auth_url:
                if os_auth_system and os_auth_system != "keystone":
                    os_auth_url = auth_plugin.get_auth_url()

            if not os_auth_url:
                raise exc.CommandError(
                    _(
                        "You must provide an auth url "
                        "via either --os-auth-url or env[OS_AUTH_URL] "
                        "or specify an auth_system which defines a "
                        "default url with --os-auth-system "
                        "or env[OS_AUTH_SYSTEM]"
                    )
                )

            project_id = args.os_project_id or args.os_tenant_id
            project_name = args.os_project_name or args.os_tenant_name
            if use_session:
                # Not using Nova auth plugin, so use keystone
                with utils.record_time(self.times, args.timings, "auth_url", args.os_auth_url):
                    keystone_session = ksession.Session.load_from_cli_options(args)
                    keystone_auth = self._get_keystone_auth(
                        keystone_session,
                        args.os_auth_url,
                        username=args.os_username,
                        user_id=args.os_user_id,
                        user_domain_id=args.os_user_domain_id,
                        user_domain_name=args.os_user_domain_name,
                        password=args.os_password,
                        auth_token=args.os_auth_token,
                        project_id=project_id,
                        project_name=project_name,
                        project_domain_id=args.os_project_domain_id,
                        project_domain_name=args.os_project_domain_name,
                    )

        if not do_help and not any([args.os_tenant_id, args.os_tenant_name, args.os_project_id, args.os_project_name]):
            raise exc.CommandError(
                _(
                    "You must provide a project name or"
                    " project id via --os-project-name,"
                    " --os-project-id, env[OS_PROJECT_ID]"
                    " or env[OS_PROJECT_NAME]. You may"
                    " use os-project and os-tenant"
                    " interchangeably."
                )
            )

        if not os_auth_url and not do_help:
            raise exc.CommandError(_("You must provide an auth url " "via either --os-auth-url or env[OS_AUTH_URL]"))

        # This client is just used to discover api version. Version API needn't
        # microversion, so we just pass version 2 at here.
        self.cs = client.Client(
            api_versions.APIVersion("2.0"),
            os_username,
            os_password,
            os_tenant_name,
            tenant_id=os_tenant_id,
            user_id=os_user_id,
            auth_url=os_auth_url,
            insecure=insecure,
            region_name=os_region_name,
            endpoint_type=endpoint_type,
            extensions=self.extensions,
            service_type=service_type,
            service_name=service_name,
            auth_system=os_auth_system,
            auth_plugin=auth_plugin,
            auth_token=auth_token,
            volume_service_name=volume_service_name,
            timings=args.timings,
            bypass_url=bypass_url,
            os_cache=os_cache,
            http_log_debug=args.debug,
            cacert=cacert,
            timeout=timeout,
            session=keystone_session,
            auth=keystone_auth,
        )

        if not do_help:
            if not api_version.is_latest():
                if api_version > api_versions.APIVersion("2.0"):
                    if not api_version.matches(novaclient.API_MIN_VERSION, novaclient.API_MAX_VERSION):
                        raise exc.CommandError(
                            _(
                                "The specified version isn't supported by "
                                "client. The valid version range is '%(min)s' "
                                "to '%(max)s'"
                            )
                            % {
                                "min": novaclient.API_MIN_VERSION.get_string(),
                                "max": novaclient.API_MAX_VERSION.get_string(),
                            }
                        )
            api_version = api_versions.discover_version(self.cs, api_version)

        # build available subcommands based on version
        self.extensions = client.discover_extensions(api_version)
        self._run_extension_hooks("__pre_parse_args__")

        subcommand_parser = self.get_subcommand_parser(api_version, do_help=do_help)
        self.parser = subcommand_parser

        if args.help or not argv:
            subcommand_parser.print_help()
            return 0

        args = subcommand_parser.parse_args(argv)
        self._run_extension_hooks("__post_parse_args__", args)

        # Short-circuit and deal with help right away.
        if args.func == self.do_help:
            self.do_help(args)
            return 0
        elif args.func == self.do_bash_completion:
            self.do_bash_completion(args)
            return 0

        if not args.service_type:
            service_type = cliutils.get_service_type(args.func) or DEFAULT_NOVA_SERVICE_TYPE

        if cliutils.isunauthenticated(args.func):
            # NOTE(alex_xu): We need authentication for discover microversion.
            # But the subcommands may needn't it. If the subcommand needn't,
            # we clear the session arguements.
            keystone_session = None
            keystone_auth = None

        # Recreate client object with discovered version.
        self.cs = client.Client(
            api_version,
            os_username,
            os_password,
            os_tenant_name,
            tenant_id=os_tenant_id,
            user_id=os_user_id,
            auth_url=os_auth_url,
            insecure=insecure,
            region_name=os_region_name,
            endpoint_type=endpoint_type,
            extensions=self.extensions,
            service_type=service_type,
            service_name=service_name,
            auth_system=os_auth_system,
            auth_plugin=auth_plugin,
            auth_token=auth_token,
            volume_service_name=volume_service_name,
            timings=args.timings,
            bypass_url=bypass_url,
            os_cache=os_cache,
            http_log_debug=args.debug,
            cacert=cacert,
            timeout=timeout,
            session=keystone_session,
            auth=keystone_auth,
        )

        # Now check for the password/token of which pieces of the
        # identifying keyring key can come from the underlying client
        if must_auth:
            helper = SecretsHelper(args, self.cs.client)
            self.cs.client.keyring_saver = helper
            if auth_plugin and auth_plugin.opts and "os_password" not in auth_plugin.opts:
                use_pw = False
            else:
                use_pw = True

            tenant_id = helper.tenant_id
            # Allow commandline to override cache
            if not auth_token:
                auth_token = helper.auth_token
            if not management_url:
                management_url = helper.management_url
            if tenant_id and auth_token and management_url:
                self.cs.client.tenant_id = tenant_id
                self.cs.client.auth_token = auth_token
                self.cs.client.management_url = management_url
                self.cs.client.password_func = lambda: helper.password
            elif use_pw:
                # We're missing something, so auth with user/pass and save
                # the result in our helper.
                self.cs.client.password = helper.password

        try:
            # This does a couple of bits which are useful even if we've
            # got the token + service URL already. It exits fast in that case.
            if not cliutils.isunauthenticated(args.func):
                if not use_session:
                    # Only call authenticate() if Nova auth plugin is used.
                    # If keystone is used, authentication is handled as part
                    # of session.
                    self.cs.authenticate()
        except exc.Unauthorized:
            raise exc.CommandError(_("Invalid OpenStack Nova credentials."))
        except exc.AuthorizationFailure:
            raise exc.CommandError(_("Unable to authorize user"))

        args.func(self.cs, args)

        if args.timings:
            self._dump_timings(self.times + self.cs.get_timings())
Example #23
0
def connect_to_cloudservers(region=None, context=None, verify_ssl=None, **kwargs):
    """Creates a client for working with cloud servers."""
    context = context or identity
    _cs_auth_plugin.discover_auth_systems()
    id_type = get_setting("identity_type")
    if id_type != "keystone":
        auth_plugin = _cs_auth_plugin.load_plugin(id_type)
    else:
        auth_plugin = None
    region = _safe_region(region, context=context)
    mgt_url = _get_service_endpoint(context, "compute", region)
    cloudservers = None
    if not mgt_url:
        # Service is not available
        return
    if verify_ssl is None:
        insecure = not get_setting("verify_ssl")
    else:
        insecure = not verify_ssl
    extensions = nc.discover_extensions("1.1")
    cloudservers = _cs_client.Client(context.username, context.password,
            project_id=context.tenant_id, auth_url=context.auth_endpoint,
            auth_system=id_type, region_name=region, service_type="compute",
            auth_plugin=auth_plugin, insecure=insecure, extensions=extensions,
            http_log_debug=_http_debug, **kwargs)
    agt = cloudservers.client.USER_AGENT
    cloudservers.client.USER_AGENT = _make_agent_name(agt)
    cloudservers.client.management_url = mgt_url
    cloudservers.client.auth_token = context.token
    cloudservers.exceptions = _cs_exceptions
    # Add some convenience methods
    cloudservers.list_images = cloudservers.images.list
    cloudservers.list_flavors = cloudservers.flavors.list
    cloudservers.list = cloudservers.servers.list

    def list_base_images():
        """
        Returns a list of all base images; excludes any images created
        by this account.
        """
        return [image for image in cloudservers.images.list()
                if not hasattr(image, "server")]

    def list_snapshots():
        """
        Returns a list of all images created by this account; in other words, it
        excludes all the base images.
        """
        return [image for image in cloudservers.images.list()
                if hasattr(image, "server")]

    def find_images_by_name(expr):
        """
        Returns a list of images whose name contains the specified expression.
        The value passed is treated as a regular expression, allowing for more
        specific searches than simple wildcards. The matching is done in a
        case-insensitive manner.
        """
        return [image for image in cloudservers.images.list()
                if re.search(expr, image.name, re.I)]

    cloudservers.list_base_images = list_base_images
    cloudservers.list_snapshots = list_snapshots
    cloudservers.find_images_by_name = find_images_by_name
    cloudservers.identity = identity
    return cloudservers
Example #24
0
    def main(self, argv):
        # Parse args once to find version and debug settings
        parser = self.get_base_parser(argv)
        (args, args_list) = parser.parse_known_args(argv)

        self.setup_debugging(args.debug)
        self.extensions = []
        do_help = args.help or not args_list or args_list[0] == 'help'

        # bash-completion should not require authentication
        skip_auth = do_help or (
            'bash-completion' in argv)

        if not args.os_compute_api_version:
            api_version = api_versions.get_api_version(
                DEFAULT_MAJOR_OS_COMPUTE_API_VERSION)
        else:
            api_version = api_versions.get_api_version(
                args.os_compute_api_version)

        os_username = args.os_username
        os_user_id = args.os_user_id
        os_password = None  # Fetched and set later as needed
        os_project_name = getattr(
            args, 'os_project_name', getattr(args, 'os_tenant_name', None))
        os_project_id = getattr(
            args, 'os_project_id', getattr(args, 'os_tenant_id', None))
        os_auth_url = args.os_auth_url
        os_region_name = args.os_region_name

        if "v2.0" not in os_auth_url:
            # NOTE(andreykurilin): assume that keystone V3 is used and try to
            # be more user-friendly, i.e provide default values for domains
            if (not args.os_project_domain_id and
                    not args.os_project_domain_name):
                setattr(args, "os_project_domain_id", "default")
            if not args.os_user_domain_id and not args.os_user_domain_name:
                setattr(args, "os_user_domain_id", "default")

        os_project_domain_id = args.os_project_domain_id
        os_project_domain_name = args.os_project_domain_name
        os_user_domain_id = args.os_project_domain_id
        os_user_domain_name = args.os_project_domain_name

        endpoint_type = args.endpoint_type
        insecure = args.insecure
        service_type = args.service_type
        service_name = args.service_name
        endpoint_override = args.endpoint_override
        os_cache = args.os_cache
        cacert = args.os_cacert
        cert = args.os_cert
        timeout = args.timeout

        keystone_session = None
        keystone_auth = None

        # We may have either, both or none of these.
        # If we have both, we don't need USERNAME, PASSWORD etc.
        # Fill in the blanks from the SecretsHelper if possible.
        # Finally, authenticate unless we have both.
        # Note if we don't auth we probably don't have a tenant ID so we can't
        # cache the token.
        auth_token = getattr(args, 'os_token', None)

        if not endpoint_type:
            endpoint_type = DEFAULT_NOVA_ENDPOINT_TYPE

        # This allow users to use endpoint_type as (internal, public or admin)
        # just like other openstack clients (glance, cinder etc)
        if endpoint_type in ['internal', 'public', 'admin']:
            endpoint_type += 'URL'

        if not service_type:
            # Note(alex_xu): We need discover version first, so if there isn't
            # service type specified, we use default nova service type.
            service_type = DEFAULT_NOVA_SERVICE_TYPE

        # We should always auth unless we have a token and we're passing a
        # specific endpoint
        # Expired tokens are handled by client.py:_cs_request
        must_auth = not (auth_token and endpoint_override)

        # FIXME(usrleon): Here should be restrict for project id same as
        # for os_username or os_password but for compatibility it is not.
        if must_auth and not skip_auth:

            if not os_username and not os_user_id:
                raise exc.CommandError(
                    _("You must provide a username "
                      "or user ID via --os-username, --os-user-id, "
                      "env[OS_USERNAME] or env[OS_USER_ID]"))

            if not any([os_project_name, os_project_id]):
                raise exc.CommandError(_("You must provide a project name or"
                                         " project ID via --os-project-name,"
                                         " --os-project-id, env[OS_PROJECT_ID]"
                                         " or env[OS_PROJECT_NAME]. You may"
                                         " use os-project and os-tenant"
                                         " interchangeably."))

            if not os_auth_url:
                raise exc.CommandError(
                    _("You must provide an auth url "
                      "via either --os-auth-url or env[OS_AUTH_URL]."))

            with utils.record_time(self.times, args.timings,
                                   'auth_url', args.os_auth_url):
                keystone_session = (
                    loading.load_session_from_argparse_arguments(args))
                keystone_auth = (
                    loading.load_auth_from_argparse_arguments(args))

        if (not skip_auth and
                not any([os_project_name, os_project_id])):
            raise exc.CommandError(_("You must provide a project name or"
                                     " project id via --os-project-name,"
                                     " --os-project-id, env[OS_PROJECT_ID]"
                                     " or env[OS_PROJECT_NAME]. You may"
                                     " use os-project and os-tenant"
                                     " interchangeably."))

        if not os_auth_url and not skip_auth:
            raise exc.CommandError(
                _("You must provide an auth url "
                  "via either --os-auth-url or env[OS_AUTH_URL]"))

        # This client is just used to discover api version. Version API needn't
        # microversion, so we just pass version 2 at here.
        self.cs = client.Client(
            api_versions.APIVersion("2.0"),
            os_username, os_password, project_id=os_project_id,
            project_name=os_project_name, user_id=os_user_id,
            auth_url=os_auth_url, insecure=insecure,
            region_name=os_region_name, endpoint_type=endpoint_type,
            extensions=self.extensions, service_type=service_type,
            service_name=service_name, auth_token=auth_token,
            timings=args.timings, endpoint_override=endpoint_override,
            os_cache=os_cache, http_log_debug=args.debug,
            cacert=cacert, cert=cert, timeout=timeout,
            session=keystone_session, auth=keystone_auth,
            logger=self.client_logger,
            project_domain_id=os_project_domain_id,
            project_domain_name=os_project_domain_name,
            user_domain_id=os_user_domain_id,
            user_domain_name=os_user_domain_name)

        if not skip_auth:
            if not api_version.is_latest():
                if api_version > api_versions.APIVersion("2.0"):
                    if not api_version.matches(novaclient.API_MIN_VERSION,
                                               novaclient.API_MAX_VERSION):
                        raise exc.CommandError(
                            _("The specified version isn't supported by "
                              "client. The valid version range is '%(min)s' "
                              "to '%(max)s'") % {
                                "min": novaclient.API_MIN_VERSION.get_string(),
                                "max": novaclient.API_MAX_VERSION.get_string()}
                        )
            api_version = api_versions.discover_version(self.cs, api_version)

        # build available subcommands based on version
        self.extensions = client.discover_extensions(api_version)
        self._run_extension_hooks('__pre_parse_args__')

        subcommand_parser = self.get_subcommand_parser(
            api_version, do_help=do_help, argv=argv)
        self.parser = subcommand_parser

        if args.help or not argv:
            subcommand_parser.print_help()
            return 0

        args = subcommand_parser.parse_args(argv)
        self._run_extension_hooks('__post_parse_args__', args)

        # Short-circuit and deal with help right away.
        if args.func == self.do_help:
            self.do_help(args)
            return 0
        elif args.func == self.do_bash_completion:
            self.do_bash_completion(args)
            return 0

        if not args.service_type:
            service_type = (utils.get_service_type(args.func) or
                            DEFAULT_NOVA_SERVICE_TYPE)

        if utils.isunauthenticated(args.func):
            # NOTE(alex_xu): We need authentication for discover microversion.
            # But the subcommands may needn't it. If the subcommand needn't,
            # we clear the session arguments.
            keystone_session = None
            keystone_auth = None

        # Recreate client object with discovered version.
        self.cs = client.Client(
            api_version,
            os_username, os_password, os_project_name,
            tenant_id=os_project_id, user_id=os_user_id,
            auth_url=os_auth_url, insecure=insecure,
            region_name=os_region_name, endpoint_type=endpoint_type,
            extensions=self.extensions, service_type=service_type,
            service_name=service_name, auth_token=auth_token,
            timings=args.timings, endpoint_override=endpoint_override,
            os_cache=os_cache, http_log_debug=args.debug,
            cacert=cacert, cert=cert, timeout=timeout,
            session=keystone_session, auth=keystone_auth,
            project_domain_id=os_project_domain_id,
            project_domain_name=os_project_domain_name,
            user_domain_id=os_user_domain_id,
            user_domain_name=os_user_domain_name)

        # Now check for the password/token of which pieces of the
        # identifying keyring key can come from the underlying client
        if must_auth:
            helper = SecretsHelper(args, self.cs.client)
            self.cs.client.keyring_saver = helper

            tenant_id = helper.tenant_id
            # Allow commandline to override cache
            if not auth_token:
                auth_token = helper.auth_token
            endpoint_override = endpoint_override or helper.management_url
            if tenant_id and auth_token and endpoint_override:
                self.cs.client.tenant_id = tenant_id
                self.cs.client.auth_token = auth_token
                self.cs.client.management_url = endpoint_override
                self.cs.client.password_func = lambda: helper.password
            else:
                # We're missing something, so auth with user/pass and save
                # the result in our helper.
                self.cs.client.password = helper.password

        args.func(self.cs, args)

        if args.timings:
            self._dump_timings(self.times + self.cs.get_timings())
Example #25
0
    def __init__(
        self,
        username,
        project_id,
        auth_url,
        region_name=None,
        password=None,
        os_auth_plugin=None,
        **kwargs
    ):
        '''
        Set up nova credentials
        '''
        self.kwargs = kwargs.copy()
        if not self.extensions:
            if hasattr(OpenStackComputeShell, '_discover_extensions'):
                self.extensions = OpenStackComputeShell()._discover_extensions('2.0')
            else:
                self.extensions = client.discover_extensions('2.0')
            for extension in self.extensions:
                extension.run_hooks('__pre_parse_args__')
            self.kwargs['extensions'] = self.extensions

        self.kwargs['username'] = username
        self.kwargs['project_id'] = project_id
        self.kwargs['auth_url'] = auth_url
        self.kwargs['region_name'] = region_name
        self.kwargs['service_type'] = 'compute'

        # used in novaclient extensions to see if they are rackspace or not, to know if it needs to load
        # the hooks for that extension or not.  This is cleaned up by sanatize_novaclient
        self.kwargs['os_auth_url'] = auth_url

        if os_auth_plugin is not None:
            novaclient.auth_plugin.discover_auth_systems()
            auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_plugin)
            self.kwargs['auth_plugin'] = auth_plugin
            self.kwargs['auth_system'] = os_auth_plugin

        if not self.kwargs.get('api_key', None):
            self.kwargs['api_key'] = password

        # This has to be run before sanatize_novaclient before extra variables are cleaned out.
        if hasattr(self, 'extensions'):
            # needs an object, not a dictionary
            self.kwargstruct = KwargsStruct(**self.kwargs)
            for extension in self.extensions:
                extension.run_hooks('__post_parse_args__', self.kwargstruct)
            self.kwargs = self.kwargstruct.__dict__

        self.kwargs = sanatize_novaclient(self.kwargs)

        # Requires novaclient version >= 2.6.1
        self.kwargs['version'] = str(kwargs.get('version', 2))

        conn = client.Client(**self.kwargs)
        try:
            conn.client.authenticate()
        except novaclient.exceptions.AmbiguousEndpoints:
            raise SaltCloudSystemExit(
                "Nova provider requires a 'region_name' to be specified"
            )

        self.kwargs['auth_token'] = conn.client.auth_token
        self.catalog = conn.client.service_catalog.catalog['access']['serviceCatalog']

        if region_name is not None:
            servers_endpoints = get_entry(self.catalog, 'type', 'compute')['endpoints']
            self.kwargs['bypass_url'] = get_entry(
                servers_endpoints,
                'region',
                region_name
            )['publicURL']

        self.compute_conn = client.Client(**self.kwargs)

        volume_endpoints = get_entry(self.catalog, 'type', 'volume', raise_error=False).get('endpoints', {})
        if volume_endpoints:
            if region_name is not None:
                self.kwargs['bypass_url'] = get_entry(
                    volume_endpoints,
                    'region',
                    region_name
                )['publicURL']

            self.volume_conn = client.Client(**self.kwargs)
            if hasattr(self, 'extensions'):
                self.expand_extensions()
        else:
            self.volume_conn = None
Example #26
0
File: nova.py Project: bryson/salt
    def __init__(self, username, project_id, auth_url, region_name=None, password=None, os_auth_plugin=None, **kwargs):
        """
        Set up nova credentials
        """
        self.kwargs = kwargs.copy()
        if not self.extensions:
            if hasattr(OpenStackComputeShell, "_discover_extensions"):
                self.extensions = OpenStackComputeShell()._discover_extensions("2.0")
            else:
                self.extensions = client.discover_extensions("2.0")
            for extension in self.extensions:
                extension.run_hooks("__pre_parse_args__")
            self.kwargs["extensions"] = self.extensions

        self.kwargs["username"] = username
        self.kwargs["project_id"] = project_id
        self.kwargs["auth_url"] = auth_url
        self.kwargs["region_name"] = region_name
        self.kwargs["service_type"] = "compute"

        # used in novaclient extensions to see if they are rackspace or not, to know if it needs to load
        # the hooks for that extension or not.  This is cleaned up by sanatize_novaclient
        self.kwargs["os_auth_url"] = auth_url

        if os_auth_plugin is not None:
            novaclient.auth_plugin.discover_auth_systems()
            auth_plugin = novaclient.auth_plugin.load_plugin(os_auth_plugin)
            self.kwargs["auth_plugin"] = auth_plugin
            self.kwargs["auth_system"] = os_auth_plugin

        if not self.kwargs.get("api_key", None):
            self.kwargs["api_key"] = password

        # This has to be run before sanatize_novaclient before extra variables are cleaned out.
        if hasattr(self, "extensions"):
            # needs an object, not a dictionary
            self.kwargstruct = KwargsStruct(**self.kwargs)
            for extension in self.extensions:
                extension.run_hooks("__post_parse_args__", self.kwargstruct)
            self.kwargs = self.kwargstruct.__dict__

        self.kwargs = sanatize_novaclient(self.kwargs)

        # Requires novaclient version >= 2.6.1
        self.kwargs["version"] = str(kwargs.get("version", 2))

        conn = client.Client(**self.kwargs)
        try:
            conn.client.authenticate()
        except novaclient.exceptions.AmbiguousEndpoints:
            raise SaltCloudSystemExit("Nova provider requires a 'region_name' to be specified")

        self.kwargs["auth_token"] = conn.client.auth_token
        self.catalog = conn.client.service_catalog.catalog["access"]["serviceCatalog"]

        if region_name is not None:
            servers_endpoints = get_entry(self.catalog, "type", "compute")["endpoints"]
            self.kwargs["bypass_url"] = get_entry(servers_endpoints, "region", region_name)["publicURL"]

        self.compute_conn = client.Client(**self.kwargs)

        volume_endpoints = get_entry(self.catalog, "type", "volume", raise_error=False).get("endpoints", {})
        if volume_endpoints:
            if region_name is not None:
                self.kwargs["bypass_url"] = get_entry(volume_endpoints, "region", region_name)["publicURL"]

            self.volume_conn = client.Client(**self.kwargs)
            if hasattr(self, "extensions"):
                self.expand_extensions()
        else:
            self.volume_conn = None
Example #27
0
    def main(self, argv):
        # Parse args once to find version and debug settings
        parser = self.get_base_parser(argv)
        (args, args_list) = parser.parse_known_args(argv)

        self.setup_debugging(args.debug)
        self.extensions = []
        do_help = args.help or not args_list or args_list[0] == 'help'

        # bash-completion should not require authentication
        skip_auth = do_help or (
            'bash-completion' in argv)

        if not args.os_compute_api_version:
            api_version = api_versions.get_api_version(
                DEFAULT_MAJOR_OS_COMPUTE_API_VERSION)
        else:
            api_version = api_versions.get_api_version(
                args.os_compute_api_version)

        auth_token = getattr(args, "os_token", None)

        os_username = getattr(args, "os_username", None)
        os_user_id = getattr(args, "os_user_id", None)
        os_password = None  # Fetched and set later as needed
        os_project_name = getattr(
            args, 'os_project_name', getattr(args, 'os_tenant_name', None))
        os_project_id = getattr(
            args, 'os_project_id', getattr(args, 'os_tenant_id', None))
        os_auth_url = args.os_auth_url
        os_region_name = args.os_region_name

        if "v2.0" not in os_auth_url:
            # NOTE(andreykurilin): assume that keystone V3 is used and try to
            # be more user-friendly, i.e provide default values for domains
            if (not args.os_project_domain_id and
                    not args.os_project_domain_name):
                setattr(args, "os_project_domain_id", "default")

            # os_user_domain_id is redundant in case of Token auth type
            if not auth_token and (not args.os_user_domain_id and
                                   not args.os_user_domain_name):
                setattr(args, "os_user_domain_id", "default")

        os_project_domain_id = args.os_project_domain_id
        os_project_domain_name = args.os_project_domain_name
        os_user_domain_id = getattr(args, "os_user_domain_id", None)
        os_user_domain_name = getattr(args, "os_user_domain_name", None)

        endpoint_type = args.endpoint_type
        insecure = args.insecure
        service_type = args.service_type
        service_name = args.service_name
        endpoint_override = args.endpoint_override
        os_cache = args.os_cache
        cacert = args.os_cacert
        cert = args.os_cert
        timeout = args.timeout

        keystone_session = None
        keystone_auth = None

        if not endpoint_type:
            endpoint_type = DEFAULT_NOVA_ENDPOINT_TYPE

        # This allow users to use endpoint_type as (internal, public or admin)
        # just like other openstack clients (glance, cinder etc)
        if endpoint_type in ['internal', 'public', 'admin']:
            endpoint_type += 'URL'

        if not service_type:
            # Note(alex_xu): We need discover version first, so if there isn't
            # service type specified, we use default nova service type.
            service_type = DEFAULT_NOVA_SERVICE_TYPE

        # We should always auth unless we have a token and we're passing a
        # specific endpoint
        # Expired tokens are handled by client.py:_cs_request
        must_auth = not (auth_token and endpoint_override)

        # FIXME(usrleon): Here should be restrict for project id same as
        # for os_username or os_password but for compatibility it is not.
        if must_auth and not skip_auth:

            if not any([auth_token, os_username, os_user_id]):
                raise exc.CommandError(
                    _("You must provide a user name/id (via --os-username, "
                      "--os-user-id, env[OS_USERNAME] or env[OS_USER_ID]) or "
                      "an auth token (via --os-token)."))

            if not any([os_project_name, os_project_id]):
                raise exc.CommandError(_("You must provide a project name or"
                                         " project ID via --os-project-name,"
                                         " --os-project-id, env[OS_PROJECT_ID]"
                                         " or env[OS_PROJECT_NAME]. You may"
                                         " use os-project and os-tenant"
                                         " interchangeably."))

            if not os_auth_url:
                raise exc.CommandError(
                    _("You must provide an auth url "
                      "via either --os-auth-url or env[OS_AUTH_URL]."))

            # TODO(Shilpasd): need to provide support in python - novaclient
            # for required options for below default auth type plugins:
            # 1. v3oidcclientcredential
            # 2. v3oidcpassword
            # 3. v3oidcauthcode
            # 4. v3oidcaccesstoken
            # 5. v3oauth1
            # 6. v3fedkerb
            # 7. v3adfspassword
            # 8. v3samlpassword
            # 9. v3applicationcredential
            # TODO(Shilpasd): need to provide support in python - novaclient
            # for below extra keystoneauth auth type plugins:
            # We will need to add code to support discovering of versions
            # supported by the keystone service based on the auth_url similar
            # to the one supported by glanceclient.
            # 1. v3password
            # 2. v3token
            # 3. v3kerberos
            # 4. v3totp
            with utils.record_time(self.times, args.timings,
                                   'auth_url', args.os_auth_url):
                keystone_session = (
                    loading.load_session_from_argparse_arguments(args))
                keystone_auth = (
                    loading.load_auth_from_argparse_arguments(args))

        if (not skip_auth and
                not any([os_project_name, os_project_id])):
            raise exc.CommandError(_("You must provide a project name or"
                                     " project id via --os-project-name,"
                                     " --os-project-id, env[OS_PROJECT_ID]"
                                     " or env[OS_PROJECT_NAME]. You may"
                                     " use os-project and os-tenant"
                                     " interchangeably."))

        if not os_auth_url and not skip_auth:
            raise exc.CommandError(
                _("You must provide an auth url "
                  "via either --os-auth-url or env[OS_AUTH_URL]"))

        additional_kwargs = {}
        if osprofiler_profiler:
            additional_kwargs["profile"] = args.profile

        # This client is just used to discover api version. Version API needn't
        # microversion, so we just pass version 2 at here.
        self.cs = client.Client(
            api_versions.APIVersion("2.0"),
            os_username, os_password, project_id=os_project_id,
            project_name=os_project_name, user_id=os_user_id,
            auth_url=os_auth_url, insecure=insecure,
            region_name=os_region_name, endpoint_type=endpoint_type,
            extensions=self.extensions, service_type=service_type,
            service_name=service_name, auth_token=auth_token,
            timings=args.timings, endpoint_override=endpoint_override,
            os_cache=os_cache, http_log_debug=args.debug,
            cacert=cacert, cert=cert, timeout=timeout,
            session=keystone_session, auth=keystone_auth,
            logger=self.client_logger,
            project_domain_id=os_project_domain_id,
            project_domain_name=os_project_domain_name,
            user_domain_id=os_user_domain_id,
            user_domain_name=os_user_domain_name,
            **additional_kwargs)

        if not skip_auth:
            if not api_version.is_latest():
                if api_version > api_versions.APIVersion("2.0"):
                    if not api_version.matches(novaclient.API_MIN_VERSION,
                                               novaclient.API_MAX_VERSION):
                        raise exc.CommandError(
                            _("The specified version isn't supported by "
                              "client. The valid version range is '%(min)s' "
                              "to '%(max)s'") % {
                                "min": novaclient.API_MIN_VERSION.get_string(),
                                "max": novaclient.API_MAX_VERSION.get_string()}
                        )
            api_version = api_versions.discover_version(self.cs, api_version)

        # build available subcommands based on version
        self.extensions = client.discover_extensions(api_version)
        self._run_extension_hooks('__pre_parse_args__')

        subcommand_parser = self.get_subcommand_parser(
            api_version, do_help=do_help, argv=argv)
        self.parser = subcommand_parser

        if args.help or not argv:
            subcommand_parser.print_help()
            return 0

        args = subcommand_parser.parse_args(argv)
        self._run_extension_hooks('__post_parse_args__', args)

        # Short-circuit and deal with help right away.
        if args.func == self.do_help:
            self.do_help(args)
            return 0
        elif args.func == self.do_bash_completion:
            self.do_bash_completion(args)
            return 0

        if not args.service_type:
            service_type = (utils.get_service_type(args.func) or
                            DEFAULT_NOVA_SERVICE_TYPE)

        if utils.isunauthenticated(args.func):
            # NOTE(alex_xu): We need authentication for discover microversion.
            # But the subcommands may needn't it. If the subcommand needn't,
            # we clear the session arguments.
            keystone_session = None
            keystone_auth = None

        # Recreate client object with discovered version.
        self.cs = client.Client(
            api_version,
            os_username, os_password, project_id=os_project_id,
            project_name=os_project_name, user_id=os_user_id,
            auth_url=os_auth_url, insecure=insecure,
            region_name=os_region_name, endpoint_type=endpoint_type,
            extensions=self.extensions, service_type=service_type,
            service_name=service_name, auth_token=auth_token,
            timings=args.timings, endpoint_override=endpoint_override,
            os_cache=os_cache, http_log_debug=args.debug,
            cacert=cacert, cert=cert, timeout=timeout,
            session=keystone_session, auth=keystone_auth,
            project_domain_id=os_project_domain_id,
            project_domain_name=os_project_domain_name,
            user_domain_id=os_user_domain_id,
            user_domain_name=os_user_domain_name)

        args.func(self.cs, args)

        if osprofiler_profiler and args.profile:
            trace_id = osprofiler_profiler.get().get_base_id()
            print("To display trace use the command:\n\n"
                  "  osprofiler trace show --html %s " % trace_id)

        if args.timings:
            self._dump_timings(self.times + self.cs.get_timings())
Example #28
0
               help='Location of ca certificates file to use for nova client '
                    'requests.'),
    cfg.BoolOpt('nova_api_insecure',
                default=False,
                help='Allow to perform insecure SSL requests to nova'),
]

CONF = cfg.CONF
CONF.register_opts(nova_opts)

LOG = logging.getLogger(__name__)

# TODO(e0ne): Make Nova version configurable in Mitaka.
NOVA_API_VERSION = 2

nova_extensions = [ext for ext in nova_client.discover_extensions(2)
                   if ext.name in ("assisted_volume_snapshots",
                                   "list_extensions")]


def novaclient(context, admin_endpoint=False, privileged_user=False,
               timeout=None):
    """Returns a Nova client

    @param admin_endpoint: If True, use the admin endpoint template from
        configuration ('nova_endpoint_admin_template' and 'nova_catalog_info')
    @param privileged_user: If True, use the account from configuration
        (requires 'os_privileged_user_name', 'os_privileged_user_password' and
        'os_privileged_user_tenant' to be set)
    @param timeout: Number of seconds to wait for an answer before raising a
        Timeout exception (None to disable)
Example #29
0
    cfg.StrOpt("os_region_name", help="Region name of this node"),
    cfg.StrOpt(
        "nova_ca_certificates_file", help="Location of ca certificates file to use for nova client " "requests."
    ),
    cfg.BoolOpt("nova_api_insecure", default=False, help="Allow to perform insecure SSL requests to nova"),
]

CONF = cfg.CONF
CONF.register_opts(nova_opts)

LOG = logging.getLogger(__name__)

# TODO(e0ne): Make Nova version configurable in Mitaka.
NOVA_API_VERSION = 2

nova_extensions = [ext for ext in nova_client.discover_extensions(2) if ext.name == "assisted_volume_snapshots"]


def novaclient(context, admin_endpoint=False, privileged_user=False, timeout=None):
    """Returns a Nova client

    @param admin_endpoint: If True, use the admin endpoint template from
        configuration ('nova_endpoint_admin_template' and 'nova_catalog_info')
    @param privileged_user: If True, use the account from configuration
        (requires 'os_privileged_user_name', 'os_privileged_user_password' and
        'os_privileged_user_tenant' to be set)
    @param timeout: Number of seconds to wait for an answer before raising a
        Timeout exception (None to disable)
    """
    # FIXME: the novaclient ServiceCatalog object is mis-named.
    #        It actually contains the entire access blob.
Example #30
0
 def has_extension(self, context, extension, timeout=None):
     try:
         nova_exts = nova_client.discover_extensions(NOVA_API_VERSION)
     except request_exceptions.Timeout:
         raise exception.APITimeout(service="Nova")
     return extension in [e.name for e in nova_exts]