def get_cinder_client(cls, region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, cacert=None): """Create cinder client object. :param region: The region of the service :param service_name: The name of the cinder service in the catalog :param endpoint: The endpoint of the service :param endpoint_type: The endpoint type of the service :param insecure: Turn off certificate validation :param cacert: CA Cert file path :return: a Cinder Client object :raise Exception: if the client cannot be created """ ksession = keystone.KeystoneSession() if not cls.cinder_client: kwargs = {'region_name': region, 'session': ksession.get_session(), 'interface': endpoint_type} if service_name: kwargs['service_name'] = service_name if endpoint: kwargs['endpoint'] = endpoint if endpoint.startwith("https"): kwargs['insecure'] = insecure kwargs['cacert'] = cacert try: cls.cinder_client = cinder_client.Client( CINDER_VERSION, **kwargs ) except Exception: with excutils.save_and_reraise_exception(): LOG.exception("Error creating Cinder client.") return cls.cinder_client
def get_user_neutron_client(cls, context): """Get neutron client for request user. It's possible that the token in the context is a trust scoped which can't be used to initialize a keystone session. We directly use the token and endpoint_url to initialize neutron client. """ neutron_endpoint = CONF.neutron.endpoint if not neutron_endpoint: session = keystone.KeystoneSession().get_session() endpoint_data = session.get_endpoint_data( service_type='network', interface=CONF.neutron.endpoint_type, region_name=CONF.neutron.region_name) neutron_endpoint = endpoint_data.catalog_url kwargs = { 'token': context.auth_token, 'endpoint_url': neutron_endpoint, 'insecure': CONF.neutron.insecure, 'ca_cert': CONF.neutron.ca_certificates_file } return neutron_client.Client(NEUTRON_VERSION, **kwargs)
def get_neutron_client(cls, region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, ca_cert=None): """Create neutron client object. :param region: The region of the service :param service_name: The name of the neutron service in the catalog :param endpoint: The endpoint of the service :param endpoint_type: The endpoint_type of the service :param insecure: Turn off certificate validation :param ca_cert: CA Cert file path :return: a Neutron Client object. :raises Exception: if the client cannot be created """ ksession = keystone.KeystoneSession() if not cls.neutron_client: kwargs = {'region_name': region, 'session': ksession.get_session(), 'endpoint_type': endpoint_type, 'insecure': insecure} if service_name: kwargs['service_name'] = service_name if endpoint: kwargs['endpoint_override'] = endpoint if ca_cert: kwargs['ca_cert'] = ca_cert try: cls.neutron_client = neutron_client.Client( NEUTRON_VERSION, **kwargs) except Exception: with excutils.save_and_reraise_exception(): LOG.exception("Error creating Neutron client.") return cls.neutron_client
def get_parent_project(project_id): key_session = keystone.KeystoneSession().get_session() key_client = keystone_client.Client(session=key_session) try: project = key_client.projects.get(project_id) return project.parent_id except keystone_exception.NotFound: return None
def revoke_secret_access(cls, context, ref): # get a normal session ksession = keystone.KeystoneSession() user_id = ksession.get_service_user_id() # use barbican client to set the ACLs bc = cls.get_barbican_client_user_auth(context) acl = bc.acls.get(ref) read_oper = acl.get('read') if user_id in read_oper.users: read_oper.users.remove(user_id) acl.submit()
def get_barbican_client(cls, project_id=None): if not cls._barbican_client: try: ksession = keystone.KeystoneSession() cls._barbican_client = barbican_client.Client( session=ksession.get_session(), region_name=CONF.certificates.region_name, interface=CONF.certificates.endpoint_type) except Exception: with excutils.save_and_reraise_exception(): LOG.exception("Error creating Barbican client") return cls._barbican_client
def get_barbican_client_user_auth(cls, context): # get a normal session ksession = keystone.KeystoneSession() service_auth = ksession.get_auth() # make our own auth and swap it in user_auth = token.Token(auth_url=service_auth.auth_url, token=context.auth_token, project_id=context.project_id) user_session = session.Session(auth=user_auth) # create a special barbican client with our user's session return barbican_client.Client(session=user_session)
def get_user_neutron_client(cls, context): # get a normal session ksession = keystone.KeystoneSession() service_auth = ksession.get_auth() # make user auth and swap it in session user_auth = token.Token(auth_url=service_auth.auth_url, token=context.auth_token, project_id=context.project_id) user_session = session.Session(auth=user_auth) kwargs = { 'session': user_session, 'region_name': CONF.neutron.region_name, 'endpoint_type': CONF.neutron.endpoint_type, 'service_name': CONF.neutron.service_name, 'insecure': CONF.neutron.insecure, 'ca_cert': CONF.neutron.ca_certificates_file } if CONF.neutron.endpoint: kwargs['endpoint_override'] = CONF.neutron.endpoint # create neutron client using user's session return neutron_client.Client(NEUTRON_VERSION, **kwargs)
def get_parent_project(project_id): key_session = keystone.KeystoneSession().get_session() key_client = keystone_client.Client(session=key_session) project = key_client.projects.get(project_id) if project.parent_id != 'default': return project.parent_id