def get_openstack_clients(self, username, password=None, tenant_name=None):
# TODO: I could replace with identity.. but should I?
# Build credentials for each manager
all_creds = self._get_openstack_credentials(
username, password, tenant_name)
# Initialize managers with respective credentials
image_creds = self._build_image_creds(all_creds)
net_creds = self._build_network_creds(all_creds)
sdk_creds = self._build_sdk_creds(all_creds)
if self.identity_version > 2:
openstack_sdk = _connect_to_openstack_sdk(**sdk_creds)
else:
openstack_sdk = None
neutron = self.network_manager.new_connection(**net_creds)
keystone, nova, glance = self.image_manager._new_connection(
**image_creds)
return {
"glance": glance,
"keystone": keystone,
"nova": nova,
"neutron": neutron,
"openstack_sdk": openstack_sdk,
"horizon": self._get_horizon_url(keystone.tenant_id)
}
def __init__(self, provider=None, *args, **kwargs):
super(AccountDriver, self).__init__()
if provider:
all_creds = self._init_by_provider(provider, *args, **kwargs)
else:
all_creds = kwargs
if 'location' in all_creds:
self.namespace = "Atmosphere_OpenStack:%s" % all_creds['location']
else:
logger.info("Using default namespace.. Could cause conflicts if "
"switching between providers. To avoid ambiguity, "
"provide the kwarg: location='provider_prefix'")
# Build credentials for each manager
self.credentials = all_creds
ex_auth_version = all_creds.get("ex_force_auth_version", '2.0_password')
if ex_auth_version.startswith('2'):
self.identity_version = 2
elif ex_auth_version.startswith('3'):
self.identity_version = 3
else:
raise Exception("Could not determine identity_version of %s"
% ex_auth_version)
user_creds = self._build_user_creds(all_creds)
image_creds = self._build_image_creds(all_creds)
net_creds = self._build_network_creds(all_creds)
sdk_creds = self._build_sdk_creds(all_creds)
# Initialize managers with respective credentials
self.user_manager = UserManager(**user_creds)
self.image_manager = ImageManager(**image_creds)
self.network_manager = NetworkManager(**net_creds)
self.openstack_sdk = _connect_to_openstack_sdk(**sdk_creds)
def authenticate(self, request):
"""
TODO: This method might take an already-logged in user who possesses a KEYSTONE TOKEN -- one could then determine if the token was still 'valid' and use that truth-value to authenticate the request.
The entire user-object would need to be returned, and the dependencies for this method would have to include rtwo/openstacksdk which might make this entire process out-of-scope for django-giji-auth
TODO: Ideally, more things would be passed through headers to tell us:
- What KEYSTONE_SERVER to authenticate with
- What the username or other information is *expected* to be..
- ??
"""
auth = request.META.get('HTTP_AUTHORIZATION', '').split()
auth_url = auth_settings.KEYSTONE_SERVER
region_name = "RegionOne" # This could be passed in via header _OR_ as an auth_settings.KEYSTONE_REGION_NAME
domain_name = "Default" # This could be passed in via header _OR_ as an auth_settings.KEYSTONE_DOMAIN_NAME
parsed_auth_url = urlparse(auth_url)
hostname = parsed_auth_url.hostname
token_key = None
if len(auth) == 2 and auth[0].lower() == "token":
token_key = auth[1]
if not token_key:
return None
try:
from rtwo.drivers.common import _connect_to_openstack_sdk
except ImportError:
logger.exception(
"Cannot use OpenstackTokenAuthentication without `rtwo`."
" Please `pip install rtwo` and try again!")
return None
sdk_args = {
'auth_url': auth_url.replace('5000', '35357'),
'ex_force_base_url': auth_url.replace(":5000/v3", ":8774/v2/"),
'identity_api_version': 3,
'project_domain_name': domain_name,
'region_name': region_name,
'user_domain_name': domain_name,
"auth_plugin": "token",
"token": token_key
}
stack_sdk = _connect_to_openstack_sdk(**sdk_args)
try:
stack_sdk.authorize()
whoami = stack_sdk.session.auth.auth_ref
username = whoami.username
new_profile = {
'username': username,
'firstName': username,
'lastName': "",
'email': "%s@%s" % (username, hostname),
}
logger.debug("Openstack Profile: %s", new_profile)
user = get_or_create_user(new_profile['username'], new_profile)
auth_token = get_or_create_token(
user, token_key, issuer="OpenstackTokenAuthentication")
user_logged_in.send(sender=user.__class__,
request=request,
user=user)
return auth_token
except:
return None
def get_openstack_clients(self, username, password=None, tenant_name=None):
# TODO: I could replace with identity.. but should I?
from rtwo.drivers.common import _connect_to_openstack_sdk
user_creds = self._get_openstack_credentials(
username, password, tenant_name)
neutron = self.network_manager.new_connection(**user_creds)
keystone, nova, glance = self.image_manager._new_connection(
**user_creds)
openstack_sdk = _connect_to_openstack_sdk(**user_creds)
return {
"glance": glance,
"keystone": keystone,
"nova": nova,
"neutron": neutron,
"horizon": self._get_horizon_url(keystone.tenant_id)
}
def get_openstack_clients(self, username, password=None, tenant_name=None):
# Build credentials for each manager
all_creds = self._get_openstack_credentials(
username, password, tenant_name)
# Initialize managers with respective credentials
image_creds = self._build_image_creds(all_creds)
net_creds = self._build_network_creds(all_creds)
sdk_creds = self._build_sdk_creds(all_creds)
user_creds = self._build_user_creds(all_creds)
openstack_sdk = _connect_to_openstack_sdk(**sdk_creds)
(keystone, nova, swift) = self.user_manager.new_connection(
**user_creds)
neutron = self.network_manager.new_connection(**net_creds)
_, _, glance = self.image_manager._new_connection(
**image_creds)
return {
"glance": glance,
"keystone": keystone,
"nova": nova,
"neutron": neutron,
"openstack_sdk": openstack_sdk,
"horizon": self._get_horizon_url(keystone.tenant_id)
}
def get_openstack_sdk_client(self, all_creds):
sdk_creds = self._build_sdk_creds(all_creds)
openstack_sdk = _connect_to_openstack_sdk(**sdk_creds)
return openstack_sdk