def get_client_manager(cls, identity_version=None, credential_type='primary'): """ Returns an OpenStack client manager """ force_tenant_isolation = getattr(cls, 'force_tenant_isolation', None) identity_version = identity_version or CONF.identity.auth_version if (not hasattr(cls, 'isolated_creds') or not cls.isolated_creds.name == cls.__name__): cls.isolated_creds = credentials.get_isolated_credentials( name=cls.__name__, network_resources=cls.network_resources, force_tenant_isolation=force_tenant_isolation, identity_version=identity_version) credentials_method = 'get_%s_creds' % credential_type if hasattr(cls.isolated_creds, credentials_method): creds = getattr(cls.isolated_creds, credentials_method)() else: raise exceptions.InvalidCredentials("Invalid credentials type %s" % credential_type) os = clients.Manager(credentials=creds, service=cls._service) return os
def get_configured_credentials(credential_type, fill_in=True, identity_version=None): identity_version = identity_version or CONF.identity.auth_version if identity_version not in ('v2', 'v3'): raise exceptions.InvalidConfiguration( 'Unsupported auth version: %s' % identity_version) if credential_type not in CREDENTIAL_TYPES: raise exceptions.InvalidCredentials() conf_attributes = ['username', 'password', 'tenant_name'] if identity_version == 'v3': conf_attributes.append('domain_name') # Read the parts of credentials from config params = DEFAULT_PARAMS.copy() section, prefix = CREDENTIAL_TYPES[credential_type] for attr in conf_attributes: _section = getattr(CONF, section) if prefix is None: params[attr] = getattr(_section, attr) else: params[attr] = getattr(_section, prefix + "_" + attr) # Build and validate credentials. We are reading configured credentials, # so validate them even if fill_in is False credentials = get_credentials(fill_in=fill_in, identity_version=identity_version, **params) if not fill_in: if not credentials.is_valid(): msg = ("The %s credentials are incorrectly set in the config file." " Double check that all required values are assigned" % credential_type) raise exceptions.InvalidConfiguration(msg) return credentials
def __init__(self, credentials=None): """ We allow overriding of the credentials used within the various client classes managed by the Manager object. Left as None, the standard username/password/tenant_name[/domain_name] is used. :param credentials: Override of the credentials """ self.auth_version = CONF.identity.auth_version if credentials is None: self.credentials = cred_provider.get_configured_credentials('user') else: self.credentials = credentials # Check if passed or default credentials are valid if not self.credentials.is_valid(): raise exceptions.InvalidCredentials() # Tenant isolation creates TestResources, but Accounts and some tests # creates Credentials if isinstance(credentials, cred_provider.TestResources): creds = self.credentials.credentials else: creds = self.credentials # Creates an auth provider for the credentials self.auth_provider = get_auth_provider(creds) # FIXME(andreaf) unused self.client_attr_names = []
def get_auth_provider(self, credentials): if credentials is None: raise exceptions.InvalidCredentials( 'Credentials must be specified') auth_provider_class = self.get_auth_provider_class(credentials) return auth_provider_class(interface=getattr(self, 'interface', None), credentials=credentials)
def get_auth_provider(self, credentials): if credentials is None: raise exceptions.InvalidCredentials( 'Credentials must be specified') auth_provider_class, auth_url = self.get_auth_provider_class( credentials) return auth_provider_class(credentials, auth_url)
def get_auth_provider(credentials): default_params = { 'disable_ssl_certificate_validation': CONF.identity.disable_ssl_certificate_validation, 'ca_certs': CONF.identity.ca_certificates_file, 'trace_requests': CONF.debug.trace_requests } if credentials is None: raise exceptions.InvalidCredentials('Credentials must be specified') auth_provider_class, auth_url = get_auth_provider_class(credentials) return auth_provider_class(credentials, auth_url, **default_params)
def get_auth_provider(credentials, pre_auth=False, scope='project'): # kwargs for auth provider match the common ones used by service clients default_params = config.service_client_config() if credentials is None: raise exceptions.InvalidCredentials('Credentials must be specified') auth_provider_class, auth_url = get_auth_provider_class(credentials) _auth_provider = auth_provider_class(credentials, auth_url, scope=scope, **default_params) if pre_auth: _auth_provider.set_auth() return _auth_provider
def get_auth_provider(credentials, pre_auth=False, scope='project'): default_params = { 'disable_ssl_certificate_validation': CONF.identity.disable_ssl_certificate_validation, 'ca_certs': CONF.identity.ca_certificates_file, 'trace_requests': CONF.debug.trace_requests } if credentials is None: raise exceptions.InvalidCredentials('Credentials must be specified') auth_provider_class, auth_url = get_auth_provider_class(credentials) _auth_provider = auth_provider_class(credentials, auth_url, scope=scope, **default_params) if pre_auth: _auth_provider.set_auth() return _auth_provider
def __init__(self, credentials=None): """ We allow overriding of the credentials used within the various client classes managed by the Manager object. Left as None, the standard username/password/tenant_name[/domain_name] is used. :param credentials: Override of the credentials """ self.auth_version = CONF.identity.auth_version if credentials is None: self.credentials = auth.get_default_credentials('user') else: self.credentials = credentials # Check if passed or default credentials are valid if not self.credentials.is_valid(): raise exceptions.InvalidCredentials() # Creates an auth provider for the credentials self.auth_provider = self.get_auth_provider(self.credentials) # FIXME(andreaf) unused self.client_attr_names = []
def get_client_manager(cls, credential_type=None, roles=None, force_new=None): """Returns an OpenStack client manager Returns an OpenStack client manager based on either credential_type or a list of roles. If neither is specified, it defaults to credential_type 'primary' :param credential_type: string - primary, alt or admin :param roles: list of roles :returns the created client manager :raises skipException: if the requested credentials are not available """ if all([roles, credential_type]): msg = "Cannot get credentials by type and roles at the same time" raise ValueError(msg) if not any([roles, credential_type]): credential_type = 'primary' cred_provider = cls._get_credentials_provider() if roles: for role in roles: if not cred_provider.is_role_available(role): skip_msg = ( "%s skipped because the configured credential provider" " is not able to provide credentials with the %s role " "assigned." % (cls.__name__, role)) raise cls.skipException(skip_msg) params = dict(roles=roles) if force_new is not None: params.update(force_new=force_new) creds = cred_provider.get_creds_by_roles(**params) else: credentials_method = 'get_%s_creds' % credential_type if hasattr(cred_provider, credentials_method): creds = getattr(cred_provider, credentials_method)() else: raise exceptions.InvalidCredentials( "Invalid credentials type %s" % credential_type) return clients.Manager(credentials=creds, service=cls._service)
def _extend_credentials(self, creds_dict): # In case of v3, adds a user_domain_name field to the creds # dict if not defined if self.identity_version == 'v3': user_domain_fields = set(['user_domain_name', 'user_domain_id']) if not user_domain_fields.intersection(set(creds_dict.keys())): creds_dict['user_domain_name'] = self.credentials_domain # NOTE(andreaf) In case of v2, replace project with tenant if project # is provided and tenant is not if self.identity_version == 'v2': if ('project_name' in creds_dict and 'tenant_name' in creds_dict and creds_dict['project_name'] != creds_dict['tenant_name']): clean_creds = self._sanitize_creds(creds_dict) msg = 'Cannot specify project and tenant at the same time %s' raise exceptions.InvalidCredentials(msg % clean_creds) if ('project_name' in creds_dict and 'tenant_name' not in creds_dict): creds_dict['tenant_name'] = creds_dict['project_name'] creds_dict.pop('project_name') return creds_dict
def __init__(self, credentials): """Initialization of base manager class Credentials to be used within the various client classes managed by the Manager object must be defined. :param credentials: type Credentials or TestResources """ self.credentials = credentials # Check if passed or default credentials are valid if not self.credentials.is_valid(): raise exceptions.InvalidCredentials() self.auth_version = CONF.identity.auth_version # Tenant isolation creates TestResources, but # PreProvisionedCredentialProvider and some tests create Credentials if isinstance(credentials, cred_provider.TestResources): creds = self.credentials.credentials else: creds = self.credentials # Creates an auth provider for the credentials self.auth_provider = get_auth_provider(creds, pre_auth=True)