def set_keystone_clients(cls):
undercloud_rc = cls.parse_rc_file(
CONF.nfv_plugin_options.undercloud_rc_file)
cls.undercloud_keystone_session = session.Session(auth=v3.Password(
auth_url=undercloud_rc['OS_AUTH_URL'],
username=undercloud_rc['OS_USERNAME'],
password=undercloud_rc['OS_PASSWORD'],
project_name=undercloud_rc['OS_PROJECT_NAME'],
user_domain_name=undercloud_rc['OS_USER_DOMAIN_NAME'],
project_domain_name=undercloud_rc[
'OS_PROJECT_DOMAIN_NAME']), verify=False)
cls.overcloud_keystone_session = session.Session(auth=v3.Password(
auth_url=CONF.identity.uri,
username=CONF.auth.admin_username,
password=CONF.auth.admin_password,
project_name=CONF.auth.admin_project_name,
user_domain_name=CONF.auth.admin_domain_name,
project_domain_name=CONF.auth.admin_domain_name), verify=False)
def set_ks_auth_sess(self):
self.keystone_auth = v3.Password(
auth_url=self.auth_url,
username=self.auth_args['username'],
password=self.auth_args['password'],
project_name=self.auth_args['project_name'],
user_domain_name=self.auth_args['user_domain_name'],
project_domain_name=self.auth_args['project_domain_name'])
self.keystone_session = session.Session(auth=self.keystone_auth,
verify=False)
self.keystone_client = client.Client(session=self.keystone_session)
def auth_keystone_with_pass(self, passwd, username=None, uuid=None):
if not username and not uuid:
return False
if username:
auth = v3.Password(auth_url=self.config["Keystone"]["auth_uri"],
username=username,
password=passwd,
project_name=defaults.PROJECT_NAME,
user_domain_id="default",
project_domain_id="default")
else:
auth = v3.Password(auth_url=self.config["Keystone"]["auth_uri"],
user_id=uuid,
password=passwd,
project_name=defaults.PROJECT_NAME,
user_domain_id="default",
project_domain_id="default")
sess = session.Session(auth=auth)
keystone = client.Client(session=sess)
return keystone
def _get_keystone_session_v3(self):
"""
Gets a keystone session for version 3 keystone auth url.
:return: keystone session object.
"""
auth = v3.Password(auth_url=self.authurl, username=self.username,
password=self.password, project_name=self.project,
project_domain_name=self.projectdomainname,
user_domain_name=self.userdomainname, )
sess = session.Session(auth=auth, verify=self.cacertificate)
return sess
def _session():
"""Creates an OpenStack session from configuration data"""
conf = pecan.request.conf
auth = v3.Password(
auth_url=conf.identity.auth_url,
username=conf.identity.username,
password=conf.identity.password,
user_domain_name=conf.identity.user_domain_name,
project_name=conf.identity.project_name,
project_domain_name=conf.identity.project_domain_name)
return session.Session(auth=auth)
def main():
module = AnsibleModule( # noqa
argument_spec=dict(auth_url=dict(required=False,
default='http://127.0.0.1:35357/v3'),
login_project_name=dict(required=False,
default='service'),
login_project_domain_name=dict(required=False,
default='Default'),
login_username=dict(required=False, default='nova'),
login_user_domain_name=dict(required=False,
default='Default'),
login_password=dict(required=False,
default='password'),
region_name=dict(required=False,
default='RegionOne'),
ca_cert=dict(required=False, default=None),
name=dict(required=True),
ram=dict(required=True),
vcpus=dict(required=True),
disk=dict(required=True),
flavorid=dict(required=False),
ephemeral=dict(required=False),
swap=dict(required=False),
rxtx_factor=dict(required=False),
is_public=dict(required=False)),
supports_check_mode=False)
optional_args = {}
for arg in ['flavorid', 'ephemeral', 'swap', 'rxtx_factor', 'is_public']:
if arg in module.params and module.params[arg] is not None:
optional_args[arg] = module.params[arg]
ks_auth = v3.Password(
auth_url=module.params['auth_url'],
username=module.params['login_username'],
user_domain_name=module.params['login_user_domain_name'],
project_name=module.params['login_project_name'],
project_domain_name=module.params['login_project_domain_name'],
password=module.params['login_password'])
ks_session = session.Session(auth=ks_auth,
verify=module.params['ca_cert'] or True)
client = nova_client.Client('2',
session=ks_session,
region_name=module.params['region_name'],
service_type='compute',
endpoint_type='internalURL')
try:
d = create_flavor(client, module.params['name'], module.params['ram'],
module.params['vcpus'], module.params['disk'],
**optional_args)
except Exception, e:
module.fail_json(msg='Exception: %s' % e)
def test_password_cache_id(self):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
project_name = uuid.uuid4().hex
a = v3.Password(self.TEST_URL,
username=self.TEST_USER,
password=self.TEST_PASS,
user_domain_id=self.TEST_DOMAIN_ID,
project_domain_name=self.TEST_DOMAIN_NAME,
project_name=project_name)
b = v3.Password(self.TEST_URL,
username=self.TEST_USER,
password=self.TEST_PASS,
user_domain_id=self.TEST_DOMAIN_ID,
project_domain_name=self.TEST_DOMAIN_NAME,
project_name=project_name)
a_id = a.get_cache_id()
b_id = b.get_cache_id()
self.assertEqual(a_id, b_id)
c = v3.Password(self.TEST_URL,
username=self.TEST_USER,
password=self.TEST_PASS,
user_domain_id=self.TEST_DOMAIN_ID,
project_domain_name=self.TEST_DOMAIN_NAME,
project_id=project_name) # same value different param
c_id = c.get_cache_id()
self.assertNotEqual(a_id, c_id)
self.assertIsNone(a.get_auth_state())
self.assertIsNone(b.get_auth_state())
self.assertIsNone(c.get_auth_state())
s = session.Session()
self.assertEqual(self.TEST_TOKEN, a.get_token(s))
self.assertTrue(self.requests_mock.called)
def getNovaClient(auth_url, username, password, project_name, user_domain_name,
project_domain_name):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
sess = session.Session(auth=auth)
nova = novClient.Client("2.1", session=sess)
return nova
def neutronclient(cls):
vim_params = cls.get_credentials()
auth = v3.Password(
auth_url=vim_params['auth_url'],
username=vim_params['username'],
password=vim_params['password'],
project_name=vim_params['project_name'],
user_domain_name=vim_params['user_domain_name'],
project_domain_name=vim_params['project_domain_name'])
verify = 'True' == vim_params.pop('cert_verify', 'False')
auth_ses = session.Session(auth=auth, verify=verify)
return neutron_client.Client(session=auth_ses)
def test_invalid_auth_response_dict(self):
self.stub_auth(json={'hello': 'world'})
a = v3.Password(self.TEST_URL,
username=self.TEST_USER,
password=self.TEST_PASS)
s = session.Session(auth=a)
self.assertRaises(exceptions.InvalidResponse,
s.get,
'http://any',
authenticated=True)
def get_plugin(self, auth_url=None, username=None, password=None,
user_domain_name=None, **kwargs):
if not all((auth_url, username, password)):
return None
LOG.debug('Attempting to authenticate for %s', username)
return v3_auth.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_name=user_domain_name,
unscoped=True)
def get_project_id(username, password):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_name=user_domain_name)
sess = session.Session(auth=auth)
keystone = client.Client(session=sess)
project_list = [
t.id for t in keystone.projects.list(user=sess.get_user_id())
]
return create_env_file(username, password, project_list[0])
def get_auth_object(keystone_endpoint):
return v3.Password(
username="******",
password="******",
project_name="demo",
auth_url=keystone_endpoint,
user_domain_id="default",
project_domain_id="default",
include_catalog=True,
# Allow fetching a new token if the current one is going to expire
reauthenticate=True
)
def novaclient(cls):
vim_params = cls.get_credentials()
auth = v3.Password(
auth_url=vim_params['auth_url'],
username=vim_params['username'],
password=vim_params['password'],
project_name=vim_params['project_name'],
user_domain_name=vim_params['user_domain_name'],
project_domain_name=vim_params['project_domain_name'])
auth_ses = session.Session(auth=auth)
return nova_client.Client(constants.NOVA_CLIENT_VERSION,
session=auth_ses)
def get_sahara_client(self, username, password, project_id, auth_ip,
domain):
auth = v3.Password(auth_url=auth_ip + ':5000/v3',
username=username,
password=password,
project_id=project_id,
user_domain_name=domain)
ses = session.Session(auth=auth)
print auth_ip + ':5000/v3'
print username
print project_id
return saharaclient('1.1', session=ses)
def connect():
auth = v3.Password(
auth_url=settings.OPENSTACK_AUTHURL,
username=settings.OPENSTACK_USERNAME,
password=settings.OPENSTACK_PASSWORD,
project_name=settings.OPENSTACK_PROJECTNAME,
user_domain_name=settings.OPENSTACK_USER_DOMAIN_NAME,
project_domain_name=settings.OPENSTACK_PROJECT_DOMAIN_NAME
)
session = keystone_session.Session(auth=auth,verify=False)
keystone = client.Client(session=session,interface="public")
return (keystone)
def test_doesnt_log_password(self):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
password = uuid.uuid4().hex
a = v3.Password(self.TEST_URL, username=self.TEST_USER,
password=password)
s = session.Session(a)
self.assertEqual(self.TEST_TOKEN, s.get_token())
self.assertEqual({'X-Auth-Token': self.TEST_TOKEN},
s.get_auth_headers())
self.assertNotIn(password, self.logger.output)
def get_session(auth_url=None, username=None, password=None,
project_name=None, verify=True, cert=None):
auth_url_fixed = auth_url.replace('/v2.0', '/v3')
if not auth_url_fixed.endswith('/v3'):
auth_url_fixed += '/v3'
auth = identity_v3.Password(auth_url=auth_url_fixed,
username=username,
password=password,
project_name=project_name,
user_domain_name='default',
project_domain_name='default')
return session.Session(auth=auth, verify=verify, cert=cert)
def get_os_session(resource_config: OSResourceConfig,
logger: Logger) -> Session:
logger.debug("Getting OpenStack Session")
auth = v3.Password(
auth_url=resource_config.controller_url,
username=resource_config.user,
password=resource_config.password,
project_name=resource_config.os_project_name,
user_domain_id=resource_config.os_domain_name,
project_domain_id=resource_config.os_domain_name,
)
return Session(auth=auth, verify=False)
def _keystone_client(self):
# XXX note that the domain is assumed to be default
auth = v3.Password(auth_url=config.auth_base_url + ':' +
str(config.auth_admin_port) + config.auth_base_path,
username=config.auth_username,
password=config.auth_passwd,
project_name=config.auth_tenant,
user_domain_id="default",
project_domain_id="default")
keystone = client.Client(session=session.Session(auth=auth))
return keystone
def test_endpoint_filter_without_service_type_fails(self):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
a = v3.Password(self.TEST_URL,
username=self.TEST_USER,
password=self.TEST_PASS)
s = session.Session(auth=a)
self.assertRaises(exceptions.EndpointNotFound,
s.get,
'/path',
endpoint_filter={'interface': 'admin'})
def _init_barbican_client(self):
"""Creates barbican client instance.
Verifies that client can communicate with Barbican, retrying
multiple times in case either Barbican or Keystone services are
still starting up.
"""
max_attempts = 5
sleep_time = 5
n_attempts = 0
while n_attempts <= max_attempts:
n_attempts += 1
try:
if self.auth_version == "v3":
auth = v3.Password(
username=self.username,
password=self.password,
auth_url=self.auth_url,
user_domain_name=self.user_domain_name,
project_domain_name=self.project_domain_name,
project_name=self.project_name)
else:
# assume v2 auth
auth = v2.Password(
username=self.username,
password=self.password,
auth_url=self.auth_url,
tenant_name=self.tenant_name)
# NOTE: Session is deprecated in keystoneclient 2.1.0
# and will be removed in a future keystoneclient release.
sess = Session(auth=auth)
self.barbican = Client(session=sess)
# test barbican service
self.barbican.containers.list()
# success
LOG.debug(
"Barbican client initialized using Keystone %s "
"authentication." % self.auth_version)
break
except Exception as exc:
if n_attempts < max_attempts:
LOG.debug("Barbican client initialization failed. "
"Trying again.")
time.sleep(sleep_time)
else:
raise InvalidBarbicanConfig(
"Unable to initialize Barbican client. %s" %
exc.message)
def test_invalid_auth_response_type(self):
self.stub_url('POST', ['auth', 'tokens'], text='testdata')
a = v3.Password(self.TEST_URL,
username=self.TEST_USER,
password=self.TEST_PASS)
s = session.Session(auth=a)
self.assertRaises(exceptions.InvalidResponse,
s.get,
'http://any',
authenticated=True)
def launch_app():
auth = v3.Password(username=OS_USERNAME,
password=OS_PASSWORD,
project_id=OS_PROJECT_ID,
project_domain_id=OS_PROJECT_DOMAIN_ID,
user_domain_id=OS_USER_DOMAIN_NAME,
auth_url=OS_AUTH_URL)
sess = session.Session(auth=auth)
resources = get_tenant_resources(sess)
create_tenant(sess, NEW_PROJECT, resources)
def get_token(username, password, auth_url, project_name):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
project_domain_name='Default',
user_domain_name='Default')
sess = session.Session(auth=auth)
try:
auth_token = sess.get_token()
except Exception, e:
return None
def get_to_auth_ref(self):
auth = v3.Password(auth_url=self.to_auth_url,
username=self.to_username,
password=self.to_password,
project_name=self.to_tenant_name,
user_domain_id=self.to_user_domain_id,
project_domain_id=self.to_project_domain_id)
sess = session.Session(auth=auth, verify=self.to_cert)
keystone = client.Client(session=sess,
endpoint_override=self.to_auth_url)
return keystone
def auth(rc):
auth = v3.Password(auth_url=rc['auth_url'],
project_name=rc['project_name'],
username=rc['username'],
password=rc['password'],
user_domain_name=rc['user_domain_name'],
project_domain_name=rc['project_domain_name'])
if rc['cacert'] is not None:
sess = session.Session(auth, verify=rc['cacert'])
else:
sess = session.Session(auth)
return sess
def generate_session(username, password, auth_url, user_domain_name, project_id=None):
auth = v3.Password(
username=username,
password=password,
project_id=project_id,
auth_url=auth_url,
user_domain_name=user_domain_name,
reauthenticate=True,
include_catalog=True,
)
sess = session.Session(auth=auth)
return sess
def getGlanceClient(auth_url, username, password, project_name,
user_domain_name, project_domain_name):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
sess = session.Session(auth=auth)
glance = glanceClient("2", session=sess)
return glance
def novaclient(cls):
vim_params = cls.get_credentials()
auth = v3.Password(auth_url=vim_params['auth_url'],
username=vim_params['username'],
password=vim_params['password'],
project_name=vim_params['project_name'],
user_domain_name=vim_params['user_domain_name'],
project_domain_name=vim_params['project_domain_name'])
verify = 'True' == vim_params.pop('cert_verify', 'False')
auth_ses = session.Session(auth=auth, verify=verify)
return nova_client.Client(constants.NOVA_CLIENT_VERSION,
session=auth_ses)
