def set_keystone_clients(cls): undercloud_rc = cls.parse_rc_file( CONF.nfv_plugin_options.undercloud_rc_file) cls.undercloud_keystone_session = session.Session(auth=v3.Password( auth_url=undercloud_rc['OS_AUTH_URL'], username=undercloud_rc['OS_USERNAME'], password=undercloud_rc['OS_PASSWORD'], project_name=undercloud_rc['OS_PROJECT_NAME'], user_domain_name=undercloud_rc['OS_USER_DOMAIN_NAME'], project_domain_name=undercloud_rc[ 'OS_PROJECT_DOMAIN_NAME']), verify=False) cls.overcloud_keystone_session = session.Session(auth=v3.Password( auth_url=CONF.identity.uri, username=CONF.auth.admin_username, password=CONF.auth.admin_password, project_name=CONF.auth.admin_project_name, user_domain_name=CONF.auth.admin_domain_name, project_domain_name=CONF.auth.admin_domain_name), verify=False)
def set_ks_auth_sess(self): self.keystone_auth = v3.Password( auth_url=self.auth_url, username=self.auth_args['username'], password=self.auth_args['password'], project_name=self.auth_args['project_name'], user_domain_name=self.auth_args['user_domain_name'], project_domain_name=self.auth_args['project_domain_name']) self.keystone_session = session.Session(auth=self.keystone_auth, verify=False) self.keystone_client = client.Client(session=self.keystone_session)
def auth_keystone_with_pass(self, passwd, username=None, uuid=None): if not username and not uuid: return False if username: auth = v3.Password(auth_url=self.config["Keystone"]["auth_uri"], username=username, password=passwd, project_name=defaults.PROJECT_NAME, user_domain_id="default", project_domain_id="default") else: auth = v3.Password(auth_url=self.config["Keystone"]["auth_uri"], user_id=uuid, password=passwd, project_name=defaults.PROJECT_NAME, user_domain_id="default", project_domain_id="default") sess = session.Session(auth=auth) keystone = client.Client(session=sess) return keystone
def _get_keystone_session_v3(self): """ Gets a keystone session for version 3 keystone auth url. :return: keystone session object. """ auth = v3.Password(auth_url=self.authurl, username=self.username, password=self.password, project_name=self.project, project_domain_name=self.projectdomainname, user_domain_name=self.userdomainname, ) sess = session.Session(auth=auth, verify=self.cacertificate) return sess
def _session(): """Creates an OpenStack session from configuration data""" conf = pecan.request.conf auth = v3.Password( auth_url=conf.identity.auth_url, username=conf.identity.username, password=conf.identity.password, user_domain_name=conf.identity.user_domain_name, project_name=conf.identity.project_name, project_domain_name=conf.identity.project_domain_name) return session.Session(auth=auth)
def main(): module = AnsibleModule( # noqa argument_spec=dict(auth_url=dict(required=False, default='http://127.0.0.1:35357/v3'), login_project_name=dict(required=False, default='service'), login_project_domain_name=dict(required=False, default='Default'), login_username=dict(required=False, default='nova'), login_user_domain_name=dict(required=False, default='Default'), login_password=dict(required=False, default='password'), region_name=dict(required=False, default='RegionOne'), ca_cert=dict(required=False, default=None), name=dict(required=True), ram=dict(required=True), vcpus=dict(required=True), disk=dict(required=True), flavorid=dict(required=False), ephemeral=dict(required=False), swap=dict(required=False), rxtx_factor=dict(required=False), is_public=dict(required=False)), supports_check_mode=False) optional_args = {} for arg in ['flavorid', 'ephemeral', 'swap', 'rxtx_factor', 'is_public']: if arg in module.params and module.params[arg] is not None: optional_args[arg] = module.params[arg] ks_auth = v3.Password( auth_url=module.params['auth_url'], username=module.params['login_username'], user_domain_name=module.params['login_user_domain_name'], project_name=module.params['login_project_name'], project_domain_name=module.params['login_project_domain_name'], password=module.params['login_password']) ks_session = session.Session(auth=ks_auth, verify=module.params['ca_cert'] or True) client = nova_client.Client('2', session=ks_session, region_name=module.params['region_name'], service_type='compute', endpoint_type='internalURL') try: d = create_flavor(client, module.params['name'], module.params['ram'], module.params['vcpus'], module.params['disk'], **optional_args) except Exception, e: module.fail_json(msg='Exception: %s' % e)
def test_password_cache_id(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) project_name = uuid.uuid4().hex a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, user_domain_id=self.TEST_DOMAIN_ID, project_domain_name=self.TEST_DOMAIN_NAME, project_name=project_name) b = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, user_domain_id=self.TEST_DOMAIN_ID, project_domain_name=self.TEST_DOMAIN_NAME, project_name=project_name) a_id = a.get_cache_id() b_id = b.get_cache_id() self.assertEqual(a_id, b_id) c = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, user_domain_id=self.TEST_DOMAIN_ID, project_domain_name=self.TEST_DOMAIN_NAME, project_id=project_name) # same value different param c_id = c.get_cache_id() self.assertNotEqual(a_id, c_id) self.assertIsNone(a.get_auth_state()) self.assertIsNone(b.get_auth_state()) self.assertIsNone(c.get_auth_state()) s = session.Session() self.assertEqual(self.TEST_TOKEN, a.get_token(s)) self.assertTrue(self.requests_mock.called)
def getNovaClient(auth_url, username, password, project_name, user_domain_name, project_domain_name): auth = v3.Password(auth_url=auth_url, username=username, password=password, project_name=project_name, user_domain_name=user_domain_name, project_domain_name=project_domain_name) sess = session.Session(auth=auth) nova = novClient.Client("2.1", session=sess) return nova
def neutronclient(cls): vim_params = cls.get_credentials() auth = v3.Password( auth_url=vim_params['auth_url'], username=vim_params['username'], password=vim_params['password'], project_name=vim_params['project_name'], user_domain_name=vim_params['user_domain_name'], project_domain_name=vim_params['project_domain_name']) verify = 'True' == vim_params.pop('cert_verify', 'False') auth_ses = session.Session(auth=auth, verify=verify) return neutron_client.Client(session=auth_ses)
def test_invalid_auth_response_dict(self): self.stub_auth(json={'hello': 'world'}) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any', authenticated=True)
def get_plugin(self, auth_url=None, username=None, password=None, user_domain_name=None, **kwargs): if not all((auth_url, username, password)): return None LOG.debug('Attempting to authenticate for %s', username) return v3_auth.Password(auth_url=auth_url, username=username, password=password, user_domain_name=user_domain_name, unscoped=True)
def get_project_id(username, password): auth = v3.Password(auth_url=auth_url, username=username, password=password, user_domain_name=user_domain_name) sess = session.Session(auth=auth) keystone = client.Client(session=sess) project_list = [ t.id for t in keystone.projects.list(user=sess.get_user_id()) ] return create_env_file(username, password, project_list[0])
def get_auth_object(keystone_endpoint): return v3.Password( username="******", password="******", project_name="demo", auth_url=keystone_endpoint, user_domain_id="default", project_domain_id="default", include_catalog=True, # Allow fetching a new token if the current one is going to expire reauthenticate=True )
def novaclient(cls): vim_params = cls.get_credentials() auth = v3.Password( auth_url=vim_params['auth_url'], username=vim_params['username'], password=vim_params['password'], project_name=vim_params['project_name'], user_domain_name=vim_params['user_domain_name'], project_domain_name=vim_params['project_domain_name']) auth_ses = session.Session(auth=auth) return nova_client.Client(constants.NOVA_CLIENT_VERSION, session=auth_ses)
def get_sahara_client(self, username, password, project_id, auth_ip, domain): auth = v3.Password(auth_url=auth_ip + ':5000/v3', username=username, password=password, project_id=project_id, user_domain_name=domain) ses = session.Session(auth=auth) print auth_ip + ':5000/v3' print username print project_id return saharaclient('1.1', session=ses)
def connect(): auth = v3.Password( auth_url=settings.OPENSTACK_AUTHURL, username=settings.OPENSTACK_USERNAME, password=settings.OPENSTACK_PASSWORD, project_name=settings.OPENSTACK_PROJECTNAME, user_domain_name=settings.OPENSTACK_USER_DOMAIN_NAME, project_domain_name=settings.OPENSTACK_PROJECT_DOMAIN_NAME ) session = keystone_session.Session(auth=auth,verify=False) keystone = client.Client(session=session,interface="public") return (keystone)
def test_doesnt_log_password(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) password = uuid.uuid4().hex a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=password) s = session.Session(a) self.assertEqual(self.TEST_TOKEN, s.get_token()) self.assertEqual({'X-Auth-Token': self.TEST_TOKEN}, s.get_auth_headers()) self.assertNotIn(password, self.logger.output)
def get_session(auth_url=None, username=None, password=None, project_name=None, verify=True, cert=None): auth_url_fixed = auth_url.replace('/v2.0', '/v3') if not auth_url_fixed.endswith('/v3'): auth_url_fixed += '/v3' auth = identity_v3.Password(auth_url=auth_url_fixed, username=username, password=password, project_name=project_name, user_domain_name='default', project_domain_name='default') return session.Session(auth=auth, verify=verify, cert=cert)
def get_os_session(resource_config: OSResourceConfig, logger: Logger) -> Session: logger.debug("Getting OpenStack Session") auth = v3.Password( auth_url=resource_config.controller_url, username=resource_config.user, password=resource_config.password, project_name=resource_config.os_project_name, user_domain_id=resource_config.os_domain_name, project_domain_id=resource_config.os_domain_name, ) return Session(auth=auth, verify=False)
def _keystone_client(self): # XXX note that the domain is assumed to be default auth = v3.Password(auth_url=config.auth_base_url + ':' + str(config.auth_admin_port) + config.auth_base_path, username=config.auth_username, password=config.auth_passwd, project_name=config.auth_tenant, user_domain_id="default", project_domain_id="default") keystone = client.Client(session=session.Session(auth=auth)) return keystone
def test_endpoint_filter_without_service_type_fails(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertRaises(exceptions.EndpointNotFound, s.get, '/path', endpoint_filter={'interface': 'admin'})
def _init_barbican_client(self): """Creates barbican client instance. Verifies that client can communicate with Barbican, retrying multiple times in case either Barbican or Keystone services are still starting up. """ max_attempts = 5 sleep_time = 5 n_attempts = 0 while n_attempts <= max_attempts: n_attempts += 1 try: if self.auth_version == "v3": auth = v3.Password( username=self.username, password=self.password, auth_url=self.auth_url, user_domain_name=self.user_domain_name, project_domain_name=self.project_domain_name, project_name=self.project_name) else: # assume v2 auth auth = v2.Password( username=self.username, password=self.password, auth_url=self.auth_url, tenant_name=self.tenant_name) # NOTE: Session is deprecated in keystoneclient 2.1.0 # and will be removed in a future keystoneclient release. sess = Session(auth=auth) self.barbican = Client(session=sess) # test barbican service self.barbican.containers.list() # success LOG.debug( "Barbican client initialized using Keystone %s " "authentication." % self.auth_version) break except Exception as exc: if n_attempts < max_attempts: LOG.debug("Barbican client initialization failed. " "Trying again.") time.sleep(sleep_time) else: raise InvalidBarbicanConfig( "Unable to initialize Barbican client. %s" % exc.message)
def test_invalid_auth_response_type(self): self.stub_url('POST', ['auth', 'tokens'], text='testdata') a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any', authenticated=True)
def launch_app(): auth = v3.Password(username=OS_USERNAME, password=OS_PASSWORD, project_id=OS_PROJECT_ID, project_domain_id=OS_PROJECT_DOMAIN_ID, user_domain_id=OS_USER_DOMAIN_NAME, auth_url=OS_AUTH_URL) sess = session.Session(auth=auth) resources = get_tenant_resources(sess) create_tenant(sess, NEW_PROJECT, resources)
def get_token(username, password, auth_url, project_name): auth = v3.Password(auth_url=auth_url, username=username, password=password, project_name=project_name, project_domain_name='Default', user_domain_name='Default') sess = session.Session(auth=auth) try: auth_token = sess.get_token() except Exception, e: return None
def get_to_auth_ref(self): auth = v3.Password(auth_url=self.to_auth_url, username=self.to_username, password=self.to_password, project_name=self.to_tenant_name, user_domain_id=self.to_user_domain_id, project_domain_id=self.to_project_domain_id) sess = session.Session(auth=auth, verify=self.to_cert) keystone = client.Client(session=sess, endpoint_override=self.to_auth_url) return keystone
def auth(rc): auth = v3.Password(auth_url=rc['auth_url'], project_name=rc['project_name'], username=rc['username'], password=rc['password'], user_domain_name=rc['user_domain_name'], project_domain_name=rc['project_domain_name']) if rc['cacert'] is not None: sess = session.Session(auth, verify=rc['cacert']) else: sess = session.Session(auth) return sess
def generate_session(username, password, auth_url, user_domain_name, project_id=None): auth = v3.Password( username=username, password=password, project_id=project_id, auth_url=auth_url, user_domain_name=user_domain_name, reauthenticate=True, include_catalog=True, ) sess = session.Session(auth=auth) return sess
def getGlanceClient(auth_url, username, password, project_name, user_domain_name, project_domain_name): auth = v3.Password(auth_url=auth_url, username=username, password=password, project_name=project_name, user_domain_name=user_domain_name, project_domain_name=project_domain_name) sess = session.Session(auth=auth) glance = glanceClient("2", session=sess) return glance
def novaclient(cls): vim_params = cls.get_credentials() auth = v3.Password(auth_url=vim_params['auth_url'], username=vim_params['username'], password=vim_params['password'], project_name=vim_params['project_name'], user_domain_name=vim_params['user_domain_name'], project_domain_name=vim_params['project_domain_name']) verify = 'True' == vim_params.pop('cert_verify', 'False') auth_ses = session.Session(auth=auth, verify=verify) return nova_client.Client(constants.NOVA_CLIENT_VERSION, session=auth_ses)