Exemple #1
0
def build_token_values(token_data):
    token_values = {
        'expires_at':
        timeutils.normalize_time(
            timeutils.parse_isotime(token_data['expires_at'])),
        'issued_at':
        timeutils.normalize_time(
            timeutils.parse_isotime(token_data['issued_at']))
    }

    user = token_data.get('user')
    if user is not None:
        token_values['user_id'] = user['id']
        token_values['identity_domain_id'] = user['domain']['id']
    else:
        token_values['user_id'] = None
        token_values['identity_domain_id'] = None

    project = token_data.get('project', token_data.get('tenant'))
    if project is not None:
        token_values['project_id'] = project['id']
        token_values['assignment_domain_id'] = project['domain']['id']
    else:
        token_values['project_id'] = None
        token_values['assignment_domain_id'] = None

    role_list = []
    roles = token_data.get('roles')
    if roles is not None:
        for role in roles:
            role_list.append(role['id'])
    token_values['roles'] = role_list

    trust = token_data.get('OS-TRUST:trust')
    if trust is None:
        token_values['trust_id'] = None
        token_values['trustor_id'] = None
        token_values['trustee_id'] = None
    else:
        token_values['trust_id'] = trust['id']
        token_values['trustor_id'] = trust['trustor_user']['id']
        token_values['trustee_id'] = trust['trustee_user']['id']

    oauth1 = token_data.get('OS-OAUTH1')
    if oauth1 is None:
        token_values['consumer_id'] = None
        token_values['access_token_id'] = None
    else:
        token_values['consumer_id'] = oauth1['consumer_id']
        token_values['access_token_id'] = oauth1['access_token_id']
    return token_values
def build_token_values(token_data):
    token_values = {
        'expires_at': timeutils.normalize_time(
            timeutils.parse_isotime(token_data['expires_at'])),
        'issued_at': timeutils.normalize_time(
            timeutils.parse_isotime(token_data['issued_at']))}

    user = token_data.get('user')
    if user is not None:
        token_values['user_id'] = user['id']
        token_values['identity_domain_id'] = user['domain']['id']
    else:
        token_values['user_id'] = None
        token_values['identity_domain_id'] = None

    project = token_data.get('project', token_data.get('tenant'))
    if project is not None:
        token_values['project_id'] = project['id']
        token_values['assignment_domain_id'] = project['domain']['id']
    else:
        token_values['project_id'] = None
        token_values['assignment_domain_id'] = None

    role_list = []
    roles = token_data.get('roles')
    if roles is not None:
        for role in roles:
            role_list.append(role['id'])
    token_values['roles'] = role_list

    trust = token_data.get('OS-TRUST:trust')
    if trust is None:
        token_values['trust_id'] = None
        token_values['trustor_id'] = None
        token_values['trustee_id'] = None
    else:
        token_values['trust_id'] = trust['id']
        token_values['trustor_id'] = trust['trustor_user']['id']
        token_values['trustee_id'] = trust['trustee_user']['id']

    oauth1 = token_data.get('OS-OAUTH1')
    if oauth1 is None:
        token_values['consumer_id'] = None
        token_values['access_token_id'] = None
    else:
        token_values['consumer_id'] = oauth1['consumer_id']
        token_values['access_token_id'] = oauth1['access_token_id']
    return token_values
    def _request_admin_token(self):
        """Retrieve new token as admin user from keystone.

        :return token id upon success
        :raises ServerError when unable to communicate with keystone

        """
        params = {
            "auth": {
                "passwordCredentials": {"username": self.admin_user, "password": self.admin_password},
                "tenantName": self.admin_tenant_name,
            }
        }

        response, data = self._json_request("POST", "/v2.0/tokens", body=params)

        try:
            token = data["access"]["token"]["id"]
            expiry = data["access"]["token"]["expires"]
            assert token
            assert expiry
            datetime_expiry = timeutils.parse_isotime(expiry)
            return (token, timeutils.normalize_time(datetime_expiry))
        except (AssertionError, KeyError):
            self.LOG.warn("Unexpected response from keystone service: %s", data)
            raise ServiceError("invalid json response")
        except (ValueError):
            self.LOG.warn("Unable to parse expiration time from token: %s", data)
            raise ServiceError("invalid json response")
    def test_building_unscoped_accessinfo(self):
        auth_ref = access.AccessInfo.factory(body=UNSCOPED_TOKEN)

        self.assertTrue(auth_ref)
        self.assertIn("token", auth_ref)
        self.assertIn("serviceCatalog", auth_ref)
        self.assertFalse(auth_ref["serviceCatalog"])

        self.assertEqual(auth_ref.auth_token, "3e2813b7ba0b4006840c3825860b86ed")
        self.assertEqual(auth_ref.username, "exampleuser")
        self.assertEqual(auth_ref.user_id, "c4da488862bd435c9e6c0275a0d0e49a")

        self.assertEqual(auth_ref.tenant_name, None)
        self.assertEqual(auth_ref.tenant_id, None)

        self.assertEqual(auth_ref.auth_url, None)
        self.assertEqual(auth_ref.management_url, None)

        self.assertFalse(auth_ref.scoped)
        self.assertFalse(auth_ref.domain_scoped)
        self.assertFalse(auth_ref.project_scoped)
        self.assertFalse(auth_ref.trust_scoped)

        self.assertIsNone(auth_ref.project_domain_id)
        self.assertIsNone(auth_ref.project_domain_name)
        self.assertEqual(auth_ref.user_domain_id, "default")
        self.assertEqual(auth_ref.user_domain_name, "Default")

        self.assertEqual(auth_ref.expires, timeutils.parse_isotime(UNSCOPED_TOKEN["access"]["token"]["expires"]))
Exemple #5
0
    def test_building_unscoped_accessinfo(self):
        auth_ref = access.AccessInfo.factory(resp=TOKEN_RESPONSE,
                                             body=UNSCOPED_TOKEN)

        self.assertTrue(auth_ref)
        self.assertIn('methods', auth_ref)
        self.assertIn('catalog', auth_ref)
        self.assertFalse(auth_ref['catalog'])

        self.assertEqual(auth_ref.auth_token,
                         '3e2813b7ba0b4006840c3825860b86ed')
        self.assertEqual(auth_ref.username, 'exampleuser')
        self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')

        self.assertEqual(auth_ref.project_name, None)
        self.assertEqual(auth_ref.project_id, None)

        self.assertEqual(auth_ref.auth_url, None)
        self.assertEqual(auth_ref.management_url, None)

        self.assertFalse(auth_ref.domain_scoped)
        self.assertFalse(auth_ref.project_scoped)

        self.assertEqual(auth_ref.user_domain_id,
                         '4e6893b7ba0b4006840c3845660b86ed')
        self.assertEqual(auth_ref.user_domain_name, 'exampledomain')

        self.assertIsNone(auth_ref.project_domain_id)
        self.assertIsNone(auth_ref.project_domain_name)

        self.assertEqual(
            auth_ref.expires,
            timeutils.parse_isotime(UNSCOPED_TOKEN['token']['expires_at']))
    def test_building_unscoped_accessinfo(self):
        auth_ref = access.AccessInfo.factory(body=UNSCOPED_TOKEN)

        self.assertTrue(auth_ref)
        self.assertIn('token', auth_ref)
        self.assertIn('serviceCatalog', auth_ref)
        self.assertFalse(auth_ref['serviceCatalog'])

        self.assertEqual(auth_ref.auth_token,
                         '3e2813b7ba0b4006840c3825860b86ed')
        self.assertEqual(auth_ref.username, 'exampleuser')
        self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')

        self.assertEqual(auth_ref.tenant_name, None)
        self.assertEqual(auth_ref.tenant_id, None)

        self.assertEqual(auth_ref.auth_url, None)
        self.assertEqual(auth_ref.management_url, None)

        self.assertFalse(auth_ref.scoped)
        self.assertFalse(auth_ref.domain_scoped)
        self.assertFalse(auth_ref.project_scoped)
        self.assertFalse(auth_ref.trust_scoped)

        self.assertIsNone(auth_ref.project_domain_id)
        self.assertIsNone(auth_ref.project_domain_name)
        self.assertEqual(auth_ref.user_domain_id, 'default')
        self.assertEqual(auth_ref.user_domain_name, 'Default')

        self.assertEqual(auth_ref.expires, timeutils.parse_isotime(
                         UNSCOPED_TOKEN['access']['token']['expires']))
    def expires(self):
        """ Returns the token expiration (as datetime object)

        :returns: datetime

        """
        return timeutils.parse_isotime(self['token']['expires'])
    def test_building_unscoped_accessinfo(self):
        auth_ref = access.AccessInfo.factory(body=UNSCOPED_TOKEN)

        self.assertTrue(auth_ref)
        self.assertIn('token', auth_ref)
        self.assertIn('serviceCatalog', auth_ref)
        self.assertFalse(auth_ref['serviceCatalog'])

        self.assertEqual(auth_ref.auth_token,
                         '3e2813b7ba0b4006840c3825860b86ed')
        self.assertEqual(auth_ref.username, 'exampleuser')
        self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')

        self.assertEqual(auth_ref.tenant_name, None)
        self.assertEqual(auth_ref.tenant_id, None)

        self.assertEqual(auth_ref.auth_url, None)
        self.assertEqual(auth_ref.management_url, None)

        self.assertFalse(auth_ref.scoped)
        self.assertFalse(auth_ref.domain_scoped)
        self.assertFalse(auth_ref.project_scoped)
        self.assertFalse(auth_ref.trust_scoped)

        self.assertIsNone(auth_ref.project_domain_id)
        self.assertIsNone(auth_ref.project_domain_name)
        self.assertEqual(auth_ref.user_domain_id, 'default')
        self.assertEqual(auth_ref.user_domain_name, 'Default')

        self.assertEqual(
            auth_ref.expires,
            timeutils.parse_isotime(
                UNSCOPED_TOKEN['access']['token']['expires']))
Exemple #9
0
    def _request_admin_token(self):
        """Retrieve new token as admin user from keystone.

        :return token id upon success
        :raises ServerError when unable to communicate with keystone

        """
        params = {
            'auth': {
                'passwordCredentials': {
                    'username': self.admin_user,
                    'password': self.admin_password,
                },
                'tenantName': self.admin_tenant_name,
            }
        }

        response, data = self._json_request('POST',
                                            '/v2.0/tokens',
                                            body=params)

        try:
            token = data['access']['token']['id']
            expiry = data['access']['token']['expires']
            assert token
            assert expiry
            datetime_expiry = timeutils.parse_isotime(expiry)
            return (token, timeutils.normalize_time(datetime_expiry))
        except (AssertionError, KeyError):
            LOG.warn("Unexpected response from keystone service: %s", data)
            raise ServiceError('invalid json response')
        except (ValueError):
            LOG.warn("Unable to parse expiration time from token: %s", data)
            raise ServiceError('invalid json response')
    def expires(self):
        """ Returns the token expiration (as datetime object)

        :returns: datetime

        """
        return timeutils.parse_isotime(self['token']['expires'])
    def test_building_unscoped_accessinfo(self):
        auth_ref = access.AccessInfo.factory(resp=TOKEN_RESPONSE,
                                             body=UNSCOPED_TOKEN)

        self.assertTrue(auth_ref)
        self.assertIn('methods', auth_ref)
        self.assertIn('catalog', auth_ref)
        self.assertFalse(auth_ref['catalog'])

        self.assertEquals(auth_ref.auth_token,
                          '3e2813b7ba0b4006840c3825860b86ed')
        self.assertEquals(auth_ref.username, 'exampleuser')
        self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')

        self.assertEquals(auth_ref.project_name, None)
        self.assertEquals(auth_ref.project_id, None)

        self.assertEquals(auth_ref.auth_url, None)
        self.assertEquals(auth_ref.management_url, None)

        self.assertFalse(auth_ref.domain_scoped)
        self.assertFalse(auth_ref.project_scoped)

        self.assertEquals(auth_ref.user_domain_id,
                          '4e6893b7ba0b4006840c3845660b86ed')
        self.assertEquals(auth_ref.user_domain_name, 'exampledomain')

        self.assertIsNone(auth_ref.project_domain_id)
        self.assertIsNone(auth_ref.project_domain_name)

        self.assertEquals(auth_ref.expires, timeutils.parse_isotime(
                          UNSCOPED_TOKEN['token']['expires_at']))
    def _request_admin_token(self):
        """Retrieve new token as admin user from keystone.

        :return token id upon success
        :raises ServerError when unable to communicate with keystone

        """
        params = {
            'auth': {
                'passwordCredentials': {
                    'username': self.admin_user,
                    'password': self.admin_password,
                },
                'tenantName': self.admin_tenant_name,
            }
        }

        response, data = self._json_request('POST',
                                            '/v2.0/tokens',
                                            body=params)

        try:
            token = data['access']['token']['id']
            expiry = data['access']['token']['expires']
            assert token
            assert expiry
            datetime_expiry = timeutils.parse_isotime(expiry)
            return (token, timeutils.normalize_time(datetime_expiry))
        except (AssertionError, KeyError):
            LOG.warn("Unexpected response from keystone service: %s", data)
            raise ServiceError('invalid json response')
        except (ValueError):
            LOG.warn("Unable to parse expiration time from token: %s", data)
            raise ServiceError('invalid json response')
    def _cache_get(self, token_id, ignore_expires=False):
        """Return token information from cache.

        If token is invalid raise InvalidUserToken
        return token only if fresh (not expired).
        """

        if self._cache and token_id:
            if self._memcache_security_strategy is None:
                key = CACHE_KEY_TEMPLATE % token_id
                serialized = self._cache.get(key)
            else:
                keys = memcache_crypt.derive_keys(
                    token_id,
                    self._memcache_secret_key,
                    self._memcache_security_strategy)
                cache_key = CACHE_KEY_TEMPLATE % (
                    memcache_crypt.get_cache_key(keys))
                raw_cached = self._cache.get(cache_key)
                try:
                    # unprotect_data will return None if raw_cached is None
                    serialized = memcache_crypt.unprotect_data(keys,
                                                               raw_cached)
                except Exception:
                    msg = 'Failed to decrypt/verify cache data'
                    self.LOG.exception(msg)
                    # this should have the same effect as data not
                    # found in cache
                    serialized = None

            if serialized is None:
                return None

            # Note that 'invalid' and (data, expires) are the only
            # valid types of serialized cache entries, so there is not
            # a collision with jsonutils.loads(serialized) == None.
            cached = jsonutils.loads(serialized)
            if cached == 'invalid':
                self.LOG.debug('Cached Token %s is marked unauthorized',
                               token_id)
                raise InvalidUserToken('Token authorization failed')

            data, expires = cached

            try:
                expires = timeutils.parse_isotime(expires)
            except ValueError:
                # Gracefully handle upgrade of expiration times from *nix
                # timestamps to ISO 8601 formatted dates by ignoring old cached
                # values.
                return

            expires = timeutils.normalize_time(expires)
            utcnow = timeutils.utcnow()
            if ignore_expires or utcnow < expires:
                self.LOG.debug('Returning cached token %s', token_id)
                return data
            else:
                self.LOG.debug('Cached Token %s seems expired', token_id)
    def _cache_get(self, token_id, ignore_expires=False):
        """Return token information from cache.

        If token is invalid raise InvalidUserToken
        return token only if fresh (not expired).
        """

        if self._cache and token_id:
            if self._memcache_security_strategy is None:
                key = CACHE_KEY_TEMPLATE % token_id
                serialized = self._cache.get(key)
            else:
                keys = memcache_crypt.derive_keys(
                    token_id, self._memcache_secret_key,
                    self._memcache_security_strategy)
                cache_key = CACHE_KEY_TEMPLATE % (
                    memcache_crypt.get_cache_key(keys))
                raw_cached = self._cache.get(cache_key)
                try:
                    # unprotect_data will return None if raw_cached is None
                    serialized = memcache_crypt.unprotect_data(
                        keys, raw_cached)
                except Exception:
                    msg = 'Failed to decrypt/verify cache data'
                    self.LOG.exception(msg)
                    # this should have the same effect as data not
                    # found in cache
                    serialized = None

            if serialized is None:
                return None

            # Note that 'invalid' and (data, expires) are the only
            # valid types of serialized cache entries, so there is not
            # a collision with jsonutils.loads(serialized) == None.
            cached = jsonutils.loads(serialized)
            if cached == 'invalid':
                self.LOG.debug('Cached Token %s is marked unauthorized',
                               token_id)
                raise InvalidUserToken('Token authorization failed')

            data, expires = cached

            try:
                expires = timeutils.parse_isotime(expires)
            except ValueError:
                # Gracefully handle upgrade of expiration times from *nix
                # timestamps to ISO 8601 formatted dates by ignoring old cached
                # values.
                return

            expires = timeutils.normalize_time(expires)
            utcnow = timeutils.utcnow()
            if ignore_expires or utcnow < expires:
                self.LOG.debug('Returning cached token %s', token_id)
                return data
            else:
                self.LOG.debug('Cached Token %s seems expired', token_id)
Exemple #15
0
def build_token_values_v2(access, default_domain_id):
    token_data = access['token']
    token_values = {
        'expires_at':
        timeutils.normalize_time(timeutils.parse_isotime(
            token_data['expires'])),
        'issued_at':
        timeutils.normalize_time(
            timeutils.parse_isotime(token_data['issued_at']))
    }

    token_values['user_id'] = access.get('user', {}).get('id')

    project = token_data.get('tenant')
    if project is not None:
        token_values['project_id'] = project['id']
    else:
        token_values['project_id'] = None

    token_values['identity_domain_id'] = default_domain_id
    token_values['assignment_domain_id'] = default_domain_id

    trust = token_data.get('trust')
    if trust is None:
        token_values['trust_id'] = None
        token_values['trustor_id'] = None
        token_values['trustee_id'] = None
    else:
        token_values['trust_id'] = trust['id']
        token_values['trustor_id'] = trust['trustor_id']
        token_values['trustee_id'] = trust['trustee_id']

    token_values['consumer_id'] = None
    token_values['access_token_id'] = None

    role_list = []
    # Roles are by ID in metadata and by name in the user section
    roles = access.get('metadata', {}).get('roles', [])
    for role in roles:
        role_list.append(role)
    token_values['roles'] = role_list
    return token_values
    def test_create_expires(self):
        ref = self.new_ref()
        ref['trustor_user_id'] = uuid.uuid4().hex
        ref['trustee_user_id'] = uuid.uuid4().hex
        ref['impersonation'] = False
        ref['expires_at'] = timeutils.parse_isotime(
            '2013-03-04T12:00:01.000000Z')
        req_ref = ref.copy()

        # Note the TrustManager takes a datetime.datetime object for
        # expires_at, and converts it internally into an iso format datestamp
        req_ref['expires_at'] = '2013-03-04T12:00:01.000000Z'
        super(TrustTests, self).test_create(ref=ref, req_ref=req_ref)
def build_token_values_v2(access, default_domain_id):
    token_data = access['token']
    token_values = {
        'expires_at': timeutils.normalize_time(
            timeutils.parse_isotime(token_data['expires'])),
        'issued_at': timeutils.normalize_time(
            timeutils.parse_isotime(token_data['issued_at']))}

    token_values['user_id'] = access.get('user', {}).get('id')

    project = token_data.get('tenant')
    if project is not None:
        token_values['project_id'] = project['id']
    else:
        token_values['project_id'] = None

    token_values['identity_domain_id'] = default_domain_id
    token_values['assignment_domain_id'] = default_domain_id

    trust = token_data.get('trust')
    if trust is None:
        token_values['trust_id'] = None
        token_values['trustor_id'] = None
        token_values['trustee_id'] = None
    else:
        token_values['trust_id'] = trust['id']
        token_values['trustor_id'] = trust['trustor_id']
        token_values['trustee_id'] = trust['trustee_id']

    token_values['consumer_id'] = None
    token_values['access_token_id'] = None

    role_list = []
    # Roles are by ID in metadata and by name in the user section
    roles = access.get('metadata', {}).get('roles', [])
    for role in roles:
        role_list.append(role)
    token_values['roles'] = role_list
    return token_values
 def _confirm_token_not_expired(self, data):
     if not data:
         raise InvalidUserToken('Token authorization failed')
     if self._token_is_v2(data):
         timestamp = data['access']['token']['expires']
     elif self._token_is_v3(data):
         timestamp = data['token']['expires_at']
     else:
         raise InvalidUserToken('Token authorization failed')
     expires = timeutils.parse_isotime(timestamp).strftime('%s')
     if time.time() >= float(expires):
         self.LOG.debug('Token expired a %s', timestamp)
         raise InvalidUserToken('Token authorization failed')
     return expires
Exemple #19
0
 def _confirm_token_not_expired(self, data):
     if not data:
         raise InvalidUserToken('Token authorization failed')
     if self._token_is_v2(data):
         timestamp = data['access']['token']['expires']
     elif self._token_is_v3(data):
         timestamp = data['token']['expires_at']
     else:
         raise InvalidUserToken('Token authorization failed')
     expires = timeutils.parse_isotime(timestamp).strftime('%s')
     if time.time() >= float(expires):
         self.LOG.debug('Token expired a %s', timestamp)
         raise InvalidUserToken('Token authorization failed')
     return expires
    def _cache_put(self, token, data):
        """ Put token data into the cache.

        Stores the parsed expire date in cache allowing
        quick check of token freshness on retrieval.
        """
        if self._cache and data:
            if "token" in data.get("access", {}):
                timestamp = data["access"]["token"]["expires"]
                expires = timeutils.parse_isotime(timestamp).strftime("%s")
            else:
                self.LOG.error("invalid token format")
                return
            self.LOG.debug("Storing %s token in memcache", token)
            self._cache_store(token, data, expires)
def confirm_token_not_expired(data):
    if not data:
        raise InvalidUserToken('Token authorization failed')
    if _token_is_v2(data):
        timestamp = data['access']['token']['expires']
    elif _token_is_v3(data):
        timestamp = data['token']['expires_at']
    else:
        raise InvalidUserToken('Token authorization failed')
    expires = timeutils.parse_isotime(timestamp)
    expires = timeutils.normalize_time(expires)
    utcnow = timeutils.utcnow()
    if utcnow >= expires:
        raise InvalidUserToken('Token authorization failed')
    return timeutils.isotime(at=expires, subsecond=True)
    def _cache_put(self, token, data):
        """ Put token data into the cache.

        Stores the parsed expire date in cache allowing
        quick check of token freshness on retrieval.
        """
        if self._cache and data:
            if 'token' in data.get('access', {}):
                timestamp = data['access']['token']['expires']
                expires = timeutils.parse_isotime(timestamp).strftime('%s')
            else:
                self.LOG.error('invalid token format')
                return
            self.LOG.debug('Storing %s token in memcache', token)
            self._cache_store(token, data, expires)
def confirm_token_not_expired(data):
    if not data:
        raise InvalidUserToken('Token authorization failed')
    if _token_is_v2(data):
        timestamp = data['access']['token']['expires']
    elif _token_is_v3(data):
        timestamp = data['token']['expires_at']
    else:
        raise InvalidUserToken('Token authorization failed')
    expires = timeutils.parse_isotime(timestamp)
    expires = timeutils.normalize_time(expires)
    utcnow = timeutils.utcnow()
    if utcnow >= expires:
        raise InvalidUserToken('Token authorization failed')
    return timeutils.isotime(at=expires, subsecond=True)
Exemple #24
0
    def _cache_put(self, token, data):
        """ Put token data into the cache.

        Stores the parsed expire date in cache allowing
        quick check of token freshness on retrieval.
        """
        if self._cache and data:
            if self._token_is_v2(data):
                timestamp = data['access']['token']['expires']
            elif self._token_is_v3(data):
                timestamp = data['token']['expires_at']
            else:
                self.LOG.error('invalid token format')
                return
            expires = timeutils.parse_isotime(timestamp).strftime('%s')
            self.LOG.debug('Storing %s token in memcache', token)
            self._cache_store(token, data, expires)
 def issued(self):
     return timeutils.parse_isotime(self.issued_str)
 def expires(self):
     return timeutils.parse_isotime(self['expires_at'])
 def issued(self):
     return timeutils.parse_isotime(self['issued_at'])
Exemple #28
0
 def expires(self):
     return timeutils.parse_isotime(self.expires_str)
 def updated(self):
     return timeutils.parse_isotime(self.updated_str)
Exemple #30
0
 def issued(self):
     return timeutils.parse_isotime(self.issued_str)
 def issued(self):
     return timeutils.parse_isotime(self['issued_at'])
Exemple #32
0
 def expires(self):
     return timeutils.parse_isotime(self.expires_str)
Exemple #33
0
 def expires(self):
     return timeutils.parse_isotime(self['token']['expires'])
 def updated(self):
     return timeutils.parse_isotime(self.updated_str)
 def expires(self):
     return timeutils.parse_isotime(self["token"]["expires"])
 def expires(self):
     return timeutils.parse_isotime(self['token']['expires'])
# logging.basicConfig(level=logging.DEBUG)
glance = client.Client('1', endpoint=endpoint, token=auth_token)
glance.format = 'json'

# Fetch the list of files in store_directory matching the UUID regex
uuid_re = re.compile(
    r'[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
files = [(x, os.path.join(store_directory, x)) for x in
         os.listdir(store_directory) if uuid_re.match(x)]
files = [(x, os.path.getsize(p),
          datetime.fromtimestamp(os.path.getmtime(p), iso8601.Utc()))
         for x, p in files if os.path.isfile(p)]

# Fetch the list of glance images
glance_images = [(x.id, x.size, timeutils.parse_isotime(x.created_at))
                 for x in glance.images.list() if x.status == 'active']


# Check all active images 1 hour or older are present
time_cutoff = datetime.now(iso8601.Utc()) - timedelta(0, 3600)

result = 0

for image in [x for x in glance_images if x[2] < time_cutoff]:
    if not [x for x in files if x[0] == image[0]]:
        print "Glance image %s not found in %s" % (image[0], store_directory)
        result = 2


# Check all files have a corresponding glance image
Exemple #38
0
 def expires(self):
     return timeutils.parse_isotime(self['expires_at'])