def create_client(self, version=None):
"""Return a keystone client.
:param version: Keystone API version, can be one of:
("2", "3")
If this object was constructed with a version in the api_info
then that will be used unless the version parameter is passed.
"""
from keystoneclient import client
# Use the version in the api_info if provided, otherwise fall
# back to the passed version (which may be None, in which case
# keystoneclient chooses).
version = self.choose_version(version)
auth_url = self.credential.auth_url
if version is not None:
auth_url = self._remove_url_version()
sess, plugin = self._get_session(auth_url=auth_url, version=version)
# NOTE(bigjools): When using sessions, keystoneclient no longer
# does any pre-auth and calling client.authenticate() with
# sessions is deprecated (it's still possible to call it but if
# endpoint is defined it'll crash). We're forcing that pre-auth
# here because the use of the service_catalog depends on doing
# this. Also note that while the API has got the
# endpoints.list() equivalent, there is no service_type in that
# list which is why we need to ensure service_catalog is still
# present.
auth_ref = plugin.get_access(sess)
ks = client.Client(version=version, session=sess,
timeout=CONF.openstack_client_http_timeout)
ks.auth_ref = auth_ref
return ks
def create_client(self, version=None):
"""Return a keystone client.
:param version: Keystone API version, can be one of:
("2", "3")
If this object was constructed with a version in the api_info
then that will be used unless the version parameter is passed.
"""
import keystoneclient
from keystoneclient import client
# Use the version in the api_info if provided, otherwise fall
# back to the passed version (which may be None, in which case
# keystoneclient chooses).
version = self.choose_version(version)
auth_url = self.credential.auth_url
if version is not None:
auth_url = self._remove_url_version()
sess, plugin = self._get_session(auth_url=auth_url, version=version)
# NOTE(bigjools): When using sessions, keystoneclient no longer
# does any pre-auth and calling client.authenticate() with
# sessions is deprecated (it's still possible to call it but if
# endpoint is defined it'll crash). We're forcing that pre-auth
# here because the use of the service_catalog depends on doing
# this. Also note that while the API has got the
# endpoints.list() equivalent, there is no service_type in that
# list which is why we need to ensure service_catalog is still
# present.
auth_ref = plugin.get_access(sess)
kw = {"version": version, "session": sess,
"timeout": CONF.openstack_client_http_timeout}
if keystoneclient.__version__[0] == "1":
# NOTE(andreykurilin): let's leave this hack for envs which uses
# old(<2.0.0) keystoneclient version. Upstream fix:
# https://github.com/openstack/python-keystoneclient/commit/d9031c252848d89270a543b67109a46f9c505c86
from keystoneclient import base
kw["auth_url"] = sess.get_endpoint(interface=base.AUTH_INTERFACE)
if self.credential.endpoint_type:
kw["endpoint_type"] = self.credential.endpoint_type
ks = client.Client(**kw)
ks.auth_ref = auth_ref
return ks
def auth_ref(self):
try:
if "keystone_auth_ref" not in self.cache:
sess, plugin = self.get_session()
self.cache["keystone_auth_ref"] = plugin.get_access(sess)
except Exception as e:
if logging.is_debug():
LOG.exception("Unable to authenticate for user"
" %(username)s in project"
" %(tenant_name)s" %
{"username": self.credential.username,
"tenant_name": self.credential.tenant_name})
raise exceptions.AuthenticationFailed(
username=self.credential.username,
project=self.credential.tenant_name,
url=self.credential.auth_url,
etype=e.__class__.__name__,
error=str(e))
return self.cache["keystone_auth_ref"]
def auth_ref(self):
try:
if "keystone_auth_ref" not in self.cache:
sess, plugin = self.get_session()
self.cache["keystone_auth_ref"] = plugin.get_access(sess)
except Exception as original_e:
e = AuthenticationFailed(
error=original_e,
username=self.credential.username,
project=self.credential.tenant_name,
url=self.credential.auth_url
)
if logging.is_debug() and e.is_trace_helpful():
LOG.exception("Unable to authenticate for user"
" %(username)s in project"
" %(tenant_name)s" %
{"username": self.credential.username,
"tenant_name": self.credential.tenant_name})
raise e from None
return self.cache["keystone_auth_ref"]
def create_client(self, version=None):
"""Return a keystone client.
:param version: Keystone API version, can be one of:
("2", "3")
If this object was constructed with a version in the api_info
then that will be used unless the version parameter is passed.
"""
from keystoneclient import client
# Use the version in the api_info if provided, otherwise fall
# back to the passed version (which may be None, in which case
# keystoneclient chooses).
version = self.choose_version(version)
auth_url = self.credential.auth_url
if version is not None:
auth_url = self._remove_url_version()
sess, plugin = self._get_session(auth_url=auth_url, version=version)
# NOTE(bigjools): When using sessions, keystoneclient no longer
# does any pre-auth and calling client.authenticate() with
# sessions is deprecated (it's still possible to call it but if
# endpoint is defined it'll crash). We're forcing that pre-auth
# here because the use of the service_catalog depends on doing
# this. Also note that while the API has got the
# endpoints.list() equivalent, there is no service_type in that
# list which is why we need to ensure service_catalog is still
# present.
auth_ref = plugin.get_access(sess)
ks = client.Client(version=version,
session=sess,
timeout=CONF.openstack_client_http_timeout)
ks.auth_ref = auth_ref
return ks
def auth_ref(self):
if "keystone_auth_ref" not in self.cache:
sess, plugin = self.get_session()
self.cache["keystone_auth_ref"] = plugin.get_access(sess)
return self.cache["keystone_auth_ref"]
def auth_ref(self):
if "keystone_auth_ref" not in self.cache:
sess, plugin = self.get_session()
self.cache["keystone_auth_ref"] = plugin.get_access(sess)
return self.cache["keystone_auth_ref"]
