class OpenstackAuth(OrchestratorAuth):
def __init__(self,
username,
password,
project_name,
inputs=None,
logger=None,
auth_url=None,
region_name=None,
certfile=None,
keyfile=None,
cacert=None,
insecure=True,
domain_name=None,
scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self, scope='domain'):
return self.keystone.get_session(scope)
def get_client(self, scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self, domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self, domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id,
domain_name=domain_name,
description=description,
enabled=enabled)
def get_domain(self, domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,
password,
email='',
tenant_name=tenant_name
or self.inputs.stack_tenant,
enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present" % (self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain" % (user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project" % (user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_role(user, role, project)
except Exception as e:
self.logger.exception("%s user already removed from project" %
(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self, group, domain_name):
try:
self.keystone.create_group(group, domain_name)
except Exception as e:
self.logger.info("%s user group already present" % (group))
def delete_group(self, name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self, user, group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s" %
(user, group))
def remove_user_from_group(self, user, group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s" %
(user, group))
def add_group_to_domain(self, group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group,
role='admin',
domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain" %
(group, project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain" %
(group, domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project" %
(group, tenant))
def remove_group_from_tenant(self, project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project" %
(group, tenant))
class OpenstackAuth(OrchestratorAuth):
def __init__(self, username, password, project_name,
inputs=None, logger=None, auth_url=None, region_name=None,
certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'):
self.inputs = inputs
self.user = username
self.passwd = password
self.project = project_name
self.scope = scope
self.logger = logger or contrail_logging.getLogger(__name__)
if inputs:
self.auth_url = inputs.auth_url
self.region_name = inputs.region_name
self.domain_name = domain_name or self.inputs.admin_domain
self.keystone_certfile = self.inputs.keystonecertfile
self.keystone_keyfile = self.inputs.keystonekeyfile
self.certbundle = self.inputs.certbundle
self.insecure = self.inputs.insecure
self.scope = 'project' if inputs.use_project_scoped_token else scope
else:
self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
self.region_name = region_name or os.getenv('OS_REGION_NAME')
self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
self.keystone_certfile = certfile
self.keystone_keyfile = keyfile
self.insecure = insecure
self.certbundle = cacert
self.reauth()
def reauth(self):
self.keystone = KeystoneCommands(username=self.user,
password=self.passwd,
tenant=self.project,
domain_name=self.domain_name,
auth_url=self.auth_url,
insecure=self.insecure,
region_name=self.region_name,
cert=self.keystone_certfile,
key=self.keystone_keyfile,
cacert=self.certbundle,
logger=self.logger,
scope=self.scope)
def get_domain_id(self, name='Default'):
return self.keystone.get_domain_id(name)
def get_project_id(self, name=None, domain_id=None):
if not name or name == self.project:
return self.keystone.get_id()
return self.keystone.get_project_id(name, domain_id)
def get_session(self,scope='domain'):
return self.keystone.get_session(scope)
def get_client(self,scope='domain'):
return self.keystone.get_client(scope)
def get_endpoint(self, service, interface='public'):
return self.keystone.get_endpoint(service, interface)
def get_token(self):
return self.keystone.get_token()
def create_domain(self,domain_name):
return self.keystone.create_domain(domain_name)
def delete_domain(self, domain_name):
self.keystone.delete_domain(domain_name)
def update_domain(self,domain_id, domain_name, description, enabled):
return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name,
description=description,enabled=enabled)
def get_domain(self,domain_id):
return self.keystone.get_domain(domain_id=domain_id)
def create_project(self, name, domain_name=None):
return self.keystone.create_project(name, domain_name)
def delete_project(self, name):
self.keystone.delete_project(name)
def delete_user(self, user):
self.keystone.delete_user(user)
def create_user(self, user, password, tenant_name=None, domain_name=None):
try:
self.keystone.create_user(user,password,email='',
tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True,
domain_name=domain_name)
except:
self.logger.info("%s user already present"%(self.user))
def get_user_id(self, user):
user_obj = self.keystone.get_user_dct(user)
return user_obj.id if user_obj else None
def create_role(self, role):
self.keystone.create_role(role)
def delete_role(self, role):
self.keystone.delete_role(role)
def add_user_to_domain(self, user, role='admin', domain=None):
try:
self.keystone.add_user_to_domain(user, role, domain)
except Exception as e:
self.logger.info("%s user already added to domain"%(user))
def add_user_to_project(self, user, project, role='admin'):
try:
self.keystone.add_user_to_tenant(project, user, role)
except Exception as e:
self.logger.info("%s user already added to project"%(user))
def remove_user_from_project(self, user, role, project):
try:
self.keystone.remove_user_from_tenant(project, user, role)
except Exception as e:
self.logger.exception("%s user already removed from project"%(user))
def verify_service_enabled(self, service):
try:
for svc in self.keystone.services_list():
if service in svc.name:
return True
else:
continue
return False
except Exception as e:
return False
def get_auth_h(self):
return self.keystone
def create_user_group(self,group,domain_name):
try:
self.keystone.create_group(group,domain_name)
except Exception as e:
self.logger.info("%s user group already present"%(group))
def delete_group(self,name):
return self.keystone.delete_group(name=name)
def add_user_to_group(self,user,group):
try:
self.keystone.add_user_to_group(user, group)
except Exception as e:
self.logger.info("%s user already added to group %s"%(user, group))
def remove_user_from_group(self,user,group):
try:
self.keystone.remove_user_from_group(user, group)
except Exception as e:
self.logger.info("%s user already removed from group %s"%(user, group))
def add_group_to_domain(self,group, role='admin', domain=None):
try:
self.keystone.add_group_to_domain(group, role='admin', domain=domain)
except Exception as e:
self.logger.info("%s group already added to domain"%(group,project))
def remove_group_from_domain(self, group, role, domain=None):
try:
self.keystone.remove_group_from_domain(group, role, domain=None)
except Exception as e:
self.logger.info("%s group already removed from domain"%(group,domain))
def add_group_to_tenant(self, project, group, role='admin'):
try:
self.keystone.add_group_to_tenant(project, group, role='admin')
except Exception as e:
self.logger.info("%s group already added to project"%(group,tenant))
def remove_group_from_tenant(self,project, group, role):
try:
self.keystone.remove_group_from_tenant(project, group, role)
except Exception as e:
self.logger.info("%s group already removed from project"%(group,tenant))
