def get_token(username): service_catalog_info = load_service_catalog() sc = service_catalog.ServiceCatalogV2(service_catalog_info['_catalog']) auth_ref_info = load_auth_ref() auth_ref_info['_data']['_service_catalog'] = sc ai = access.AccessInfoV2(auth_ref_info['_data']) return user.Token(auth_ref=ai)
def get_cinderclient(self, context=None, legacy_update=False): # NOTE: For legacy image update from single store to multiple # stores we need to use admin context rather than user provided # credentials if legacy_update: user_overriden = False context = context.elevated() else: user_overriden = self.is_user_overriden() if user_overriden: username = self.store_conf.cinder_store_user_name password = self.store_conf.cinder_store_password project = self.store_conf.cinder_store_project_name url = self.store_conf.cinder_store_auth_address else: username = context.user_id password = context.auth_token project = context.project_id if self.store_conf.cinder_endpoint_template: template = self.store_conf.cinder_endpoint_template url = template % context.to_dict() else: info = self.store_conf.cinder_catalog_info service_type, service_name, interface = info.split(':') try: catalog = keystone_sc.ServiceCatalogV2( context.service_catalog) url = catalog.url_for( region_name=self.store_conf.cinder_os_region_name, service_type=service_type, service_name=service_name, interface=interface) except keystone_exc.EndpointNotFound: reason = _("Failed to find Cinder from a service catalog.") raise exceptions.BadStoreConfiguration(store_name="cinder", reason=reason) c = cinderclient.Client( username, password, project, auth_url=url, region_name=self.store_conf.cinder_os_region_name, insecure=self.store_conf.cinder_api_insecure, retries=self.store_conf.cinder_http_retries, cacert=self.store_conf.cinder_ca_certificates_file) LOG.debug( 'Cinderclient connection created for user %(user)s using URL: ' '%(url)s.', {'user': username, 'url': url}) # noauth extracts user_id:project_id from auth_token if not user_overriden: c.client.auth_token = context.auth_token or '%s:%s' % (username, project) c.client.management_url = url return c
def get_cinderclient(conf, context=None, backend=None): if backend: glance_store = getattr(conf, backend) else: glance_store = conf.glance_store user_overriden = is_user_overriden(conf, backend=backend) if user_overriden: username = glance_store.cinder_store_user_name password = glance_store.cinder_store_password project = glance_store.cinder_store_project_name url = glance_store.cinder_store_auth_address else: username = context.user password = context.auth_token project = context.tenant if glance_store.cinder_endpoint_template: url = glance_store.cinder_endpoint_template % context.to_dict() else: info = glance_store.cinder_catalog_info service_type, service_name, interface = info.split(':') try: catalog = keystone_sc.ServiceCatalogV2(context.service_catalog) url = catalog.url_for( region_name=glance_store.cinder_os_region_name, service_type=service_type, service_name=service_name, interface=interface) except keystone_exc.EndpointNotFound: reason = _("Failed to find Cinder from a service catalog.") raise exceptions.BadStoreConfiguration(store_name="cinder", reason=reason) c = cinderclient.Client(username, password, project, auth_url=url, region_name=glance_store.cinder_os_region_name, insecure=glance_store.cinder_api_insecure, retries=glance_store.cinder_http_retries, cacert=glance_store.cinder_ca_certificates_file) LOG.debug( 'Cinderclient connection created for user %(user)s using URL: ' '%(url)s.', { 'user': username, 'url': url }) # noauth extracts user_id:project_id from auth_token if not user_overriden: c.client.auth_token = context.auth_token or '%s:%s' % (username, project) c.client.management_url = url return c
def _get_endpoint(context, region_name): # service_type, service_name, interface = \ # CONF.patching.catalog_info.split(':') sc = k_service_catalog.ServiceCatalogV2(context.service_catalog) service_parameters = { 'service_type': 'patching', 'service_name': 'patching', 'interface': 'internalURL', 'region_name': region_name } endpoint = sc.url_for(**service_parameters) return endpoint
def _get_credsmgr_client(context=None): region_name = CONF.keystone_authtoken.region_name if context: token = context.auth_token sc = service_catalog.ServiceCatalogV2(context.service_catalog) credsmgr_endpoint = sc.url_for(service_type='credsmgr', region_name=region_name) else: session = get_admin_session(CONF) token = session.get_token() credsmgr_endpoint = session.get_endpoint(service_type='credsmgr', region_name=region_name) return Client(credsmgr_endpoint, token=token)
def url_for(service_catalog=None, service_type='identity', endpoint_type="internalURL"): if not service_catalog: service_catalog = context.current().service_catalog try: return keystone_service_catalog.ServiceCatalogV2( json.loads(service_catalog)).url_for( service_type=service_type, interface=endpoint_type, region_name=CONF.os_region_name) except keystone_ex.EndpointNotFound: return keystone_service_catalog.ServiceCatalogV3( json.loads(service_catalog)).url_for( service_type=service_type, interface=endpoint_type, region_name=CONF.os_region_name)
def _get_endpoint(context): # service_type, service_name, interface = \ # CONF.nfv.catalog_info.split(':') region_name = _get_region(context) sc = k_service_catalog.ServiceCatalogV2(context.service_catalog) service_parameters = { 'service_type': 'nfv', 'service_name': 'vim', 'interface': 'internalURL', 'region_name': region_name } endpoint = sc.url_for(**service_parameters) LOG.info("NFV endpoint=%s" % endpoint) return endpoint
def get_credentials(context, tenant, conf=None): # TODO(ssudake21): Add caching support # 1. Cache keystone endpoint # 2. Cache recently used AWS credentials try: if context is None or tenant is None: raise glance_ex.AuthorizationFailure() sc = service_catalog.ServiceCatalogV2(context.service_catalog) region_name = conf.keystone_credentials.region_name credsmgr_endpoint = sc.url_for(service_type='credsmgr', region_name=region_name) token = context.auth_token credsmgr_client = Client(credsmgr_endpoint, token=token) resp, body = credsmgr_client.credentials.credentials_get('aws', tenant) except (EndpointNotFound, credsmgr_ex.HTTPBadGateway, credsmgr_ex.HTTPNotFound): if conf is not None: return get_credentials_from_conf(conf) raise AwsCredentialsNotFound() return body
def get_credentials(context, project_id=None): # TODO(ssudake21): Add caching support # 1. Cache keystone endpoint # 2. Cache recently used AWS credentials try: sc = service_catalog.ServiceCatalogV2(context.service_catalog) credsmgr_endpoint = sc.url_for(service_type='credsmgr', region_name=CONF.os_region_name) token = context.auth_token credsmgr_client = Client(credsmgr_endpoint, token=token) if not project_id: project_id = context.project_id resp, body = credsmgr_client.credentials.credentials_get( 'aws', project_id) except (EndpointNotFound, exceptions.HTTPBadGateway): return get_credentials_from_conf(CONF) except exceptions.HTTPNotFound: if not CONF.AWS.use_credsmgr: return get_credentials_from_conf(CONF) raise return body
def sysinvclient(context, version=1, endpoint=None): """Constructs a sysinv client object for making API requests. :param context: The request context for auth. :param version: API endpoint version. :param endpoint: Optional If the endpoint is not available, it will be retrieved from context """ region_name = CONF.sysinv.os_region_name if not context.service_catalog: # Obtain client via keystone session auth_url = CONF.KEYSTONE_AUTHTOKEN.auth_url + "/v3" session = _get_keystone_session(auth_url) LOG.debug("sysinvclient auth_url=%s region_name=%s session=%s" % (auth_url, region_name, session)) return sysinv_client.Client(session=session, version=version, auth_url=auth_url, endpoint_type='internalURL', region_name=region_name) auth_token = context.auth_token if endpoint is None: sc = k_service_catalog.ServiceCatalogV2(context.service_catalog) service_type, service_name, interface = \ CONF.sysinv.catalog_info.split(':') service_parameters = { 'service_type': service_type, 'service_name': service_name, 'interface': interface, 'region_name': region_name } endpoint = sc.url_for(**service_parameters) return sysinv_client.Client(version=version, endpoint=endpoint, auth_token=auth_token)
def fmclient(context, version=1, endpoint=None): """Constructs a fm client object for making API requests. :param context: The request context for auth. :param version: API endpoint version. :param endpoint: Optional If the endpoint is not available, it will be retrieved from context """ auth_token = context.auth_token if endpoint is None: sc = k_service_catalog.ServiceCatalogV2(context.service_catalog) service_type, service_name, interface = \ CONF.fm.catalog_info.split(':') service_parameters = {'service_type': service_type, 'service_name': service_name, 'interface': interface, 'region_name': CONF.fm.os_region_name} endpoint = sc.url_for(**service_parameters) return fm_client.Client(version=version, endpoint=endpoint, auth_token=auth_token)
def get_endpoint(service_catalog, service_type='image', endpoint_region=None, endpoint_type='publicURL'): """ Select an endpoint from the service catalog We search the full service catalog for services matching both type and region. If the client supplied no region then any 'image' endpoint is considered a match. There must be one -- and only one -- successful match in the catalog, otherwise we will raise an exception. """ endpoints = ks_service_catalog.ServiceCatalogV2( service_catalog).get_urls(interface=endpoint_type, service_type=service_type, region_name=endpoint_region) if len(endpoints) == 0: raise exception.NoServiceEndpoint() elif len(endpoints) == 1: return endpoints[0] else: raise exception.RegionAmbiguity(region=endpoint_region)
def __init__(self, auth_token, sc): super(_ContextAuthPlugin, self).__init__() self.auth_token = auth_token self.service_catalog = ksa_service_catalog.ServiceCatalogV2(sc)
from keystoneauth1 import noauth from keystoneauth1 import token_endpoint from openstack.config import cloud_config from openstack.config import defaults from openstack import connection from osc_lib.api import auth from osc_lib import clientmanager from osc_lib import exceptions as exc from osc_lib.tests import fakes from osc_lib.tests import utils AUTH_REF = {'version': 'v2.0'} AUTH_REF.update(fakes.TEST_RESPONSE_DICT['access']) SERVICE_CATALOG = service_catalog.ServiceCatalogV2(AUTH_REF) AUTH_DICT = { 'auth_url': fakes.AUTH_URL, 'username': fakes.USERNAME, 'password': fakes.PASSWORD, 'project_name': fakes.PROJECT_NAME } # This is deferred in api.auth but we need it here... auth.get_options_list() class Container(object): attr = clientmanager.ClientCache(lambda x: object()) buggy_attr = clientmanager.ClientCache(lambda x: x.foo)
def generate_test_data(): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'name': 'keystone', 'endpoints_links': [], 'endpoints': [{ 'region': 'RegionOne', 'adminURL': 'http://admin.localhost:35357/v2.0', 'internalURL': 'http://internal.localhost:5000/v2.0', 'publicURL': 'http://public.localhost:5000/v2.0' }] } # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'token': '', 'enabled': True } test_data.user = users.User(None, user_dict, loaded=True) # Tenants tenant_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'enabled': True } tenant_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'enabled': False } test_data.tenant_one = tenants.Tenant(None, tenant_dict_1, loaded=True) test_data.tenant_two = tenants.Tenant(None, tenant_dict_2, loaded=True) nova_service = { 'type': 'compute', 'name': 'nova', 'endpoint_links': [], 'endpoints': [{ 'region': 'RegionOne', 'adminURL': ('http://nova-admin.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'internalURL': ('http://nova-internal.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'publicURL': ('http://nova-public.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])) }, { 'region': 'RegionTwo', 'adminURL': ('http://nova2-admin.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'internalURL': ('http://nova2-internal.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'publicURL': ('http://nova2-public.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])) }] } # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) scoped_token_dict = { 'access': { 'token': { 'id': uuid.uuid4().hex, 'expires': expiration, 'tenant': tenant_dict_1, 'tenants': [tenant_dict_1, tenant_dict_2] }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'roles': [role_dict] }, 'serviceCatalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create(resp=None, body=scoped_token_dict) unscoped_token_dict = { 'access': { 'token': { 'id': uuid.uuid4().hex, 'expires': expiration }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'roles': [role_dict] }, 'serviceCatalog': [keystone_service] } } test_data.unscoped_access_info = access.create(resp=None, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV2( [keystone_service, nova_service]) return test_data