def _create_auth_plugin(self): if self.auth_token_info: access_info = access.create(body=self.auth_token_info, auth_token=self.auth_token) return access_plugin.AccessInfoPlugin( auth_ref=access_info, auth_url=self.keystone_v3_endpoint) if self.auth_token: # FIXME(jamielennox): This is broken but consistent. If you # only have a token but don't load a service catalog then # url_for wont work. Stub with the keystone endpoint so at # least it might be right. return token_endpoint.Token(endpoint=self.keystone_v3_endpoint, token=self.auth_token) if self.password: return generic.Password(username=self.username, password=self.password, project_id=self.tenant_id, user_domain_id=self.user_domain, auth_url=self.keystone_v3_endpoint) LOG.error( _LE("Keystone API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure()
def _get_auth(self): if self.context.is_admin: try: auth = ka_loading.load_auth_from_conf_options( CONF, ksconf.CFG_GROUP) except ka_exception.MissingRequiredOptions: auth = self._get_legacy_auth() elif self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) elif self.context.trust_id: auth_info = { 'auth_url': self.auth_url, 'username': self.context.user_name, 'password': self.context.password, 'user_domain_id': self.context.user_domain_id, 'user_domain_name': self.context.user_domain_name, 'trust_id': self.context.trust_id } auth = ka_v3.Password(**auth_info) else: LOG.error( _LE('Keystone API connection failed: no password, ' 'trust_id or token found.')) raise exception.AuthorizationFailure() return auth
def _plugin(self, **kwargs): token = fixture.V3Token() s = token.add_service('identity') s.add_standard_endpoints(public=self.TEST_ROOT_URL) auth_ref = access.create(body=token, auth_token=self.auth_token) return access_plugin.AccessInfoPlugin(auth_ref, **kwargs)
def _create_auth_plugin(self): if self.auth_token_info: access_info = access.create(body=self.auth_token_info, auth_token=self.auth_token) return access_plugin.AccessInfoPlugin( auth_ref=access_info, auth_url=self.keystone_v3_endpoint) if self.password: # Never trust the password. Refer to keyring LOG.info("Re-determining password from keyring") self.password = keyring.get_password('CGCS', self.username) # TIS user_domain_id is blank. Use user_domain_name to lookup user user_domain_name = cfg.CONF.user_domain_name return generic.Password(username=self.username, password=self.password, project_id=self.tenant_id, user_domain_id=self.user_domain, user_domain_name=user_domain_name, auth_url=self.keystone_v3_endpoint) if self.auth_token: # FIXME(jamielennox): This is broken but consistent. If you # only have a token but don't load a service catalog then # url_for wont work. Stub with the keystone endpoint so at # least it might be right. return token_endpoint.Token(endpoint=self.keystone_v3_endpoint, token=self.auth_token) LOG.error("Keystone API connection failed, no password " "trust or auth_token!") raise exception.AuthorizationFailure()
def create_user_auth_plugin(self, context): if not context.auth_token_info: msg = ("user=%s, project=%s" % (context.user_id, context.project_id)) raise exception.AuthorizationFailure(obj=msg) auth_ref = access.create(body=context.auth_token_info, auth_token=context.auth_token) return access_plugin.AccessInfoPlugin(auth_url=self.auth_uri, auth_ref=auth_ref)
def _get_auth(self): if self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP) elif self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) else: LOG.error(_LE('Keystone API connection failed: no password ' 'or token found.')) raise exception.AuthorizationFailure() return auth
def _get_auth(self): if self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP) elif self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) else: msg = ('Keystone API connection failed: no password, ' 'trust_id or token found.') LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message='reason %s' % msg) return auth
def create_trust_to_karbor(self, context): if not context.auth_token_info: msg = ("user=%s, project=%s" % (context.user_id, context.project_id)) raise exception.AuthorizationFailure(obj=msg) auth_ref = access.create(body=context.auth_token_info, auth_token=context.auth_token) user_auth_plugin = access_plugin.AccessInfoPlugin( auth_url=self._auth_uri, auth_ref=auth_ref) l_kc_v3 = self._get_keystone_client(user_auth_plugin) try: trust = l_kc_v3.trusts.create(trustor_user=context.user_id, trustee_user=self._karbor_user_id, project=context.project_id, impersonation=True, role_names=context.roles) return trust.id except Exception as e: raise exception.AuthorizationFailure(obj=str(e))
def _get_auth(self): #LOG.debug('KeystoneClient _get_auth xxx is_admin=%s,auth_token=%s,auth_token_info=%s', self.context.is_admin, self.context.auth_token,self.context.auth_token_info) if self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP) #LOG.debug('KeystoneClient _get_auth xxx auth=%s', auth.__dict__); elif self.context.auth_token_info: #LOG.debug('KeystoneClient _get_auth xxx auth_token_info inside'); access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: #LOG.debug('KeystoneClient _get_auth xxx auth_token inside'); auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) else: msg = ('Keystone API connection failed: no password, ' 'trust_id or token found.') LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message='reason %s' % msg) #LOG.debug('KeystoneClient _get_auth xxx final auth=%s', auth); return auth