def get_admin_session(auth_url,
username,
password,
project_name=None,
project_domain_name=None,
user_domain_name=None,
verify=False,
timeout=180):
if 'v3' in auth_url:
auth = keystone_auth.V3Password(
auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
project_domain_name=project_domain_name,
user_domain_name=user_domain_name)
else:
auth = keystone_auth.V2Password(auth_url,
username=username,
password=password,
tenant_name=project_name)
session = keystone_auth_session.Session(auth=auth,
timeout=timeout,
verify=verify)
return session
def main():
module = AnsibleModule(
argument_spec = dict(
key=dict(required=True, type='str'),
),
supports_check_mode=False
)
# Keystone V3 password authentication
auth = identity.V3Password(auth_url=os.getenv('OS_AUTH_URL'),
username=os.getenv('OS_USERNAME'),
user_domain_name=os.getenv('OS_USER_DOMAIN_NAME', 'Default'),
password=os.getenv('OS_PASSWORD'),
project_name=os.getenv('OS_PROJECT_NAME'),
project_domain_name=os.getenv('OS_PROJECT_DOMAIN_NAME','Default'))
sess = session.Session(auth=auth)
barbican = client.Client(session=sess)
if not barbican:
module.fail_json(msg="Unable to initialise Barbican client")
secret_key = module.params['key']
secret_list = barbican.secrets.list(name=secret_key)
if secret_list:
retrieved_secret = secret_list[0].payload
module.exit_json(changed=True, secret=retrieved_secret)
def get_auth_token_and_endpoint(region_name):
from keystoneauth1 import identity
from keystoneauth1 import session
from keystoneauth1 import exceptions
user_env_map = {
'OS_USERNAME': '******',
'OS_PASSWORD': '******',
'OS_PROJECT_NAME': 'project_name',
'OS_AUTH_URL': 'auth_url',
'OS_USER_DOMAIN_NAME': 'user_domain_name',
'OS_PROJECT_DOMAIN_NAME': 'project_domain_name'
}
for k, v in user_env_map.items():
check_env(k, v)
user = dict()
for k, v in user_env_map.items():
user[v] = os.environ.get(k)
auth = identity.V3Password(**user)
sess = session.Session(auth=auth)
try:
token = auth.get_token(sess)
endpoint = auth.get_endpoint(sess,
service_type='patching',
interface='internal',
region_name=region_name)
except (exceptions.http.Unauthorized, exceptions.EndpointNotFound) as e:
print(e.message)
exit(-1)
return token, endpoint
def _encrypt_data(context, data):
try:
# TODO(pbourke): move auth construction into common area if it ends up
# been required in other areas
auth = identity.V3Password(
auth_url=settings.KEY_MANAGER['auth_url'],
username=settings.KEY_MANAGER['username'],
user_domain_name=settings.KEY_MANAGER['user_domain_name'],
password=settings.KEY_MANAGER['password'],
project_name=settings.KEY_MANAGER['project_name'],
project_domain_name=settings.KEY_MANAGER['project_domain_name']
)
except (KeyError, AttributeError) as e:
LOG.exception(e)
msg = ('Could not find valid key manager credentials in the '
'murano-dashboard config. encryptData yaql function not '
'available')
raise castellan_exception.KeyManagerError(message_arg=msg)
sess = session.Session(auth=auth)
auth_context = _oslo_context.RequestContext(
auth_token=auth.get_token(sess), tenant=auth.get_project_id(sess))
options.set_defaults(cfg.CONF,
auth_endpoint=settings.KEY_MANAGER['auth_url'])
manager = key_manager.API()
try:
# TODO(pbourke): while we feel opaque data should cover the most common
# use case, we may want to add support for other secret types in the
# future (see https://goo.gl/tZhfqe)
stored_key_id = manager.store(auth_context,
opaque_data.OpaqueData(data))
except castellan_exception.KeyManagerError as e:
LOG.exception(e)
raise
return stored_key_id
def setUp(self):
super(ServiceTokenTests, self).setUp()
self.user_token_id = uuid.uuid4().hex
self.user_token = fixture.V3Token()
self.user_token.set_project_scope()
self.user_auth = identity.V3Password(auth_url=self.USER_URL,
user_id=uuid.uuid4().hex,
password=uuid.uuid4().hex,
project_id=uuid.uuid4().hex)
self.service_token_id = uuid.uuid4().hex
self.service_token = fixture.V3Token()
self.service_token.set_project_scope()
self.service_auth = identity.V3Password(auth_url=self.SERVICE_URL,
user_id=uuid.uuid4().hex,
password=uuid.uuid4().hex,
project_id=uuid.uuid4().hex)
for t in (self.user_token, self.service_token):
s = t.add_service('identity')
s.add_standard_endpoints(public='http://keystone.example.com',
admin='http://keystone.example.com',
internal='http://keystone.example.com')
self.test_data = {'data': uuid.uuid4().hex}
self.user_mock = self.requests_mock.post(
self.USER_URL + '/auth/tokens',
json=self.user_token,
headers={'X-Subject-Token': self.user_token_id})
self.service_mock = self.requests_mock.post(
self.SERVICE_URL + '/auth/tokens',
json=self.service_token,
headers={'X-Subject-Token': self.service_token_id})
self.requests_mock.get(self.TEST_URL, json=self.test_data)
self.combined_auth = service_token.ServiceTokenAuthWrapper(
self.user_auth,
self.service_auth)
self.session = session.Session(auth=self.combined_auth)
def glanceAuth():
# Authentication & Session Creation
auth = identity.V3Password(auth_url=url,
username=usern,
user_domain_name='Default',
password=passw,
project_name=proj,
project_domain_name='Default')
sess = session.Session(auth=auth)
#sk = client.Client(session=sess)
glance = Client('2', session=sess)
return glance
def getNeutronClient(options):
authurl = options.os_auth_url
user_name = options.os_username
pass_word = options.os_password
tenantname = options.purge_project
os_region_name = options.os_region_name
auth = identity.V3Password(auth_url=authurl,
username=user_name,
user_domain_name='Default',
password=pass_word,
project_name=tenantname,
project_domain_name='Default')
sess = session.Session(auth=auth)
network_client = client.Client(session=sess, region_name=os_region_name)
return network_client
def getOctaviaClient(options):
authurl = options.os_auth_url
user_name = options.os_username
pass_word = options.os_password
tenantname = options.purge_project
os_region_name = options.os_region_name
auth = identity.V3Password(auth_url=authurl,
username=user_name,
user_domain_name='Default',
password=pass_word,
project_name=tenantname,
project_domain_name='Default')
sess = session.Session(auth=auth)
endpoint = sess.get_endpoint(service_type='load-balancer',
region_name=os_region_name)
return octavia.OctaviaAPI(endpoint=endpoint, session=sess)
def get_context():
"""Uses environmental variables to generate authentication
credentials"""
username = os.getenv('OS_USERNAME', None)
password = os.getenv('OS_PASSWORD', None)
auth_url = os.getenv('OS_AUTH_URL', None) + '/v' + os.getenv('OS_IDENTITY_API_VERSION', None)
project_name = os.getenv('OS_PROJECT_NAME', None)
auth = identity.V3Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name="default",
project_domain_name="default")
sess = session.Session(auth=auth, verify=False)
return context.RequestContext(auth_token=auth.get_token(sess),
tenant=auth.get_project_id(sess))
def get_context(self):
username = CONF.identity.username
password = CONF.identity.password
project_name = CONF.identity.project_name
auth_url = CONF.identity.auth_url
user_domain_name = CONF.identity.user_domain_name
project_domain_name = CONF.identity.project_domain_name
auth = identity.V3Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
sess = session.Session(auth=auth)
return context.RequestContext(auth_token=auth.get_token(sess),
tenant=auth.get_project_id(sess))
def get_context(self):
username = CONF.identity.username
password = CONF.identity.password
project_name = CONF.identity.project_name
auth_url = CONF.identity.auth_url
user_domain_name = CONF.identity.user_domain_name
project_domain_name = CONF.identity.project_domain_name
auth = identity.V3Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
sess = session.Session()
return keystone_token.KeystoneToken(
token=auth.get_token(sess),
project_id=auth.get_project_id(sess))
def setUp(self):
super(IntegrationTestCase, self).setUp()
auth = identity.V3Password(auth_url=self.auth_url,
username='******',
password='******',
project_name='demo',
project_domain_id='default',
user_domain_id='default')
sess = session.Session(auth=auth)
self.neutron = neutron.Client(session=sess)
self.keystone = keystone.Client(session=sess)
# Create keystone project and make TF synchronize it
self.project = self._create_keystone_project_for_test()
self.tf_get_resource('project', self.project.id)
self.neutronCleanupQueue = []
def getNeutronClient(options):
authurl = options.os_auth_url
user_name = options.os_username
pass_word = options.os_password
try:
tenantname = options.os_project_name
except AttributeError:
tenantname = options.os_tenant_name
os_region_name = options.os_region_name
os_project_id = options.os_project_id
auth = identity.V3Password(auth_url=authurl,
username=user_name,
user_domain_name='Default',
password=pass_word,
project_name=tenantname,
project_domain_name='Default')
sess = session.Session(auth=auth)
network_client = client.Client(session=sess)
return network_client
def new_client(self):
t = fixture.V3Token(user_id=self.user_id)
t.set_project_scope()
s = t.add_service('identity')
s.add_standard_endpoints(public=self.TEST_URL, admin=self.TEST_URL)
d = fixture.V3Discovery(self.TEST_URL)
headers = {'X-Subject-Token': uuid.uuid4().hex}
self.requests.register_uri('POST',
self.TEST_URL + '/auth/tokens',
headers=headers,
json=t)
self.requests.register_uri('GET', self.TEST_URL, json={'version': d})
a = ksa_identity.V3Password(username=uuid.uuid4().hex,
password=uuid.uuid4().hex,
user_domain_id=uuid.uuid4().hex,
auth_url=self.TEST_URL)
s = ksa_session.Session(auth=a)
return v3_client.Client(session=s)
def getOctaviaClient(options):
authurl = options.os_auth_url
user_name = options.os_username
pass_word = options.os_password
#tenant name and project name is the same thing
try:
tenantname = options.os_project_name
except AttributeError:
tenantname = options.os_tenant_name
os_region_name = options.os_region_name
os_project_id = options.os_project_id
auth = identity.V3Password(auth_url=authurl,
username=user_name,
user_domain_name='Default',
password=pass_word,
project_name=tenantname,
project_domain_name='Default')
sess = session.Session(auth=auth)
network_client = client.Client(session=sess)
return octavia.OctaviaAPI(
endpoint=network_client.get_auth_info()['endpoint_url'], session=sess)
def synchronize_project(contrail_api, project_id):
url = '{}/project/{}'
response = requests.get(url.format(contrail_api, project_id))
message = 'project {}: {}'.format(project_id, response.status_code)
print(message)
if len(sys.argv) > 2:
controller_ip = sys.argv[1]
contrail_ip = sys.argv[2]
else:
controller_ip = os.getenv('CONTROLLER_IP', 'localhost')
contrail_ip = controller_ip
contrail_api = 'http://{}:8082'.format(contrail_ip)
auth_url = 'http://{}/identity/v3'.format(controller_ip)
auth = identity.V3Password(auth_url=auth_url,
username='******', password='******',
project_name='demo',
project_domain_id='default',
user_domain_id='default')
sess = session.Session(auth=auth)
# Requesting contrail for keystone projects enforces contrail
# to synchronize them
keystone = client.Client(session=sess)
project_ids = [str(uuid.UUID(proj.id)) for proj in keystone.projects.list()]
[synchronize_project(contrail_api, p_id) for p_id in project_ids]
from keystoneauth1 import identity
from keystoneauth1 import session
CSV_FILE = "cmdb.csv"
PORT = 9999
auth_params = {
'auth_url': os.environ.get('OS_AUTH_URL', 'http://0.0.0.0:5000/v3'),
'username': os.environ.get('OS_USERNAME', 'admin'),
'password': os.environ.get('OS_PASSWORD', 'admin'),
'domain_name': os.environ.get('OS_DOMAIN_NAME', 'Default'),
'user_domain_name': os.environ.get("OS_USER_DOMAIN_NAME", "Default"),
}
auth = identity.V3Password(**auth_params)
sess = session.Session(auth=auth)
glance = client.Client(version=2, session=sess)
images = glance.images.list()
deploy_kernel = None
deploy_ramdisk = None
for image in images:
if image.name.startswith("ir-deploy"):
if image.name.endswith('.kernel'):
deploy_kernel = image.id
elif image.name.endswith('.initramfs'):
deploy_ramdisk = image.id
if deploy_kernel and deploy_ramdisk:
break
def create_auth_plugin(self, **kwargs):
kwargs.setdefault('auth_url', self.TEST_URL)
kwargs.setdefault('username', self.TEST_USER)
kwargs.setdefault('password', self.TEST_PASS)
return identity.V3Password(**kwargs)
