Esempi in Python per ServiceTokenAuthWrapper

Esempio n. 1

File: client_factory.py Progetto: weibird0917/karbor

    def _generate_session(cls, context, service, privileged_user=False):
        LOG.debug("Generate an auth session. privileged_user: %s",
                  privileged_user)
        plugin = cls.get_keystone_plugin()
        try:
            if privileged_user is True:
                auth_plugin = service_token.ServiceTokenAuthWrapper(
                    plugin.service_auth_plugin, plugin.service_auth_plugin)
            else:
                auth_plugin = service_token.ServiceTokenAuthWrapper(
                    plugin.create_user_auth_plugin(context),
                    plugin.service_auth_plugin)
        except Exception:
            return None

        try:
            client_conf = cfg.CONF['%s_client' % service]
            auth_insecure = client_conf['%s_auth_insecure' % service]
            ca_file = client_conf['%s_ca_cert_file' % service]
            verify = False if auth_insecure else (ca_file or True)

        except Exception:
            verify = True

        return keystone_session.Session(auth=auth_plugin, verify=verify)

Esempio n. 2

def get_service_auth(endpoint, auth_token, service_auth):
    """Create auth plugin wrapping both user and service auth.

    When properly configured and using auth_token middleware,
    requests with valid service auth will not fail
    if the user token is expired.

    Ideally we would use the plugin provided by auth_token middleware
    however this plugin isn't serialized yet.
    """
    user_auth = token_endpoint.Token(endpoint, auth_token)
    return service_token.ServiceTokenAuthWrapper(user_auth=user_auth,
                                                 service_auth=service_auth)

Esempio n. 3

File: service_auth.py Progetto: runzexia/openstack-daocloud-px

def get_auth_plugin(context):
    user_auth = context.get_auth_plugin()

    if CONF.service_user.send_service_user_token:
        global _SERVICE_AUTH
        if not _SERVICE_AUTH:
            _SERVICE_AUTH = ks_loading.load_auth_from_conf_options(
                                CONF,
                                group=
                                nova.conf.service_token.SERVICE_USER_GROUP)
        return service_token.ServiceTokenAuthWrapper(
                   user_auth=user_auth,
                   service_auth=_SERVICE_AUTH)

    return user_auth

Esempio n. 4

def get_auth_plugin(context):
    user_auth = context.get_auth_plugin()

    if CONF.service_user.send_service_user_token:
        global _SERVICE_AUTH
        if not _SERVICE_AUTH:
            _SERVICE_AUTH = ks_loading.load_auth_from_conf_options(
                CONF, group=nova.conf.service_token.SERVICE_USER_GROUP)
            if _SERVICE_AUTH is None:
                # This indicates a misconfiguration so log a warning and
                # return the user_auth.
                LOG.warning('Unable to load auth from [service_user] '
                            'configuration. Ensure "auth_type" is set.')
                return user_auth
        return service_token.ServiceTokenAuthWrapper(
            user_auth=user_auth, service_auth=_SERVICE_AUTH)

    return user_auth

Esempio n. 5

    def setUp(self):
        super(ServiceTokenTests, self).setUp()

        self.user_token_id = uuid.uuid4().hex
        self.user_token = fixture.V3Token()
        self.user_token.set_project_scope()
        self.user_auth = identity.V3Password(auth_url=self.USER_URL,
                                             user_id=uuid.uuid4().hex,
                                             password=uuid.uuid4().hex,
                                             project_id=uuid.uuid4().hex)

        self.service_token_id = uuid.uuid4().hex
        self.service_token = fixture.V3Token()
        self.service_token.set_project_scope()
        self.service_auth = identity.V3Password(auth_url=self.SERVICE_URL,
                                                user_id=uuid.uuid4().hex,
                                                password=uuid.uuid4().hex,
                                                project_id=uuid.uuid4().hex)

        for t in (self.user_token, self.service_token):
            s = t.add_service('identity')
            s.add_standard_endpoints(public='http://keystone.example.com',
                                     admin='http://keystone.example.com',
                                     internal='http://keystone.example.com')

        self.test_data = {'data': uuid.uuid4().hex}

        self.user_mock = self.requests_mock.post(
            self.USER_URL + '/auth/tokens',
            json=self.user_token,
            headers={'X-Subject-Token': self.user_token_id})

        self.service_mock = self.requests_mock.post(
            self.SERVICE_URL + '/auth/tokens',
            json=self.service_token,
            headers={'X-Subject-Token': self.service_token_id})

        self.requests_mock.get(self.TEST_URL, json=self.test_data)

        self.combined_auth = service_token.ServiceTokenAuthWrapper(
            self.user_auth,
            self.service_auth)

        self.session = session.Session(auth=self.combined_auth)

Esempio n. 6

def get_auth_plugin(context, auth=None):
    if auth:
        user_auth = auth
    else:
        user_auth = context.get_auth_plugin()

    if CONF.service_user.send_service_user_token:
        global _SERVICE_AUTH
        if not _SERVICE_AUTH:
            _SERVICE_AUTH = ks_loading.load_auth_from_conf_options(
                CONF, group=SERVICE_USER_GROUP)
            if _SERVICE_AUTH is None:
                # This can happen if no auth_type is specified, which probably
                # means there's no auth information in the [service_user] group
                raise exception.ServiceUserTokenNoAuth()
        return service_token.ServiceTokenAuthWrapper(
            user_auth=user_auth, service_auth=_SERVICE_AUTH)

    return user_auth

Esempio n. 7

File: ironic.py Progetto: tzumainn/esi-leap

def get_ironic_client(context=None):
    session = ks_loading.load_session_from_conf_options(CONF, 'ironic')
    service_auth = ks_loading.load_auth_from_conf_options(CONF, 'ironic')

    # use user context if provided
    user_auth = None
    if context:
        endpoint = ks_loading.load_adapter_from_conf_options(
            CONF, 'ironic', session=session, auth=service_auth).get_endpoint()
        user_auth = service_token.ServiceTokenAuthWrapper(
            user_auth=token_endpoint.Token(endpoint, context.auth_token),
            service_auth=service_auth)
    sess = ks_loading.load_session_from_conf_options(CONF,
                                                     'ironic',
                                                     auth=user_auth
                                                     or service_auth)

    kwargs = {'os_ironic_api_version': '1.65'}
    cli = ironic_client.get_client(1, session=sess, **kwargs)
    return cli