def _authenticate_keystone(self):
if self.user_id:
creds = {'userId': self.user_id,
'password': self.password}
else:
creds = {'username': self.username,
'password': self.password}
if self.project_id:
body = {'auth': {'passwordCredentials': creds,
'tenantId': self.project_id, }, }
else:
body = {'auth': {'passwordCredentials': creds,
'tenantName': self.project_name, }, }
if self.auth_url is None:
raise exceptions.NoAuthURLProvided()
token_url = self.auth_url + "/tokens"
resp, resp_body = self._cs_request(token_url, "POST",
body=json.dumps(body),
content_type="application/json",
allow_redirects=True)
if resp.status_code != 200:
raise exceptions.Unauthorized(message=resp_body)
if resp_body:
try:
resp_body = json.loads(resp_body)
except ValueError:
pass
else:
resp_body = None
self._extract_service_catalog(resp_body)
def authenticate(self):
if self.auth_strategy != 'keystone':
err_msg = _('Unknown auth strategy: %s') % self.auth_strategy
raise exceptions.Unauthorized(message=err_msg)
if self.tenant_id:
body = {
'auth': {
'passwordCredentials': {
'username': self.username,
'password': self.password,
},
'tenantId': self.tenant_id,
},
}
else:
body = {
'auth': {
'passwordCredentials': {
'username': self.username,
'password': self.password,
},
'tenantName': self.tenant_name,
},
}
if self.auth_url is None:
raise exceptions.NoAuthURLProvided()
token_url = self.auth_url + "/tokens"
# Make sure we follow redirects when trying to reach Keystone
tmp_follow_all_redirects = self.follow_all_redirects
self.follow_all_redirects = True
try:
resp, resp_body = self._cs_request(token_url,
"POST",
body=json.dumps(body),
content_type="application/json")
finally:
self.follow_all_redirects = tmp_follow_all_redirects
status_code = self.get_status_code(resp)
if status_code != 200:
raise exceptions.Unauthorized(message=resp_body)
if resp_body:
try:
resp_body = json.loads(resp_body)
except ValueError:
pass
else:
resp_body = None
self._extract_service_catalog(resp_body)
def _get_endpoint_url(self):
if self.auth_url is None:
raise exceptions.NoAuthURLProvided()
url = self.auth_url + '/tokens/%s/endpoints' % self.auth_token
try:
resp, body = self._cs_request(url, "GET")
except exceptions.Unauthorized:
# rollback to authenticate() to handle case when neutron client
# is initialized just before the token is expired
self.authenticate()
return self.endpoint_url
body = json.loads(body)
for endpoint in body.get('endpoints', []):
if (endpoint['type'] == 'network'
and endpoint.get('region') == self.region_name):
if self.endpoint_type not in endpoint:
raise exceptions.EndpointTypeNotFound(
type_=self.endpoint_type)
return endpoint[self.endpoint_type]
raise exceptions.EndpointNotFound()
def _authenticate(cls, auth_url):
"""Authenticate against noauth or the Rackspace auth service."""
if cls.auth_strategy == 'noauth':
if not cls.endpoint_url:
message = ('For "noauth" authentication strategy, the endpoint '
'must be specified either in the constructor or '
'using --os-url')
raise exceptions.Unauthorized(message=message)
else:
return None
if not auth_url:
raise exceptions.NoAuthURLProvided()
body = {
"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": cls.username,
"apiKey": cls.password
},
}
}
token_url = cls.auth_url + "/tokens"
resp, resp_body = cls._cs_request(token_url,
"POST",
body=json.dumps(body),
content_type="application/json",
allow_redirects=True)
if resp_body:
try:
resp_body = json.loads(resp_body)
except ValueError:
pass
else:
resp_body = None
return resp_body
