def authenticate(self,
username=None,
password=None,
api_key=None,
tenant_id=None,
connect=False):
"""
Using the supplied credentials, connects to the specified
authentication endpoint and attempts to log in.
Credentials can either be passed directly to this method, or
previously-stored credentials can be used. If authentication is
successful, the token and service catalog information is stored, and
clients for each service and region are created.
The 'connect' parameter is retained for backwards compatibility. It no
longer has any effect.
"""
self.username = username or self.username or pyos.get_setting(
"username")
# Different identity systems may pass these under inconsistent names.
self.password = password or self.password or api_key or self.api_key
self.api_key = api_key or self.api_key or self.password
self.tenant_id = tenant_id or self.tenant_id or pyos.get_setting(
"tenant_id")
creds = self._format_credentials()
headers = {
"Content-Type": "application/json",
"Accept": "application/json",
}
resp, resp_body = self.method_post("tokens",
data=creds,
headers=headers,
std_headers=False)
if resp.status_code == 401:
# Invalid authorization
raise exc.AuthenticationFailed("Incorrect/unauthorized "
"credentials received")
elif 500 <= resp.status_code < 600:
# Internal Server Error
try:
error_msg = resp_body[list(resp_body.keys())[0]]["message"]
except KeyError:
error_msg = "Service Currently Unavailable"
raise exc.InternalServerError(error_msg)
elif resp.status_code > 299:
try:
msg = resp_body[list(resp_body.keys())[0]]["message"]
except KeyError:
msg = None
if msg:
err = "%s - %s." % (resp.reason, msg)
else:
err = "%s." % resp.reason
raise exc.AuthenticationFailed(err)
self._parse_response(resp_body)
self.authenticated = True
def test_read_config(self):
dummy_cfg = fakes.fake_config_file
sav_region = pyos.default_region
sav_USER_AGENT = pyos.USER_AGENT
with utils.SelfDeletingTempfile() as cfgfile:
with open(cfgfile, "w") as cfg:
cfg.write(dummy_cfg)
pyos.settings.read_config(cfgfile)
self.assertEqual(pyos.get_setting("region"), "FAKE")
self.assertTrue(pyos.get_setting("user_agent").startswith("FAKE "))
pyos.default_region = sav_region
pyos.USER_AGENT = sav_USER_AGENT
def test_read_config(self):
dummy_cfg = fakes.fake_config_file
sav_region = pyos.default_region
sav_USER_AGENT = pyos.USER_AGENT
with utils.SelfDeletingTempfile() as cfgfile:
with open(cfgfile, "w") as cfg:
cfg.write(dummy_cfg)
pyos.settings.read_config(cfgfile)
self.assertEqual(pyos.get_setting("region"), "FAKE")
self.assertTrue(pyos.get_setting("user_agent").startswith("FAKE "))
pyos.default_region = sav_region
pyos.USER_AGENT = sav_USER_AGENT
def authenticate(self, username=None, password=None, api_key=None,
tenant_id=None, connect=False):
"""
Using the supplied credentials, connects to the specified
authentication endpoint and attempts to log in.
Credentials can either be passed directly to this method, or
previously-stored credentials can be used. If authentication is
successful, the token and service catalog information is stored, and
clients for each service and region are created.
The 'connect' parameter is retained for backwards compatibility. It no
longer has any effect.
"""
self.username = username or self.username or pyos.get_setting(
"username")
# Different identity systems may pass these under inconsistent names.
self.password = password or self.password or api_key or self.api_key
self.api_key = api_key or self.api_key or self.password
self.tenant_id = tenant_id or self.tenant_id or pyos.get_setting(
"tenant_id")
creds = self._format_credentials()
headers = {"Content-Type": "application/json",
"Accept": "application/json",
}
resp, resp_body = self.method_post("tokens", data=creds,
headers=headers, std_headers=False)
if resp.status_code == 401:
# Invalid authorization
raise exc.AuthenticationFailed("Incorrect/unauthorized "
"credentials received")
elif 500 <= resp.status_code < 600:
# Internal Server Error
try:
error_msg = resp_body[list(resp_body.keys())[0]]["message"]
except KeyError:
error_msg = "Service Currently Unavailable"
raise exc.InternalServerError(error_msg)
elif resp.status_code > 299:
try:
msg = resp_body[list(resp_body.keys())[0]]["message"]
except KeyError:
msg = None
if msg:
err = "%s - %s." % (resp.reason, msg)
else:
err = "%s." % resp.reason
raise exc.AuthenticationFailed(err)
self._parse_response(resp_body)
self.authenticated = True
def keyring_auth(self, username=None):
"""
Uses the keyring module to retrieve the user's password or api_key.
"""
if not keyring:
# Module not installed
raise exc.KeyringModuleNotInstalled(
"The 'keyring' Python module "
"is not installed on this system.")
if username is None:
username = pyos.get_setting("keyring_username")
if not username:
raise exc.KeyringUsernameMissing("No username specified for "
"keyring authentication.")
password = keyring.get_password("pyos", username)
if password is None:
raise exc.KeyringPasswordNotFound("No password was found for the "
"username '%s'." % username)
style = self._creds_style or self._default_creds_style
# Keyring username may be different than the credentials. Use the
# existing username, if present; otherwise, use the supplied username.
username = self.username or username
if style == "apikey":
return self.authenticate(username=username, api_key=password)
else:
return self.authenticate(username=username, password=password)
def keyring_auth(self, username=None):
"""
Uses the keyring module to retrieve the user's password or api_key.
"""
if not keyring:
# Module not installed
raise exc.KeyringModuleNotInstalled("The 'keyring' Python module "
"is not installed on this system.")
if username is None:
username = pyos.get_setting("keyring_username")
if not username:
raise exc.KeyringUsernameMissing("No username specified for "
"keyring authentication.")
password = keyring.get_password("pyos", username)
if password is None:
raise exc.KeyringPasswordNotFound("No password was found for the "
"username '%s'." % username)
style = self._creds_style or self._default_creds_style
# Keyring username may be different than the credentials. Use the
# existing username, if present; otherwise, use the supplied username.
username = self.username or username
if style == "apikey":
return self.authenticate(username=username, api_key=password)
else:
return self.authenticate(username=username, password=password)
def test_connect_to_cloudfiles_ServiceNet(self):
orig = pyos.get_setting("use_servicenet")
pyos.set_setting("use_servicenet", True)
pyos.cloudfiles = None
pyos.connect_to_cloudfiles = self.orig_connect_to_cloudfiles
sav = pyos._create_client
pyos._create_client = Mock()
cf = pyos.connect_to_cloudfiles(public=False)
pyos._create_client.assert_called_once_with(ep_name="object_store",
region=None, public=False)
pyos.set_setting("use_servicenet", orig)
pyos._create_client = sav
def test_settings_get_from_env(self):
pyos.settings._settings = {"default": {}}
pyos.settings.env_dct = {"identity_type": "fake"}
typ = utils.random_unicode()
ident = utils.random_unicode()
sav_env = os.environ
sav_imp = pyos._import_identity
pyos._import_identity = Mock(return_value=ident)
os.environ = {"fake": typ}
ret = pyos.get_setting("identity_class")
pyos._import_identity = sav_imp
os.environ = sav_env
def test_settings_get_from_env(self):
pyos.settings._settings = {"default": {}}
pyos.settings.env_dct = {"identity_type": "fake"}
typ = utils.random_unicode()
ident = utils.random_unicode()
sav_env = os.environ
sav_imp = pyos._import_identity
pyos._import_identity = Mock(return_value=ident)
os.environ = {"fake": typ}
ret = pyos.get_setting("identity_class")
pyos._import_identity = sav_imp
os.environ = sav_env
def test_connect_to_cloudfiles_ServiceNet(self):
orig = pyos.get_setting("use_servicenet")
pyos.set_setting("use_servicenet", True)
pyos.cloudfiles = None
pyos.connect_to_cloudfiles = self.orig_connect_to_cloudfiles
sav = pyos._create_client
pyos._create_client = Mock()
cf = pyos.connect_to_cloudfiles(public=False)
pyos._create_client.assert_called_once_with(ep_name="object_store",
region=None,
public=False)
pyos.set_setting("use_servicenet", orig)
pyos._create_client = sav
def _create_client(self, clt_class, url, public=True, special=False):
"""
Creates a client instance for the service.
"""
verify_ssl = pyos.get_setting("verify_ssl")
if self.service == "compute" and not special:
# Novaclient requires different parameters.
client = pyos.connect_to_cloudservers(region=self.region,
context=self.identity)
client.identity = self.identity
else:
client = clt_class(self.identity, region_name=self.region,
management_url=url, verify_ssl=verify_ssl)
return client
def _create_client(self, clt_class, url, public=True, special=False):
"""
Creates a client instance for the service.
"""
verify_ssl = pyos.get_setting("verify_ssl")
if self.service == "compute" and not special:
# Novaclient requires different parameters.
client = pyos.connect_to_cloudservers(region=self.region,
context=self.identity)
client.identity = self.identity
else:
client = clt_class(self.identity,
region_name=self.region,
management_url=url,
verify_ssl=verify_ssl)
return client
def test_safe_region(self):
# Pass direct
reg = utils.random_unicode()
ret = pyos._safe_region(reg)
self.assertEqual(reg, ret)
# From config setting
orig_reg = pyos.get_setting("region")
reg = utils.random_unicode()
pyos.set_setting("region", reg)
ret = pyos._safe_region()
self.assertEqual(reg, ret)
# Identity default
pyos.set_setting("region", None)
orig_defreg = pyos.identity.get_default_region
reg = utils.random_unicode()
pyos.identity.get_default_region = Mock(return_value=reg)
ret = pyos._safe_region()
self.assertEqual(reg, ret)
pyos.identity.get_default_region = orig_defreg
pyos.set_setting("region", orig_reg)
def test_safe_region(self):
# Pass direct
reg = utils.random_unicode()
ret = pyos._safe_region(reg)
self.assertEqual(reg, ret)
# From config setting
orig_reg = pyos.get_setting("region")
reg = utils.random_unicode()
pyos.set_setting("region", reg)
ret = pyos._safe_region()
self.assertEqual(reg, ret)
# Identity default
pyos.set_setting("region", None)
orig_defreg = pyos.identity.get_default_region
reg = utils.random_unicode()
pyos.identity.get_default_region = Mock(return_value=reg)
ret = pyos._safe_region()
self.assertEqual(reg, ret)
pyos.identity.get_default_region = orig_defreg
pyos.set_setting("region", orig_reg)
def _get_auth_endpoint(self):
"""
Broken out in case subclasses need to determine endpoints dynamically.
"""
return self._auth_endpoint or pyos.get_setting("auth_endpoint")
def test_settings_set_region(self):
key = "region"
val = utils.random_unicode()
pyos.settings.set(key, val)
self.assertEqual(pyos.get_setting(key), val)
def test_settings_set_verify_ssl(self):
key = "verify_ssl"
val = utils.random_unicode()
pyos.settings.set(key, val)
self.assertEqual(pyos.get_setting(key), val)
def test_settings_set_region(self):
key = "region"
val = utils.random_unicode()
pyos.settings.set(key, val)
self.assertEqual(pyos.get_setting(key), val)
def test_settings_set_verify_ssl(self):
key = "verify_ssl"
val = utils.random_unicode()
pyos.settings.set(key, val)
self.assertEqual(pyos.get_setting(key), val)
def _get_auth_endpoint(self):
"""
Broken out in case subclasses need to determine endpoints dynamically.
"""
return self._auth_endpoint or pyos.get_setting("auth_endpoint")
def test_settings_get(self):
def_ep = pyos.get_setting("auth_endpoint", "default")
alt_ep = pyos.get_setting("auth_endpoint", "alternate")
self.assertEqual(def_ep, "DEFAULT_AUTH")
self.assertEqual(alt_ep, "ALT_AUTH")
def test_settings_get(self):
def_ep = pyos.get_setting("auth_endpoint", "default")
alt_ep = pyos.get_setting("auth_endpoint", "alternate")
self.assertEqual(def_ep, "DEFAULT_AUTH")
self.assertEqual(alt_ep, "ALT_AUTH")