def wrapper(self, *args, **kwargs): """Wrapper around methods calls. :param image_href: href that describes the location of an image """ if self.client: return func(self, *args, **kwargs) global _GLANCE_SESSION if not _GLANCE_SESSION: _GLANCE_SESSION = keystone.get_session('glance') # NOTE(pas-ha) glanceclient uses Adapter-based SessionClient, # so we can pass session and auth separately, makes things easier service_auth = keystone.get_auth('glance') self.endpoint = keystone.get_endpoint('glance', session=_GLANCE_SESSION, auth=service_auth) user_auth = None # NOTE(pas-ha) our ContextHook removes context.auth_token in noauth # case, so when ironic is in noauth but glance is not, we will not # enter the next if-block and use auth from [glance] config section if self.context.auth_token: user_auth = keystone.get_service_auth(self.context, self.endpoint, service_auth) self.client = client.Client(2, session=_GLANCE_SESSION, auth=user_auth or service_auth, endpoint_override=self.endpoint, global_request_id=self.context.global_id) return func(self, *args, **kwargs)
def get_client(token=None, context=None): if not context: context = ironic_context.RequestContext(auth_token=token) # NOTE(pas-ha) neutronclient supports passing both session # and the auth to client separately, makes things easier session = _get_neutron_session() service_auth = keystone.get_auth('neutron') # TODO(pas-ha) remove in Rocky, always simply load from config # 'noauth' then would correspond to 'auth_type=none' and # 'endpoint_override' adapter_params = {} if (CONF.neutron.auth_strategy == 'noauth' and CONF.neutron.auth_type is None): CONF.set_override('auth_type', 'none', group='neutron') if not CONF.neutron.endpoint_override: adapter_params['endpoint_override'] = (CONF.neutron.url or DEFAULT_NEUTRON_URL) else: if CONF.neutron.url and not CONF.neutron.endpoint_override: adapter_params['endpoint_override'] = CONF.neutron.url adapter = keystone.get_adapter('neutron', session=session, auth=service_auth, **adapter_params) endpoint = adapter.get_endpoint() user_auth = None if CONF.neutron.auth_type != 'none' and context.auth_token: user_auth = keystone.get_service_auth(context, endpoint, service_auth) return clientv20.Client(session=session, auth=user_auth or service_auth, endpoint_override=endpoint, retries=CONF.neutron.retries, global_request_id=context.global_id)
def get_client(token=None, context=None, auth_from_config=False): """Retrieve a neutron client connection. :param context: request context, instance of ironic.common.context.RequestContext :param auth_from_config: (boolean) When True, use auth values from conf parameters :returns: A neutron client. """ if not context: context = ironic_context.RequestContext(auth_token=token) session = _get_neutron_session() service_auth = keystone.get_auth('neutron') endpoint = keystone.get_endpoint('neutron', session=session, auth=service_auth) user_auth = None if (not auth_from_config and CONF.neutron.auth_type != 'none' and context.auth_token): user_auth = keystone.get_service_auth(context, endpoint, service_auth) sess = keystone.get_session('neutron', timeout=CONF.neutron.timeout, auth=user_auth or service_auth) conn = openstack.connection.Connection(session=sess, oslo_conf=CONF) return conn.global_request(context.global_id).network
def get_client(token=None, context=None): if not context: context = ironic_context.RequestContext(auth_token=token) # NOTE(pas-ha) neutronclient supports passing both session # and the auth to client separately, makes things easier session = _get_neutron_session() service_auth = keystone.get_auth('neutron') # TODO(pas-ha) remove in Rocky, always simply load from config # 'noauth' then would correspond to 'auth_type=none' and # 'endpoint_override' adapter_params = {} if (CONF.neutron.auth_strategy == 'noauth' and CONF.neutron.auth_type is None): CONF.set_override('auth_type', 'none', group='neutron') if not CONF.neutron.endpoint_override: adapter_params['endpoint_override'] = (CONF.neutron.url or DEFAULT_NEUTRON_URL) else: if CONF.neutron.url and not CONF.neutron.endpoint_override: adapter_params['endpoint_override'] = CONF.neutron.url adapter = keystone.get_adapter('neutron', session=session, auth=service_auth, **adapter_params) endpoint = adapter.get_endpoint() user_auth = None if CONF.neutron.auth_type != 'none' and context.auth_token: user_auth = keystone.get_service_auth(context, endpoint, service_auth) return clientv20.Client(session=session, auth=user_auth or service_auth, endpoint_override=endpoint, retries=CONF.neutron.retries, global_request_id=context.global_id, timeout=CONF.neutron.request_timeout)
def wrapper(self, *args, **kwargs): """Wrapper around methods calls. :param image_href: href that describes the location of an image """ if self.client: return func(self, *args, **kwargs) # TODO(pas-ha) remove in Rocky session_params = {} if CONF.glance.glance_api_insecure and not CONF.glance.insecure: session_params['insecure'] = CONF.glance.glance_api_insecure if CONF.glance.glance_cafile and not CONF.glance.cafile: session_params['cacert'] = CONF.glance.glance_cafile # NOTE(pas-ha) glanceclient uses Adapter-based SessionClient, # so we can pass session and auth separately, makes things easier session = _get_glance_session(**session_params) # TODO(pas-ha) remove in Rocky # NOTE(pas-ha) new option must win if configured if (CONF.glance.glance_api_servers and not CONF.glance.endpoint_override): # NOTE(pas-ha) all the 2 methods have image_href as the first # positional arg, but check in kwargs too image_href = args[0] if args else kwargs.get('image_href') url = service_utils.get_glance_api_server(image_href) CONF.set_override('endpoint_override', url, group='glance') # TODO(pas-ha) remove in Rocky if CONF.glance.auth_strategy == 'noauth': CONF.set_override('auth_type', 'none', group='glance') service_auth = keystone.get_auth('glance') # TODO(pas-ha) remove in Rocky adapter_params = {} if CONF.keystone.region_name and not CONF.glance.region_name: adapter_params['region_name'] = CONF.keystone.region_name adapter = keystone.get_adapter('glance', session=session, auth=service_auth, **adapter_params) self.endpoint = adapter.get_endpoint() user_auth = None # NOTE(pas-ha) our ContextHook removes context.auth_token in noauth # case, so when ironic is in noauth but glance is not, we will not # enter the next if-block and use auth from [glance] config section if self.context.auth_token: user_auth = keystone.get_service_auth(self.context, self.endpoint, service_auth) self.client = client.Client(self.version, session=session, auth=user_auth or service_auth, endpoint_override=self.endpoint, global_request_id=self.context.global_id) return func(self, *args, **kwargs)
def test_get_service_auth(self, token_mock, service_auth_mock): ctxt = context.RequestContext(auth_token='spam') mock_auth = mock.Mock() self.assertEqual(service_auth_mock.return_value, keystone.get_service_auth(ctxt, 'ham', mock_auth)) token_mock.assert_called_once_with('ham', 'spam') service_auth_mock.assert_called_once_with( user_auth=token_mock.return_value, service_auth=mock_auth)
def wrapper(self, *args, **kwargs): """Wrapper around methods calls. :param image_href: href that describes the location of an image """ if self.client: return func(self, *args, **kwargs) # TODO(pas-ha) remove in Rocky session_params = {} if CONF.glance.glance_api_insecure and not CONF.glance.insecure: session_params['insecure'] = CONF.glance.glance_api_insecure if CONF.glance.glance_cafile and not CONF.glance.cafile: session_params['cacert'] = CONF.glance.glance_cafile # NOTE(pas-ha) glanceclient uses Adapter-based SessionClient, # so we can pass session and auth separately, makes things easier session = _get_glance_session(**session_params) # TODO(pas-ha) remove in Rocky # NOTE(pas-ha) new option must win if configured if (CONF.glance.glance_api_servers and not CONF.glance.endpoint_override): # NOTE(pas-ha) all the 2 methods have image_href as the first # positional arg, but check in kwargs too image_href = args[0] if args else kwargs.get('image_href') url = service_utils.get_glance_api_server(image_href) CONF.set_override('endpoint_override', url, group='glance') # TODO(pas-ha) remove in Rocky if CONF.glance.auth_strategy == 'noauth': CONF.set_override('auth_type', 'none', group='glance') service_auth = keystone.get_auth('glance') adapter_params = {} adapter = keystone.get_adapter('glance', session=session, auth=service_auth, **adapter_params) self.endpoint = adapter.get_endpoint() user_auth = None # NOTE(pas-ha) our ContextHook removes context.auth_token in noauth # case, so when ironic is in noauth but glance is not, we will not # enter the next if-block and use auth from [glance] config section if self.context.auth_token: user_auth = keystone.get_service_auth(self.context, self.endpoint, service_auth) self.client = client.Client(2, session=session, auth=user_auth or service_auth, endpoint_override=self.endpoint, global_request_id=self.context.global_id) return func(self, *args, **kwargs)
def get_client(token=None, context=None): if not context: context = ironic_context.RequestContext(auth_token=token) # NOTE(pas-ha) neutronclient supports passing both session # and the auth to client separately, makes things easier session = _get_neutron_session() service_auth = keystone.get_auth('neutron') endpoint = keystone.get_endpoint('neutron', session=session, auth=service_auth) user_auth = None if CONF.neutron.auth_type != 'none' and context.auth_token: user_auth = keystone.get_service_auth(context, endpoint, service_auth) return clientv20.Client(session=session, auth=user_auth or service_auth, endpoint_override=endpoint, retries=CONF.neutron.retries, global_request_id=context.global_id, timeout=CONF.neutron.request_timeout)