def test_getting_endpoints_on_auth_interface(self): disc = fixture.DiscoveryList(href=self.BASE_URL) self.stub_url('GET', ['/'], base_url=self.BASE_URL, status_code=300, json=disc) token = fixture.V2Token() service = token.add_service(self.IDENTITY) service.add_endpoint(public=self.V2_URL, admin=self.V2_URL, internal=self.V2_URL) self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token) v2_auth = identity.V2Password(self.V2_URL, username=uuid.uuid4().hex, password=uuid.uuid4().hex) sess = session.Session(auth=v2_auth) endpoint = sess.get_endpoint(interface=plugin.AUTH_INTERFACE, version=(3, 0)) self.assertEqual(self.V3_URL, endpoint)
def _get_auth_plugin(self): """Load an auth plugin from CONF options.""" # If an auth plugin name is defined in `auth_type` option of [ironic] # group, register its options and load it. auth_plugin = ks_loading.load_auth_from_conf_options( CONF, IRONIC_GROUP.name) # If no plugin name is defined, load a v2Password plugin from the # deprecated, legacy auth options in [ironic] group. if auth_plugin is None: LOG.warning( _LW("Couldn't find adequate authentication options " "under the [ironic] group of nova.conf. Falling " "to legacy auth options: admin_username, " "admin_password, admin_tenant_name and admin_url. " "Please note that these options are deprecated " "and won't be supported anymore in a future " "release.")) legacy_auth = { 'username': CONF.ironic.admin_username, 'password': CONF.ironic.admin_password, 'tenant_name': CONF.ironic.admin_tenant_name, 'auth_url': CONF.ironic.admin_url } auth_plugin = identity.V2Password(**legacy_auth) return auth_plugin
def get_admin_session(auth_url, username, password, project_name=None, project_domain_name=None, user_domain_name=None, verify=False, timeout=180): if 'v3' in auth_url: auth = keystone_auth.V3Password( auth_url=auth_url, username=username, password=password, project_name=project_name, project_domain_name=project_domain_name, user_domain_name=user_domain_name) else: auth = keystone_auth.V2Password(auth_url, username=username, password=password, tenant_name=project_name) session = keystone_auth_session.Session(auth=auth, timeout=timeout, verify=verify) return session
def create_auth_plugin(self, **kwargs): kwargs.setdefault('auth_url', self.TEST_URL) kwargs.setdefault('username', self.TEST_USER) kwargs.setdefault('password', self.TEST_PASS) try: kwargs.setdefault('tenant_id', kwargs.pop('project_id')) except KeyError: pass try: kwargs.setdefault('tenant_name', kwargs.pop('project_name')) except KeyError: pass return identity.V2Password(**kwargs)
def new_client(self): t = fixture.V2Token(user_id=self.user_id) t.set_scope() s = t.add_service('identity') s.add_endpoint(self.TEST_URL) d = fixture.V2Discovery(self.TEST_URL) self.requests.register_uri('POST', self.TEST_URL + '/tokens', json=t) # NOTE(jamielennox): Because of the versioned URL hack here even though # the V2 URL will be in the service catalog it will be the root URL # that will be queried for discovery. self.requests.register_uri('GET', self.TEST_ROOT_URL, json={'version': d}) a = ksa_identity.V2Password(username=uuid.uuid4().hex, password=uuid.uuid4().hex, auth_url=self.TEST_URL) s = ksa_session.Session(auth=a) return v2_client.Client(session=s)
def test_returns_original_when_discover_fails(self): token = fixture.V2Token() service = token.add_service(self.IDENTITY) service.add_endpoint(public=self.V2_URL, admin=self.V2_URL, internal=self.V2_URL) self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token) self.stub_url('GET', [], base_url=self.BASE_URL, status_code=404) v2_auth = identity.V2Password(self.V2_URL, username=uuid.uuid4().hex, password=uuid.uuid4().hex) sess = session.Session(auth=v2_auth) endpoint = sess.get_endpoint(service_type=self.IDENTITY, interface='public', version=(3, 0)) self.assertEqual(self.V2_URL, endpoint)
def create_auth_plugin(self, **kwargs): kwargs.setdefault('auth_url', self.TEST_URL) kwargs.setdefault('username', self.TEST_USER) kwargs.setdefault('password', self.TEST_PASS) return identity.V2Password(**kwargs)
type=str, default='admin', help='Keystone user password, must have admin access') parser.add_argument('--project-name', type=str, default='admin', help='Keystone user project name, must have admin access') opts = parser.parse_args() auth_params = { "username": os.environ.get("OS_USERNAME", opts.username), "password": os.environ.get("OS_PASSWORD", opts.password), "tenant_name": os.environ.get("OS_PROJECT_NAME", opts.project_name), } auth = identity.V2Password(os.environ.get("OS_AUTH_URL", opts.auth_url), **auth_params) try: sess = session.Session(auth=auth) nc = client.Client(session=sess) network_name = opts.network network = nc.list_networks(name=network_name)['networks'][0] print(network['provider:segmentation_id']) create_body = { 'port': { 'network_id': network['id'], 'admin_state_up': True, 'name': 'generic_switch_test' }
def test_setting_no_discover_hack(self): v2_disc = fixture.V2Discovery(self.V2_URL) common_disc = fixture.DiscoveryList(href=self.BASE_URL) v2_m = self.stub_url('GET', ['v2.0'], base_url=self.BASE_URL, status_code=200, json=v2_disc) common_m = self.stub_url('GET', [], base_url=self.BASE_URL, status_code=300, json=common_disc) resp_text = uuid.uuid4().hex resp_m = self.stub_url('GET', ['v3', 'path'], base_url=self.BASE_URL, status_code=200, text=resp_text) # it doesn't matter that we auth with v2 here, discovery hack is in # base. All identity endpoints point to v2 urls. token = fixture.V2Token() service = token.add_service(self.IDENTITY) service.add_endpoint(public=self.V2_URL, admin=self.V2_URL, internal=self.V2_URL) self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token) v2_auth = identity.V2Password(self.V2_URL, username=uuid.uuid4().hex, password=uuid.uuid4().hex) sess = session.Session(auth=v2_auth) # v2 auth with v2 url doesn't make any discovery calls. self.assertFalse(v2_m.called) self.assertFalse(common_m.called) # v3 endpoint with hack will strip v2 suffix and call root discovery endpoint = sess.get_endpoint(service_type=self.IDENTITY, version=(3, 0), allow_version_hack=True) # got v3 url self.assertEqual(self.V3_URL, endpoint) # only called root discovery. self.assertFalse(v2_m.called) self.assertTrue(common_m.called_once) # with hack turned off it calls v2 discovery and finds nothing endpoint = sess.get_endpoint(service_type=self.IDENTITY, version=(3, 0), allow_version_hack=False) self.assertIsNone(endpoint) # this one called v2 self.assertTrue(v2_m.called_once) self.assertTrue(common_m.called_once) # get_endpoint returning None raises EndpointNotFound when requesting self.assertRaises(exceptions.EndpointNotFound, sess.get, '/path', endpoint_filter={ 'service_type': 'identity', 'version': (3, 0), 'allow_version_hack': False }) self.assertFalse(resp_m.called) # works when allow_version_hack is set resp = sess.get('/path', endpoint_filter={ 'service_type': 'identity', 'version': (3, 0), 'allow_version_hack': True }) self.assertTrue(resp_m.called_once) self.assertEqual(resp_text, resp.text)