def get_admin_session(auth_url, username, password, project_name=None, project_domain_name=None, user_domain_name=None, verify=False, timeout=180): if 'v3' in auth_url: auth = keystone_auth.V3Password( auth_url=auth_url, username=username, password=password, project_name=project_name, project_domain_name=project_domain_name, user_domain_name=user_domain_name) else: auth = keystone_auth.V2Password(auth_url, username=username, password=password, tenant_name=project_name) session = keystone_auth_session.Session(auth=auth, timeout=timeout, verify=verify) return session
def main(): module = AnsibleModule( argument_spec = dict( key=dict(required=True, type='str'), ), supports_check_mode=False ) # Keystone V3 password authentication auth = identity.V3Password(auth_url=os.getenv('OS_AUTH_URL'), username=os.getenv('OS_USERNAME'), user_domain_name=os.getenv('OS_USER_DOMAIN_NAME', 'Default'), password=os.getenv('OS_PASSWORD'), project_name=os.getenv('OS_PROJECT_NAME'), project_domain_name=os.getenv('OS_PROJECT_DOMAIN_NAME','Default')) sess = session.Session(auth=auth) barbican = client.Client(session=sess) if not barbican: module.fail_json(msg="Unable to initialise Barbican client") secret_key = module.params['key'] secret_list = barbican.secrets.list(name=secret_key) if secret_list: retrieved_secret = secret_list[0].payload module.exit_json(changed=True, secret=retrieved_secret)
def get_auth_token_and_endpoint(region_name): from keystoneauth1 import identity from keystoneauth1 import session from keystoneauth1 import exceptions user_env_map = { 'OS_USERNAME': '******', 'OS_PASSWORD': '******', 'OS_PROJECT_NAME': 'project_name', 'OS_AUTH_URL': 'auth_url', 'OS_USER_DOMAIN_NAME': 'user_domain_name', 'OS_PROJECT_DOMAIN_NAME': 'project_domain_name' } for k, v in user_env_map.items(): check_env(k, v) user = dict() for k, v in user_env_map.items(): user[v] = os.environ.get(k) auth = identity.V3Password(**user) sess = session.Session(auth=auth) try: token = auth.get_token(sess) endpoint = auth.get_endpoint(sess, service_type='patching', interface='internal', region_name=region_name) except (exceptions.http.Unauthorized, exceptions.EndpointNotFound) as e: print(e.message) exit(-1) return token, endpoint
def _encrypt_data(context, data): try: # TODO(pbourke): move auth construction into common area if it ends up # been required in other areas auth = identity.V3Password( auth_url=settings.KEY_MANAGER['auth_url'], username=settings.KEY_MANAGER['username'], user_domain_name=settings.KEY_MANAGER['user_domain_name'], password=settings.KEY_MANAGER['password'], project_name=settings.KEY_MANAGER['project_name'], project_domain_name=settings.KEY_MANAGER['project_domain_name'] ) except (KeyError, AttributeError) as e: LOG.exception(e) msg = ('Could not find valid key manager credentials in the ' 'murano-dashboard config. encryptData yaql function not ' 'available') raise castellan_exception.KeyManagerError(message_arg=msg) sess = session.Session(auth=auth) auth_context = _oslo_context.RequestContext( auth_token=auth.get_token(sess), tenant=auth.get_project_id(sess)) options.set_defaults(cfg.CONF, auth_endpoint=settings.KEY_MANAGER['auth_url']) manager = key_manager.API() try: # TODO(pbourke): while we feel opaque data should cover the most common # use case, we may want to add support for other secret types in the # future (see https://goo.gl/tZhfqe) stored_key_id = manager.store(auth_context, opaque_data.OpaqueData(data)) except castellan_exception.KeyManagerError as e: LOG.exception(e) raise return stored_key_id
def setUp(self): super(ServiceTokenTests, self).setUp() self.user_token_id = uuid.uuid4().hex self.user_token = fixture.V3Token() self.user_token.set_project_scope() self.user_auth = identity.V3Password(auth_url=self.USER_URL, user_id=uuid.uuid4().hex, password=uuid.uuid4().hex, project_id=uuid.uuid4().hex) self.service_token_id = uuid.uuid4().hex self.service_token = fixture.V3Token() self.service_token.set_project_scope() self.service_auth = identity.V3Password(auth_url=self.SERVICE_URL, user_id=uuid.uuid4().hex, password=uuid.uuid4().hex, project_id=uuid.uuid4().hex) for t in (self.user_token, self.service_token): s = t.add_service('identity') s.add_standard_endpoints(public='http://keystone.example.com', admin='http://keystone.example.com', internal='http://keystone.example.com') self.test_data = {'data': uuid.uuid4().hex} self.user_mock = self.requests_mock.post( self.USER_URL + '/auth/tokens', json=self.user_token, headers={'X-Subject-Token': self.user_token_id}) self.service_mock = self.requests_mock.post( self.SERVICE_URL + '/auth/tokens', json=self.service_token, headers={'X-Subject-Token': self.service_token_id}) self.requests_mock.get(self.TEST_URL, json=self.test_data) self.combined_auth = service_token.ServiceTokenAuthWrapper( self.user_auth, self.service_auth) self.session = session.Session(auth=self.combined_auth)
def glanceAuth(): # Authentication & Session Creation auth = identity.V3Password(auth_url=url, username=usern, user_domain_name='Default', password=passw, project_name=proj, project_domain_name='Default') sess = session.Session(auth=auth) #sk = client.Client(session=sess) glance = Client('2', session=sess) return glance
def getNeutronClient(options): authurl = options.os_auth_url user_name = options.os_username pass_word = options.os_password tenantname = options.purge_project os_region_name = options.os_region_name auth = identity.V3Password(auth_url=authurl, username=user_name, user_domain_name='Default', password=pass_word, project_name=tenantname, project_domain_name='Default') sess = session.Session(auth=auth) network_client = client.Client(session=sess, region_name=os_region_name) return network_client
def getOctaviaClient(options): authurl = options.os_auth_url user_name = options.os_username pass_word = options.os_password tenantname = options.purge_project os_region_name = options.os_region_name auth = identity.V3Password(auth_url=authurl, username=user_name, user_domain_name='Default', password=pass_word, project_name=tenantname, project_domain_name='Default') sess = session.Session(auth=auth) endpoint = sess.get_endpoint(service_type='load-balancer', region_name=os_region_name) return octavia.OctaviaAPI(endpoint=endpoint, session=sess)
def get_context(): """Uses environmental variables to generate authentication credentials""" username = os.getenv('OS_USERNAME', None) password = os.getenv('OS_PASSWORD', None) auth_url = os.getenv('OS_AUTH_URL', None) + '/v' + os.getenv('OS_IDENTITY_API_VERSION', None) project_name = os.getenv('OS_PROJECT_NAME', None) auth = identity.V3Password(auth_url=auth_url, username=username, password=password, project_name=project_name, user_domain_name="default", project_domain_name="default") sess = session.Session(auth=auth, verify=False) return context.RequestContext(auth_token=auth.get_token(sess), tenant=auth.get_project_id(sess))
def get_context(self): username = CONF.identity.username password = CONF.identity.password project_name = CONF.identity.project_name auth_url = CONF.identity.auth_url user_domain_name = CONF.identity.user_domain_name project_domain_name = CONF.identity.project_domain_name auth = identity.V3Password(auth_url=auth_url, username=username, password=password, project_name=project_name, user_domain_name=user_domain_name, project_domain_name=project_domain_name) sess = session.Session(auth=auth) return context.RequestContext(auth_token=auth.get_token(sess), tenant=auth.get_project_id(sess))
def get_context(self): username = CONF.identity.username password = CONF.identity.password project_name = CONF.identity.project_name auth_url = CONF.identity.auth_url user_domain_name = CONF.identity.user_domain_name project_domain_name = CONF.identity.project_domain_name auth = identity.V3Password(auth_url=auth_url, username=username, password=password, project_name=project_name, user_domain_name=user_domain_name, project_domain_name=project_domain_name) sess = session.Session() return keystone_token.KeystoneToken( token=auth.get_token(sess), project_id=auth.get_project_id(sess))
def setUp(self): super(IntegrationTestCase, self).setUp() auth = identity.V3Password(auth_url=self.auth_url, username='******', password='******', project_name='demo', project_domain_id='default', user_domain_id='default') sess = session.Session(auth=auth) self.neutron = neutron.Client(session=sess) self.keystone = keystone.Client(session=sess) # Create keystone project and make TF synchronize it self.project = self._create_keystone_project_for_test() self.tf_get_resource('project', self.project.id) self.neutronCleanupQueue = []
def getNeutronClient(options): authurl = options.os_auth_url user_name = options.os_username pass_word = options.os_password try: tenantname = options.os_project_name except AttributeError: tenantname = options.os_tenant_name os_region_name = options.os_region_name os_project_id = options.os_project_id auth = identity.V3Password(auth_url=authurl, username=user_name, user_domain_name='Default', password=pass_word, project_name=tenantname, project_domain_name='Default') sess = session.Session(auth=auth) network_client = client.Client(session=sess) return network_client
def new_client(self): t = fixture.V3Token(user_id=self.user_id) t.set_project_scope() s = t.add_service('identity') s.add_standard_endpoints(public=self.TEST_URL, admin=self.TEST_URL) d = fixture.V3Discovery(self.TEST_URL) headers = {'X-Subject-Token': uuid.uuid4().hex} self.requests.register_uri('POST', self.TEST_URL + '/auth/tokens', headers=headers, json=t) self.requests.register_uri('GET', self.TEST_URL, json={'version': d}) a = ksa_identity.V3Password(username=uuid.uuid4().hex, password=uuid.uuid4().hex, user_domain_id=uuid.uuid4().hex, auth_url=self.TEST_URL) s = ksa_session.Session(auth=a) return v3_client.Client(session=s)
def getOctaviaClient(options): authurl = options.os_auth_url user_name = options.os_username pass_word = options.os_password #tenant name and project name is the same thing try: tenantname = options.os_project_name except AttributeError: tenantname = options.os_tenant_name os_region_name = options.os_region_name os_project_id = options.os_project_id auth = identity.V3Password(auth_url=authurl, username=user_name, user_domain_name='Default', password=pass_word, project_name=tenantname, project_domain_name='Default') sess = session.Session(auth=auth) network_client = client.Client(session=sess) return octavia.OctaviaAPI( endpoint=network_client.get_auth_info()['endpoint_url'], session=sess)
def synchronize_project(contrail_api, project_id): url = '{}/project/{}' response = requests.get(url.format(contrail_api, project_id)) message = 'project {}: {}'.format(project_id, response.status_code) print(message) if len(sys.argv) > 2: controller_ip = sys.argv[1] contrail_ip = sys.argv[2] else: controller_ip = os.getenv('CONTROLLER_IP', 'localhost') contrail_ip = controller_ip contrail_api = 'http://{}:8082'.format(contrail_ip) auth_url = 'http://{}/identity/v3'.format(controller_ip) auth = identity.V3Password(auth_url=auth_url, username='******', password='******', project_name='demo', project_domain_id='default', user_domain_id='default') sess = session.Session(auth=auth) # Requesting contrail for keystone projects enforces contrail # to synchronize them keystone = client.Client(session=sess) project_ids = [str(uuid.UUID(proj.id)) for proj in keystone.projects.list()] [synchronize_project(contrail_api, p_id) for p_id in project_ids]
from keystoneauth1 import identity from keystoneauth1 import session CSV_FILE = "cmdb.csv" PORT = 9999 auth_params = { 'auth_url': os.environ.get('OS_AUTH_URL', 'http://0.0.0.0:5000/v3'), 'username': os.environ.get('OS_USERNAME', 'admin'), 'password': os.environ.get('OS_PASSWORD', 'admin'), 'domain_name': os.environ.get('OS_DOMAIN_NAME', 'Default'), 'user_domain_name': os.environ.get("OS_USER_DOMAIN_NAME", "Default"), } auth = identity.V3Password(**auth_params) sess = session.Session(auth=auth) glance = client.Client(version=2, session=sess) images = glance.images.list() deploy_kernel = None deploy_ramdisk = None for image in images: if image.name.startswith("ir-deploy"): if image.name.endswith('.kernel'): deploy_kernel = image.id elif image.name.endswith('.initramfs'): deploy_ramdisk = image.id if deploy_kernel and deploy_ramdisk: break
def create_auth_plugin(self, **kwargs): kwargs.setdefault('auth_url', self.TEST_URL) kwargs.setdefault('username', self.TEST_USER) kwargs.setdefault('password', self.TEST_PASS) return identity.V3Password(**kwargs)