def session(): auth_kwargs = dict(auth_url=get("auth_url")) token = get("token") if token: auth_klass = v3.Token auth_kwargs.update(token=token) else: auth_klass = v3.Password auth_kwargs.update( username=get("username"), user_domain_name=get("user_domain_name"), password=get("password"), ) project_id = get("project_id") if project_id: auth_kwargs.update(project_id=project_id) else: auth_kwargs.update( project_name=get("project_name"), project_domain_name=get("project_domain_name"), ) auth = auth_klass(**auth_kwargs) sess = Session(auth=auth) return Adapter(session=sess, interface=get("interface"), region_name=get("region_name"))
def __init__(self, auth=None): super().__init__() self.scrapers = Group() self.scrape_pool = Pool(size=Config().scraper.pool_size) self.session = Session(auth=auth) self.session.mount( "http://", HTTPAdapter( max_retries=Retry( total=Config().scraper.max_retry, connect=Config().scraper.max_retry, read=Config().scraper.max_retry, backoff_factor=0.3, ), pool_connections=10, ), ) metric_types = {} for metric_config in Config().metrics: if metric_config.uve_type not in metric_types: metric_types[metric_config.uve_type] = [] metric_types[metric_config.uve_type].append(metric_config) for uve_type, metric_configs in metric_types.items(): self.append( MetricTypeCollection( self.session, uve_type, metric_configs, self.scrapers, self.scrape_pool, ))
def get_resource_utilization(vim: vims.OpenStackVim): try: nova = Client( version="2", session=Session( auth=get_plugin_loader("password").load_from_options( auth_url="http://{}/identity".format(vim.address), username=vim.username, password=vim.password, user_domain_id="default", project_id=vim.tenant.id, ), timeout=5, ), ) limits = nova.limits.get(tenant_id=vim.tenant.id).to_dict()["absolute"] return { "cores": { "used": limits["totalCoresUsed"], "total": limits["maxTotalCores"], }, "memory": { "used": limits["totalRAMUsed"], "total": limits["maxTotalRAMSize"], }, } except Unauthorized: raise VimConnectionError( "Authorization error. Please check the tenant id, username, and password." ) except Exception as e: raise VimConnectionError(str(e))
def keystone_session(env_overrides: dict = {}) -> Session: """Obtain Keystone authentication credentials for given OpenStack RC params. Args: env_overrides (dict): a dictionary of OpenStack RC parameters. These parameters are assumed to be as if they were pulled off of the environment, e.g. are like {'OS_USERNAME': '', 'OS_PASSWORD: ''} with uppercase and underscores. Returns: keystoneauth1.session.Session: a KSA session object, which can be used to authenticate any OpenStack client. """ # We are abusing the KSA loading mechanism here. The arg parser will default # the various OpenStack auth params from the environment, which is what # we're after. fake_argv = [ f'--{key.lower().replace("_", "-")}={value}' for key, value in env_overrides.items() # NOTE(jason): we ignore some environment variables, as they are not # supported as KSA command-line args. if key not in ['OS_IDENTITY_API_VERSION'] ] parser = argparse.ArgumentParser() loading.cli.register_argparse_arguments( parser, fake_argv, default='token') loading.session.register_argparse_arguments(parser) loading.adapter.register_argparse_arguments(parser) args = parser.parse_args(fake_argv) auth = loading.cli.load_from_argparse_arguments(args) return Session(auth=auth)
def get_session(auth_url, project_id, project_domain_id, admin_username, admin_password, admin_domain_id, api_version='3', identity_type='identity', original_ip=None, verify=False, cache=None, timeout=None): assert project_id, 'Invalid project received for keystone session: {}'.format( project_id) auth_plugin = FleioKeystoneAuthPlugin(auth_url=auth_url, project_id=project_id, project_domain_id=project_domain_id, admin_username=admin_username, admin_password=admin_password, admin_domain_id=admin_domain_id, api_version=api_version, identity_type=identity_type, cache=cache) return Session(auth=auth_plugin, original_ip=original_ip, verify=verify, timeout=timeout)
def session(self): if not self._session: auth_kwargs = dict(auth_url=self.auth_url, username=self.username, password=self.password, project_name=self.tenant) if self.keystone_version == 3: auth_kwargs.update(dict(user_domain_id=self.domain_id, project_domain_name=self.domain_id)) pass_auth = Password(**auth_kwargs) self._session = Session(auth=pass_auth, verify=False) return self._session
def os_session(self): if self._os_session is None: from keystoneauth1.identity import v3 from keystoneauth1.session import Session self._os_session = Session( auth=v3.Password(**self.configuration['os_auth']), verify=self.configuration['session'].get('cacert', False), cert=self.configuration['session'].get('cert')) return self._os_session
def vitrageclient(request, password=None): endpoint = base.url_for(request, 'identity') token_id = request.user.token.id tenant_name = request.user.tenant_name project_domain_id = request.user.token.project.get('domain_id', 'Default') auth = Token(auth_url=endpoint, token=token_id, project_name=tenant_name, project_domain_id=project_domain_id) session = Session(auth=auth, timeout=600) return vitrage_client.Client('1', session)
def create_admin_session(self): keystone_authtoken = { 'auth_url': config.OS_AUTH_URL, 'username': config.OS_USERNAME, 'password': config.OS_PASSWORD, 'project_name': config.OS_PROJECT_NAME, 'user_domain_name': config.OS_USER_DOMAIN_NAME, 'project_domain_name': config.OS_PROJECT_DOMAIN_NAME } auth = v3.Password(**keystone_authtoken) return Session(auth=auth)
def get_keystone_client(): auth = Password(**keystone_args_from_env()) session = Session(auth=auth, app_name='keystone-init', user_agent='keystone-init', timeout=KEYSTONE_TIMEOUT, verify=KEYSTONE_VERIFY, cert=KEYSTONE_CERT) discover = Discover(session=session) return discover.create_client()
def actions(request, action, nodetype): endpoint = base.url_for(request, 'identity') token_id = request.user.token.id tenant_name = request.user.tenant_name project_domain_id = request.user.token.project.get('domain_id', 'Default') auth = Token(auth_url=endpoint, token=token_id, project_name=tenant_name, project_domain_id=project_domain_id) session = Session(auth=auth, timeout=600) result = action_manager.ActionManager.getinfo(session, str(action),request) return result
def _init_barbican_client(self): """Creates barbican client instance. Verifies that client can communicate with Barbican, retrying multiple times in case either Barbican or Keystone services are still starting up. """ max_attempts = 5 sleep_time = 5 n_attempts = 0 while n_attempts <= max_attempts: n_attempts += 1 try: if self.auth_version == "v3": auth = v3.Password( username=self.username, password=self.password, auth_url=self.auth_url, user_domain_name=self.user_domain_name, project_domain_name=self.project_domain_name, project_name=self.project_name) else: # assume v2 auth auth = v2.Password( username=self.username, password=self.password, auth_url=self.auth_url, tenant_name=self.tenant_name) # NOTE: Session is deprecated in keystoneclient 2.1.0 # and will be removed in a future keystoneclient release. sess = Session(auth=auth) self.barbican = Client(session=sess) # test barbican service self.barbican.containers.list() # success LOG.debug( "Barbican client initialized using Keystone %s " "authentication." % self.auth_version) break except Exception as exc: if n_attempts < max_attempts: LOG.debug("Barbican client initialization failed. " "Trying again.") time.sleep(sleep_time) else: raise InvalidBarbicanConfig( "Unable to initialize Barbican client. %s" % exc.message)
def get_os_session(resource_config: OSResourceConfig, logger: Logger) -> Session: logger.debug("Getting OpenStack Session") auth = v3.Password( auth_url=resource_config.controller_url, username=resource_config.user, password=resource_config.password, project_name=resource_config.os_project_name, user_domain_id=resource_config.os_domain_name, project_domain_id=resource_config.os_domain_name, ) return Session(auth=auth, verify=False)
def _connect_to_keystone_auth_v3(auth_url, auth_token, project_name, domain_name, **kwargs): """ Give a auth_url and auth_token, authenticate with keystone version 3 to get a scoped_token, Exchange token to receive an auth, session, token scoped to a sepcific project_name and domain_name. """ token_auth = identity.Token(auth_url=auth_url, token=auth_token, project_domain_id=domain_name, project_name=project_name) token_sess = Session(auth=token_auth) token_token = token_sess.get_token() return (token_auth, token_sess, token_token)
def _token_to_keystone_scoped_project(auth_url, token, project_name, domain_name="default"): """ Given an auth_url and scoped/unscoped token: Create an auth,session and token for a specific project_name and domain_name (Required to access a serviceCatalog for neutron/nova/etc!) """ auth = v3.Token(auth_url=auth_url, token=token, project_name=project_name, project_domain_id=domain_name) sess = Session(auth=auth) token = sess.get_token() return (auth, sess, token)
def get_keystone_session(**kwargs): keystone_conf = CONF.keystone config = {} config['auth_url'] = keystone_conf.auth_url config['username'] = keystone_conf.admin_user config['password'] = keystone_conf.admin_password config['tenant_name'] = keystone_conf.admin_tenant_name config['token'] = keystone_conf.admin_token config.update(kwargs) if keystone_conf.auth_insecure: verify = False else: verify = keystone_conf.auth_ca_cert return Session(auth=_openstack_auth_from_config(**config), verify=verify)
def setup_os_session(self): os_username = self.global_options.get('os_username') if not os_username: return os_username += self.global_options.get('user_suffix', '') mpw = MasterPassword(os_username, self.password) host = "identity-3." + self.domain.split('.', 1)[1] password = mpw.derive('long', host) auth = Password( auth_url='https://' + host + '/v3', username=os_username, user_domain_name=self.global_options.get('os_user_domain_name'), project_name=self.global_options.get('os_project_name'), project_domain_name=self.global_options.get('os_project_domain_name'), password=password, ) self.os_session = Session(auth=auth)
def _connect_to_keystone_password(auth_url, username, password, project_name, user_domain_name=None, project_domain_name=None, **kwargs): """ Given a username and password, authenticate with keystone to get an unscoped token Exchange token to receive an auth,session,token scoped to a specific project_name and domain_name. """ password_auth = identity.Password(auth_url=auth_url, username=username, password=password, project_name=project_name, user_domain_name=user_domain_name, project_domain_name=project_domain_name) password_sess = Session(auth=password_auth) password_token = password_sess.get_token() return (password_auth, password_sess, password_token)
def __init__(self, auth, image, flavor, network=None, az=None, count=1, api_timeout=60, build_timeout=120, callhome_timeout=300, test_script=None, console_logs=None, shim_type='bash', cloud_init_type='cloud-init', no_cleanup_on_error=False, **kwargs): super(SimpleTest, self).__init__(**kwargs) self.client = Client( '2', session=Session(auth=auth), timeout=api_timeout) self.image = image self.flavor = flavor self.network = network self.az = az self.count = count self.api_timeout = api_timeout self.build_timeout = build_timeout self.callhome_timeout = callhome_timeout self.test_script = test_script if console_logs is not None: self.console_logs = os.path.abspath(console_logs) else: self.console_logs = None self.servers = [] self.userdata = None self.shim_type = shim_type self.cloud_init_type = cloud_init_type self.no_cleanup_on_error = no_cleanup_on_error self.next_state(self.state_prepare)
for p in prefixes: for s in suffixes: key = ''.join([p, s]) envvar = ('_'.join(['os', key])).upper() value = environ.get(envvar) if value: _args[key] = value break _args.update({ 'auth_url': environ.get('OS_AUTH_URL'), 'password': environ.get('OS_PASSWORD'), 'username': environ.get('OS_USERNAME') }) return _args _auth_args = build_auth_args() _plugin = 'v3password' region = environ.get('OS_REGION_NAME') endpoint_filter = { 'service_type': 'identity', 'interface': 'admin', 'region_name': region } loader = loading.get_plugin_loader(_plugin) auth = loader.load_from_options(**_auth_args) sess = Session(auth=auth, verify=environ.get('OS_CACERT')) ks = client.Client(session=sess)
def from_argparse(cls, args): auth = ksloading.cli.load_from_argparse_arguments(args) session = Session(auth=auth) return cls(session)
project_domain_id='default', user_domain_id='default', username='******', password='******', # The `plugin_creator` of `_create_auth_plugin` automatically add the # V3, but here we have to manually add it. auth_url="http://%s/identity/v3" % OS['url'], # Allow fetching a new token if the current one is going to expire reauthenticate=True, # Project scoping is mandatory to get the service catalog fill properly. project_name='admin', # for project's scoping include_catalog=True, # include the service catalog in the token ) print(vars(auth)) sess = Session(auth=auth) print("no auth_ref (token) %s" % auth.auth_ref) # import ipdb; ipdb.set_trace() # print(sess.get("http://%s/identity/v3" % OS['url'])) # Authenticate auth.get_access(sess) auth_ref = auth.auth_ref print("Auth Token: %s" % auth_ref.auth_token) import ipdb ipdb.set_trace() # Service catalog
def _init_session_access_catalog(self): self._session = Session(auth=self.authentication) self._access = self.authentication.get_access(session=self.session) self._catalog = None if not self.access.has_service_catalog( ) else self.access.__dict__['_data']['access']['serviceCatalog']