def session():
auth_kwargs = dict(auth_url=get("auth_url"))
token = get("token")
if token:
auth_klass = v3.Token
auth_kwargs.update(token=token)
else:
auth_klass = v3.Password
auth_kwargs.update(
username=get("username"),
user_domain_name=get("user_domain_name"),
password=get("password"),
)
project_id = get("project_id")
if project_id:
auth_kwargs.update(project_id=project_id)
else:
auth_kwargs.update(
project_name=get("project_name"),
project_domain_name=get("project_domain_name"),
)
auth = auth_klass(**auth_kwargs)
sess = Session(auth=auth)
return Adapter(session=sess,
interface=get("interface"),
region_name=get("region_name"))
def __init__(self, auth=None):
super().__init__()
self.scrapers = Group()
self.scrape_pool = Pool(size=Config().scraper.pool_size)
self.session = Session(auth=auth)
self.session.mount(
"http://",
HTTPAdapter(
max_retries=Retry(
total=Config().scraper.max_retry,
connect=Config().scraper.max_retry,
read=Config().scraper.max_retry,
backoff_factor=0.3,
),
pool_connections=10,
),
)
metric_types = {}
for metric_config in Config().metrics:
if metric_config.uve_type not in metric_types:
metric_types[metric_config.uve_type] = []
metric_types[metric_config.uve_type].append(metric_config)
for uve_type, metric_configs in metric_types.items():
self.append(
MetricTypeCollection(
self.session,
uve_type,
metric_configs,
self.scrapers,
self.scrape_pool,
))
def get_resource_utilization(vim: vims.OpenStackVim):
try:
nova = Client(
version="2",
session=Session(
auth=get_plugin_loader("password").load_from_options(
auth_url="http://{}/identity".format(vim.address),
username=vim.username,
password=vim.password,
user_domain_id="default",
project_id=vim.tenant.id,
),
timeout=5,
),
)
limits = nova.limits.get(tenant_id=vim.tenant.id).to_dict()["absolute"]
return {
"cores": {
"used": limits["totalCoresUsed"],
"total": limits["maxTotalCores"],
},
"memory": {
"used": limits["totalRAMUsed"],
"total": limits["maxTotalRAMSize"],
},
}
except Unauthorized:
raise VimConnectionError(
"Authorization error. Please check the tenant id, username, and password."
)
except Exception as e:
raise VimConnectionError(str(e))
def keystone_session(env_overrides: dict = {}) -> Session:
"""Obtain Keystone authentication credentials for given OpenStack RC params.
Args:
env_overrides (dict): a dictionary of OpenStack RC parameters. These
parameters are assumed to be as if they were pulled off of the
environment, e.g. are like {'OS_USERNAME': '', 'OS_PASSWORD: ''}
with uppercase and underscores.
Returns:
keystoneauth1.session.Session: a KSA session object, which can be used
to authenticate any OpenStack client.
"""
# We are abusing the KSA loading mechanism here. The arg parser will default
# the various OpenStack auth params from the environment, which is what
# we're after.
fake_argv = [
f'--{key.lower().replace("_", "-")}={value}'
for key, value in env_overrides.items()
# NOTE(jason): we ignore some environment variables, as they are not
# supported as KSA command-line args.
if key not in ['OS_IDENTITY_API_VERSION']
]
parser = argparse.ArgumentParser()
loading.cli.register_argparse_arguments(
parser, fake_argv, default='token')
loading.session.register_argparse_arguments(parser)
loading.adapter.register_argparse_arguments(parser)
args = parser.parse_args(fake_argv)
auth = loading.cli.load_from_argparse_arguments(args)
return Session(auth=auth)
def get_session(auth_url,
project_id,
project_domain_id,
admin_username,
admin_password,
admin_domain_id,
api_version='3',
identity_type='identity',
original_ip=None,
verify=False,
cache=None,
timeout=None):
assert project_id, 'Invalid project received for keystone session: {}'.format(
project_id)
auth_plugin = FleioKeystoneAuthPlugin(auth_url=auth_url,
project_id=project_id,
project_domain_id=project_domain_id,
admin_username=admin_username,
admin_password=admin_password,
admin_domain_id=admin_domain_id,
api_version=api_version,
identity_type=identity_type,
cache=cache)
return Session(auth=auth_plugin,
original_ip=original_ip,
verify=verify,
timeout=timeout)
def session(self):
if not self._session:
auth_kwargs = dict(auth_url=self.auth_url, username=self.username,
password=self.password, project_name=self.tenant)
if self.keystone_version == 3:
auth_kwargs.update(dict(user_domain_id=self.domain_id,
project_domain_name=self.domain_id))
pass_auth = Password(**auth_kwargs)
self._session = Session(auth=pass_auth, verify=False)
return self._session
def os_session(self):
if self._os_session is None:
from keystoneauth1.identity import v3
from keystoneauth1.session import Session
self._os_session = Session(
auth=v3.Password(**self.configuration['os_auth']),
verify=self.configuration['session'].get('cacert', False),
cert=self.configuration['session'].get('cert'))
return self._os_session
def vitrageclient(request, password=None):
endpoint = base.url_for(request, 'identity')
token_id = request.user.token.id
tenant_name = request.user.tenant_name
project_domain_id = request.user.token.project.get('domain_id', 'Default')
auth = Token(auth_url=endpoint, token=token_id,
project_name=tenant_name,
project_domain_id=project_domain_id)
session = Session(auth=auth, timeout=600)
return vitrage_client.Client('1', session)
def create_admin_session(self):
keystone_authtoken = {
'auth_url': config.OS_AUTH_URL,
'username': config.OS_USERNAME,
'password': config.OS_PASSWORD,
'project_name': config.OS_PROJECT_NAME,
'user_domain_name': config.OS_USER_DOMAIN_NAME,
'project_domain_name': config.OS_PROJECT_DOMAIN_NAME
}
auth = v3.Password(**keystone_authtoken)
return Session(auth=auth)
def get_keystone_client():
auth = Password(**keystone_args_from_env())
session = Session(auth=auth,
app_name='keystone-init',
user_agent='keystone-init',
timeout=KEYSTONE_TIMEOUT,
verify=KEYSTONE_VERIFY,
cert=KEYSTONE_CERT)
discover = Discover(session=session)
return discover.create_client()
def actions(request, action, nodetype):
endpoint = base.url_for(request, 'identity')
token_id = request.user.token.id
tenant_name = request.user.tenant_name
project_domain_id = request.user.token.project.get('domain_id', 'Default')
auth = Token(auth_url=endpoint, token=token_id,
project_name=tenant_name,
project_domain_id=project_domain_id)
session = Session(auth=auth, timeout=600)
result = action_manager.ActionManager.getinfo(session, str(action),request)
return result
def _init_barbican_client(self):
"""Creates barbican client instance.
Verifies that client can communicate with Barbican, retrying
multiple times in case either Barbican or Keystone services are
still starting up.
"""
max_attempts = 5
sleep_time = 5
n_attempts = 0
while n_attempts <= max_attempts:
n_attempts += 1
try:
if self.auth_version == "v3":
auth = v3.Password(
username=self.username,
password=self.password,
auth_url=self.auth_url,
user_domain_name=self.user_domain_name,
project_domain_name=self.project_domain_name,
project_name=self.project_name)
else:
# assume v2 auth
auth = v2.Password(
username=self.username,
password=self.password,
auth_url=self.auth_url,
tenant_name=self.tenant_name)
# NOTE: Session is deprecated in keystoneclient 2.1.0
# and will be removed in a future keystoneclient release.
sess = Session(auth=auth)
self.barbican = Client(session=sess)
# test barbican service
self.barbican.containers.list()
# success
LOG.debug(
"Barbican client initialized using Keystone %s "
"authentication." % self.auth_version)
break
except Exception as exc:
if n_attempts < max_attempts:
LOG.debug("Barbican client initialization failed. "
"Trying again.")
time.sleep(sleep_time)
else:
raise InvalidBarbicanConfig(
"Unable to initialize Barbican client. %s" %
exc.message)
def get_os_session(resource_config: OSResourceConfig,
logger: Logger) -> Session:
logger.debug("Getting OpenStack Session")
auth = v3.Password(
auth_url=resource_config.controller_url,
username=resource_config.user,
password=resource_config.password,
project_name=resource_config.os_project_name,
user_domain_id=resource_config.os_domain_name,
project_domain_id=resource_config.os_domain_name,
)
return Session(auth=auth, verify=False)
def _connect_to_keystone_auth_v3(auth_url, auth_token, project_name,
domain_name, **kwargs):
"""
Give a auth_url and auth_token,
authenticate with keystone version 3 to get a scoped_token,
Exchange token to receive an auth, session, token scoped to a sepcific project_name and domain_name.
"""
token_auth = identity.Token(auth_url=auth_url,
token=auth_token,
project_domain_id=domain_name,
project_name=project_name)
token_sess = Session(auth=token_auth)
token_token = token_sess.get_token()
return (token_auth, token_sess, token_token)
def _token_to_keystone_scoped_project(auth_url,
token,
project_name,
domain_name="default"):
"""
Given an auth_url and scoped/unscoped token:
Create an auth,session and token for a specific project_name and domain_name (Required to access a serviceCatalog for neutron/nova/etc!)
"""
auth = v3.Token(auth_url=auth_url,
token=token,
project_name=project_name,
project_domain_id=domain_name)
sess = Session(auth=auth)
token = sess.get_token()
return (auth, sess, token)
def get_keystone_session(**kwargs):
keystone_conf = CONF.keystone
config = {}
config['auth_url'] = keystone_conf.auth_url
config['username'] = keystone_conf.admin_user
config['password'] = keystone_conf.admin_password
config['tenant_name'] = keystone_conf.admin_tenant_name
config['token'] = keystone_conf.admin_token
config.update(kwargs)
if keystone_conf.auth_insecure:
verify = False
else:
verify = keystone_conf.auth_ca_cert
return Session(auth=_openstack_auth_from_config(**config), verify=verify)
def setup_os_session(self):
os_username = self.global_options.get('os_username')
if not os_username:
return
os_username += self.global_options.get('user_suffix', '')
mpw = MasterPassword(os_username, self.password)
host = "identity-3." + self.domain.split('.', 1)[1]
password = mpw.derive('long', host)
auth = Password(
auth_url='https://' + host + '/v3',
username=os_username,
user_domain_name=self.global_options.get('os_user_domain_name'),
project_name=self.global_options.get('os_project_name'),
project_domain_name=self.global_options.get('os_project_domain_name'),
password=password,
)
self.os_session = Session(auth=auth)
def _connect_to_keystone_password(auth_url,
username,
password,
project_name,
user_domain_name=None,
project_domain_name=None,
**kwargs):
"""
Given a username and password,
authenticate with keystone to get an unscoped token
Exchange token to receive an auth,session,token scoped to a specific project_name and domain_name.
"""
password_auth = identity.Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
password_sess = Session(auth=password_auth)
password_token = password_sess.get_token()
return (password_auth, password_sess, password_token)
def __init__(self,
auth,
image,
flavor,
network=None,
az=None,
count=1,
api_timeout=60,
build_timeout=120,
callhome_timeout=300,
test_script=None,
console_logs=None,
shim_type='bash',
cloud_init_type='cloud-init',
no_cleanup_on_error=False,
**kwargs):
super(SimpleTest, self).__init__(**kwargs)
self.client = Client(
'2', session=Session(auth=auth), timeout=api_timeout)
self.image = image
self.flavor = flavor
self.network = network
self.az = az
self.count = count
self.api_timeout = api_timeout
self.build_timeout = build_timeout
self.callhome_timeout = callhome_timeout
self.test_script = test_script
if console_logs is not None:
self.console_logs = os.path.abspath(console_logs)
else:
self.console_logs = None
self.servers = []
self.userdata = None
self.shim_type = shim_type
self.cloud_init_type = cloud_init_type
self.no_cleanup_on_error = no_cleanup_on_error
self.next_state(self.state_prepare)
for p in prefixes:
for s in suffixes:
key = ''.join([p, s])
envvar = ('_'.join(['os', key])).upper()
value = environ.get(envvar)
if value:
_args[key] = value
break
_args.update({
'auth_url': environ.get('OS_AUTH_URL'),
'password': environ.get('OS_PASSWORD'),
'username': environ.get('OS_USERNAME')
})
return _args
_auth_args = build_auth_args()
_plugin = 'v3password'
region = environ.get('OS_REGION_NAME')
endpoint_filter = {
'service_type': 'identity',
'interface': 'admin',
'region_name': region
}
loader = loading.get_plugin_loader(_plugin)
auth = loader.load_from_options(**_auth_args)
sess = Session(auth=auth, verify=environ.get('OS_CACERT'))
ks = client.Client(session=sess)
def from_argparse(cls, args):
auth = ksloading.cli.load_from_argparse_arguments(args)
session = Session(auth=auth)
return cls(session)
project_domain_id='default',
user_domain_id='default',
username='******',
password='******',
# The `plugin_creator` of `_create_auth_plugin` automatically add the
# V3, but here we have to manually add it.
auth_url="http://%s/identity/v3" % OS['url'],
# Allow fetching a new token if the current one is going to expire
reauthenticate=True,
# Project scoping is mandatory to get the service catalog fill properly.
project_name='admin', # for project's scoping
include_catalog=True, # include the service catalog in the token
)
print(vars(auth))
sess = Session(auth=auth)
print("no auth_ref (token) %s" % auth.auth_ref)
# import ipdb; ipdb.set_trace()
# print(sess.get("http://%s/identity/v3" % OS['url']))
# Authenticate
auth.get_access(sess)
auth_ref = auth.auth_ref
print("Auth Token: %s" % auth_ref.auth_token)
import ipdb
ipdb.set_trace()
# Service catalog
def _init_session_access_catalog(self):
self._session = Session(auth=self.authentication)
self._access = self.authentication.get_access(session=self.session)
self._catalog = None if not self.access.has_service_catalog(
) else self.access.__dict__['_data']['access']['serviceCatalog']
