def _get_keystone_auth(self, session, auth_url, **kwargs): auth_token = kwargs.pop('auth_token', None) if auth_token: return token.Token( auth_url, auth_token, project_id=kwargs.pop('project_id'), project_name=kwargs.pop('project_name'), project_domain_id=kwargs.pop('project_domain_id'), project_domain_name=kwargs.pop('project_domain_name')) # NOTE(starodubcevna): this is a workaround for the bug: # https://bugs.launchpad.net/python-openstackclient/+bug/1447704 # Change that fix this error in keystoneclient was abandoned, # so we should use workaround until we move to keystoneauth. # The idea of the code came from glanceclient. (v2_auth_url, v3_auth_url) = self._discover_auth_versions( session=session, auth_url=auth_url) if v3_auth_url: # NOTE(starodubcevna): set user_domain_id and project_domain_id # to default as it done in other projects. return password.Password(auth_url, username=kwargs.pop('username'), user_id=kwargs.pop('user_id'), password=kwargs.pop('password'), user_domain_id=kwargs.pop( 'user_domain_id') or 'default', user_domain_name=kwargs.pop( 'user_domain_name'), project_id=kwargs.pop('project_id'), project_name=kwargs.pop('project_name'), project_domain_id=kwargs.pop( 'project_domain_id') or 'default') elif v2_auth_url: return password.Password(auth_url, username=kwargs.pop('username'), user_id=kwargs.pop('user_id'), password=kwargs.pop('password'), project_id=kwargs.pop('project_id'), project_name=kwargs.pop('project_name')) else: # if we get here it means domain information is provided # (caller meant to use Keystone V3) but the auth url is # actually Keystone V2. Obviously we can't authenticate a V3 # user using V2. exc.CommandError("Credential and auth_url mismatch. The given " "auth_url is using Keystone V2 endpoint, which " "may not able to handle Keystone V3 credentials. " "Please provide a correct Keystone V3 auth_url.")
def keystone_auth(): ''' Authenticate with Keystone NOTE: user_domain_name and project_domain_name are required for auth to work properly. Not documented anywhere! ''' try: rc = myrc() if int(rc['OS_IDENTITY_API_VERSION']) == 3: keystone_version = 3 auth = v3.Password(auth_url=rc['OS_AUTH_URL'], username=rc['OS_USERNAME'], password=rc['OS_PASSWORD'], project_name=rc['OS_TENANT_NAME'], user_domain_name='default', project_domain_name='default') s = session.Session(auth=auth) return s except KeyError: keystone_version = 2 auth = v2.Password(auth_url=rc['OS_AUTH_URL'], username=rc['OS_USERNAME'], password=rc['OS_PASSWORD'], project_name=rc['OS_TENANT_NAME']) s = session.Session(auth=auth) return s except Exception, e: warning('keystone_auth()', repr(e)) sys.exit()
def get_session_from_deprecated(): auth = keystone_auth.Password( username=CONF.admin_user, password=CONF.admin_password, project_name=CONF.admin_tenant_name, tenant_name=CONF.admin_tenant_name, auth_url=CONF.keystone_url, ) params = {'auth': auth} update_request_params_with_ssl(params) return keystone_session.Session(**params)
def _get_keystone_auth(self, session, auth_url, **kwargs): auth_token = kwargs.pop('auth_token', None) if auth_token: return token.Token(auth_url, auth_token, **kwargs) else: return password.Password( auth_url, username=kwargs.pop('username'), user_id=kwargs.pop('user_id'), password=kwargs.pop('password'), user_domain_id=kwargs.pop('user_domain_id'), user_domain_name=kwargs.pop('user_domain_name'), **kwargs)
def get_clients(context): global _SESSION if not _SESSION: _SESSION = session.Session() auth = token_endpoint.Token(CONF.designate.url, context.auth_token) client = d_client.Client(session=_SESSION, auth=auth) admin_auth = password.Password( auth_url=CONF.designate.admin_auth_url, username=CONF.designate.admin_username, password=CONF.designate.admin_password, tenant_name=CONF.designate.admin_tenant_name, tenant_id=CONF.designate.admin_tenant_id) admin_client = d_client.Client(session=_SESSION, auth=admin_auth) return client, admin_client
def _get_identity_client(self): domain = self.conf.domain_name kwargs = { 'username': self.conf.username, 'password': self.conf.password, 'tenant_name': self.conf.tenant_name, 'auth_url': self.conf.auth_url } # keystone v2 can't ignore domain details if self.auth_version == '3': kwargs.update({ 'project_domain_name': domain, 'user_domain_name': domain }) auth = password.Password(**kwargs) return KeystoneWrapperClient( auth, not self.conf.disable_ssl_certificate_validation)
def get_os_admin_session(): """Create a context to interact with OpenStack as an administrator.""" # NOTE(ft): this is a singletone because keystone's session looks thread # safe for both regular and token renewal requests global _admin_session if not _admin_session: auth = keystone_auth.Password( username=CONF.admin_user, password=CONF.admin_password, project_name=CONF.admin_tenant_name, tenant_name=CONF.admin_tenant_name, auth_url=CONF.keystone_url, ) params = {'auth': auth} update_request_params_with_ssl(params) _admin_session = keystone_session.Session(**params) return _admin_session
def get_clients(context): global _SESSION if not _SESSION: if CONF.designate.insecure: verify = False else: verify = CONF.designate.ca_cert or True _SESSION = session.Session(verify=verify) auth = token_endpoint.Token(CONF.designate.url, context.auth_token) client = d_client.Client(session=_SESSION, auth=auth) admin_auth = password.Password( auth_url=CONF.designate.admin_auth_url, username=CONF.designate.admin_username, password=CONF.designate.admin_password, tenant_name=CONF.designate.admin_tenant_name, tenant_id=CONF.designate.admin_tenant_id) admin_client = d_client.Client(session=_SESSION, auth=admin_auth) return client, admin_client
def get_os_admin_context(): """Create a context to interact with OpenStack as an administrator.""" # NOTE(ft): this is a singletone because keystone's session looks thread # safe for both regular and token renewal requests global _admin_session if not _admin_session: auth = keystone_auth.Password( username=CONF.admin_user, password=CONF.admin_password, project_name=CONF.admin_tenant_name, tenant_name=CONF.admin_tenant_name, auth_url=CONF.keystone_url, ) _admin_session = keystone_session.Session(auth=auth) return RequestContext(None, None, session=_admin_session, is_os_admin=True, overwrite=False)
def _get_identity_client(self): user_domain_name = self.conf.user_domain_name project_domain_name = self.conf.project_domain_name kwargs = { 'username': self.conf.username, 'password': self.conf.password, 'tenant_name': self.conf.tenant_name, 'auth_url': self.conf.auth_url } # keystone v2 can't ignore domain details if self.auth_version == '3': kwargs.update({ 'user_domain_name': user_domain_name, 'project_domain_name': project_domain_name}) auth = password.Password(**kwargs) if self.insecure: verify_cert = False else: verify_cert = self.ca_file or True return KeystoneWrapperClient(auth, verify_cert)