def get_session_v3(self):
"""Get a v3 session. See get_session for more details about sessions
:return: a session object
"""
if self._session_v3:
return self._session_v3
if not self.auth_url:
m = 'auth_url parameter must be provided or OS_AUTH_URL be defined'
raise Exception(m)
if self.auth_url.endswith('/v2.0/'):
auth_url = self.auth_url[0:-4] + '3'
elif self.auth_url.endswith('/v2.0'):
auth_url = self.auth_url[0:-3] + '3'
else:
auth_url = self.auth_url
if not self.__username and not self._token:
raise Exception(
'Username and password or a token must be provided')
other_params = dict()
if self.__trust_id:
other_params['trust_id'] = self.__trust_id
elif self.__tenant_name:
other_params['project_name'] = self.__tenant_name
elif self.__tenant_id:
other_params['project_id'] = self.__tenant_id
if self.__username:
if self.__project_domain_id:
other_params['project_domain_id'] = self.__project_domain_id
elif self.__project_domain_name:
other_params[
'project_domain_name'] = self.__project_domain_name
else:
other_params['project_domain_id'] = 'default'
if self.__user_domain_id:
other_params['user_domain_id'] = self.__user_domain_id
elif self.__user_domain_name:
other_params['user_domain_name'] = self.__user_domain_name
else:
other_params['user_domain_id'] = 'default'
auth = v3.Password(auth_url=auth_url,
username=self.__username,
password=self.__password,
**other_params)
else:
auth = v3.Token(auth_url=auth_url, token=self._token)
self._session_v3 = session.Session(auth=auth)
# apply override endpoints
if self.use_v3:
for override in self.endpoints_to_override:
self._apply_override_endpoint(**override)
return self._session_v3
def get_auth_plugin(opts):
auth_version = guess_auth_version(opts)
if opts.os_username:
if auth_version == '3':
return v3.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
project_name=opts.os_project_name,
user_domain_name=opts.os_user_domain_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
tenant_name=opts.os_tenant_name)
elif opts.os_token:
if auth_version == '3':
return v3.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
project_name=opts.os_project_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
tenant_name=opts.os_tenant_name)
raise Exception('Unable to determine correct auth method, please provide'
' either username or token')
def get_auth_plugin(opts):
"""Create the right keystone connection depending on the version
for the api, if username/password and token are provided, username and
password takes precedence.
"""
auth_version = guess_auth_version(opts)
if opts.os_username:
if auth_version == '3':
return v3.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
project_name=opts.os_project_name,
user_domain_name=opts.os_user_domain_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Password(auth_url=opts.os_auth_url,
username=opts.os_username,
password=opts.os_password,
tenant_name=opts.os_tenant_name)
elif opts.os_token:
if auth_version == '3':
return v3.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
project_name=opts.os_project_name,
project_domain_name=opts.os_project_domain_name)
elif auth_version == '2.0':
return v2.Token(auth_url=opts.os_auth_url,
token=opts.os_token,
tenant_name=opts.os_tenant_name)
raise Exception('Unable to determine correct auth method, please provide'
' either username or token')
def remote_login(provider, idp_s_auth):
sp_session = session.Session(verify=False)
sp_u_auth = v3.Keystone2Keystone(idp_s_auth, provider.id)
sp_u_auth_ref = sp_u_auth.get_access(sp_session)
sp_u_client = client.Client(session=sp_session, auth=sp_u_auth)
projects = sp_u_client.federation.projects.list()
# As a shortcut just take the first one
# Robust processing includes checking each project
# to make sure user is authorized and project is
# enabled
sp_project = projects[0]
sp_s_auth = v3.Token(sp_u_auth.auth_url,
sp_u_auth_ref.auth_token,
project_id=sp_project.id)
sp_s_auth.get_access(sp_session)
sp_s_client = client.Client(session=sp_session, auth=sp_s_auth)
# Proof that it works!
print("services on remote machine:")
print(sp_s_client.services.list())
def _get_domain_session(token, domain_name=None):
"""
Return v3 session for token
"""
domain_name = domain_name or 'default'
auth = v3.Token(auth_url=get_auth_url(),
domain_id=domain_name,
token=token)
return session.Session(auth=auth, user_agent=USER_AGENT, verify=verify())
def _get_token_auth_ks_session(**kwargs):
cacert = kwargs.pop('cacert', None)
cert = kwargs.pop('cert', None)
key = kwargs.pop('key', None)
insecure = kwargs.pop('insecure', False)
auth_url = kwargs.pop('auth_url', None)
project_id = kwargs.pop('project_id', None)
project_name = kwargs.pop('project_name', None)
timeout = kwargs.get('timeout')
token = kwargs['token']
if insecure:
verify = False
else:
verify = cacert or True
if cert and key:
# passing cert and key together is deprecated in favour of the
# requests lib form of having the cert and key as a tuple
cert = (cert, key)
# create the keystone client session
ks_session = session.Session(verify=verify, cert=cert, timeout=timeout)
v2_auth_url, v3_auth_url = _discover_auth_versions(ks_session, auth_url)
user_domain_name = kwargs.pop('user_domain_name', None)
user_domain_id = kwargs.pop('user_domain_id', None)
project_domain_name = kwargs.pop('project_domain_name', None)
project_domain_id = kwargs.pop('project_domain_id', None)
auth = None
use_domain = (user_domain_id or user_domain_name or project_domain_id
or project_domain_name)
use_v3 = v3_auth_url and (use_domain or (not v2_auth_url))
use_v2 = v2_auth_url and not use_domain
if use_v3:
auth = v3_auth.Token(v3_auth_url,
token=token,
project_name=project_name,
project_id=project_id,
project_domain_name=project_domain_name,
project_domain_id=project_domain_id)
elif use_v2:
auth = v2_auth.Token(v2_auth_url,
token=token,
tenant_id=project_id,
tenant_name=project_name)
else:
raise exc.CommandError('Unable to determine the Keystone version '
'to authenticate with using the given '
'auth_url.')
ks_session.auth = auth
return ks_session
def _get_session(token):
"""
Return v3 session for token
"""
auth_ref = get_appropriate_auth_ref(token)
auth = v3.Token(auth_url=get_auth_url(),
project_id=auth_ref.project_id,
token=token)
return session.Session(auth=auth, user_agent=USER_AGENT, verify=verify())
def url_for(self, **kwargs):
def get_endpoint():
auth_plugin = self.context.auth_plugin
return auth_plugin.get_endpoint(self._keystone_session, **kwargs)
# NOTE(jamielennox): use the session defined by the keystoneclient
# options as traditionally the token was always retrieved from
# keystoneclient.
try:
kwargs.setdefault('interface', kwargs.pop('endpoint_type'))
except KeyError:
pass
reg = self.context.region_name or cfg.CONF.region_name_for_services
kwargs.setdefault('region_name', reg)
try:
url = get_endpoint()
except exceptions.EmptyCatalog:
kc = self.clients.client('keystone').client
auth_plugin = self.context.auth_plugin
endpoint = auth_plugin.get_endpoint(None,
interface=auth.AUTH_INTERFACE)
token = auth_plugin.get_token(None)
project_id = auth_plugin.get_project_id(None)
if kc.version == 'v3':
token_obj = v3.Token(endpoint, token, project_id=project_id)
catalog_key = 'catalog'
access_key = 'token'
elif kc.version == 'v2.0':
endpoint = endpoint.replace('v3', 'v2.0')
token_obj = v2.Token(endpoint, token, tenant_id=project_id)
catalog_key = 'serviceCatalog'
access_key = 'access'
else:
raise exceptions.Error(_("Unknown Keystone version"))
auth_ref = token_obj.get_auth_ref(self._keystone_session)
if catalog_key in auth_ref:
cxt = self.context.to_dict()
access_info = cxt['auth_token_info'][access_key]
access_info[catalog_key] = auth_ref[catalog_key]
self.context = context.RequestContext.from_dict(cxt)
url = get_endpoint()
# NOTE(jamielennox): raising exception maintains compatibility with
# older keystoneclient service catalog searching.
if url is None:
raise exceptions.EndpointNotFound()
return url
def _create_token_auth(self, project_id=None, token=None, url=None):
if not token:
token = self.data.federated_unscoped_access_info.auth_token
if not url:
url = settings.OPENSTACK_KEYSTONE_URL
return auth_v3.Token(auth_url=url,
token=token,
project_id=project_id,
reauthenticate=False)
def get_token_auth_plugin(auth_url, token, project_id=None):
if get_keystone_version() >= 3:
return v3_auth.Token(auth_url=auth_url,
token=token,
project_id=project_id,
reauthenticate=False)
else:
return v2_auth.Token(auth_url=auth_url,
token=token,
tenant_id=project_id,
reauthenticate=False)
def barbicanclient(request):
project_id = request.user.project_id
if keystone.get_version() < 3:
auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL,
request.user.token.id,
tenant_id=project_id)
else:
domain_id = request.session.get('domain_context')
auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL,
request.user.token.id,
project_id=project_id,
project_domain_id=domain_id)
return barbican_client.Client(session=session.Session(auth=auth))
def main():
auth_url = os.environ.get("OS_AUTH_URL")
username = os.environ.get("OS_USERNAME")
password = os.environ.get("OS_PASSWORD")
domain = os.environ.get("OS_DOMAIN") or "Default"
if auth_url is None or username is None or password is None:
print("need to set env variables")
return
idp_session = session.Session(verify=False)
# Get authorization plugin for unscoped password
idp_u_auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_name=domain)
# Get idp unscoped token
idp_u_auth_ref = idp_u_auth.get_access(idp_session)
# Get unscoped client
idp_u_client = client.Client(session=idp_session, auth=idp_u_auth)
# Find projects
idp_projects = idp_u_client.projects.list(user=idp_u_auth_ref.user_id)
# As a shortcut just take the first one
# Robust processing includes checking each project
# to make sure user is authorized and project is
# enabled
idp_project = idp_projects[0]
# Get a project scoped auth
idp_s_auth = v3.Token(auth_url=auth_url,
token=idp_u_auth_ref.auth_token,
project_id=idp_project.id)
# Get project scoped token
idp_s_auth.get_access(idp_session)
# Get project scoped client
idp_s_client = client.Client(session=idp_session, auth=idp_s_auth)
idp_manager = service_providers.ServiceProviderManager(idp_s_client)
# Get a list of sp keystones
for provider in idp_manager.list():
try:
remote_login(provider, idp_s_auth)
except Exception as e:
print(e)
def test_authenticate_with_token(self):
self.stub_auth(json=self.TEST_RESPONSE_DICT)
a = v3.Token(self.TEST_URL, self.TEST_TOKEN)
s = session.Session(auth=a)
s.get_token()
req = {'auth': {'identity':
{'methods': ['token'],
'token': {'id': self.TEST_TOKEN}}}}
self.assertRequestBodyIs(json=req)
self.assertRequestHeaderEqual('Content-Type', 'application/json')
self.assertRequestHeaderEqual('Accept', 'application/json')
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
def get_plugin(self, auth_url=None, token=None, project_id=None, **kwargs):
if not all((auth_url, token)):
return None
if utils.get_keystone_version() >= 3:
return v3_auth.Token(auth_url=auth_url,
token=token,
project_id=project_id,
reauthenticate=False)
else:
return v2_auth.Token(auth_url=auth_url,
token=token,
tenant_id=project_id,
reauthenticate=False)
def __init__(self, auth_url=None, user_data=None, username=None, password=None, user_domain_name=None, project_domain_name=None, project_name=None):
# sanity check. Either token or user/pass pair is needed to continue
if not (user_data or (username and password)):
raise IllegalArgument("[TOTPOracle.__init__()]: One either of token or username/password are required")
self.__auth_url = auth_url
if user_data:
self.__plugin = v3.Token(auth_url=self.__auth_url,
token=user_data.token.id)
else:
self.__plugin = v3.Password(auth_url=self.__auth_url,
username=username,
password=password,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
project_name=project_name,
reauthenticate=True)
def _get_auth_ref(token, project_name, domain_name='Default'):
"""
Return auth ref for the given token and project_name
"""
LOG.debug("Obtaining scoped keystone client with token, project %s",
project_name)
auth = v3.Token(auth_url=get_auth_url(),
project_name=project_name,
project_domain_name=domain_name,
token=token)
project_session = session.Session(auth=auth,
verify=verify_https(),
user_agent=USER_AGENT)
# Trigger the generation of the new token
project_session.get_auth_headers()
return project_session.auth.auth_ref
def cueclient(request):
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
auth_url = getattr(settings, 'OPENSTACK_KEYSTONE_URL')
auth_version = getattr(settings, 'OPENSTACK_API_VERSIONS',
{}).get('identity', 2.0)
if auth_version == 3:
auth = v3.Token(auth_url,
request.user.token.id,
project_id=request.user.project_id,
project_name=request.user.project_name)
elif auth_version == 2 or auth_version == 2.0:
auth = v2.Token(auth_url,
request.user.token.id,
tenant_id=request.user.tenant_id,
tenant_name=request.user.tenant_name)
session = ksc_session.Session(auth=auth, verify=cacert)
return client.Client(session=session)
def get_appropriate_auth_ref(token):
"""
The incoming token does not indicate which project it is for. Therefore
we find the appropriate project (normally one for which the token's user
has admin privilege for) and return an auth_ref. The auth_ref can then
be used to instantiate a Keystone object without requiring an additional
round-trip to authenticate against keystone
"""
LOG.debug("Obtaining unscoped keystone client with token")
auth = v3.Token(auth_url=get_auth_url(), token=token, unscoped=True)
sess = session.Session(auth=auth,
user_agent=USER_AGENT,
verify=verify_https())
ks = ksclient3.Client(session=sess, user_agent=USER_AGENT)
project_list = [t.name for t in ks.projects.list(user=sess.get_user_id())]
auth_ref = _find_appropriate_project(token, project_list)
# Verify that the user is a 'cloud admin', i.e. that they have the
# admin role on the default domain. Domain roles are only valid in
# keystone v3, so make sure to use an appropriate auth URL
role_names = []
try:
ks = ksclient3.Client(token=token,
auth_url=get_auth_url(),
domain_name='default',
verify=verify_https())
role_names = ks.auth_ref.role_names
except Exception:
raise BllAuthenticationFailedException(
"User is not authorized on the default domain")
if 'admin' not in role_names:
raise BllAuthenticationFailedException(
"User is not an admin of the default domain")
return auth_ref
def scoped_login_v3(protocol, host, port, token, project_id):
LOGGER.info("Executing scoped_login_v3 with args : " + str(protocol) +
"\t" + str(host) + "\t" + str(port) + "\t" + str(token) +
"\t" + str(project_id))
try:
url = protocol + "://" + host + ":" + port + "/v3"
auth = v3.Token(auth_url=url, token=token, project_id=project_id)
session = keystone_session.Session(auth=auth)
connection = v3_client.Client(session=session)
token = connection.session.get_token(auth)
try:
services = connection.services.list()
except Exception as e:
if 'You are not authorized to perform' in e.message:
return {'client': connection, 'token': token}
raise e
endpoints = connection.endpoints.list(interface="public")
endpoint_urls = []
for service in services:
for endpoint in endpoints:
if endpoint.service_id == service.id:
endpoint_urls.append({
"endpoint_name": str(service.name),
"endpoint_url": str(endpoint.url)
})
break
return {
'client': connection,
'token': token,
'endpoint_urls': endpoint_urls
}
except Exception as e:
raise OpenstackException("Exception while performing scoped login : " +
e.message,
exception=e,
logger=LOGGER)
def _get_keystone_session(**kwargs):
# TODO(fabgia): the heavy lifting here should be really done by Keystone.
# Unfortunately Keystone does not support a richer method to perform
# discovery and return a single viable URL. A bug against Keystone has
# been filed: https://bugs.launchpad.net/python-keystoneclient/+bug/1330677
# first create a Keystone session
cacert = kwargs.pop('cacert', None)
cert = kwargs.pop('cert', None)
key = kwargs.pop('key', None)
insecure = kwargs.pop('insecure', False)
auth_url = kwargs.pop('auth_url', None)
project_id = kwargs.pop('project_id', None)
project_name = kwargs.pop('project_name', None)
token = kwargs['token']
timeout = kwargs.get('timeout')
if insecure:
verify = False
else:
verify = cacert or True
if cert and key:
# passing cert and key together is deprecated in favour of the
# requests lib form of having the cert and key as a tuple
cert = (cert, key)
# create the keystone client session
ks_session = session.Session(verify=verify, cert=cert, timeout=timeout)
v2_auth_url, v3_auth_url = _discover_auth_versions(ks_session, auth_url)
username = kwargs.pop('username', None)
user_id = kwargs.pop('user_id', None)
user_domain_name = kwargs.pop('user_domain_name', None)
user_domain_id = kwargs.pop('user_domain_id', None)
project_domain_name = kwargs.pop('project_domain_name', None)
project_domain_id = kwargs.pop('project_domain_id', None)
auth = None
use_domain = (user_domain_id or user_domain_name or project_domain_id
or project_domain_name)
use_v3 = v3_auth_url and (use_domain or (not v2_auth_url))
use_v2 = v2_auth_url and not use_domain
if use_v3 and token:
auth = v3_auth.Token(v3_auth_url,
token=token,
project_name=project_name,
project_id=project_id,
project_domain_name=project_domain_name,
project_domain_id=project_domain_id)
elif use_v2 and token:
auth = v2_auth.Token(v2_auth_url,
token=token,
tenant_id=project_id,
tenant_name=project_name)
elif use_v3:
# the auth_url as v3 specified
# e.g. http://no.where:5000/v3
# Keystone will return only v3 as viable option
auth = v3_auth.Password(v3_auth_url,
username=username,
password=kwargs.pop('password', None),
user_id=user_id,
user_domain_name=user_domain_name,
user_domain_id=user_domain_id,
project_name=project_name,
project_id=project_id,
project_domain_name=project_domain_name,
project_domain_id=project_domain_id)
elif use_v2:
# the auth_url as v2 specified
# e.g. http://no.where:5000/v2.0
# Keystone will return only v2 as viable option
auth = v2_auth.Password(v2_auth_url,
username,
kwargs.pop('password', None),
tenant_id=project_id,
tenant_name=project_name)
else:
raise exc.CommandError('Unable to determine the Keystone version '
'to authenticate with using the given '
'auth_url.')
ks_session.auth = auth
return ks_session
def _authenticate(auth_url,
username=None,
password=None,
user_domain_name='Default'):
"""Authenticate with keystone
Creates an unscoped token using the given credentials (which validates
them), and then uses that token to get a project-scoped token.
"""
unscoped_auth = v3.Password(auth_url,
username=username,
password=password,
user_domain_name=user_domain_name,
unscoped=True)
session = ks_session.Session(user_agent=USER_AGENT,
verify=not CONF.keystone_authtoken.insecure)
try:
# Trigger keystone to verify the credentials
unscoped_auth_ref = unscoped_auth.get_access(session)
except exc.connection.ConnectFailure as e:
abort(503, str(e))
except exc.http.HttpError as e:
abort(e.http_status, e.message)
except exc.ClientException as e:
abort(401, str(e))
except Exception as e:
LOG.exception(e)
abort(500, "Unable to authenticate")
client = ks_client.Client(session=session,
auth=unscoped_auth,
user_agent=USER_AGENT)
auth_url = unscoped_auth.auth_url
projects = client.projects.list(user=unscoped_auth_ref.user_id)
# Filter out disabled projects
projects = [project for project in projects if project.enabled]
# Prioritize the admin project by putting it at the beginning of the list
for pos, project in enumerate(projects):
if project.name == 'admin':
projects.pop(pos)
projects.insert(0, project)
break
# Return the first project token that we have the admin role on, otherwise
# return the first project token we have any role on.
fallback_auth_ref = None
for project in projects:
auth = v3.Token(auth_url=auth_url,
token=unscoped_auth_ref.auth_token,
project_id=project.id,
reauthenticate=False)
try:
auth_ref = auth.get_access(session)
if 'admin' in auth_ref.role_names:
return {
'token': auth_ref.auth_token,
'expires': auth_ref.expires.isoformat()
}
elif not fallback_auth_ref:
fallback_auth_ref = auth_ref
except Exception as e:
pass
if fallback_auth_ref:
return {
'token': fallback_auth_ref.auth_token,
'expires': fallback_auth_ref.expires.isoformat()
}
# TODO(gary): Consider as a secondary fallback to return a domain-scoped
# token
abort(403, "Not authorized for any project")
def displayInstance(self, datacenter, auth,instance):
self.datacenter = datacenter
self.auth = auth
self.instance = instance
current_dir = os.environ["HOME"]
for key, value in self.auth.iteritems():
if key == 'token':
token = value
if key == 'username':
username = value
if key == 'project_name':
project_name = value
if key == 'region':
region = value
if key == 'project_domain_name':
project_domain_name = value
print('\n')
print '- LOADING : ........ ',
sys.stdout.flush()
try:
if region == 'SCL1':
novaauth = v3.Token(auth_url='http://expostack.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name)
if region == 'LA1':
novaauth = v3.Token(auth_url='http://expostack-02.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name)
novasession = session.Session(auth=novaauth)
keystone = client.Client(session=novasession)
nova = novaClient.Client('2', session=novasession)
except(exceptions.AuthorizationFailure):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Unable to authenticate or validate the existing authorization token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(exceptions.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Authentication failed due to invalid token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
try:
servers = nova.servers.list(search_opts={'all_tenants': 1})
except(exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(e.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(e.from_response):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
try:
for myNode in range(len(servers)):
s = servers[myNode]
if s.name.lstrip() == self.instance.strip():
instance_id = s.id
break
except(exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
try:
display = nova.servers.get(instance_id)
except(exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(IOError,IndexError,KeyError,NameError,OSError,RuntimeError,SyntaxError,IndentationError,TypeError,UnboundLocalError,ValueError):
self.progress()
print ' [DONE]'
print('\n')
error = '- Error: Instance Name : ' + self.instance + ' is Invalid. Please try Again.'
prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(error)
return 1
try:
d = dumps(display._info, sort_keys=True, indent=4, separators=(',', ': '))
username = username.lower()
chk = username.find('@')
if chk != -1:
storeusername = username.split('@')
uname = storeusername[0]
if chk == -1:
uname = username
fileName = self.random_with_N_digits(4)
fopen = open(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName), 'w')
fopen.write('[')
fopen.write(d)
fopen.write(']')
fopen.close()
userDisplay = prettytable.PrettyTable(["INSTANCE ID", "INSTANCE NAME", "IP ADDRESS", "STATUS"])
userDisplay.align["INSTANCE ID"] = "l"
userDisplay.align["INSTANCE NAME"] = "l"
userDisplay.align["IP ADDRESS"] = "l"
userDisplay.align["STATUS"] = "l"
userDisplay.padding_width = 1
fileSize = os.stat(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName)).st_size != 0
if fileSize:
with open(current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName), 'r') as f:
data = load(f)
j = 0
ipAddr = []
instance_id = []
instance_name = []
stat = []
for item in data:
for key, value in item.items():
if key == 'addresses':
for k, v in value.iteritems():
if type(k):
for each in v:
for column, row in each.items():
if column == 'addr':
ipAddr.insert(j,row)
if key == 'id':
instance_id.insert(j,value)
if key == 'name':
instance_name.insert(j,value)
if key == 'status':
stat.insert(j,value)
j = j + 1
for j,k,l,m in map(None,instance_id,instance_name,ipAddr,stat):
userDisplay.add_row([j,k,l,m])
self.progress()
print ' [DONE]'
print('\n')
print(userDisplay)
fileToRemove = current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname + "/" + '.' + str(fileName)
os.remove(fileToRemove)
except(IOError,IndexError,KeyError,NameError,OSError,RuntimeError,SyntaxError,IndentationError,TypeError,UnboundLocalError,ValueError):
prompt = '- Error: Unknown Error, Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
else:
return 0
def create_plugin(self, session, version, url, raw_status=None):
if _discover.version_match((2, ), version):
return v2.Token(url, self._token, **self._v2_params)
elif _discover.version_match((3, ), version):
return v3.Token(url, self._token, **self._v3_params)
def _get_keystone_v3_auth(self, v3_auth_url, **kwargs):
auth_token = kwargs.pop('auth_token', None)
if auth_token:
return v3_auth.Token(v3_auth_url, auth_token)
else:
return v3_auth.Password(v3_auth_url, **kwargs)
def expiryInstances(self,datacenter,auth,instance):
self.datacenter = datacenter
self.auth = auth
self.instance = instance
current_dir = os.environ["HOME"]
if self.instance != 'list':
print '- Error: Invalid Command, Please try again.'
sys.exit()
for key, value in self.auth.iteritems():
if key == 'token':
token = value
if key == 'id':
userid = value
if key == 'username':
username = value
if key == 'project_name':
project_name = value
if key == 'region':
region = value
if key == 'project_domain_name':
project_domain_name = value
print('\n')
print '- LOADING : ........ ',
sys.stdout.flush()
try:
if region == 'SCL1':
novaauth = v3.Token(auth_url='http://expostack.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name)
if region == 'LA1':
novaauth = v3.Token(auth_url='http://expostack-02.tf-net.mydomain.com:35357/v3',token=token,project_name=project_name,project_domain_name=project_domain_name)
novasession = session.Session(auth=novaauth)
keystone = client.Client(session=novasession)
nova = novaClient.Client('2', session=novasession)
except(exceptions.AuthorizationFailure):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Unable to authenticate or validate the existing authorization token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(exceptions.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error : Authentication failed due to invalid token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
userDisplay = prettytable.PrettyTable(["INSTANCE ID", "INSTANCE NAME", "IP ADDRESS", "STATUS", "LEASE", "LEASE TYPE","CREATED ON"])
userDisplay.align["INSTANCE ID"] = "l"
userDisplay.align["INSTANCE NAME"] = "l"
userDisplay.align["IP ADDRESS"] = "l"
userDisplay.align["STATUS"] = "l"
userDisplay.align["LEASE"] = "l"
userDisplay.align["LEASE TYPE"] = "l"
userDisplay.align["CREATED ON"] = "l"
userDisplay.padding_width = 1
try:
servers = nova.servers.list(search_opts={'all_tenants': 1})
except(exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Instance could not be found for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(exceptions.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error : Authentication failed due to invalid token for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(e.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
except(e.from_response):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
callLease = self.callExpiryTime(self.datacenter,username)
if callLease != False:
try:
for myNode in range(len(servers)):
s = servers[myNode]
if userid == s.user_id:
for key, value in s.addresses.iteritems():
for item in value:
for hay,stack in item.iteritems():
if hay == 'addr':
ip = stack
for item in callLease:
for key, value in item.items():
if key == 'hostname':
node = value
if key == 'ipaddress':
ipaddr = value
if key == 'leasedays':
lease = value
if key == 'requesttype':
request = value
if key == 'created_on':
create = value
if str(node.strip()) == str(s.name.strip()):
server = str(node.strip())
ipadd = str(ip)
userDisplay.add_row([s.id,server,ipadd,s.status,str(lease),str(request),str(create)])
self.progress()
print ' [DONE]'
print('\n')
print(userDisplay)
except(IOError,IndexError,KeyError,NameError,OSError,RuntimeError,SyntaxError,IndentationError,TypeError,UnboundLocalError,ValueError):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error : Unknown Error Occured while fetching Lease for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
else:
prompt = '- Info : Lease Information fetch successful for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 0
else:
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error : Unknown Error Occured while fetching Lease for ' + username + ' at ' + time.strftime("%d/%m/%Y") + ' ' + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter,username,prompt)
print(prompt)
return 1
def createInstance(self, datacenter, auth, **command):
self.auth = auth
self.datacenter = datacenter
self.command = command
current_dir = os.environ["HOME"]
property_dict = None
user_data = None
for key, value in self.auth.iteritems():
if key == 'token':
token = value
if key == 'username':
username = value
if key == 'project_name':
project_name = value
if key == 'region':
region = value
if key == 'project_domain_name':
project_domain_name = value
print('\n')
print '- LOADING : ........ ',
sys.stdout.flush()
try:
if region == 'SCL1':
novaauth = v3.Token(
auth_url='http://expostack.tf-net.mydomain.com:35357/v3',
token=token,
project_name=project_name,
project_domain_name=project_domain_name)
if region == 'LA1':
novaauth = v3.Token(
auth_url='http://expostack-02.tf-net.mydomain.com:35357/v3',
token=token,
project_name=project_name,
project_domain_name=project_domain_name)
novasession = session.Session(auth=novaauth)
keystone = client.Client(session=novasession)
nova = novaClient.Client('2', session=novasession)
except (exceptions.AuthorizationFailure):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Unable to authenticate or validate the existing authorization token for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
except (exceptions.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Authentication failed due to invalid token for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
for hay, stack in self.command.iteritems():
if hay == 'instanceName':
instanceName = stack
if hay == 'instances':
instance = stack
if hay == 'tag':
tag = stack
if hay == 'flavor':
flv = stack
if hay == 'image':
image = stack
if hay == 'lease':
lease = stack
if hay == 'user-data':
user_data_file = stack
if hay == 'property':
property = stack
if property:
property_dict = dict()
# assume kvp's separated by ,
for kvp in property.split(','):
(k, v) = kvp.split('=')
property_dict[k] = v
if instance > 1:
min_count = 1
max_count = instance
if instance == 1:
min_count = 1
max_count = 1
try:
servers = nova.servers.list(search_opts={'all_tenants': 1})
except (e.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
except (e.from_response):
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
find = '<Server:'
replace = ''
listServer = []
createFiles = []
create = 0
ser = 0
exists = False
myFile = ''
p = 0
processNodes = []
hyfen = []
current_dir = os.environ["HOME"]
chk = username.find('@')
if chk != -1:
storeusername = username.split('@')
uname = storeusername[0]
if chk == -1:
uname = username
try:
for server in servers:
host = re.sub(find, replace, str(server))
host = re.sub('>', '', str(host))
listServer.insert(ser, host)
ser = ser + 1
findNode = instanceName.strip()
findNode = findNode[2:]
userDisplay = PrettyTable(["S.NO", "INSTANCE NAME"])
userDisplay.align["S.NO"] = "m"
userDisplay.align["INSTANCE NAME"] = "m"
userDisplay.padding_width = 20
id_inst = 1
for node in listServer:
v = node.rfind('-')
if v != -1:
verifyNode = node[:v]
verifyNode = verifyNode[3:]
if verifyNode.strip() == findNode:
userDisplay.add_row([id_inst, node])
hyfen.append(node)
id_inst = id_inst + 1
if len(hyfen) > 0:
print ' [DONE]'
print('\n')
print(
"- Info: Instances with the same name exists, please try again."
)
print(userDisplay)
print('\n')
return False
except (IOError, IndexError, KeyError, NameError, OSError,
RuntimeError, SyntaxError, IndentationError, TypeError,
UnboundLocalError, ValueError):
prompt = "- Error: Instances could not be found for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
return 1
try:
img = nova.images.find(name=image)
except (exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Image : " + image + " could not be found for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
try:
fl = nova.flavors.find(name=flv)
except (exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Flavor : " + flv + " could not be found for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
try:
nets = nova.networks.list()
except (exceptions.NotFound):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Network : " + nic + " could not be found for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
nics = list()
# find nic to apply
# [XXX] find a way to do it automatically
itprojects = ['ITOps', 'IT LAB']
if project_name in itprojects:
pseudo_project_name = 'Dev'
else:
pseudo_project_name = project_name
for net in nets:
proj = net.label.split('-')[0]
if proj.lower() in pseudo_project_name.lower():
nics = [{'net-id': net.id}]
if user_data_file:
try:
user_data = io.open(user_data_file)
except IOError:
self.progress()
print ' [DONE]'
print('\n')
prompt = '- Error: Login into Region: ' + self.datacenter + ' to perform this Operation.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
try:
initialize = nova.servers.create(name=instanceName,
image=img,
flavor=fl,
min_count=min_count,
max_count=max_count,
nics=nics,
userdata=user_data,
meta=property_dict)
if hasattr(user_data, 'close'):
user_data.close()
except (exceptions.Unauthorized):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Access denied, Please provide valid credentials for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
except (exceptions.BadRequest):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Supplied data is Invalid for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
except (exceptions.Conflict):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Info: Instance Name provided already exists for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
except (exceptions.Forbidden):
self.progress()
print ' [DONE]'
print('\n')
prompt = "- Error: Quota exceeded for instances for user: "******" at " + time.strftime(
"%d/%m/%Y") + " " + time.strftime("%I:%M:%S") + '.'
self.log(self.datacenter, username, prompt)
print(prompt)
return 1
else:
uname = uname.lower()
path = current_dir + "/" + '.' + self.datacenter + "/" + '.' + uname
chkDir = os.path.dirname(path)
if not os.path.exists(path):
os.chdir(current_dir)
os.mkdir('.' + self.datacenter)
os.chdir('.' + self.datacenter)
os.mkdir('.' + uname)
if os.path.exists(chkDir):
for myNode in range(int(max_count)):
fileName = self.random_with_N_digits(4)
fopen = open(
current_dir + "/" + '.' + self.datacenter + "/" + '.' +
uname + "/" + '.' + str(fileName) + '.create', 'w')
fopen.write('[')
s = nova.servers.list()[myNode]
d = dumps(s._info,
sort_keys=True,
indent=4,
separators=(',', ': '))
fopen.write(d)
fopen.write(']')
fopen.close()
processNodes.insert(p, s)
p = p + 1
hold = Base(object)
hold.hold_server(processNodes)
userDisplay = PrettyTable(["ID", "INSTANCE NAME", "STATUS"])
userDisplay.align["ID"] = "l"
userDisplay.align["INSTANCE NAME"] = "l"
userDisplay.align["STATUS"] = "l"
userDisplay.padding_width = 1
current_dir = current_dir = os.environ["HOME"]
for file in os.listdir(current_dir + "/" + '.' +
self.datacenter + "/" + '.' + uname):
if file.endswith(".create"):
createFiles.insert(create, file)
create = create + 1
for c in createFiles:
fileSize = os.stat(current_dir + "/" + '.' +
self.datacenter + "/" + '.' + uname +
"/" + c).st_size != 0
if fileSize:
with open(
current_dir + "/" + '.' + self.datacenter +
"/" + '.' + uname + "/" + c, 'r') as f:
data = load(f)
for item in data:
for key, value in item.items():
if key == 'id':
instance_id = value
if key == 'name':
instances = value
if key == 'status':
instance_s = value
userDisplay.add_row(
[instance_id, instances, instance_s])
self.progress()
print ' [DONE]'
print('\n')
print(userDisplay)
leaseRegion = self.datacenter
self.addLease(leaseRegion, lease, username, fl, instances)
return data
def __init__(self, token=None, url=None, auth_url=None,
domain_id=None, domain_name=None,
project_name=None, project_id=None,
username=None, password=None,
user_domain_id=None, user_domain_name=None,
project_domain_id=None, project_domain_name=None,
region_name=None, api_version=None, verify=True,
trust_id=None, timing=None):
self._token = token
self._url = url
self._auth_url = auth_url
self._domain_id = domain_id
self._domain_name = domain_name
self._project_name = project_name
self._project_id = project_id
self._username = username
self._password = password
self._user_domain_id = user_domain_id
self._user_domain_name = user_domain_name
self._project_domain_id = project_domain_id
self._project_domain_name = project_domain_name
self._region_name = region_name
self._api_version = api_version
self._trust_id = trust_id
self._service_catalog = None
self.timing = timing
# verify is the Requests-compatible form
self._verify = verify
# also store in the form used by the legacy client libs
self._cacert = None
if verify is True or verify is False:
self._insecure = not verify
else:
self._cacert = verify
self._insecure = False
ver_prefix = identity_client.AUTH_VERSIONS[
self._api_version[identity_client.API_NAME]
]
# Get logging from root logger
root_logger = logging.getLogger('')
LOG.setLevel(root_logger.getEffectiveLevel())
# NOTE(dtroyer): These plugins are hard-coded for the first step
# in using the new Keystone auth plugins.
if self._url:
LOG.debug('Using token auth %s', ver_prefix)
if ver_prefix == 'v2':
self.auth = v2_auth.Token(
auth_url=url,
token=token,
)
else:
self.auth = v3_auth.Token(
auth_url=url,
token=token,
)
else:
LOG.debug('Using password auth %s', ver_prefix)
if ver_prefix == 'v2':
self.auth = v2_auth.Password(
auth_url=auth_url,
username=username,
password=password,
trust_id=trust_id,
tenant_id=project_id,
tenant_name=project_name,
)
else:
self.auth = v3_auth.Password(
auth_url=auth_url,
username=username,
password=password,
trust_id=trust_id,
user_domain_id=user_domain_id,
user_domain_name=user_domain_name,
domain_id=domain_id,
domain_name=domain_name,
project_id=project_id,
project_name=project_name,
project_domain_id=project_domain_id,
project_domain_name=project_domain_name,
)
self.session = session.Session(
auth=self.auth,
verify=verify,
)
self.auth_ref = None
if not self._url:
# Trigger the auth call
self.auth_ref = self.session.auth.get_auth_ref(self.session)
# Populate other password flow attributes
self._token = self.session.auth.get_token(self.session)
self._service_catalog = self.auth_ref.service_catalog
return
