def _create_identity_server(self): # NOTE(jamielennox): Loading Session here should be exactly the # same as calling Session.load_from_conf_options(CONF, GROUP) # however we can't do that because we have to use _conf_get to # support the paste.ini options. sess = session.Session.construct(dict( cert=self._conf_get('certfile'), key=self._conf_get('keyfile'), cacert=self._conf_get('cafile'), insecure=self._conf_get('insecure'), timeout=self._conf_get('http_connect_timeout') )) auth_plugin = self._get_auth_plugin() adap = adapter.Adapter( sess, auth=auth_plugin, service_type='identity', interface='admin', connect_retries=self._conf_get('http_request_max_retries')) auth_version = self._conf_get('auth_version') if auth_version is not None: auth_version = discover.normalize_version_number(auth_version) return _identity.IdentityServer( self._LOG, adap, include_service_catalog=self._include_service_catalog, requested_auth_version=auth_version)
def _create_identity_server(self): # NOTE(jamielennox): Loading Session here should be exactly the # same as calling Session.load_from_conf_options(CONF, GROUP) # however we can't do that because we have to use _conf_get to # support the paste.ini options. sess = session.Session.construct( dict(cert=self._conf_get('certfile'), key=self._conf_get('keyfile'), cacert=self._conf_get('cafile'), insecure=self._conf_get('insecure'), timeout=self._conf_get('http_connect_timeout'), user_agent=self._build_useragent_string())) auth_plugin = self._get_auth_plugin() adap = adapter.Adapter( sess, auth=auth_plugin, service_type='identity', interface='admin', region_name=self._conf_get('region_name'), connect_retries=self._conf_get('http_request_max_retries')) auth_version = self._conf_get('auth_version') if auth_version is not None: auth_version = discover.normalize_version_number(auth_version) return _identity.IdentityServer( self.log, adap, include_service_catalog=self._include_service_catalog, requested_auth_version=auth_version)
def get_rate_projects(self): keystone_version = discover.normalize_version_number('3') auth_dispatch = { (3, ): ('project', 'projects', 'list'), (2, ): ('tenant', 'tenants', 'roles_for_user') } for auth_version, auth_version_mapping in six.iteritems(auth_dispatch): if discover.version_match(auth_version, keystone_version): return self._do_get_projects(auth_version_mapping) msg = "Keystone version you've specified is not supported" raise exceptions.VersionNotAvailable(msg)
def get_tenants(self, conf=None): keystone_version = discover.normalize_version_number( CONF.keystone_fetcher.keystone_version) auth_dispatch = { (3, ): ('project', 'projects', 'list'), (2, ): ('tenant', 'tenants', 'roles_for_user') } for auth_version, auth_version_mapping in auth_dispatch.items(): if discover.version_match(auth_version, keystone_version): return self._do_get_tenants(auth_version_mapping, conf) msg = "Keystone version you've specified is not supported" raise exceptions.VersionNotAvailable(msg)
def get_endpoint(self, session, interface=None, version=None, **kwargs): """Return an endpoint for the client. There are no required keyword arguments to ``get_endpoint`` as a plugin implementation should use best effort with the information available to determine the endpoint. :param session: The session object that the auth_plugin belongs to. :type session: keystoneclient.session.Session :param version: The version number required for this endpoint. :type version: tuple or str :param str interface: what visibility the endpoint should have. :returns: The base URL that will be used to talk to the required service or None if not available. :rtype: string """ if interface == auth.AUTH_INTERFACE: return self._identity_uri if not version: # NOTE(jamielennox): This plugin can only be used within auth_token # and auth_token will always provide version= with requests. return None if not self._discover: self._discover = discover.Discover(session, auth_url=self._identity_uri, authenticated=False) if not self._discover.url_for(version): # NOTE(jamielennox): The requested version is not supported by the # identity server. return None # NOTE(jamielennox): for backwards compatibility here we don't # actually use the URL from discovery we hack it up instead. :( # NOTE(blk-u): Normalizing the version is a workaround for bug 1450272. # This can be removed once that's fixed. Also fix the docstring for the # version parameter to be just "tuple". version = discover.normalize_version_number(version) if discover.version_match((2, 0), version): return '%s/v2.0' % self._identity_uri elif discover.version_match((3, 0), version): return '%s/v3' % self._identity_uri # NOTE(jamielennox): This plugin will only get called from auth_token # middleware. The middleware should never request a version that the # plugin doesn't know how to handle. msg = _('Invalid version asked for in auth_token plugin') raise NotImplementedError(msg)
def get_endpoint(self, session, interface=None, version=None, **kwargs): """Return an endpoint for the client. There are no required keyword arguments to ``get_endpoint`` as a plugin implementation should use best effort with the information available to determine the endpoint. :param session: The session object that the auth_plugin belongs to. :type session: keystoneclient.session.Session :param version: The version number required for this endpoint. :type version: tuple or str :param str interface: what visibility the endpoint should have. :returns: The base URL that will be used to talk to the required service or None if not available. :rtype: string """ if interface == auth.AUTH_INTERFACE: return self._identity_uri if not version: # NOTE(jamielennox): This plugin can only be used within auth_token # and auth_token will always provide version= with requests. return None if not self._discover: self._discover = discover.Discover(session, auth_url=self._identity_uri, authenticated=False) if not self._discover.url_for(version): # NOTE(jamielennox): The requested version is not supported by the # identity server. return None # NOTE(jamielennox): for backwards compatibility here we don't # actually use the URL from discovery we hack it up instead. :( # NOTE(blk-u): Normalizing the version is a workaround for bug 1450272. # This can be removed once that's fixed. Also fix the docstring for the # version parameter to be just "tuple". version = discover.normalize_version_number(version) if discover.version_match((2, 0), version): return "%s/v2.0" % self._identity_uri elif discover.version_match((3, 0), version): return "%s/v3" % self._identity_uri # NOTE(jamielennox): This plugin will only get called from auth_token # middleware. The middleware should never request a version that the # plugin doesn't know how to handle. msg = _("Invalid version asked for in auth_token plugin") raise NotImplementedError(msg)
def get_tenants(self): keystone_version = discover.normalize_version_number( CONF.keystone_fetcher.keystone_version) if discover.version_match((2,), keystone_version): tenant_list = self.admin_ks.tenants.list() else: tenant_list = self.admin_ks.projects.list() my_user_id = self.session.get_user_id() for tenant in tenant_list[:]: if discover.version_match((2,), keystone_version): roles = self.admin_ks.roles.roles_for_user( my_user_id, tenant) else: roles = self.admin_ks.roles.list(user=my_user_id, project=tenant) if 'rating' not in [role.name for role in roles]: tenant_list.remove(tenant) return [tenant.id for tenant in tenant_list]
def _create_identity_server(self): # NOTE(jamielennox): Loading Session here should be exactly the # same as calling Session.load_from_conf_options(CONF, GROUP) # however we can't do that because we have to use _conf_get to # support the paste.ini options. # tomograph.start("AuthProtocol", "create IS", "127.0.0.1", 0) sess = session.Session.construct( dict( cert=self._conf_get("certfile"), key=self._conf_get("keyfile"), cacert=self._conf_get("cafile"), insecure=self._conf_get("insecure"), timeout=self._conf_get("http_connect_timeout"), user_agent=self._build_useragent_string(), ) ) # tomograph.annotate("construct session", "AuthProtocol") auth_plugin = self._get_auth_plugin() adap = adapter.Adapter( sess, auth=auth_plugin, service_type="identity", interface="admin", connect_retries=self._conf_get("http_request_max_retries"), ) # tomograph.annotate("create adapter", "AuthProtocol") auth_version = self._conf_get("auth_version") if auth_version is not None: auth_version = discover.normalize_version_number(auth_version) return _identity.IdentityServer( self.log, adap, include_service_catalog=self._include_service_catalog, requested_auth_version=auth_version )