def get_configured_credentials(credential_type, fill_in=True, identity_version=None): identity_version = identity_version or CONF.identity.auth_version if identity_version not in ('v2', 'v3'): raise exceptions.InvalidConfiguration('Unsupported auth version: %s' % identity_version) if credential_type not in CREDENTIAL_TYPES: raise exceptions.InvalidCredentials() conf_attributes = ['username', 'password', 'tenant_name'] if identity_version == 'v3': conf_attributes.append('domain_name') # Read the parts of credentials from config params = DEFAULT_PARAMS.copy() section, prefix = CREDENTIAL_TYPES[credential_type] for attr in conf_attributes: _section = getattr(CONF, section) if prefix is None: params[attr] = getattr(_section, attr) else: params[attr] = getattr(_section, prefix + "_" + attr) # Build and validate credentials. We are reading configured credentials, # so validate them even if fill_in is False credentials = get_credentials(fill_in=fill_in, identity_version=identity_version, **params) if not fill_in: if not credentials.is_valid(): msg = ("The %s credentials are incorrectly set in the config file." " Double check that all required values are assigned" % credential_type) raise exceptions.InvalidConfiguration(msg) return credentials
def __init__(self, credentials=None): """ We allow overriding of the credentials used within the various client classes managed by the Manager object. Left as None, the standard username/password/tenant_name[/domain_name] is used. :param credentials: Override of the credentials """ self.auth_version = CONF.identity.auth_version if credentials is None: self.credentials = cred_provider.get_configured_credentials('user') else: self.credentials = credentials # Check if passed or default credentials are valid if not self.credentials.is_valid(): raise exceptions.InvalidCredentials() # Tenant isolation creates TestResources, but Accounts and some tests # creates Credentials if isinstance(credentials, cred_provider.TestResources): creds = self.credentials.credentials else: creds = self.credentials # Creates an auth provider for the credentials self.auth_provider = get_auth_provider(creds) # FIXME(andreaf) unused self.client_attr_names = []
def get_auth_provider(credentials): default_params = { 'disable_ssl_certificate_validation': CONF.identity.disable_ssl_certificate_validation, 'ca_certs': CONF.identity.ca_certificates_file, 'trace_requests': CONF.debug.trace_requests } if credentials is None: raise exceptions.InvalidCredentials('Credentials must be specified') auth_provider_class, auth_url = get_auth_provider_class(credentials) return auth_provider_class(credentials, auth_url, **default_params)
def get_client_manager(cls, credential_type=None, roles=None, force_new=None): """Returns an OpenStack client manager Returns an OpenStack client manager based on either credential_type or a list of roles. If neither is specified, it defaults to credential_type 'primary' :param credential_type: string - primary, alt or admin :param roles: list of roles :returns: the created client manager :raises skipException: if the requested credentials are not available """ if all([roles, credential_type]): msg = "Cannot get credentials by type and roles at the same time" raise ValueError(msg) if not any([roles, credential_type]): credential_type = 'primary' cred_provider = cls._get_credentials_provider() if roles: for role in roles: if not cred_provider.is_role_available(role): skip_msg = ( "%s skipped because the configured credential provider" " is not able to provide credentials with the %s role " "assigned." % (cls.__name__, role)) raise cls.skipException(skip_msg) params = dict(roles=roles) if force_new is not None: params.update(force_new=force_new) creds = cred_provider.get_creds_by_roles(**params) else: credentials_method = 'get_%s_creds' % credential_type if hasattr(cred_provider, credentials_method): creds = getattr(cred_provider, credentials_method)() else: raise exceptions.InvalidCredentials( "Invalid credentials type %s" % credential_type) return clients.Manager(credentials=creds, service=cls._service)