def create_network_client(config): try: from neutronclient.common import clientmanager from neutronclient.common.exceptions import EndpointNotFound client_name = 'neutron' except ImportError: from quantumclient.common import clientmanager from quantumclient.common.exceptions import EndpointNotFound client_name = 'quantum' # Maybe we have old schoool nova-network. Watch out try: if client_name == 'neutron': return getattr( clientmanager.ClientManager(endpoint_type='publicURL', tenant_name=config.os_tenant_name, username=config.os_username, password=config.os_password, auth_url=config.os_auth_url, region_name=config.os_region_name, api_version={'network': '2.0'}), client_name) else: return getattr( clientmanager.ClientManager(tenant_name=config.os_tenant_name, username=config.os_username, password=config.os_password, auth_url=config.os_auth_url, region_name=config.os_region_name, api_version={'network': '2.0'}), client_name) except EndpointNotFound: log.warn("Keystone does not expose a network (quantum/neutron) " "service for this OpenStack cloud.") return None
def authenticate_user(self): """Make sure the user has provided all of the authentication info we need. """ if self.options.os_auth_strategy == 'keystone': if self.options.os_token or self.options.os_url: # Token flow auth takes priority if not self.options.os_token: raise exc.CommandError( "You must provide a token via" " either --os-token or env[OS_TOKEN]") if not self.options.os_url: raise exc.CommandError("You must provide a service URL via" " either --os-url or env[OS_URL]") else: # Validate password flow auth if not self.options.os_username: raise exc.CommandError( "You must provide a username via" " either --os-username or env[OS_USERNAME]") if not self.options.os_password: raise exc.CommandError( "You must provide a password via" " either --os-password or env[OS_PASSWORD]") if (not self.options.os_tenant_name and not self.options.os_tenant_id): raise exc.CommandError( "You must provide a tenant_name or tenant_id via" " --os-tenant-name, env[OS_TENANT_NAME]" " --os-tenant-id, or via env[OS_TENANT_ID]") if not self.options.os_auth_url: raise exc.CommandError( "You must provide an auth url via" " either --os-auth-url or via env[OS_AUTH_URL]") else: # not keystone if not self.options.os_url: raise exc.CommandError("You must provide a service URL via" " either --os-url or env[OS_URL]") self.client_manager = clientmanager.ClientManager( token=self.options.os_token, url=self.options.os_url, auth_url=self.options.os_auth_url, tenant_name=self.options.os_tenant_name, tenant_id=self.options.os_tenant_id, username=self.options.os_username, password=self.options.os_password, region_name=self.options.os_region_name, api_version=self.api_version, auth_strategy=self.options.os_auth_strategy, endpoint_type=self.options.endpoint_type, insecure=self.options.insecure, ca_cert=self.options.os_cacert, log_credentials=True) return
def authenticate_user(self): """Confirm user authentication Make sure the user has provided all of the authentication info we need. """ cloud_config = os_client_config.OpenStackConfig().get_one_cloud( cloud=self.options.os_cloud, argparse=self.options, network_api_version=self.api_version) verify, cert = cloud_config.get_requests_verify_args() auth = cloud_config.get_auth() auth_session = session.Session( auth=auth, verify=verify, cert=cert, timeout=self.options.http_timeout) interface = self.options.os_endpoint_type or self.endpoint_type if interface.endswith('URL'): interface = interface[:-3] self.client_manager = clientmanager.ClientManager( retries=self.options.retries, raise_errors=False, session=auth_session, region_name=cloud_config.get_region_name(), api_version=cloud_config.get_api_version('network'), service_type=cloud_config.get_service_type('network'), service_name=cloud_config.get_service_name('network'), endpoint_type=interface, auth=auth, log_credentials=True) return
def authenticate_user(self): """Confirm user authentication Make sure the user has provided all of the authentication info we need. """ cloud_config = os_client_config.OpenStackConfig().get_one_cloud( cloud=self.options.os_cloud, argparse=self.options, network_api_version=self.api_version, verify=not self.options.insecure) verify, cert = cloud_config.get_requests_verify_args() # TODO(singhj): Remove dependancy on HTTPClient # for the case of token-endpoint authentication # When using token-endpoint authentication legacy # HTTPClient will be used, otherwise SessionClient # will be used. if self.options.os_token and self.options.os_url: auth = None auth_session = None else: auth = cloud_config.get_auth() auth_session = session.Session(auth=auth, verify=verify, cert=cert, timeout=self.options.http_timeout) interface = self.options.os_endpoint_type or self.endpoint_type if interface.endswith('URL'): interface = interface[:-3] self.client_manager = clientmanager.ClientManager( retries=self.options.retries, raise_errors=False, session=auth_session, url=self.options.os_url, token=self.options.os_token, region_name=cloud_config.get_region_name(), api_version=cloud_config.get_api_version('network'), service_type=cloud_config.get_service_type('network'), service_name=cloud_config.get_service_name('network'), endpoint_type=interface, auth=auth, insecure=not verify, log_credentials=True) return
def authenticate_user(self): """Make sure the user has provided all of the authentication info we need. """ if self.options.os_auth_strategy == 'keystone': if self.options.os_token or self.options.os_url: # Token flow auth takes priority if not self.options.os_token: raise exc.CommandError( _("You must provide a token via" " either --os-token or env[OS_TOKEN]")) if not self.options.os_url: raise exc.CommandError( _("You must provide a service URL via" " either --os-url or env[OS_URL]")) else: # Validate password flow auth project_info = (self.options.os_tenant_name or self.options.os_tenant_id or (self.options.os_project_name and (self.options.project_domain_name or self.options.project_domain_id)) or self.options.os_project_id) if (not self.options.os_username and not self.options.os_user_id): raise exc.CommandError( _("You must provide a username or user ID via" " --os-username, env[OS_USERNAME] or" " --os-user_id, env[OS_USER_ID]")) if not self.options.os_password: raise exc.CommandError( _("You must provide a password via" " either --os-password or env[OS_PASSWORD]")) if (not project_info): # tenent is deprecated in Keystone v3. Use the latest # terminology instead. raise exc.CommandError( _("You must provide a project_id or project_name (" "with project_domain_name or project_domain_id) " "via " " --os-project-id (env[OS_PROJECT_ID])" " --os-project-name (env[OS_PROJECT_NAME])," " --os-project-domain-id " "(env[OS_PROJECT_DOMAIN_ID])" " --os-project-domain-name " "(env[OS_PROJECT_DOMAIN_NAME])")) if not self.options.os_auth_url: raise exc.CommandError( _("You must provide an auth url via" " either --os-auth-url or via env[OS_AUTH_URL]")) auth_session = self._get_keystone_session() auth = auth_session.auth else: # not keystone if not self.options.os_url: raise exc.CommandError( _("You must provide a service URL via" " either --os-url or env[OS_URL]")) auth_session = None auth = None self.client_manager = clientmanager.ClientManager( token=self.options.os_token, url=self.options.os_url, auth_url=self.options.os_auth_url, tenant_name=self.options.os_tenant_name, tenant_id=self.options.os_tenant_id, username=self.options.os_username, user_id=self.options.os_user_id, password=self.options.os_password, region_name=self.options.os_region_name, api_version=self.api_version, auth_strategy=self.options.os_auth_strategy, # FIXME (bklei) honor deprecated service_type and # endpoint type until they are removed service_type=self.options.os_service_type or self.options.service_type, endpoint_type=self.options.os_endpoint_type or self.endpoint_type, insecure=self.options.insecure, ca_cert=self.options.os_cacert, timeout=self.options.http_timeout, retries=self.options.retries, raise_errors=False, session=auth_session, auth=auth, log_credentials=True) return
def authenticate_user(self): """Make sure the user has provided all of the authentication info we need. """ _os_auth_str = self.options.os_auth_strategy _auth_plugin = None if _os_auth_str == 'keystone': if self.options.os_token or self.options.os_url: # Token flow auth takes priority if not self.options.os_token: raise exc.CommandError( _("You must provide a token via" " either --os-token or env[OS_TOKEN]")) if not self.options.os_url: raise exc.CommandError( _("You must provide a service URL via" " either --os-url or env[OS_URL]")) else: # Validate password flow auth project_info = (self.options.os_tenant_name or self.options.os_tenant_id or (self.options.os_project_name and (self.options.os_project_domain_name or self.options.os_project_domain_id)) or self.options.os_project_id) if (not self.options.os_username and not self.options.os_user_id): raise exc.CommandError( _("You must provide a username or user ID via" " --os-username, env[OS_USERNAME] or" " --os-user-id, env[OS_USER_ID]")) if not self.options.os_password: # No password, If we've got a tty, try prompting for it if hasattr(sys.stdin, 'isatty') and sys.stdin.isatty(): # Check for Ctl-D try: self.options.os_password = getpass.getpass( 'OS Password: '******'t have a tty or the # user Ctl-D when prompted. if not self.options.os_password: raise exc.CommandError( _("You must provide a password via" " either --os-password or env[OS_PASSWORD]")) if (not project_info): # tenent is deprecated in Keystone v3. Use the latest # terminology instead. raise exc.CommandError( _("You must provide a project_id or project_name (" "with project_domain_name or project_domain_id) " "via " " --os-project-id (env[OS_PROJECT_ID])" " --os-project-name (env[OS_PROJECT_NAME])," " --os-project-domain-id " "(env[OS_PROJECT_DOMAIN_ID])" " --os-project-domain-name " "(env[OS_PROJECT_DOMAIN_NAME])")) if not self.options.os_auth_url: raise exc.CommandError( _("You must provide an auth url via" " either --os-auth-url or via env[OS_AUTH_URL]")) auth_session = self._get_keystone_session() auth = auth_session.auth else: # not keystone if _os_auth_str: try: _auth_plugin = auth_plugin.load_plugin(_os_auth_str) except exc.AuthSystemNotFound: raise elif not self.options.os_url: raise exc.CommandError( _("You must provide a service URL via" " either --os-url or env[OS_URL]")) auth_session = None auth = None self.client_manager = clientmanager.ClientManager( token=self.options.os_token, url=self.options.os_url, auth_url=self.options.os_auth_url, tenant_name=self.options.os_tenant_name, tenant_id=self.options.os_tenant_id, username=self.options.os_username, user_id=self.options.os_user_id, password=self.options.os_password, region_name=self.options.os_region_name, api_version=self.api_version, auth_strategy=self.options.os_auth_strategy, auth_plugin=_auth_plugin, # FIXME (bklei) honor deprecated service_type and # endpoint type until they are removed service_type=self.options.os_service_type or self.options.service_type, endpoint_type=self.options.os_endpoint_type or self.endpoint_type, insecure=self.options.insecure, ca_cert=self.options.os_cacert, timeout=self.options.http_timeout, retries=self.options.retries, raise_errors=False, session=auth_session, auth=auth, log_credentials=True) return