def test_token_credential_with_context(self):
token_value = 'ec9799cd921e4e0a8ab6111c08ebf065'
ctxt = context.RequestContext(auth_token=token_value)
self.config_fixture.config(auth_type='token', group='key_manager')
token_context = utils.credential_factory(conf=CONF, context=ctxt)
token_context_class = token_context.__class__.__name__
self.assertEqual('Token', token_context_class)
self.assertEqual(token_value, token_context.token)
def test_keystone_token_credential(self):
token_value = 'ec9799cd921e4e0a8ab6111c08ebf065'
self.config_fixture.config(auth_type='keystone_token',
token=token_value,
group='key_manager')
ks_token_context = utils.credential_factory(conf=CONF)
ks_token_context_class = ks_token_context.__class__.__name__
self.assertEqual('KeystoneToken', ks_token_context_class)
self.assertEqual(token_value, ks_token_context.token)
def test_password_credential(self):
password_value = 'p4ssw0rd'
self.config_fixture.config(auth_type='password',
password=password_value,
group='key_manager')
password_context = utils.credential_factory(conf=CONF)
password_context_class = password_context.__class__.__name__
self.assertEqual('Password', password_context_class)
self.assertEqual(password_value, password_context.password)
def test_oslo_context_to_keystone_token(self):
auth_token_value = '16bd612f28ec479b8ffe8e124fc37b43'
tenant_value = '00c6ef5ad2984af2acd7d42c299935c0'
ctxt = context.RequestContext(auth_token=auth_token_value,
tenant=tenant_value)
ks_token_context = utils.credential_factory(context=ctxt)
ks_token_context_class = ks_token_context.__class__.__name__
self.assertEqual('KeystoneToken', ks_token_context_class)
self.assertEqual(auth_token_value, ks_token_context.token)
self.assertEqual(tenant_value, ks_token_context.project_id)
def test_password_credential(self):
password_value = 'p4ssw0rd'
self.config_fixture.config(
auth_type='password',
password=password_value,
group='key_manager'
)
password_context = utils.credential_factory(conf=CONF)
password_context_class = password_context.__class__.__name__
self.assertEqual('Password', password_context_class)
self.assertEqual(password_value, password_context.password)
def test_token_credential_with_context(self):
token_value = 'ec9799cd921e4e0a8ab6111c08ebf065'
ctxt = context.RequestContext(auth_token=token_value)
self.config_fixture.config(
auth_type='token',
group='key_manager'
)
token_context = utils.credential_factory(conf=CONF, context=ctxt)
token_context_class = token_context.__class__.__name__
self.assertEqual('Token', token_context_class)
self.assertEqual(token_value, token_context.token)
def test_oslo_context_to_keystone_token(self):
auth_token_value = '16bd612f28ec479b8ffe8e124fc37b43'
tenant_value = '00c6ef5ad2984af2acd7d42c299935c0'
ctxt = context.RequestContext(
auth_token=auth_token_value,
tenant=tenant_value)
ks_token_context = utils.credential_factory(context=ctxt)
ks_token_context_class = ks_token_context.__class__.__name__
self.assertEqual('KeystoneToken', ks_token_context_class)
self.assertEqual(auth_token_value, ks_token_context.token)
self.assertEqual(tenant_value, ks_token_context.project_id)
def test_keystone_token_credential(self):
token_value = 'ec9799cd921e4e0a8ab6111c08ebf065'
self.config_fixture.config(
auth_type='keystone_token',
token=token_value,
group='key_manager'
)
ks_token_context = utils.credential_factory(conf=CONF)
ks_token_context_class = ks_token_context.__class__.__name__
self.assertEqual('KeystoneToken', ks_token_context_class)
self.assertEqual(token_value, ks_token_context.token)
def decrypt_data(value):
manager = key_manager.API()
try:
context = castellan_utils.credential_factory(conf=cfg.CONF)
except castellan_exception.AuthTypeInvalidError as e:
LOG.exception(e)
LOG.error("Castellan must be correctly configured in order to use "
"decryptData()")
raise
try:
data = manager.get(context, value).get_encoded()
except castellan_exception.KeyManagerError as e:
LOG.exception(e)
raise
return data
set_castellan_defaults(GCONF)
else:
LOG.debug("Using Tatu as key manager.")
set_castellan_defaults(GCONF, api_class='tatu.castellano.TatuKeyManager')
global_config_files = ['/etc/tatu/tatu.conf']
if CONF.tatu.use_pat_bastions:
from dragonflow import conf as dragonflow_cfg
from dragonflow.db import api_nb
global_files.append('/etc/neutron/dragonflow.ini')
GCONF(args=[], default_config_files=global_config_files)
auth = v3.Password(auth_url=CONF.tatu.auth_url,
user_id=CONF.tatu.user_id,
password=CONF.tatu.password,
project_id=CONF.tatu.project_id)
session = keystone_session.Session(auth=auth)
KEYSTONE = keystone_client.Client(session=session)
NOVA = nova_client.Client('2', session=session)
NEUTRON = neutron_client.Client(session=session)
DESIGNATE = designate_client.Client(session=session)
DRAGONFLOW = None
if CONF.tatu.use_pat_bastions:
dragonflow_cfg.CONF.set_override('enable_df_pub_sub', False, group='df')
DRAGONFLOW = api_nb.NbApi.get_instance(False)
# Create a context for use by Castellan
CONTEXT = castellan_utils.credential_factory(conf=CONF)
