def _create_auth_plugin(self):
if self.auth_token_info:
access_info = access.create(body=self.auth_token_info,
auth_token=self.auth_token)
return access_plugin.AccessInfoPlugin(
auth_ref=access_info, auth_url=self.keystone_v3_endpoint)
if self.auth_token:
# FIXME(jamielennox): This is broken but consistent. If you
# only have a token but don't load a service catalog then
# url_for wont work. Stub with the keystone endpoint so at
# least it might be right.
return token_endpoint.Token(endpoint=self.keystone_v3_endpoint,
token=self.auth_token)
if self.password:
return generic.Password(username=self.username,
password=self.password,
project_id=self.tenant_id,
user_domain_id=self.user_domain,
auth_url=self.keystone_v3_endpoint)
LOG.error(
_LE("Keystone API connection failed, no password "
"trust or auth_token!"))
raise exception.AuthorizationFailure()
def _get_auth(self):
if self.context.is_admin:
try:
auth = ka_loading.load_auth_from_conf_options(
CONF, ksconf.CFG_GROUP)
except ka_exception.MissingRequiredOptions:
auth = self._get_legacy_auth()
elif self.context.auth_token_info:
access_info = ka_access.create(body=self.context.auth_token_info,
auth_token=self.context.auth_token)
auth = ka_access_plugin.AccessInfoPlugin(access_info)
elif self.context.auth_token:
auth = ka_v3.Token(auth_url=self.auth_url,
token=self.context.auth_token)
elif self.context.trust_id:
auth_info = {
'auth_url': self.auth_url,
'username': self.context.user_name,
'password': self.context.password,
'user_domain_id': self.context.user_domain_id,
'user_domain_name': self.context.user_domain_name,
'trust_id': self.context.trust_id
}
auth = ka_v3.Password(**auth_info)
else:
LOG.error(
_LE('Keystone API connection failed: no password, '
'trust_id or token found.'))
raise exception.AuthorizationFailure()
return auth
def _plugin(self, **kwargs):
token = fixture.V3Token()
s = token.add_service('identity')
s.add_standard_endpoints(public=self.TEST_ROOT_URL)
auth_ref = access.create(body=token, auth_token=self.auth_token)
return access_plugin.AccessInfoPlugin(auth_ref, **kwargs)
def _create_auth_plugin(self):
if self.auth_token_info:
access_info = access.create(body=self.auth_token_info,
auth_token=self.auth_token)
return access_plugin.AccessInfoPlugin(
auth_ref=access_info, auth_url=self.keystone_v3_endpoint)
if self.password:
# Never trust the password. Refer to keyring
LOG.info("Re-determining password from keyring")
self.password = keyring.get_password('CGCS', self.username)
# TIS user_domain_id is blank. Use user_domain_name to lookup user
user_domain_name = cfg.CONF.user_domain_name
return generic.Password(username=self.username,
password=self.password,
project_id=self.tenant_id,
user_domain_id=self.user_domain,
user_domain_name=user_domain_name,
auth_url=self.keystone_v3_endpoint)
if self.auth_token:
# FIXME(jamielennox): This is broken but consistent. If you
# only have a token but don't load a service catalog then
# url_for wont work. Stub with the keystone endpoint so at
# least it might be right.
return token_endpoint.Token(endpoint=self.keystone_v3_endpoint,
token=self.auth_token)
LOG.error("Keystone API connection failed, no password "
"trust or auth_token!")
raise exception.AuthorizationFailure()
def create_user_auth_plugin(self, context):
if not context.auth_token_info:
msg = ("user=%s, project=%s" %
(context.user_id, context.project_id))
raise exception.AuthorizationFailure(obj=msg)
auth_ref = access.create(body=context.auth_token_info,
auth_token=context.auth_token)
return access_plugin.AccessInfoPlugin(auth_url=self.auth_uri,
auth_ref=auth_ref)
def _get_auth(self):
if self.context.is_admin:
auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP)
elif self.context.auth_token_info:
access_info = ka_access.create(body=self.context.auth_token_info,
auth_token=self.context.auth_token)
auth = ka_access_plugin.AccessInfoPlugin(access_info)
elif self.context.auth_token:
auth = ka_v3.Token(auth_url=self.auth_url,
token=self.context.auth_token)
else:
LOG.error(_LE('Keystone API connection failed: no password '
'or token found.'))
raise exception.AuthorizationFailure()
return auth
def _get_auth(self):
if self.context.is_admin:
auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP)
elif self.context.auth_token_info:
access_info = ka_access.create(body=self.context.auth_token_info,
auth_token=self.context.auth_token)
auth = ka_access_plugin.AccessInfoPlugin(access_info)
elif self.context.auth_token:
auth = ka_v3.Token(auth_url=self.auth_url,
token=self.context.auth_token)
else:
msg = ('Keystone API connection failed: no password, '
'trust_id or token found.')
LOG.error(msg)
raise exception.AuthorizationFailure(client='keystone',
message='reason %s' % msg)
return auth
def create_trust_to_karbor(self, context):
if not context.auth_token_info:
msg = ("user=%s, project=%s" %
(context.user_id, context.project_id))
raise exception.AuthorizationFailure(obj=msg)
auth_ref = access.create(body=context.auth_token_info,
auth_token=context.auth_token)
user_auth_plugin = access_plugin.AccessInfoPlugin(
auth_url=self._auth_uri, auth_ref=auth_ref)
l_kc_v3 = self._get_keystone_client(user_auth_plugin)
try:
trust = l_kc_v3.trusts.create(trustor_user=context.user_id,
trustee_user=self._karbor_user_id,
project=context.project_id,
impersonation=True,
role_names=context.roles)
return trust.id
except Exception as e:
raise exception.AuthorizationFailure(obj=str(e))
def _get_auth(self):
#LOG.debug('KeystoneClient _get_auth xxx is_admin=%s,auth_token=%s,auth_token_info=%s', self.context.is_admin, self.context.auth_token,self.context.auth_token_info)
if self.context.is_admin:
auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP)
#LOG.debug('KeystoneClient _get_auth xxx auth=%s', auth.__dict__);
elif self.context.auth_token_info:
#LOG.debug('KeystoneClient _get_auth xxx auth_token_info inside');
access_info = ka_access.create(body=self.context.auth_token_info,
auth_token=self.context.auth_token)
auth = ka_access_plugin.AccessInfoPlugin(access_info)
elif self.context.auth_token:
#LOG.debug('KeystoneClient _get_auth xxx auth_token inside');
auth = ka_v3.Token(auth_url=self.auth_url,
token=self.context.auth_token)
else:
msg = ('Keystone API connection failed: no password, '
'trust_id or token found.')
LOG.error(msg)
raise exception.AuthorizationFailure(client='keystone',
message='reason %s' % msg)
#LOG.debug('KeystoneClient _get_auth xxx final auth=%s', auth);
return auth
