def trusts_auth_plugin(self): if self._trusts_auth_plugin: return self._trusts_auth_plugin self._trusts_auth_plugin = auth.load_from_conf_options( cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id) if self._trusts_auth_plugin: return self._trusts_auth_plugin LOG.warning(_LW('Using the keystone_authtoken user as the king ' 'trustee user directly is deprecated. Please add the ' 'trustee credentials you need to the %s section of ' 'your king.conf file.') % TRUSTEE_CONF_GROUP) cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token') trustee_user_domain = 'default' if 'user_domain_id' in cfg.CONF.keystone_authtoken: trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id self._trusts_auth_plugin = v3.Password( username=cfg.CONF.keystone_authtoken.admin_user, password=cfg.CONF.keystone_authtoken.admin_password, user_domain_id=trustee_user_domain, auth_url=self.keystone_v3_endpoint, trust_id=self.trust_id) return self._trusts_auth_plugin
def __init__(self): auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') endpoint_override = None if not auth: if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = n_nova.DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) novaclient_cls = nclient.get_client_class(n_nova.NOVA_API_VERSION) self.nclient = novaclient_cls(session=session, region_name=cfg.CONF.nova.region_name)
def ensure_project(self, project_id): """Ensure cache contains mapping for project. :param project_id: ID of the project Ensure that the cache contains a mapping for the project identified by project_id. If it is not, Keystone will be queried for the current list of projects, and any new mappings will be added to the cache. This method should never be called inside a transaction with a project_id not already in the cache. """ if project_id not in self.project_names: if self.keystone is None: LOG.debug("Getting keystone client") auth = ksc_auth.load_from_conf_options(cfg.CONF, AUTH_GROUP) LOG.debug("Got auth: %s" % auth) if not auth: LOG.warning(_LW('No auth_plugin configured in %s'), AUTH_GROUP) session = ksc_session.Session.load_from_conf_options( cfg.CONF, AUTH_GROUP, auth=auth) LOG.debug("Got session: %s" % session) self.keystone = ksc_client.Client(session=session) LOG.debug("Got client: %s" % self.keystone) LOG.debug("Calling project API") projects = self.keystone.projects.list() LOG.debug("Received projects: %s" % projects) for project in projects: self.project_names[project.id] = project.name
def __init__(self): auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') endpoint_override = None if not auth: if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = n_nova.DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options( cfg.CONF, 'nova', auth=auth) novaclient_cls = nclient.get_client_class(n_nova.NOVA_API_VERSION) self.nclient = novaclient_cls( session=session, region_name=cfg.CONF.nova.region_name)
def ensure_project(self, project_id): """Ensure cache contains mapping for project. :param project_id: ID of the project Ensure that the cache contains a mapping for the project identified by project_id. If it is not, Keystone will be queried for the current list of projects, and any new mappings will be added to the cache. This method should never be called inside a transaction with a project_id not already in the cache. """ # TODO(rkukura): It seems load_from_conf_options() and # keystoneclient auth plugins have been deprecated, and we # should use keystoneauth instead. if project_id not in self.project_names: if self.keystone is None: LOG.debug("Getting keystone client") auth = ksc_auth.load_from_conf_options(cfg.CONF, AUTH_GROUP) LOG.debug("Got auth: %s" % auth) if not auth: LOG.warning(_LW('No auth_plugin configured in %s'), AUTH_GROUP) session = ksc_session.Session.load_from_conf_options( cfg.CONF, AUTH_GROUP, auth=auth) LOG.debug("Got session: %s" % session) self.keystone = ksc_client.Client(session=session) LOG.debug("Got client: %s" % self.keystone) LOG.debug("Calling project API") projects = self.keystone.projects.list() LOG.debug("Received projects: %s" % projects) for project in projects: self.project_names[project.id] = project.name
def _nova_client(self, token=None): auth = ks_auth.load_from_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION) endpoint_override = None if not auth: LOG.warning(_LW('Authenticating to nova using nova_admin_* options' ' is deprecated. This should be done using' ' an auth plugin, like password')) if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options( cfg.CONF, SERVICEVM_NOVA_CONF_SECTION, auth=auth) novaclient_cls = self._novaclient.get_client_class(NOVA_API_VERSION) return novaclient_cls(session=session, region_name=cfg.CONF.servicevm_nova.region_name)
def _nova_client(self, token=None): auth = ks_auth.load_from_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION) endpoint_override = None if not auth: LOG.warning( _LW('Authenticating to nova using nova_admin_* options' ' is deprecated. This should be done using' ' an auth plugin, like password')) if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options( cfg.CONF, TACKER_NOVA_CONF_SECTION, auth=auth) novaclient_cls = self._novaclient.get_client_class(NOVA_API_VERSION) return novaclient_cls(session=session, region_name=cfg.CONF.tacker_nova.region_name)
def trusts_auth_plugin(self): if self._trusts_auth_plugin: return self._trusts_auth_plugin self._trusts_auth_plugin = auth.load_from_conf_options( cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id) if self._trusts_auth_plugin: return self._trusts_auth_plugin LOG.warning(_LW('Using the keystone_authtoken user ' 'as the conveyorheat ' 'trustee user directly is deprecated. Please add the ' 'trustee credentials you need to the %s section of ' 'your heat.conf file.') % TRUSTEE_CONF_GROUP) cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token') trustee_user_domain = 'default' if 'user_domain_id' in cfg.CONF.keystone_authtoken: trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id self._trusts_auth_plugin = v3.Password( username=cfg.CONF.keystone_authtoken.admin_user, password=cfg.CONF.keystone_authtoken.admin_password, user_domain_id=trustee_user_domain, auth_url=self.keystone_v3_endpoint, trust_id=self.trust_id) return self._trusts_auth_plugin
def __init__(self): self.auth = ks_auth.load_from_conf_options(CONF, KEYSTONE_FETCHER_OPTS) self.session = ks_session.Session.load_from_conf_options( CONF, KEYSTONE_FETCHER_OPTS, auth=self.auth) self.admin_ks = kclient.Client( version=CONF.keystone_fetcher.keystone_version, session=self.session, auth_url=self.auth.auth_url)
def session(self): if not self._session: # Construct a Keystone session for configured auth_plugin # and credentials auth_plugin = ksauth.load_from_conf_options( cfg.CONF, 'keystone_authtoken') self._session = kssession.Session(auth=auth_plugin) return self._session
def _get_session(): global _session if not _session: auth = ks_auth.load_from_conf_options(cfg.CONF, GROUP) _session = ks_session.Session.load_from_conf_options( cfg.CONF, GROUP) _session.auth = auth return _session
def __init__(self, *args, **kwargs): super(SaverManager, self).__init__(service_name='saver', *args, **kwargs) self.compute_api = compute.API() self.servicegroup_api = servicegroup.API() self.retry_counter = {} self.auth_plugin = auth.load_from_conf_options(CONF, SAVER_OPT_GROUP) self.session = session.Session.load_from_conf_options( CONF, SAVER_OPT_GROUP)
def __init__(self): self.auth = ks_auth.load_from_conf_options( CONF, KEYSTONE_FETCHER_OPTS) self.session = ks_session.Session.load_from_conf_options( CONF, KEYSTONE_FETCHER_OPTS, auth=self.auth) self.admin_ks = kclient.Client( version=CONF.keystone_fetcher.keystone_version, session=self.session, auth_url=self.auth.auth_url)
def __init__(self, transformers, **kwargs): super(CeilometerCollector, self).__init__(transformers, **kwargs) self.t_ceilometer = self.transformers['CeilometerTransformer'] self.t_cloudkitty = self.transformers['CloudKittyFormatTransformer'] self._cacher = CeilometerResourceCacher() self.auth = ks_auth.load_from_conf_options(CONF, CEILOMETER_COLLECTOR_OPTS) self.session = ks_session.Session.load_from_conf_options( CONF, CEILOMETER_COLLECTOR_OPTS, auth=self.auth) self._conn = cclient.get_client('2', session=self.session)
def _get_keystone_client(self): LOG.debug("Getting keystone client") auth = ksc_auth.load_from_conf_options(cfg.CONF, AUTH_GROUP) LOG.debug("Got auth: %s", auth) if not auth: LOG.warning(_LW('No auth_plugin configured in %s'), AUTH_GROUP) session = ksc_session.Session.load_from_conf_options(cfg.CONF, AUTH_GROUP, auth=auth) LOG.debug("Got session: %s", session) self.keystone = ksc_client.Client(session=session) LOG.debug("Got keystone client: %s", self.keystone) self.gbp = gbp_client.Client(session=session) LOG.debug("Got gbp client: %s", self.gbp)
def __init__(self): # FIXME(jamielennox): A notifier is being created for each Controller # and each Notifier is handling it's own auth. That means that we are # authenticating the exact same thing len(controllers) times. This # should be an easy thing to optimize. auth = ks_auth.load_from_conf_options(cfg.CONF, "nova") session = ks_session.Session.load_from_conf_options(cfg.CONF, "nova", auth=auth) extensions = [ ext for ext in nova_client.discover_extensions(NOVA_API_VERSION) if ext.name == "server_external_events" ] self.nclient = nova_client.Client( NOVA_API_VERSION, session=session, region_name=cfg.CONF.nova.region_name, extensions=extensions ) self.batch_notifier = batch_notifier.BatchNotifier(cfg.CONF.send_events_interval, self.send_events)
def _get_keystone_client(self): # REVISIT: It seems load_from_conf_options() and # keystoneclient auth plugins have been deprecated, and we # should use keystoneauth instead. LOG.debug("Getting keystone client") auth = ksc_auth.load_from_conf_options(cfg.CONF, AUTH_GROUP) LOG.debug("Got auth: %s", auth) if not auth: LOG.warning('No auth_plugin configured in %s', AUTH_GROUP) session = ksc_session.Session.load_from_conf_options( cfg.CONF, AUTH_GROUP, auth=auth) LOG.debug("Got session: %s", session) self.keystone = ksc_client.Client(session=session) LOG.debug("Got keystone client: %s", self.keystone) self.gbp = gbp_client.Client(session=session) LOG.debug("Got gbp client: %s", self.gbp)
def __init__(self, transformers, **kwargs): super(CeilometerCollector, self).__init__(transformers, **kwargs) self.t_ceilometer = self.transformers['CeilometerTransformer'] self.t_cloudkitty = self.transformers['CloudKittyFormatTransformer'] self._cacher = CeilometerResourceCacher() self.auth = ks_auth.load_from_conf_options( CONF, CEILOMETER_COLLECTOR_OPTS) self.session = ks_session.Session.load_from_conf_options( CONF, CEILOMETER_COLLECTOR_OPTS, auth=self.auth) self._conn = cclient.get_client( '2', session=self.session)
def __init__(self): # FIXME(jamielennox): A notifier is being created for each Controller # and each Notifier is handling it's own auth. That means that we are # authenticating the exact same thing len(controllers) times. This # should be an easy thing to optimize. auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') endpoint_override = None if not auth: LOG.warning( _LW('Authenticating to nova using nova_admin_* options' ' is deprecated. This should be done using' ' an auth plugin, like password')) if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) # NOTE(andreykurilin): novaclient.v1_1 was renamed to v2 and there is # no way to import the contrib module directly without referencing v2, # which would only work for novaclient >= 2.21.0. novaclient_cls = nova_client.get_client_class(NOVA_API_VERSION) server_external_events = importutils.import_module( novaclient_cls.__module__.replace( ".client", ".contrib.server_external_events")) self.nclient = novaclient_cls(session=session, region_name=cfg.CONF.nova.region_name, extensions=[server_external_events]) self.batch_notifier = batch_notifier.BatchNotifier( cfg.CONF.send_events_interval, self.send_events)
def __init__(self): # FIXME(jamielennox): A notifier is being created for each Controller # and each Notifier is handling it's own auth. That means that we are # authenticating the exact same thing len(controllers) times. This # should be an easy thing to optimize. auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') endpoint_override = None if not auth: LOG.warning(_LW('Authenticating to nova using nova_admin_* options' ' is deprecated. This should be done using' ' an auth plugin, like password')) if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) # NOTE(andreykurilin): novaclient.v1_1 was renamed to v2 and there is # no way to import the contrib module directly without referencing v2, # which would only work for novaclient >= 2.21.0. novaclient_cls = nova_client.get_client_class(NOVA_API_VERSION) server_external_events = importutils.import_module( novaclient_cls.__module__.replace( ".client", ".contrib.server_external_events")) self.nclient = novaclient_cls( session=session, region_name=cfg.CONF.nova.region_name, extensions=[server_external_events]) self.batch_notifier = batch_notifier.BatchNotifier( cfg.CONF.send_events_interval, self.send_events)
def __init__(self): # FIXME(jamielennox): A notifier is being created for each Controller # and each Notifier is handling it's own auth. That means that we are # authenticating the exact same thing len(controllers) times. This # should be an easy thing to optimize. auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') endpoint_override = None if not auth: LOG.warning( _LW('Authenticating to nova using nova_admin_* options' ' is deprecated. This should be done using' ' an auth plugin, like password')) if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) extensions = [ ext for ext in nova_client.discover_extensions(NOVA_API_VERSION) if ext.name == "server_external_events" ] self.nclient = nova_client.Client( NOVA_API_VERSION, session=session, region_name=cfg.CONF.nova.region_name, extensions=extensions) self.batch_notifier = batch_notifier.BatchNotifier( cfg.CONF.send_events_interval, self.send_events)
def _get_keystone_client(self): # REVISIT: It seems load_from_conf_options() and # keystoneclient auth plugins have been deprecated, and we # should use keystoneauth instead. LOG.debug("Getting keystone client") auth = ksc_auth.load_from_conf_options(cfg.CONF, AUTH_GROUP) LOG.debug("Got auth: %s", auth) if not auth: LOG.warning('No auth_plugin configured in %s', AUTH_GROUP) session = ksc_session.Session.load_from_conf_options( cfg.CONF, AUTH_GROUP, auth=auth) LOG.debug("Got session: %s", session) self.keystone = ksc_client.Client(session=session) LOG.debug("Got keystone client: %s", self.keystone) endpoint_type = 'publicURL' if self.enable_neutronclient_internal_ep_interface: endpoint_type = 'internalURL' self.gbp = gbp_client.Client(session=session, endpoint_type=endpoint_type) LOG.debug("Got gbp client: %s", self.gbp)
def __init__(self): # FIXME(jamielennox): A notifier is being created for each Controller # and each Notifier is handling it's own auth. That means that we are # authenticating the exact same thing len(controllers) times. This # should be an easy thing to optimize. auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') endpoint_override = None if not auth: LOG.warning(_LW('Authenticating to nova using nova_admin_* options' ' is deprecated. This should be done using' ' an auth plugin, like password')) if cfg.CONF.nova_admin_tenant_id: endpoint_override = "%s/%s" % (cfg.CONF.nova_url, cfg.CONF.nova_admin_tenant_id) auth = DefaultAuthPlugin( auth_url=cfg.CONF.nova_admin_auth_url, username=cfg.CONF.nova_admin_username, password=cfg.CONF.nova_admin_password, tenant_id=cfg.CONF.nova_admin_tenant_id, tenant_name=cfg.CONF.nova_admin_tenant_name, endpoint_override=endpoint_override) session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) extensions = [ ext for ext in nova_client.discover_extensions(NOVA_API_VERSION) if ext.name == "server_external_events"] self.nclient = nova_client.Client( NOVA_API_VERSION, session=session, region_name=cfg.CONF.nova.region_name, extensions=extensions) self.batch_notifier = batch_notifier.BatchNotifier( cfg.CONF.send_events_interval, self.send_events)
def __init__(self): # FIXME(jamielennox): A notifier is being created for each Controller # and each Notifier is handling it's own auth. That means that we are # authenticating the exact same thing len(controllers) times. This # should be an easy thing to optimize. auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) extensions = [ ext for ext in nova_client.discover_extensions(NOVA_API_VERSION) if ext.name == "server_external_events" ] self.nclient = nova_client.Client( NOVA_API_VERSION, session=session, region_name=cfg.CONF.nova.region_name, extensions=extensions) self.batch_notifier = batch_notifier.BatchNotifier( cfg.CONF.send_events_interval, self.send_events)
def get_session(): auth = ks_auth.load_from_conf_options(cfg.CONF, 'nova') session = ks_session.Session.load_from_conf_options(cfg.CONF, 'nova', auth=auth) return session