def __init__(self, **kwargs): """Initialize a new client for the Keystone v3 API.""" super(Client, self).__init__(**kwargs) self.credentials = credentials.CredentialManager(self) self.endpoint_filter = endpoint_filter.EndpointFilterManager(self) self.endpoints = endpoints.EndpointManager(self) self.domains = domains.DomainManager(self) self.federation = federation.FederationManager(self) self.groups = groups.GroupManager(self) self.oauth1 = oauth1.create_oauth_manager(self) self.policies = policies.PolicyManager(self) self.projects = projects.ProjectManager(self) self.regions = regions.RegionManager(self) self.role_assignments = role_assignments.RoleAssignmentManager(self) self.roles = roles.RoleManager(self) self.services = services.ServiceManager(self) self.tokens = tokens.TokenManager(self) self.trusts = trusts.TrustManager(self) self.users = users.UserManager(self) # DEPRECATED: if session is passed then we go to the new behaviour of # authenticating on the first required call. if 'session' not in kwargs and self.management_url is None: self.authenticate()
def __init__(self, *args, **kwargs): super(V3IdentityClient, self).__init__(*args, **kwargs) self.credentials = v3credentials.CredentialManager(self) self.endpoints = v3endpoints.EndpointManager(self) self.domains = v3domains.DomainManager(self) self.groups = v3groups.GroupManager(self) self.policies = v3policies.PolicyManager(self) self.projects = v3projects.ProjectManager(self) self.roles = v3roles.RoleManager(self) self.services = v3services.ServiceManager(self) self.users = v3users.UserManager(self) self.trusts = v3trusts.TrustManager(self)
def __init__(self, **kwargs): """Initialize a new client for the Keystone v3 API.""" super(Client, self).__init__(**kwargs) self.version = 'v3' self.credentials = credentials.CredentialManager(self) self.endpoints = endpoints.EndpointManager(self) self.domains = domains.DomainManager(self) self.groups = groups.GroupManager(self) self.policies = policies.PolicyManager(self) self.projects = projects.ProjectManager(self) self.roles = roles.RoleManager(self) self.services = services.ServiceManager(self) self.users = users.UserManager(self)
def __init__(self, **kwargs): """Initialize a new client for the Keystone v3 API.""" super(Client, self).__init__(**kwargs) if not kwargs.get('session'): warnings.warn( 'Constructing an instance of the ' 'keystoneclient.v3.client.Client class without a session is ' 'deprecated as of the 1.7.0 release and may be removed in ' 'the 2.0.0 release.', DeprecationWarning) self.access_rules = (access_rules.AccessRuleManager(self._adapter)) self.application_credentials = ( application_credentials.ApplicationCredentialManager( self._adapter)) self.auth = auth.AuthManager(self._adapter) self.credentials = credentials.CredentialManager(self._adapter) self.ec2 = ec2.EC2Manager(self._adapter) self.endpoint_filter = endpoint_filter.EndpointFilterManager( self._adapter) self.endpoint_groups = endpoint_groups.EndpointGroupManager( self._adapter) self.endpoint_policy = endpoint_policy.EndpointPolicyManager( self._adapter) self.endpoints = endpoints.EndpointManager(self._adapter) self.domain_configs = domain_configs.DomainConfigManager(self._adapter) self.domains = domains.DomainManager(self._adapter) self.federation = federation.FederationManager(self._adapter) self.groups = groups.GroupManager(self._adapter) self.limits = limits.LimitManager(self._adapter) self.oauth1 = oauth1.create_oauth_manager(self._adapter) self.policies = policies.PolicyManager(self._adapter) self.projects = projects.ProjectManager(self._adapter) self.registered_limits = registered_limits.RegisteredLimitManager( self._adapter) self.regions = regions.RegionManager(self._adapter) self.role_assignments = (role_assignments.RoleAssignmentManager( self._adapter)) self.roles = roles.RoleManager(self._adapter) self.inference_rules = roles.InferenceRuleManager(self._adapter) self.services = services.ServiceManager(self._adapter) self.simple_cert = simple_cert.SimpleCertManager(self._adapter) self.tokens = tokens.TokenManager(self._adapter) self.trusts = trusts.TrustManager(self._adapter) self.users = users.UserManager(self._adapter) # DEPRECATED: if session is passed then we go to the new behaviour of # authenticating on the first required call. if 'session' not in kwargs and self.management_url is None: self.authenticate()
def __init__(self, **kwargs): """Initialize a new client for the Keystone v3 API.""" super(Client, self).__init__(**kwargs) self.credentials = credentials.CredentialManager(self) self.endpoints = endpoints.EndpointManager(self) self.domains = domains.DomainManager(self) self.groups = groups.GroupManager(self) self.policies = policies.PolicyManager(self) self.projects = projects.ProjectManager(self) self.roles = roles.RoleManager(self) self.services = services.ServiceManager(self) self.users = users.UserManager(self) self.trusts = trusts.TrustManager(self) if self.management_url is None: self.authenticate()
def __init__(self, **kwargs): """Initialize a new client for the Keystone v3 API.""" # NOTE(Roxana Gherle): Keystone V3 APIs has no admin versus public # distinction. They are both going through the same endpoint, so # set a public default here instead of picking up an admin default in # httpclient.HTTPClient kwargs.setdefault('interface', 'public') super(Client, self).__init__(**kwargs) if not kwargs.get('session'): warnings.warn( 'Constructing an instance of the ' 'keystoneclient.v3.client.Client class without a session is ' 'deprecated as of the 1.7.0 release and may be removed in ' 'the 2.0.0 release.', DeprecationWarning) self.auth = auth.AuthManager(self._adapter) self.credentials = credentials.CredentialManager(self._adapter) self.ec2 = ec2.EC2Manager(self._adapter) self.endpoint_filter = endpoint_filter.EndpointFilterManager( self._adapter) self.endpoint_policy = endpoint_policy.EndpointPolicyManager( self._adapter) self.endpoints = endpoints.EndpointManager(self._adapter) self.domains = domains.DomainManager(self._adapter) self.federation = federation.FederationManager(self._adapter) self.groups = groups.GroupManager(self._adapter) self.oauth1 = oauth1.create_oauth_manager(self._adapter) self.policies = policies.PolicyManager(self._adapter) self.projects = projects.ProjectManager(self._adapter) self.regions = regions.RegionManager(self._adapter) self.role_assignments = ( role_assignments.RoleAssignmentManager(self._adapter)) self.roles = roles.RoleManager(self._adapter) self.services = services.ServiceManager(self._adapter) self.simple_cert = simple_cert.SimpleCertManager(self._adapter) self.tokens = tokens.TokenManager(self._adapter) self.trusts = trusts.TrustManager(self._adapter) self.users = users.UserManager(self._adapter) # DEPRECATED: if session is passed then we go to the new behaviour of # authenticating on the first required call. if 'session' not in kwargs and self.management_url is None: self.authenticate()
def __init__(self, endpoint=None, **kwargs): """ Initialize a new client for the Keystone v2.0 API. """ super(Client, self).__init__(endpoint=endpoint, **kwargs) self.credentials = credentials.CredentialManager(self) self.endpoints = endpoints.EndpointManager(self) self.domains = domains.DomainManager(self) self.policies = policies.PolicyManager(self) self.projects = projects.ProjectManager(self) self.roles = roles.RoleManager(self) self.services = services.ServiceManager(self) self.users = users.UserManager(self) # NOTE(gabriel): If we have a pre-defined endpoint then we can # get away with lazy auth. Otherwise auth immediately. if endpoint: self.management_url = endpoint else: self.authenticate()
def __init__(self, **kwargs): """Initialize a new client for the Keystone v3 API.""" super(Client, self).__init__(**kwargs) self.credentials = credentials.CredentialManager(self._adapter) self.endpoint_filter = endpoint_filter.EndpointFilterManager( self._adapter) self.endpoint_policy = endpoint_policy.EndpointPolicyManager( self._adapter) self.endpoints = endpoints.EndpointManager(self._adapter) self.domains = domains.DomainManager(self._adapter) self.federation = federation.FederationManager(self._adapter) self.groups = groups.GroupManager(self._adapter) self.oauth1 = oauth1.create_oauth_manager(self._adapter) # TODO(garcianavalon) document this self.endpoint_groups = endpoint_filter.EndpointGroupFilterManager( self._adapter) self.fiware_roles = fiware_roles.FiwareRolesManager(self) self.oauth2 = oauth2.create_oauth_manager(self) self.user_registration = user_registration.UserRegistrationManager( self) self.two_factor = two_factor.TwoFactorManager(self) self.policies = policies.PolicyManager(self._adapter) self.projects = projects.ProjectManager(self._adapter) self.regions = regions.RegionManager(self._adapter) self.role_assignments = (role_assignments.RoleAssignmentManager( self._adapter)) self.roles = roles.RoleManager(self._adapter) self.services = services.ServiceManager(self._adapter) self.tokens = tokens.TokenManager(self._adapter) self.trusts = trusts.TrustManager(self._adapter) self.users = users.UserManager(self._adapter) # DEPRECATED: if session is passed then we go to the new behaviour of # authenticating on the first required call. if 'session' not in kwargs and self.management_url is None: self.authenticate()
def generate_test_data(service_providers=False, endpoint='localhost'): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': 'http://admin.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Domains domain_dict = {'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True} test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = {'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True} test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = {'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True} project_dict_2 = {'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False} test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': ('http://nova-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) auth_token = uuid.uuid4().hex auth_response_headers = { 'X-Subject-Token': auth_token } auth_response = TestResponse({ "headers": auth_response_headers }) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } sp_list = None if service_providers: test_data.sp_auth_url = 'http://service_provider_endp/identity/v3' test_data.service_provider_id = 'k2kserviceprovider' # The access info for the identity provider # should return a list of service providers sp_list = [ {'auth_url': test_data.sp_auth_url, 'id': test_data.service_provider_id, 'sp_url': 'https://k2kserviceprovider/sp_url'} ] scoped_token_dict['token']['service_providers'] = sp_list test_data.scoped_access_info = access.create( resp=auth_response, body=scoped_token_dict ) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create( resp=auth_response, body=domain_token_dict ) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } if service_providers: unscoped_token_dict['token']['service_providers'] = sp_list test_data.unscoped_access_info = access.create( resp=auth_response, body=unscoped_token_dict ) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict ) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict ) return test_data
def generate_test_data(): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': 'http://admin.localhost:35357/v3', 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Domains domain_dict = { 'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True } test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True } test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True } project_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False } test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': ('http://nova-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) auth_token = uuid.uuid4().hex auth_response_headers = {'X-Subject-Token': auth_token} auth_response = TestResponse({"headers": auth_response_headers}) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.AccessInfo.factory( resp=auth_response, body=scoped_token_dict) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } test_data.unscoped_access_info = access.AccessInfo.factory( resp=auth_response, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalog.factory( { 'methods': ['password'], 'user': {}, 'catalog': [keystone_service, nova_service], }, token=auth_token) return test_data
self.user = None def get_admin_role(manager): for role in manager.list(): if role.name == "Admin": return role if __name__ == '__main__': reset=False keystone = client.Client(user_domain_name='Default', username=os.environ['OS_USERNAME'], password=os.environ['OS_PASSWORD'], project_domain_name='Default', project_name='admin', auth_url=os.environ['OS_AUTH_URL']) domain_manager = domains.DomainManager(keystone) project_manager = projects.ProjectManager(keystone) user_manager = users.UserManager(keystone) role_manager = roles.RoleManager(keystone) barbican_domain=BarbicanDomain(domain_manager, reset=reset) barbican_project=BarbicanProject(project_manager, barbican_domain.domain.id, reset=reset) barbican_user=BarbicanUser(user_manager, barbican_domain.domain.id, reset=reset) admin_role=get_admin_role(role_manager) role_manager.grant(admin_role.id, user=barbican_user.user.id, project=barbican_project.project.id) print "Domain ID: " + barbican_domain.domain.id print "Project ID: " + barbican_project.project.id
def generate_test_data(pki=False): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': 'http://admin.localhost:35357/v3', 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Domains domain_dict = { 'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True } test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True } test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True } project_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False } test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': ('http://nova-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) if pki: # We don't need a real PKI token, but just the prefix to make the # keystone client treat it as a PKI token auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex else: auth_token = uuid.uuid4().hex auth_response_headers = {'X-Subject-Token': auth_token} auth_response = TestResponse({"headers": auth_response_headers}) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create(resp=auth_response, body=scoped_token_dict) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create(resp=auth_response, body=domain_token_dict) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } test_data.unscoped_access_info = access.create(resp=auth_response, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [{ 'id': uuid.uuid4().hex }, { 'id': uuid.uuid4().hex }] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [{ 'id': uuid.uuid4().hex }, { 'id': uuid.uuid4().hex }] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict) return test_data