def get_openstack_clients(self, username, password=None, tenant_name=None): # TODO: I could replace with identity.. but should I? # Build credentials for each manager all_creds = self._get_openstack_credentials( username, password, tenant_name) # Initialize managers with respective credentials image_creds = self._build_image_creds(all_creds) net_creds = self._build_network_creds(all_creds) sdk_creds = self._build_sdk_creds(all_creds) if self.identity_version > 2: openstack_sdk = _connect_to_openstack_sdk(**sdk_creds) else: openstack_sdk = None neutron = self.network_manager.new_connection(**net_creds) keystone, nova, glance = self.image_manager._new_connection( **image_creds) return { "glance": glance, "keystone": keystone, "nova": nova, "neutron": neutron, "openstack_sdk": openstack_sdk, "horizon": self._get_horizon_url(keystone.tenant_id) }
def __init__(self, provider=None, *args, **kwargs): super(AccountDriver, self).__init__() if provider: all_creds = self._init_by_provider(provider, *args, **kwargs) else: all_creds = kwargs if 'location' in all_creds: self.namespace = "Atmosphere_OpenStack:%s" % all_creds['location'] else: logger.info("Using default namespace.. Could cause conflicts if " "switching between providers. To avoid ambiguity, " "provide the kwarg: location='provider_prefix'") # Build credentials for each manager self.credentials = all_creds ex_auth_version = all_creds.get("ex_force_auth_version", '2.0_password') if ex_auth_version.startswith('2'): self.identity_version = 2 elif ex_auth_version.startswith('3'): self.identity_version = 3 else: raise Exception("Could not determine identity_version of %s" % ex_auth_version) user_creds = self._build_user_creds(all_creds) image_creds = self._build_image_creds(all_creds) net_creds = self._build_network_creds(all_creds) sdk_creds = self._build_sdk_creds(all_creds) # Initialize managers with respective credentials self.user_manager = UserManager(**user_creds) self.image_manager = ImageManager(**image_creds) self.network_manager = NetworkManager(**net_creds) self.openstack_sdk = _connect_to_openstack_sdk(**sdk_creds)
def authenticate(self, request): """ TODO: This method might take an already-logged in user who possesses a KEYSTONE TOKEN -- one could then determine if the token was still 'valid' and use that truth-value to authenticate the request. The entire user-object would need to be returned, and the dependencies for this method would have to include rtwo/openstacksdk which might make this entire process out-of-scope for django-giji-auth TODO: Ideally, more things would be passed through headers to tell us: - What KEYSTONE_SERVER to authenticate with - What the username or other information is *expected* to be.. - ?? """ auth = request.META.get('HTTP_AUTHORIZATION', '').split() auth_url = auth_settings.KEYSTONE_SERVER region_name = "RegionOne" # This could be passed in via header _OR_ as an auth_settings.KEYSTONE_REGION_NAME domain_name = "Default" # This could be passed in via header _OR_ as an auth_settings.KEYSTONE_DOMAIN_NAME parsed_auth_url = urlparse(auth_url) hostname = parsed_auth_url.hostname token_key = None if len(auth) == 2 and auth[0].lower() == "token": token_key = auth[1] if not token_key: return None try: from rtwo.drivers.common import _connect_to_openstack_sdk except ImportError: logger.exception( "Cannot use OpenstackTokenAuthentication without `rtwo`." " Please `pip install rtwo` and try again!") return None sdk_args = { 'auth_url': auth_url.replace('5000', '35357'), 'ex_force_base_url': auth_url.replace(":5000/v3", ":8774/v2/"), 'identity_api_version': 3, 'project_domain_name': domain_name, 'region_name': region_name, 'user_domain_name': domain_name, "auth_plugin": "token", "token": token_key } stack_sdk = _connect_to_openstack_sdk(**sdk_args) try: stack_sdk.authorize() whoami = stack_sdk.session.auth.auth_ref username = whoami.username new_profile = { 'username': username, 'firstName': username, 'lastName': "", 'email': "%s@%s" % (username, hostname), } logger.debug("Openstack Profile: %s", new_profile) user = get_or_create_user(new_profile['username'], new_profile) auth_token = get_or_create_token( user, token_key, issuer="OpenstackTokenAuthentication") user_logged_in.send(sender=user.__class__, request=request, user=user) return auth_token except: return None
def get_openstack_clients(self, username, password=None, tenant_name=None): # TODO: I could replace with identity.. but should I? from rtwo.drivers.common import _connect_to_openstack_sdk user_creds = self._get_openstack_credentials( username, password, tenant_name) neutron = self.network_manager.new_connection(**user_creds) keystone, nova, glance = self.image_manager._new_connection( **user_creds) openstack_sdk = _connect_to_openstack_sdk(**user_creds) return { "glance": glance, "keystone": keystone, "nova": nova, "neutron": neutron, "horizon": self._get_horizon_url(keystone.tenant_id) }
def get_openstack_clients(self, username, password=None, tenant_name=None): # Build credentials for each manager all_creds = self._get_openstack_credentials( username, password, tenant_name) # Initialize managers with respective credentials image_creds = self._build_image_creds(all_creds) net_creds = self._build_network_creds(all_creds) sdk_creds = self._build_sdk_creds(all_creds) user_creds = self._build_user_creds(all_creds) openstack_sdk = _connect_to_openstack_sdk(**sdk_creds) (keystone, nova, swift) = self.user_manager.new_connection( **user_creds) neutron = self.network_manager.new_connection(**net_creds) _, _, glance = self.image_manager._new_connection( **image_creds) return { "glance": glance, "keystone": keystone, "nova": nova, "neutron": neutron, "openstack_sdk": openstack_sdk, "horizon": self._get_horizon_url(keystone.tenant_id) }
def get_openstack_sdk_client(self, all_creds): sdk_creds = self._build_sdk_creds(all_creds) openstack_sdk = _connect_to_openstack_sdk(**sdk_creds) return openstack_sdk