예제 #1
0
def get_os_admin_auth_plugin(cluster):
    """Return an admin auth plugin based on the cluster trust id or project

    If a trust id is available for the cluster, then it is used
    to create an auth plugin scoped to the trust. If not, the
    project name from the current context is used to scope the
    auth plugin.

    :param cluster: The id of the cluster to use for trust identification.

    """
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and cluster.trust_id:
        return keystone.auth_for_admin(trust_id=cluster.trust_id)
    return keystone.auth_for_admin(project_name=ctx.tenant_name)
예제 #2
0
def get_os_admin_auth_plugin(cluster):
    '''Return an admin auth plugin based on the cluster trust id or project

    If a trust id is available for the cluster, then it is used
    to create an auth plugin scoped to the trust. If not, the
    project name from the current context is used to scope the
    auth plugin.

    :param cluster: The id of the cluster to use for trust identification.

    '''
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and cluster.trust_id:
        return keystone.auth_for_admin(trust_id=cluster.trust_id)
    return keystone.auth_for_admin(project_name=ctx.tenant_name)
예제 #3
0
파일: trusts.py 프로젝트: egafford/sahara
def delete_trust_from_cluster(cluster):
    """Delete a trust from a cluster

    If the cluster has a trust delegated to it, then delete it and set
    the trust id to None.

    :param cluster: The cluster to delete the trust from.

    """
    if cluster.trust_id:
        keystone_auth = keystone.auth_for_admin(trust_id=cluster.trust_id)
        delete_trust(keystone_auth, cluster.trust_id)
        ctx = context.current()
        conductor.cluster_update(ctx, cluster, {"trust_id": None})
예제 #4
0
def delete_trust_from_cluster(cluster):
    '''Delete a trust from a cluster

    If the cluster has a trust delegated to it, then delete it and set
    the trust id to None.

    :param cluster: The cluster to delete the trust from.

    '''
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and cluster.trust_id:
        keystone_auth = keystone.auth_for_admin(trust_id=cluster.trust_id)
        delete_trust(keystone_auth, cluster.trust_id)
        conductor.cluster_update(ctx, cluster, {'trust_id': None})
예제 #5
0
파일: trusts.py 프로젝트: egafford/sahara
def create_trust_for_cluster(cluster, expires=True):
    """Create a trust for a cluster

    This delegates a trust from the current user to the Sahara admin user
    based on the current context roles, and then adds the trust identifier
    to the cluster object.

    :param expires: The trust will expire if this is set to True.
    """
    ctx = context.current()
    trustor = keystone.auth()
    trustee = keystone.auth_for_admin(project_name=CONF.keystone_authtoken.admin_tenant_name)

    trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles, expires=expires)

    conductor.cluster_update(ctx, cluster, {"trust_id": trust_id})
예제 #6
0
파일: trusts.py 프로젝트: thefuyang/sahara
def delete_trust_from_cluster(cluster):
    '''Delete a trust from a cluster

    If the cluster has a trust delegated to it, then delete it and set
    the trust id to None.

    :param cluster: The cluster to delete the trust from.

    '''
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and cluster.trust_id:
        keystone_auth = keystone.auth_for_admin(trust_id=cluster.trust_id)
        delete_trust(keystone_auth, cluster.trust_id)
        conductor.cluster_update(ctx,
                                 cluster,
                                 {'trust_id': None})
예제 #7
0
파일: trusts.py 프로젝트: egafford/sahara
def use_os_admin_auth_token(cluster):
    """Set the current context to the admin user's trust scoped token

    This will configure the current context to the admin user's identity
    with the cluster's tenant. It will also generate an authentication token
    based on the admin user and a delegated trust associated with the
    cluster.

    :param cluster: The cluster to use for tenant and trust identification.

    """
    if cluster.trust_id:
        ctx = context.current()
        ctx.username = CONF.keystone_authtoken.admin_user
        ctx.tenant_id = cluster.tenant_id
        ctx.auth_plugin = keystone.auth_for_admin(trust_id=cluster.trust_id)
        ctx.auth_token = keystone.token_from_auth(ctx.auth_plugin)
        ctx.service_catalog = json.dumps(keystone.service_catalog_from_auth(ctx.auth_plugin))
예제 #8
0
def use_os_admin_auth_token(cluster):
    '''Set the current context to the admin user's trust scoped token

    This will configure the current context to the admin user's identity
    with the cluster's tenant. It will also generate an authentication token
    based on the admin user and a delegated trust associated with the
    cluster.

    :param cluster: The cluster to use for tenant and trust identification.

    '''
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and cluster.trust_id:
        ctx.username = CONF.keystone_authtoken.admin_user
        ctx.tenant_id = cluster.tenant_id
        ctx.auth_plugin = keystone.auth_for_admin(trust_id=cluster.trust_id)
        ctx.auth_token = context.get_auth_token()
        ctx.service_catalog = json.dumps(
            keystone.service_catalog_from_auth(ctx.auth_plugin))
예제 #9
0
def create_trust_for_cluster(cluster, expires=True):
    '''Create a trust for a cluster

    This delegates a trust from the current user to the Sahara admin user
    based on the current context roles, and then adds the trust identifier
    to the cluster object.

    :param expires: The trust will expire if this is set to True.
    '''
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and not cluster.trust_id:
        trustor = keystone.auth()
        trustee = keystone.auth_for_admin(
            project_name=CONF.keystone_authtoken.admin_tenant_name)

        trust_id = create_trust(trustor=trustor,
                                trustee=trustee,
                                role_names=ctx.roles,
                                allow_redelegation=True)

        conductor.cluster_update(ctx, cluster, {'trust_id': trust_id})
예제 #10
0
파일: trusts.py 프로젝트: thefuyang/sahara
def create_trust_for_cluster(cluster, expires=True):
    '''Create a trust for a cluster

    This delegates a trust from the current user to the Sahara admin user
    based on the current context roles, and then adds the trust identifier
    to the cluster object.

    :param expires: The trust will expire if this is set to True.
    '''
    ctx = context.current()
    cluster = conductor.cluster_get(ctx, cluster)
    if CONF.use_identity_api_v3 and not cluster.trust_id:
        trustor = keystone.auth()
        trustee = keystone.auth_for_admin(
            project_name=CONF.keystone_authtoken.admin_tenant_name)

        trust_id = create_trust(trustor=trustor,
                                trustee=trustee,
                                role_names=ctx.roles,
                                allow_redelegation=True)

        conductor.cluster_update(ctx,
                                 cluster,
                                 {'trust_id': trust_id})