def get_os_admin_auth_plugin(cluster): """Return an admin auth plugin based on the cluster trust id or project If a trust id is available for the cluster, then it is used to create an auth plugin scoped to the trust. If not, the project name from the current context is used to scope the auth plugin. :param cluster: The id of the cluster to use for trust identification. """ ctx = context.current() cluster = conductor.cluster_get(ctx, cluster) if CONF.use_identity_api_v3 and cluster.trust_id: return keystone.auth_for_admin(trust_id=cluster.trust_id) return keystone.auth_for_admin(project_name=ctx.tenant_name)
def get_os_admin_auth_plugin(cluster): '''Return an admin auth plugin based on the cluster trust id or project If a trust id is available for the cluster, then it is used to create an auth plugin scoped to the trust. If not, the project name from the current context is used to scope the auth plugin. :param cluster: The id of the cluster to use for trust identification. ''' ctx = context.current() cluster = conductor.cluster_get(ctx, cluster) if CONF.use_identity_api_v3 and cluster.trust_id: return keystone.auth_for_admin(trust_id=cluster.trust_id) return keystone.auth_for_admin(project_name=ctx.tenant_name)
def delete_trust_from_cluster(cluster): """Delete a trust from a cluster If the cluster has a trust delegated to it, then delete it and set the trust id to None. :param cluster: The cluster to delete the trust from. """ if cluster.trust_id: keystone_auth = keystone.auth_for_admin(trust_id=cluster.trust_id) delete_trust(keystone_auth, cluster.trust_id) ctx = context.current() conductor.cluster_update(ctx, cluster, {"trust_id": None})
def delete_trust_from_cluster(cluster): '''Delete a trust from a cluster If the cluster has a trust delegated to it, then delete it and set the trust id to None. :param cluster: The cluster to delete the trust from. ''' ctx = context.current() cluster = conductor.cluster_get(ctx, cluster) if CONF.use_identity_api_v3 and cluster.trust_id: keystone_auth = keystone.auth_for_admin(trust_id=cluster.trust_id) delete_trust(keystone_auth, cluster.trust_id) conductor.cluster_update(ctx, cluster, {'trust_id': None})
def create_trust_for_cluster(cluster, expires=True): """Create a trust for a cluster This delegates a trust from the current user to the Sahara admin user based on the current context roles, and then adds the trust identifier to the cluster object. :param expires: The trust will expire if this is set to True. """ ctx = context.current() trustor = keystone.auth() trustee = keystone.auth_for_admin(project_name=CONF.keystone_authtoken.admin_tenant_name) trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles, expires=expires) conductor.cluster_update(ctx, cluster, {"trust_id": trust_id})
def use_os_admin_auth_token(cluster): """Set the current context to the admin user's trust scoped token This will configure the current context to the admin user's identity with the cluster's tenant. It will also generate an authentication token based on the admin user and a delegated trust associated with the cluster. :param cluster: The cluster to use for tenant and trust identification. """ if cluster.trust_id: ctx = context.current() ctx.username = CONF.keystone_authtoken.admin_user ctx.tenant_id = cluster.tenant_id ctx.auth_plugin = keystone.auth_for_admin(trust_id=cluster.trust_id) ctx.auth_token = keystone.token_from_auth(ctx.auth_plugin) ctx.service_catalog = json.dumps(keystone.service_catalog_from_auth(ctx.auth_plugin))
def use_os_admin_auth_token(cluster): '''Set the current context to the admin user's trust scoped token This will configure the current context to the admin user's identity with the cluster's tenant. It will also generate an authentication token based on the admin user and a delegated trust associated with the cluster. :param cluster: The cluster to use for tenant and trust identification. ''' ctx = context.current() cluster = conductor.cluster_get(ctx, cluster) if CONF.use_identity_api_v3 and cluster.trust_id: ctx.username = CONF.keystone_authtoken.admin_user ctx.tenant_id = cluster.tenant_id ctx.auth_plugin = keystone.auth_for_admin(trust_id=cluster.trust_id) ctx.auth_token = context.get_auth_token() ctx.service_catalog = json.dumps( keystone.service_catalog_from_auth(ctx.auth_plugin))
def create_trust_for_cluster(cluster, expires=True): '''Create a trust for a cluster This delegates a trust from the current user to the Sahara admin user based on the current context roles, and then adds the trust identifier to the cluster object. :param expires: The trust will expire if this is set to True. ''' ctx = context.current() cluster = conductor.cluster_get(ctx, cluster) if CONF.use_identity_api_v3 and not cluster.trust_id: trustor = keystone.auth() trustee = keystone.auth_for_admin( project_name=CONF.keystone_authtoken.admin_tenant_name) trust_id = create_trust(trustor=trustor, trustee=trustee, role_names=ctx.roles, allow_redelegation=True) conductor.cluster_update(ctx, cluster, {'trust_id': trust_id})