def __init__(self, service, region, *args, **kwargs): super(Service, self).__init__(service, *args, **kwargs) self.public_url = base.get_url_for_service(service, region, 'publicURL') self.url = base.get_url_for_service(service, region, 'internalURL') if self.url: self.host = urlparse.urlparse(self.url).hostname else: self.host = None self.disabled = None self.region = region
def keystoneclient(request, admin=False): """Returns a client connected to the Keystone backend. Several forms of authentication are supported: * Username + password -> Unscoped authentication * Username + password + tenant id -> Scoped authentication * Unscoped token -> Unscoped authentication * Unscoped token + tenant id -> Scoped authentication * Scoped token -> Scoped authentication Available services and data from the backend will vary depending on whether the authentication was scoped or unscoped. Lazy authentication if an ``endpoint`` parameter is provided. Calls requiring the admin endpoint should have ``admin=True`` passed in as a keyword argument. The client is cached so that subsequent API calls during the same request/response cycle don't have to be re-authenticated. """ api_version = VERSIONS.get_active_version() if not request: endpoint = settings.OPENSTACK_KEYSTONE_URL LOG.debug( "Creating a new keystoneserviceclient connection to %s." % endpoint ) user = authenticate( username=settings.WILDCARD_ADMIN_USER, password=settings.WILDCARD_ADMIN_PASSWORD, auth_url=endpoint, ) catalog = user.service_catalog service = base.get_service_from_catalog(catalog, 'identity') endpoint = base.get_url_for_service( service, user.services_region, endpoint_type='adminURL', ) return api_version['client'].Client( token=user.token.id, endpoint=endpoint, insecure=getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False), cacert=getattr(settings, 'OPENSTACK_SSL_CACERT', None), debug=settings.DEBUG, ) user = request.user if admin: if not user.is_superuser: raise exceptions.NotAuthorized endpoint_type = 'adminURL' else: endpoint_type = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE', 'internalURL') # Take care of client connection caching/fetching a new client. # Admin vs. non-admin clients are cached separately for token matching. cache_attr = "_keystoneclient_admin" if admin \ else backend.KEYSTONE_CLIENT_ATTR if hasattr(request, cache_attr) and ( not user.token.id or getattr(request, cache_attr).auth_token == user.token.id): LOG.debug("Using cached client for token: %s" % user.token.id) conn = getattr(request, cache_attr) else: endpoint = _get_endpoint_url(request, endpoint_type) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) LOG.debug("Creating a new keystoneclient connection to %s." % endpoint) remote_addr = request.environ.get('REMOTE_ADDR', '') conn = api_version['client'].Client(token=user.token.id, endpoint=endpoint, original_ip=remote_addr, insecure=insecure, cacert=cacert, auth_url=endpoint, debug=settings.DEBUG) setattr(request, cache_attr, conn) return conn