def test_get_auth_plugin_with_auth_and_service_token_false(self):
self.flags(send_service_user_token=False, group='service_user')
n_auth = password.Password
result = service_auth.get_auth_plugin(self.ctx, auth=n_auth)
self.assertEqual(n_auth, result)
def _create_glance_client(context, netloc, use_ssl):
"""Instantiate a new glanceclient.Client object."""
params = {'global_request_id': context.global_id}
if use_ssl and CONF.auth_strategy == 'noauth':
params = {'insecure': CONF.glance_api_insecure,
'cacert': CONF.glance_ca_certificates_file,
'timeout': CONF.glance_request_timeout,
'split_loggers': CONF.split_loggers
}
if CONF.auth_strategy == 'keystone':
global _SESSION
if not _SESSION:
config_options = {'insecure': CONF.glance_api_insecure,
'cacert': CONF.glance_ca_certificates_file,
'timeout': CONF.glance_request_timeout,
'cert': CONF.glance_certfile,
'key': CONF.glance_keyfile,
'split_loggers': CONF.split_loggers
}
_SESSION = ks_session.Session().load_from_options(**config_options)
auth = service_auth.get_auth_plugin(context)
params['auth'] = auth
params['session'] = _SESSION
scheme = 'https' if use_ssl else 'http'
endpoint = '%s://%s' % (scheme, netloc)
return glanceclient.Client('2', endpoint, **params)
def _create_glance_client(context, netloc, use_ssl):
"""Instantiate a new glanceclient.Client object."""
params = {'global_request_id': context.global_id}
if use_ssl and CONF.auth_strategy == 'noauth':
params = {'insecure': CONF.glance_api_insecure,
'cacert': CONF.glance_ca_certificates_file,
'timeout': CONF.glance_request_timeout
}
if CONF.auth_strategy == 'keystone':
global _SESSION
if not _SESSION:
config_options = {'insecure': CONF.glance_api_insecure,
'cacert': CONF.glance_ca_certificates_file,
'timeout': CONF.glance_request_timeout
}
_SESSION = ks_session.Session().load_from_options(**config_options)
auth = service_auth.get_auth_plugin(context)
params['auth'] = auth
params['session'] = _SESSION
scheme = 'https' if use_ssl else 'http'
endpoint = '%s://%s' % (scheme, netloc)
return glanceclient.Client('2', endpoint, **params)
def test_get_auth_plugin_with_auth_and_service_token_false(self):
self.flags(send_service_user_token=False, group='service_user')
n_auth = password.Password
result = service_auth.get_auth_plugin(self.ctx, auth=n_auth)
self.assertEqual(n_auth, result)
def test_get_auth_plugin_no_wraps(self, mock_load):
context = mock.MagicMock()
context.get_auth_plugin.return_value = "fake"
result = service_auth.get_auth_plugin(context)
self.assertEqual("fake", result)
mock_load.assert_not_called()
def test_get_auth_plugin_no_wraps(self, mock_load):
context = mock.MagicMock()
context.get_auth_plugin.return_value = "fake"
result = service_auth.get_auth_plugin(context)
self.assertEqual("fake", result)
mock_load.assert_not_called()
def test_get_auth_plugin_with_auth(self, mock_load):
self.flags(send_service_user_token=True, group='service_user')
mock_load.return_value = password.Password
result = service_auth.get_auth_plugin(self.ctx,
auth=mock_load.return_value)
self.assertEqual(mock_load.return_value, result.user_auth)
self.assertIsInstance(result, service_token.ServiceTokenAuthWrapper)
mock_load.assert_called_once_with(mock.ANY, group='service_user')
def test_get_auth_plugin_with_auth(self, mock_load):
self.flags(send_service_user_token=True, group='service_user')
mock_load.return_value = password.Password
result = service_auth.get_auth_plugin(
self.ctx, auth=mock_load.return_value)
self.assertEqual(mock_load.return_value, result.user_auth)
self.assertIsInstance(result, service_token.ServiceTokenAuthWrapper)
mock_load.assert_called_once_with(mock.ANY, group='service_user')
def novaclient(context, privileged_user=False, timeout=None, api_version=None):
"""Returns a Nova client
@param privileged_user:
If True, use the account from configuration
(requires 'auth_type' and the other usual Keystone authentication
options to be set in the [nova] section)
@param timeout:
Number of seconds to wait for an answer before raising a
Timeout exception (None to disable)
@param api_version:
api version of nova
"""
if privileged_user and CONF[NOVA_GROUP].auth_type:
LOG.debug('Creating Keystone auth plugin from conf')
n_auth = ks_loading.load_auth_from_conf_options(CONF, NOVA_GROUP)
else:
if CONF[NOVA_GROUP].token_auth_url:
url = CONF[NOVA_GROUP].token_auth_url
else:
url = _get_identity_endpoint_from_sc(context)
LOG.debug('Creating Keystone token plugin using URL: %s', url)
n_auth = identity.Token(auth_url=url,
token=context.auth_token,
project_name=context.project_name,
project_domain_id=context.project_domain_id)
if CONF.auth_strategy == 'keystone':
n_auth = service_auth.get_auth_plugin(context, auth=n_auth)
keystone_session = ks_loading.load_session_from_conf_options(
CONF,
NOVA_GROUP,
auth=n_auth)
c = nova_client.Client(
api_versions.APIVersion(api_version or NOVA_API_VERSION),
session=keystone_session,
insecure=CONF[NOVA_GROUP].insecure,
timeout=timeout,
region_name=CONF[NOVA_GROUP].region_name,
endpoint_type=CONF[NOVA_GROUP].interface,
cacert=CONF[NOVA_GROUP].cafile,
global_request_id=context.global_id,
extensions=nova_extensions)
return c
def test_get_auth_plugin_wraps(self, mock_load):
self.flags(send_service_user_token=True, group='service_user')
result = service_auth.get_auth_plugin(self.ctx)
self.assertIsInstance(result, service_token.ServiceTokenAuthWrapper)
mock_load.assert_called_once_with(mock.ANY, group='service_user')
def test_get_auth_plugin_wraps(self, mock_load):
self.flags(send_service_user_token=True, group='service_user')
result = service_auth.get_auth_plugin(self.ctx)
self.assertIsInstance(result, service_token.ServiceTokenAuthWrapper)
mock_load.assert_called_once_with(mock.ANY, group='service_user')
