Exemplo n.º 1
0
    def initialize(self, _context, name, description=None):
        self._name = name
        self._template = None
        self._parameters = {}
        self._applied = True
        self._description = description
        environment = helpers.get_environment(_context)
        keystone_settings = config.CONF.keystone
        heat_settings = config.CONF.heat

        client = ksclient.Client(endpoint=keystone_settings.auth_url,
                                 cacert=keystone_settings.ca_file or None,
                                 cert=keystone_settings.cert_file or None,
                                 key=keystone_settings.key_file or None,
                                 insecure=keystone_settings.insecure)

        if not client.authenticate(auth_url=keystone_settings.auth_url,
                                   tenant_id=environment.tenant_id,
                                   token=environment.token):
            raise heat_exc.HTTPUnauthorized()

        heat_url = client.service_catalog.url_for(
            service_type='orchestration',
            endpoint_type=heat_settings.endpoint_type)

        self._heat_client = hclient.Client('1',
                                           heat_url,
                                           username='******',
                                           password='******',
                                           token_only=True,
                                           token=client.auth_token,
                                           ca_file=heat_settings.ca_file
                                           or None,
                                           cert_file=heat_settings.cert_file
                                           or None,
                                           key_file=heat_settings.key_file
                                           or None,
                                           insecure=heat_settings.insecure)
Exemplo n.º 2
0
    def _http_request(self, url, method, **kwargs):
        """Send an http request with the specified characteristics.

        Wrapper around requests.request to handle tasks such as
        setting headers and error handling.
        """
        # Copy the kwargs so we can reuse the original in case of redirects
        kwargs['headers'] = copy.deepcopy(kwargs.get('headers', {}))
        kwargs['headers'].setdefault('User-Agent', USER_AGENT)
        if self.auth_token:
            kwargs['headers'].setdefault('X-Auth-Token', self.auth_token)
        else:
            kwargs['headers'].update(self.credentials_headers())
        if self.auth_url:
            kwargs['headers'].setdefault('X-Auth-Url', self.auth_url)
        if self.region_name:
            kwargs['headers'].setdefault('X-Region-Name', self.region_name)
        if self.include_pass and 'X-Auth-Key' not in kwargs['headers']:
            kwargs['headers'].update(self.credentials_headers())
        if osprofiler_web:
            kwargs['headers'].update(osprofiler_web.get_trace_id_headers())

        self.log_curl_request(method, url, kwargs)

        if self.cert_file and self.key_file:
            kwargs['cert'] = (self.cert_file, self.key_file)

        if self.verify_cert is not None:
            kwargs['verify'] = self.verify_cert

        if self.timeout is not None:
            kwargs['timeout'] = float(self.timeout)

        # Allow caller to specify not to follow redirects, in which case we
        # just return the redirect response.  Useful for using stacks:lookup.
        redirect = kwargs.pop('redirect', True)

        # Since requests does not follow the RFC when doing redirection to sent
        # back the same method on a redirect we are simply bypassing it.  For
        # example if we do a DELETE/POST/PUT on a URL and we get a 302 RFC says
        # that we should follow that URL with the same method as before,
        # requests doesn't follow that and send a GET instead for the method.
        # Hopefully this could be fixed as they say in a comment in a future
        # point version i.e.: 3.x
        # See issue: https://github.com/kennethreitz/requests/issues/1704
        allow_redirects = False

        try:
            resp = requests.request(method,
                                    self.endpoint_url + url,
                                    allow_redirects=allow_redirects,
                                    **kwargs)
        except socket.gaierror as e:
            message = (_("Error finding address for %(url)s: %(e)s") % {
                'url': self.endpoint_url + url,
                'e': e
            })
            raise exc.InvalidEndpoint(message=message)
        except (socket.error, socket.timeout) as e:
            endpoint = self.endpoint
            message = (_("Error communicating with %(endpoint)s %(e)s") % {
                'endpoint': endpoint,
                'e': e
            })
            raise exc.CommunicationError(message=message)

        self.log_http_response(resp)

        if not ('X-Auth-Key' in kwargs['headers']) and (
                resp.status_code == 401 or
            (resp.status_code == 500 and "(HTTP 401)" in resp.content)):
            raise exc.HTTPUnauthorized(
                _("Authentication failed: %s") % resp.content)
        elif 400 <= resp.status_code < 600:
            raise exc.from_response(resp)
        elif resp.status_code in (301, 302, 305):
            # Redirected. Reissue the request to the new location,
            # unless caller specified redirect=False
            if redirect:
                location = resp.headers.get('location')
                path = self.strip_endpoint(location)
                resp = self._http_request(path, method, **kwargs)
        elif resp.status_code == 300:
            raise exc.from_response(resp)

        return resp