def test_will_expire_soon(self):
expires = timeutils.utcnow() + datetime.timedelta(minutes=5)
UNSCOPED_TOKEN['access']['token']['expires'] = expires.isoformat()
auth_ref = access.AccessInfo(UNSCOPED_TOKEN['access'])
self.assertFalse(auth_ref.will_expire_soon(stale_duration=120))
self.assertTrue(auth_ref.will_expire_soon(stale_duration=300))
self.assertFalse(auth_ref.will_expire_soon())
def test_building_scoped_accessinfo(self):
auth_ref = access.AccessInfo(PROJECT_SCOPED_TOKEN['access'])
self.assertTrue(auth_ref)
self.assertIn('token', auth_ref)
self.assertIn('serviceCatalog', auth_ref)
self.assertTrue(auth_ref['serviceCatalog'])
self.assertEquals(auth_ref.auth_token,
'04c7d5ffaeef485f9dc69c06db285bdb')
self.assertEquals(auth_ref.username, 'exampleuser')
self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
self.assertEquals(auth_ref.tenant_name, 'exampleproject')
self.assertEquals(auth_ref.tenant_id,
'225da22d3ce34b15877ea70b2a575f58')
self.assertEquals(auth_ref.tenant_name, auth_ref.project_name)
self.assertEquals(auth_ref.tenant_id, auth_ref.project_id)
self.assertEquals(auth_ref.auth_url,
('http://public.com:5000/v2.0',))
self.assertEquals(auth_ref.management_url,
('http://admin:35357/v2.0',))
self.assertTrue(auth_ref.scoped)
def test_building_unscoped_accessinfo(self):
auth_ref = access.AccessInfo(UNSCOPED_TOKEN['access'])
self.assertTrue(auth_ref)
self.assertIn('token', auth_ref)
self.assertIn('serviceCatalog', auth_ref)
self.assertFalse(auth_ref['serviceCatalog'])
self.assertEquals(auth_ref.auth_token,
'3e2813b7ba0b4006840c3825860b86ed')
self.assertEquals(auth_ref.username, 'exampleuser')
self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
self.assertEquals(auth_ref.tenant_name, None)
self.assertEquals(auth_ref.tenant_id, None)
self.assertEquals(auth_ref.auth_url, None)
self.assertEquals(auth_ref.management_url, None)
self.assertFalse(auth_ref.scoped)
self.assertEquals(
auth_ref.expires,
timeutils.parse_isotime(
UNSCOPED_TOKEN['access']['token']['expires']))
def authenticate(self, username=None, password=None, tenant_name=None,
tenant_id=None, auth_url=None, token=None):
""" Authenticate against the Keystone API.
Uses the data provided at instantiation to authenticate against
the Keystone server. This may use either a username and password
or token for authentication. If a tenant name or id was provided
then the resulting authenticated client will be scoped to that
tenant and contain a service catalog of available endpoints.
With the v2.0 API, if a tenant name or ID is not provided, the
authenication token returned will be 'unscoped' and limited in
capabilities until a fully-scoped token is acquired.
If successful, sets the self.auth_ref and self.auth_token with
the returned token. If not already set, will also set
self.management_url from the details provided in the token.
:returns: ``True`` if authentication was successful.
:raises: AuthorizationFailure if unable to authenticate or validate
the existing authorization token
:raises: ValueError if insufficient parameters are used.
"""
auth_url = auth_url or self.auth_url
username = username or self.username
password = password or self.password
tenant_name = tenant_name or self.tenant_name
tenant_id = tenant_id or self.tenant_id
token = token or self.auth_token
try:
raw_token = self._base_authN(auth_url,
username=username,
tenant_id=tenant_id,
tenant_name=tenant_name,
password=password,
token=token)
self.auth_ref = access.AccessInfo(**raw_token)
# if we got a response without a service catalog, set the local
# list of tenants for introspection, and leave to client user
# to determine what to do. Otherwise, load up the service catalog
self.auth_token = self.auth_ref.auth_token
if self.auth_ref.scoped:
if self.management_url is None:
self.management_url = self.auth_ref.management_url[0]
self.tenant_name = self.auth_ref.tenant_name
self.tenant_id = self.auth_ref.tenant_id
self.user_id = self.auth_ref.user_id
self._extract_service_catalog(self.auth_url, self.auth_ref)
return True
except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
_logger.debug("Authorization Failed.")
raise
except Exception as e:
raise exceptions.AuthorizationFailure("Authorization Failed: "
"%s" % e)
def __init__(self, username=None, tenant_id=None, tenant_name=None,
password=None, auth_url=None, region_name=None, timeout=None,
endpoint=None, token=None, cacert=None, key=None,
cert=None, insecure=False, original_ip=None, debug=False,
auth_ref=None, use_keyring=False, force_new_token=False,
stale_duration=None):
"""Construct a new http client
@param: timeout the request libary timeout in seconds (default None)
"""
self.version = 'v2.0'
# set baseline defaults
self.username = None
self.tenant_id = None
self.tenant_name = None
self.auth_url = None
self.management_url = None
if timeout is not None:
self.timeout = float(timeout)
else:
self.timeout = None
# if loading from a dictionary passed in via auth_ref,
# load values from AccessInfo parsing that dictionary
self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None
if self.auth_ref:
self.username = self.auth_ref.username
self.tenant_id = self.auth_ref.tenant_id
self.tenant_name = self.auth_ref.tenant_name
self.auth_url = self.auth_ref.auth_url[0]
self.management_url = self.auth_ref.management_url[0]
# allow override of the auth_ref defaults from explicit
# values provided to the client
if username:
self.username = username
if tenant_id:
self.tenant_id = tenant_id
if tenant_name:
self.tenant_name = tenant_name
if auth_url:
self.auth_url = auth_url.rstrip('/')
if token:
self.auth_token_from_user = token
else:
self.auth_token_from_user = None
if endpoint:
self.management_url = endpoint.rstrip('/')
self.password = password
self.original_ip = original_ip
self.region_name = region_name
if cacert:
self.verify_cert = cacert
else:
self.verify_cert = True
if insecure:
self.verify_cert = False
self.cert = cert
if cert and key:
self.cert = (cert, key,)
self.domain = ''
# logging setup
self.debug_log = debug
if self.debug_log:
ch = logging.StreamHandler()
_logger.setLevel(logging.DEBUG)
_logger.addHandler(ch)
if hasattr(requests, 'logging'):
requests.logging.getLogger(requests.__name__).addHandler(ch)
# keyring setup
self.use_keyring = use_keyring and try_import_keyring()
self.force_new_token = force_new_token
self.stale_duration = stale_duration or access.STALE_TOKEN_DURATION
self.stale_duration = int(self.stale_duration)
def authenticate(self, username=None, password=None, tenant_name=None,
tenant_id=None, auth_url=None, token=None):
""" Authenticate user.
Uses the data provided at instantiation to authenticate against
the Keystone server. This may use either a username and password
or token for authentication. If a tenant name or id was provided
then the resulting authenticated client will be scoped to that
tenant and contain a service catalog of available endpoints.
With the v2.0 API, if a tenant name or ID is not provided, the
authenication token returned will be 'unscoped' and limited in
capabilities until a fully-scoped token is acquired.
If successful, sets the self.auth_ref and self.auth_token with
the returned token. If not already set, will also set
self.management_url from the details provided in the token.
:returns: ``True`` if authentication was successful.
:raises: AuthorizationFailure if unable to authenticate or validate
the existing authorization token
:raises: ValueError if insufficient parameters are used.
If keyring is used, token is retrieved from keyring instead.
Authentication will only be necessary if any of the following
conditions are met:
* keyring is not used
* if token is not found in keyring
* if token retrieved from keyring is expired or about to
expired (as determined by stale_duration)
* if force_new_token is true
"""
auth_url = auth_url or self.auth_url
username = username or self.username
password = password or self.password
tenant_name = tenant_name or self.tenant_name
tenant_id = tenant_id or self.tenant_id
if not token:
token = self.auth_token_from_user
if (not token and self.auth_ref
and not self.auth_ref.will_expire_soon(self.stale_duration)):
token = self.auth_ref.auth_token
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url,
username,
tenant_name,
tenant_id,
token)
new_token_needed = False
if auth_ref is None or self.force_new_token:
new_token_needed = True
raw_token = self.get_raw_token_from_identity_service(auth_url,
username,
password,
tenant_name,
tenant_id,
token)
self.auth_ref = access.AccessInfo(**raw_token)
else:
self.auth_ref = auth_ref
self.process_token()
if new_token_needed:
self.store_auth_ref_into_keyring(keyring_key)
return True
def __init__(self,
username=None,
tenant_id=None,
tenant_name=None,
password=None,
auth_url=None,
region_name=None,
timeout=None,
endpoint=None,
token=None,
cacert=None,
key=None,
cert=None,
insecure=False,
original_ip=None,
debug=False,
auth_ref=None):
super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
if cert:
if key:
self.add_certificate(key=key, cert=cert, domain='')
else:
self.add_certificate(key=cert, cert=cert, domain='')
self.version = 'v2.0'
# set baseline defaults
self.username = None
self.tenant_id = None
self.tenant_name = None
self.auth_url = None
self.token = None
self.auth_token = None
self.management_url = None
# if loading from a dictionary passed in via auth_ref,
# load values from AccessInfo parsing that dictionary
self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None
if self.auth_ref:
self.username = self.auth_ref.username
self.tenant_id = self.auth_ref.tenant_id
self.tenant_name = self.auth_ref.tenant_name
self.auth_url = self.auth_ref.auth_url[0]
self.management_url = self.auth_ref.management_url[0]
self.auth_token = self.auth_ref.auth_token
# allow override of the auth_ref defaults from explicit
# values provided to the client
if username:
self.username = username
if tenant_id:
self.tenant_id = tenant_id
if tenant_name:
self.tenant_name = tenant_name
if auth_url:
self.auth_url = auth_url.rstrip('/')
if token:
self.auth_token = token
if endpoint:
self.management_url = endpoint.rstrip('/')
self.password = password
self.original_ip = original_ip
self.region_name = region_name
# httplib2 overrides
self.force_exception_to_status_code = True
self.disable_ssl_certificate_validation = insecure
# logging setup
self.debug_log = debug
if self.debug_log:
ch = logging.StreamHandler()
_logger.setLevel(logging.DEBUG)
_logger.addHandler(ch)
