def clients(self):
inputs = self.configuration.inputs
username = inputs['keystone_username']
password = inputs['keystone_password']
tenant_name = inputs['keystone_tenant_name']
region_name = inputs['region']
auth_url = inputs['keystone_url']
clients_std_keys_kw = {
'username': username,
'password': password,
'tenant_name': tenant_name,
'auth_url': auth_url
}
clients_old_keys_kw = {
'username': username,
'api_key': password,
'project_id': tenant_name,
'auth_url': auth_url,
'region_name': region_name
}
keystone = keystone_client.Client(**clients_std_keys_kw)
clients_std_keys_kw['region_name'] = region_name
neutron = neutron_client.Client(**clients_std_keys_kw)
nova = nova_client.Client(**clients_old_keys_kw)
cinder = cinder_client.Client(**clients_old_keys_kw)
return {
'keystone': keystone,
'neutron': neutron,
'nova': nova,
'cinder': cinder
}
def get_client(self, params=None):
""" Getting cinder client """
params = self.config if not params else params
return cinder_client.Client(params.cloud.user, params.cloud.password,
params.cloud.tenant, params.cloud.auth_url)
def _test_auth_success(self, mock_iter_entry_points, mock_request,
**client_kwargs):
"""Generic test that we can authenticate using the auth system."""
class MockEntrypoint(pkg_resources.EntryPoint):
def load(self):
return FakePlugin
class FakePlugin(auth_plugin.BaseAuthPlugin):
def authenticate(self, cls, auth_url):
cls._authenticate(auth_url, {"fake": "me"})
mock_iter_entry_points.side_effect = lambda _t: [
MockEntrypoint("fake", "fake", ["FakePlugin"])]
mock_request.side_effect = mock_http_request()
auth_plugin.discover_auth_systems()
plugin = auth_plugin.load_plugin("fake")
cs = client.Client("username", "password", "project_id",
"auth_url/v2.0", auth_system="fake",
auth_plugin=plugin, **client_kwargs)
cs.client.authenticate()
headers = requested_headers(cs)
token_url = cs.client.auth_url + "/tokens"
mock_request.assert_called_with(
"POST",
token_url,
headers=headers,
data='{"fake": "me"}',
allow_redirects=True,
**self.TEST_REQUEST_BASE)
return cs.client
def cinderclient(request):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cinder_url = ""
try:
cinder_url = url_for(request, 'volume')
except exceptions.ServiceCatalogException:
LOG.debug('no volume service configured.')
return None
LOG.debug('cinderclient connection created using token "%s" and url "%s"' %
(request.user.token.id, cinder_url))
# jt
# c = cinder_client.Client(request.user.username,
# request.user.token.id,
# project_id=request.user.tenant_id,
# auth_url=cinder_url,
# insecure=insecure,
# http_log_debug=settings.DEBUG)
c = cinder_client.Client(request.user.username,
request.user.token.id,
project_id=request.user.tenant_id,
region_name=request.session.get(
'region_name', None),
auth_url=cinder_url,
insecure=insecure,
http_log_debug=settings.DEBUG)
c.client.auth_token = request.user.token.id
c.client.management_url = cinder_url
return c
def setUp(self):
self.keystone = ksclient.Client(auth_url=keystone_url,
username=admin_user,
password=admin_pass,
tenant_name=admin_tenant)
self.t = self.keystone.tenants.create(test_tenant)
self.password = str(uuid.uuid4())[:8]
self.u = self.keystone.users.create(test_user, self.password,
"*****@*****.**" % test_user,
self.t.id)
self.keystone_testuser = ksclient.Client(auth_url=keystone_url,
username=test_user,
password=self.password,
tenant_name=test_tenant)
self.cinder = cinderclient.Client(test_user, self.password,
test_tenant, keystone_url)
neutron_endpoint = self.keystone.service_catalog.url_for(
service_type='network', endpoint_type='publicURL')
self.neutron = neutronclient.Client(
endpoint_url=neutron_endpoint,
token=self.keystone_testuser.auth_token)
self.nova = novaclient.Client(test_user, self.password, test_tenant,
keystone_url)
with open(os.path.expanduser('~/.ssh/id_rsa.pub')) as fpubkey:
self.nova.keypairs.create(name="mykey", public_key=fpubkey.read())
def test_authenticate_success(self):
cs = client.Client("username", "password", "project_id", "auth_url")
management_url = 'https://servers.api.rackspacecloud.com/v1.1/443470'
auth_response = httplib2.Response({
'status': 204,
'x-server-management-url': management_url,
'x-auth-token': '1b751d74-de0c-46ae-84f0-915744b582d1',
})
mock_request = mock.Mock(return_value=(auth_response, None))
@mock.patch.object(httplib2.Http, "request", mock_request)
def test_auth_call():
cs.client.authenticate()
headers = {
'Accept': 'application/json',
'X-Auth-User': '******',
'X-Auth-Key': 'password',
'X-Auth-Project-Id': 'project_id',
'User-Agent': cs.client.USER_AGENT
}
mock_request.assert_called_with(cs.client.auth_url, 'GET',
headers=headers)
self.assertEqual(cs.client.management_url,
auth_response['x-server-management-url'])
self.assertEqual(cs.client.auth_token,
auth_response['x-auth-token'])
test_auth_call()
def _make_connection(self, **kwargs):
return cinder_client.Client(self.user,
self.password,
self.tenant,
auth_url=self.auth_url,
region_name=self.region_name,
**kwargs)
def test_authenticate_success(self):
cs = client.Client("username", "password", "project_id", "auth_url")
management_url = 'https://localhost/v1.1/443470'
auth_response = utils.TestResponse({
'status_code': 204,
'headers': {
'x-server-management-url': management_url,
'x-auth-token': '1b751d74-de0c-46ae-84f0-915744b582d1',
},
})
mock_request = mock.Mock(return_value=(auth_response))
@mock.patch.object(requests, "request", mock_request)
def test_auth_call():
cs.client.authenticate()
headers = {
'Accept': 'application/json',
'X-Auth-User': '******',
'X-Auth-Key': 'password',
'X-Auth-Project-Id': 'project_id',
'User-Agent': cs.client.USER_AGENT
}
mock_request.assert_called_with("GET",
cs.client.auth_url,
headers=headers,
**self.TEST_REQUEST_BASE)
self.assertEqual(auth_response.headers['x-server-management-url'],
cs.client.management_url)
self.assertEqual(auth_response.headers['x-auth-token'],
cs.client.auth_token)
test_auth_call()
def cinderclient(context):
# FIXME: the cinderclient ServiceCatalog object is mis-named.
# It actually contains the entire access blob.
compat_catalog = {
'access': {
'serviceCatalog': context.service_catalog or {}
}
}
sc = service_catalog.ServiceCatalog(compat_catalog)
if FLAGS.cinder_endpoint_template:
url = FLAGS.cinder_endpoint_template % context.to_dict()
else:
info = FLAGS.cinder_catalog_info
service_type, service_name, endpoint_type = info.split(':')
url = sc.url_for(service_type=service_type,
service_name=service_name,
endpoint_type=endpoint_type)
LOG.debug(_('Cinderclient connection created using URL: %s') % url)
c = cinder_client.Client(context.user_id,
context.auth_token,
project_id=context.project_id,
auth_url=url)
# noauth extracts user_id:project_id from auth_token
c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,
context.project_id)
c.client.management_url = url
return c
def cinder(self):
if cinderclient is None:
return self.nova('volume')
if self._cinder:
return self._cinder
con = self.context
args = {
'service_type': 'volume',
'auth_url': con.auth_url,
'project_id': con.tenant
}
if con.password is not None:
args['username'] = con.username
args['api_key'] = con.password
elif con.auth_token is not None:
args['username'] = None
args['api_key'] = None
else:
logger.error("Cinder connection failed, "
"no password or auth_token!")
return None
logger.debug('cinder args %s', args)
self._cinder = cinderclient.Client(**args)
if con.password is None and con.auth_token is not None:
management_url = self.url_for(service_type='volume')
self._cinder.client.auth_token = con.auth_token
self._cinder.client.management_url = management_url
return self._cinder
def test_auth_call():
plugin = auth_plugin.DeprecatedAuthPlugin("fakewithauthurl")
cs = client.Client("username", "password", "project_id",
auth_system="fakewithauthurl",
auth_plugin=plugin)
cs.client.authenticate()
self.assertEqual(cs.client.auth_url, "http://faked/v2.0")
def authenticate_cinder_admin(self, keystone_sentry, username, password,
tenant):
"""Authenticates admin user with cinder."""
# NOTE(beisner): cinder python client doesn't accept tokens.
keystone_ip = keystone_sentry.info['public-address']
ept = "http://{}:5000/v2.0".format(keystone_ip.strip().decode('utf-8'))
return cinder_client.Client(username, password, tenant, ept)
def cinderclient(context):
if context.is_admin and context.project_id is None:
c = cinder_client.Client(
CONF.cinder_admin_username,
CONF.cinder_admin_password,
CONF.cinder_admin_tenant_name,
CONF.cinder_admin_auth_url,
retries=CONF.cinder_http_retries,
)
c.authenticate()
return c
compat_catalog = {
'access': {
'serviceCatalog': context.service_catalog or []
}
}
sc = service_catalog.ServiceCatalog(compat_catalog)
info = CONF.cinder_catalog_info
service_type, service_name, endpoint_type = info.split(':')
# extract the region if set in configuration
if CONF.os_region_name:
attr = 'region'
filter_value = CONF.os_region_name
else:
attr = None
filter_value = None
url = sc.url_for(attr=attr,
filter_value=filter_value,
service_type=service_type,
service_name=service_name,
endpoint_type=endpoint_type)
LOG.debug('Cinderclient connection created using URL: %s' % url)
c = cinder_client.Client(context.user_id,
context.auth_token,
project_id=context.project_id,
auth_url=url,
insecure=CONF.cinder_api_insecure,
retries=CONF.cinder_http_retries,
cacert=CONF.cinder_ca_certificates_file)
# noauth extracts user_id:project_id from auth_token
c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,
context.project_id)
c.client.management_url = url
return c
def test_ambiguous_endpoints(self):
cs = client.Client("username",
"password",
"project_id",
"auth_url/v2.0",
service_type='compute')
resp = {
"access": {
"token": {
"expires": "12345",
"id": "FAKE_ID",
},
"serviceCatalog": [
{
"adminURL":
"http://*****:*****@mock.patch.object(httplib2.Http, "request", mock_request)
def test_auth_call():
self.assertRaises(exceptions.AmbiguousEndpoints,
cs.client.authenticate)
test_auth_call()
def test_auth_call():
auth_plugin.discover_auth_systems()
plugin = auth_plugin.DeprecatedAuthPlugin("notexists")
cs = client.Client("username", "password", "project_id",
"auth_url/v2.0", auth_system="notexists",
auth_plugin=plugin)
self.assertRaises(exceptions.AuthSystemNotFound,
cs.client.authenticate)
def get_client(self, params=None):
""" Getting cinder client """
params = self.config if not params else params
return cinder_client.Client(
params.cloud.user, params.cloud.password, params.cloud.tenant,
"http://%s:35357/v2.0/" % params.cloud.host)
def _get_volume_client(self):
"""Get Cinder v1 client."""
if not self._c_client:
self._c_client = cclient.Client(env['OS_USERNAME'],
env['OS_PASSWORD'],
env['OS_TENANT_NAME'],
env['OS_AUTH_URL'])
return self._c_client
def client(self):
if not self._client:
self._client = cinder_client.Client(self.username,
self.password,
self.project,
self.auth_url,
insecure=self.insecure)
return self._client
def test_ambiguous_endpoints(self):
cs = client.Client("username",
"password",
"project_id",
"http://*****:*****@mock.patch.object(requests, "request", mock_request)
def test_auth_call():
self.assertRaises(exceptions.AmbiguousEndpoints,
cs.client.authenticate)
test_auth_call()
def openstack_clients(self):
creds = self._client_creds()
return (nvclient.Client(**creds),
neclient.Client(username=creds['username'],
password=creds['api_key'],
tenant_name=creds['project_id'],
region_name=creds['region_name'],
auth_url=creds['auth_url']),
cinderclient.Client(**creds))
def __init__(self,
config,
configuration_ini,
cloud_prefix='SRC',
results_path='.'):
self.configuration_ini = configuration_ini
self.results_path = results_path
logging_config.dictConfig(conf.logging_configuration)
self.log = logging.getLogger(__name__)
self.filtering_utils = utils.FilteringUtils(
self.configuration_ini['migrate']['filter_path'])
self.migration_utils = utils.MigrationUtils(config)
self.src_vms_from_config = \
self.migration_utils.get_all_vms_from_config()
self.config = config
self.cloud_prefix = cloud_prefix.lower()
self.username = self.configuration_ini[self.cloud_prefix]['user']
self.password = self.configuration_ini[self.cloud_prefix]['password']
self.tenant = self.configuration_ini[self.cloud_prefix]['tenant']
self.auth_url = self.configuration_ini[self.cloud_prefix]['auth_url']
self.keystoneclient = keystone.Client(auth_url=self.auth_url,
username=self.username,
password=self.password,
tenant_name=self.tenant)
self.keystoneclient.authenticate()
self.novaclient = nova.Client(username=self.username,
api_key=self.password,
project_id=self.tenant,
auth_url=self.auth_url)
self.token = self.keystoneclient.auth_token
self.image_endpoint = \
self.keystoneclient.service_catalog.get_endpoints(
service_type='image',
endpoint_type='publicURL')['image'][0]['publicURL']
self.glanceclient = glance(endpoint=self.image_endpoint,
token=self.token)
self.neutronclient = neutron.Client(username=self.username,
password=self.password,
tenant_name=self.tenant,
auth_url=self.auth_url)
self.cinderclient = cinder.Client(self.username, self.password,
self.tenant, self.auth_url)
self.openstack_release = self._get_openstack_release()
self.server_groups_supported = self.openstack_release in [
'icehouse', 'juno'
]
self.swift_connection = SwiftConnection(self.auth_url, self.username,
self.password, self.tenant)
def cinderclient(self):
"""
Openstack cinderclient generator
"""
util.logger.debug(
'cinderclient connection created using token "%s" and url "%s"' %
(self.creds['username'], self.creds['auth_url']))
client = cinder_client.Client(**self.creds)
return client
def clientCinder(username, passwd, tname, a_url):
try:
conn = ccinder.Client(username=username,
api_key=passwd,
project_id=tname,
auth_url=a_url)
except ClientException, e:
return "Error %s" % e
def authenticate_cinder_admin(self, keystone_sentry, username, password,
tenant):
"""Authenticates admin user with cinder."""
# NOTE(beisner): cinder python client doesn't accept tokens.
service_ip = \
keystone_sentry.relation('shared-db',
'mysql:shared-db')['private-address']
ept = "http://{}:5000/v2.0".format(service_ip.strip().decode('utf-8'))
return cinder_client.Client(username, password, tenant, ept)
def cinder_client():
var = getattr(localdata, 'cinder_client', None)
if var is None:
var = ciclient.Client(auth_url=conf.openstack_api['keystone_url'],
username=conf.openstack_api['user'],
api_key=conf.openstack_api['password'],
project_id=conf.openstack_api['tenant_name'])
setattr(localdata, 'cinder_client', var)
return var
def test_auth_manual(self):
cs = client.Client("username", "password", "project_id", "auth_url")
@mock.patch.object(cs.client, 'authenticate')
def test_auth_call(m):
cs.authenticate()
m.assert_called()
test_auth_call()
def test_authenticate_failure(self):
cs = client.Client("username", "password", "project_id", "auth_url")
auth_response = httplib2.Response({'status': 401})
mock_request = mock.Mock(return_value=(auth_response, None))
@mock.patch.object(httplib2.Http, "request", mock_request)
def test_auth_call():
self.assertRaises(exceptions.Unauthorized, cs.client.authenticate)
test_auth_call()
def get_client(self, params=None, tenant=None):
params = params or self.config
return cinder_client.Client(params.cloud.user,
params.cloud.password,
tenant or params.cloud.tenant,
params.cloud.auth_url,
cacert=params.cloud.cacert,
insecure=params.cloud.insecure,
region_name=params.cloud.region)
def get_cinderclient(ks_client, cloud, region_name=None):
endpoint = get_endpoint(ks_client, region_name, 'volume')
auth_token = get_token(ks_client)
c = cinder_client.Client(cloud['admin_user'],
cloud['admin_password'],
None,
auth_url=cloud['os_auth_url'])
c.client.auth_token = auth_token
c.client.management_url = endpoint
return c
def test_authenticate_failure(self):
cs = client.Client("username", "password", "project_id", "auth_url")
auth_response = utils.TestResponse({"status_code": 401})
mock_request = mock.Mock(return_value=(auth_response))
@mock.patch.object(requests, "request", mock_request)
def test_auth_call():
self.assertRaises(exceptions.Unauthorized, cs.client.authenticate)
test_auth_call()
