Пример #1
0
def load_from_argparse_arguments(namespace, **kwargs):
    """Retrieve the created plugin from the completed argparse results.

    Loads and creates the auth plugin from the information parsed from the
    command line by argparse.

    :param Namespace namespace: The result from CLI parsing.

    :returns: An auth plugin, or None if a name is not provided.
    :rtype: :class:`keystoneauth1.plugin.BaseAuthPlugin`

    :raises keystoneauth1.exceptions.auth_plugins.NoMatchingPlugin:
        if a plugin cannot be created.
    """
    if not namespace.os_auth_type:
        return None

    if isinstance(namespace.os_auth_type, type):
        plugin = namespace.os_auth_type
    else:
        plugin = base.get_plugin_loader(namespace.os_auth_type)

    def _getter(opt):
        return getattr(namespace, 'os_%s' % opt.dest)

    return plugin.load_from_options_getter(_getter)
Пример #2
0
def load_from_argparse_arguments(namespace, **kwargs):
    """Retrieve the created plugin from the completed argparse results.

    Loads and creates the auth plugin from the information parsed from the
    command line by argparse.

    :param Namespace namespace: The result from CLI parsing.

    :returns: An auth plugin, or None if a name is not provided.
    :rtype: :class:`keystoneauth1.plugin.BaseAuthPlugin`

    :raises keystoneauth1.exceptions.auth_plugins.NoMatchingPlugin:
        if a plugin cannot be created.
    """
    if not namespace.os_auth_type:
        return None

    if isinstance(namespace.os_auth_type, type):
        plugin = namespace.os_auth_type
    else:
        plugin = base.get_plugin_loader(namespace.os_auth_type)

    def _getter(opt):
        return getattr(namespace, 'os_%s' % opt.dest)

    return plugin.load_from_options_getter(_getter)
Пример #3
0
def build_auth_params(auth_plugin_name, cmd_options):

    if auth_plugin_name:
        LOG.debug('auth_type: %s', auth_plugin_name)
        auth_plugin_loader = base.get_plugin_loader(auth_plugin_name)
        auth_params = {opt.dest: opt.default
                       for opt in base.get_plugin_options(auth_plugin_name)}
        auth_params.update(dict(cmd_options.auth))
        # grab tenant from project for v2.0 API compatibility
        if auth_plugin_name.startswith("v2"):
            if 'project_id' in auth_params:
                auth_params['tenant_id'] = auth_params['project_id']
                del auth_params['project_id']
            if 'project_name' in auth_params:
                auth_params['tenant_name'] = auth_params['project_name']
                del auth_params['project_name']
    else:
        LOG.debug('no auth_type')
        # delay the plugin choice, grab every option
        auth_plugin_loader = None
        auth_params = dict(cmd_options.auth)
        plugin_options = set([o.replace('-', '_') for o in get_options_list()])
        for option in plugin_options:
            LOG.debug('fetching option %s', option)
            auth_params[option] = getattr(cmd_options.auth, option, None)
    return (auth_plugin_loader, auth_params)
Пример #4
0
    def _get_ignore_projects(self, conf):
        if 'auth_type' not in conf:
            LOG.info("'auth_type' is not set assuming ignore_projects are "
                     "only project uuid.")
            return list_from_csv(conf.get('ignore_projects'))

        if 'ignore_projects' in conf:
            ignore_projects = list_from_csv(conf.get('ignore_projects'))
        else:
            ignore_projects = self.DEFAULT_IGNORE_PROJECT_NAMES

        if not ignore_projects:
            return []

        def opt_getter(opt):
            # TODO(sileht): This method does not support deprecated opt names
            val = conf.get(opt.name)
            if val is None:
                val = conf.get(opt.dest)
            return val

        auth_type = conf.get('auth_type')
        plugin = ksa_base.get_plugin_loader(auth_type)

        auth = plugin.load_from_options_getter(opt_getter)
        session = ksa_session.Session().load_from_options_getter(
            opt_getter, auth=auth)
        client = KeystoneClientLoader().load_from_options_getter(
            opt_getter, session=session)

        projects = []
        for name_or_id in ignore_projects:
            projects.extend(self._get_keystone_projects(client, name_or_id))
        return projects
Пример #5
0
def load_from_argparse_arguments(namespace, **kwargs):
    """Retrieve the created plugin from the completed argparse results.

    Loads and creates the auth plugin from the information parsed from the
    command line by argparse.

    :param Namespace namespace: The result from CLI parsing.

    :returns: An auth plugin, or None if a name is not provided.
    :rtype: :py:class:`keystonauth.auth.BaseAuthPlugin`

    :raises keystonauth.exceptions.NoMatchingPlugin: if a plugin cannot be
                                                        created.
    """
    if not namespace.os_auth_type:
        return None

    if isinstance(namespace.os_auth_type, type):
        plugin = namespace.os_auth_type
    else:
        plugin = base.get_plugin_loader(namespace.os_auth_type)

    plugin_opts = plugin.get_options()

    for opt in plugin_opts:
        val = getattr(namespace, 'os_%s' % opt.dest)
        if val is not None:
            val = opt.type(val)
        kwargs.setdefault(opt.dest, val)

    return plugin.load_from_options(**kwargs)
Пример #6
0
 def _create_authenticator(self, authenticator, auth_plugin, **args):
     if authenticator:
         return authenticator
     # TODO(thowe): Jamie was suggesting we should support other
     #              ways of loading the plugin
     loader = ksa_loader.get_plugin_loader(auth_plugin)
     load_args = {}
     for opt in loader.get_options():
         if args.get(opt.dest):
             load_args[opt.dest] = args[opt.dest]
     return loader.load_from_options(**load_args)
 def _create_authenticator(self, authenticator, auth_plugin, **args):
     if authenticator:
         return authenticator
     # TODO(thowe): Jamie was suggesting we should support other
     #              ways of loading the plugin
     loader = ksa_loader.get_plugin_loader(auth_plugin)
     load_args = {}
     for opt in loader.get_options():
         if args.get(opt.dest):
             load_args[opt.dest] = args[opt.dest]
     return loader.load_from_options(**load_args)
Пример #8
0
def register_argparse_arguments(parser, argv, default=None):
    """Register CLI options needed to create a plugin.

    The function inspects the provided arguments so that it can also register
    the options required for that specific plugin if available.

    :param parser: the parser to attach argparse options to.
    :type parser: argparse.ArgumentParser
    :param list argv: the arguments provided to the appliation.
    :param str/class default: a default plugin name or a plugin object to use
                              if one isn't specified by the CLI. default: None.

    :returns: The plugin class that will be loaded or None if not provided.
    :rtype: :class:`keystoneauth1.plugin.BaseAuthPlugin`

    :raises keystoneauth1.exceptions.auth_plugins.NoMatchingPlugin:
        if a plugin cannot be created.
    """
    in_parser = argparse.ArgumentParser(add_help=False)
    env_plugin = os.environ.get('OS_AUTH_TYPE',
                                os.environ.get('OS_AUTH_PLUGIN', default))
    for p in (in_parser, parser):
        p.add_argument('--os-auth-type',
                       '--os-auth-plugin',
                       metavar='<name>',
                       default=env_plugin,
                       help='Authentication type to use')

    options, _args = in_parser.parse_known_args(argv)

    if not options.os_auth_type:
        return None

    if isinstance(options.os_auth_type, base.BaseLoader):
        msg = 'Default Authentication options'
        plugin = options.os_auth_type
    else:
        msg = 'Options specific to the %s plugin.' % options.os_auth_type
        plugin = base.get_plugin_loader(options.os_auth_type)

    group = parser.add_argument_group('Authentication Options', msg)
    _register_plugin_argparse_arguments(group, plugin)
    return plugin
Пример #9
0
def register_argparse_arguments(parser, argv, default=None):
    """Register CLI options needed to create a plugin.

    The function inspects the provided arguments so that it can also register
    the options required for that specific plugin if available.

    :param parser: the parser to attach argparse options to.
    :type parser: argparse.ArgumentParser
    :param list argv: the arguments provided to the appliation.
    :param str/class default: a default plugin name or a plugin object to use
                              if one isn't specified by the CLI. default: None.

    :returns: The plugin class that will be loaded or None if not provided.
    :rtype: :class:`keystoneauth1.plugin.BaseAuthPlugin`

    :raises keystoneauth1.exceptions.auth_plugins.NoMatchingPlugin:
        if a plugin cannot be created.
    """
    in_parser = argparse.ArgumentParser(add_help=False)
    env_plugin = os.environ.get('OS_AUTH_TYPE',
                                os.environ.get('OS_AUTH_PLUGIN', default))
    for p in (in_parser, parser):
        p.add_argument('--os-auth-type',
                       '--os-auth-plugin',
                       metavar='<name>',
                       default=env_plugin,
                       help='Authentication type to use')

    options, _args = in_parser.parse_known_args(argv)

    if not options.os_auth_type:
        return None

    if isinstance(options.os_auth_type, base.BaseLoader):
        msg = 'Default Authentication options'
        plugin = options.os_auth_type
    else:
        msg = 'Options specific to the %s plugin.' % options.os_auth_type
        plugin = base.get_plugin_loader(options.os_auth_type)

    group = parser.add_argument_group('Authentication Options', msg)
    _register_plugin_argparse_arguments(group, plugin)
    return plugin
Пример #10
0
def load_from_conf_options(conf, group, **kwargs):
    """Load a plugin from an oslo_config CONF object.

    Each plugin will register their own required options and so there is no
    standard list and the plugin should be consulted.

    The base options should have been registered with register_conf_options
    before this function is called.

    :param conf: A conf object.
    :type conf: oslo_config.cfg.ConfigOpts
    :param string group: The group name that options should be read from.

    :returns: An authentication Plugin or None if a name is not provided
    :rtype: :py:class:`keystonauth.auth.BaseAuthPlugin`

    :raises keystonauth.exceptions.NoMatchingPlugin: if a plugin cannot be
                                                        created.
    """
    # NOTE(jamielennox): plugins are allowed to specify a 'section' which is
    # the group that auth options should be taken from. If not present they
    # come from the same as the base options were registered in.
    if conf[group].auth_section:
        group = conf[group].auth_section

    name = conf[group].auth_type
    if not name:
        return None

    plugin = base.get_plugin_loader(name)
    plugin_opts = plugin.get_options()
    oslo_opts = [o._to_oslo_opt() for o in plugin_opts]

    conf.register_opts(oslo_opts, group=group)

    for opt in plugin_opts:
        val = conf[group][opt.dest]
        if val is not None:
            val = opt.type(val)
        kwargs.setdefault(opt.dest, val)

    return plugin.load_from_options(**kwargs)
Пример #11
0
def load_from_conf_options(conf, group, **kwargs):
    """Load a plugin from an oslo_config CONF object.

    Each plugin will register their own required options and so there is no
    standard list and the plugin should be consulted.

    The base options should have been registered with register_conf_options
    before this function is called.

    :param conf: A conf object.
    :type conf: oslo_config.cfg.ConfigOpts
    :param string group: The group name that options should be read from.

    :returns: An authentication Plugin or None if a name is not provided
    :rtype: :py:class:`keystonauth.auth.BaseAuthPlugin`

    :raises keystonauth.exceptions.NoMatchingPlugin: if a plugin cannot be
                                                        created.
    """
    # NOTE(jamielennox): plugins are allowed to specify a 'section' which is
    # the group that auth options should be taken from. If not present they
    # come from the same as the base options were registered in.
    if conf[group].auth_section:
        group = conf[group].auth_section

    name = conf[group].auth_type
    if not name:
        return None

    plugin = base.get_plugin_loader(name)
    plugin_opts = plugin.get_options()
    oslo_opts = [o._to_oslo_opt() for o in plugin_opts]

    conf.register_opts(oslo_opts, group=group)

    for opt in plugin_opts:
        val = conf[group][opt.dest]
        if val is not None:
            val = opt.type(val)
        kwargs.setdefault(opt.dest, val)

    return plugin.load_from_options(**kwargs)
Пример #12
0
    def populate_parser(parser):
        plugins = loading_base.get_available_plugin_names()
        default_auth = "v3password"

        parser.add_argument(
            "--os-auth-type",
            "--os-auth-plugin",
            metavar="<name>",
            default=utils.env("OS_AUTH_TYPE", default=default_auth),
            choices=plugins,
            help="Authentication type to use, available "
            "types are: %s" % ", ".join(plugins),
        )

        # arguments come from session and plugins
        loading_session.register_argparse_arguments(parser)
        for plugin_name in plugins:
            plugin = loading_base.get_plugin_loader(plugin_name)
            # NOTE(aloga): we do not want a project to be passed from the
            # CLI, as we will iterate over it for each configured VO and
            # project. However, as the plugin is expecting them when
            # parsing the arguments we need to set them to None before
            # calling the load_auth_from_argparse_arguments method in the
            # __init__ method of this class.
            for opt in filter(
                    lambda x: x.name not in ("project-name", "project-id"),
                    plugin.get_options(),
            ):
                parser.add_argument(*opt.argparse_args,
                                    default=opt.argparse_default,
                                    metavar="<auth-%s>" % opt.name,
                                    help=opt.help,
                                    dest="os_%s" % opt.dest.replace("-", "_"))

        parser.add_argument(
            "--insecure",
            default=utils.env("NOVACLIENT_INSECURE", default=False),
            action="store_true",
            help="Explicitly allow novaclient to perform 'insecure' "
            "SSL (https) requests. The server's certificate will "
            "not be verified against any certificate authorities. "
            "This option should be used with caution.",
        )

        parser.add_argument(
            "--os-cacert",
            metavar="<ca-certificate>",
            default=utils.env("OS_CACERT", default=requests.certs.where()),
            help="Specify a CA bundle file to use in "
            "verifying a TLS (https) server certificate. "
            "Defaults to env[OS_CACERT].",
        )

        parser.add_argument(
            "--os-cert",
            metavar="<certificate>",
            default=utils.env("OS_CERT", default=None),
            help="Defaults to env[OS_CERT].",
        )

        parser.add_argument(
            "--os-key",
            metavar="<key>",
            default=utils.env("OS_KEY", default=None),
            help="Defaults to env[OS_KEY].",
        )

        parser.add_argument(
            "--timeout",
            default=600,
            metavar="<seconds>",
            help="Set request timeout (in seconds).",
        )

        parser.add_argument(
            "--select-flavors",
            default="all",
            choices=["all", "public", "private"],
            help="Select all (default), public or private flavors/templates.",
        )

        parser.add_argument(
            "--all-images",
            action="store_true",
            default=False,
            help=("If set, include information about all images (including "
                  "snapshots), otherwise only publish images with cloudkeeper "
                  "metadata, ignoring the others."),
        )
Пример #13
0
    def populate_parser(parser):
        plugins = loading_base.get_available_plugin_names()
        default_auth = "v3password"

        parser.add_argument('--os-auth-type',
                            '--os-auth-plugin',
                            metavar='<name>',
                            default=utils.env('OS_AUTH_TYPE',
                                              default=default_auth),
                            choices=plugins,
                            help='Authentication type to use, available '
                                 'types are: %s' % ", ".join(plugins))

        # arguments come from session and plugins
        loading_session.register_argparse_arguments(parser)
        for plugin_name in plugins:
            plugin = loading_base.get_plugin_loader(plugin_name)
            # NOTE(aloga): we do not want a project to be passed from the
            # CLI, as we will iterate over it for each configured VO and
            # project. However, as the plugin is expecting them when
            # parsing the arguments we need to set them to None before
            # calling the load_auth_from_argparse_arguments method in the
            # __init__ method of this class.
            for opt in filter(lambda x: x.name not in ("project-name",
                                                       "project-id"),
                              plugin.get_options()):
                parser.add_argument(*opt.argparse_args,
                                    default=opt.argparse_default,
                                    metavar='<auth-%s>' % opt.name,
                                    help=opt.help,
                                    dest='os_%s' % opt.dest.replace("-", "_"))

        parser.add_argument(
            '--insecure',
            default=utils.env('NOVACLIENT_INSECURE', default=False),
            action='store_true',
            help="Explicitly allow novaclient to perform 'insecure' "
                 "SSL (https) requests. The server's certificate will "
                 'not be verified against any certificate authorities. '
                 'This option should be used with caution.')

        parser.add_argument(
            '--os-cacert',
            metavar='<ca-certificate>',
            default=utils.env('OS_CACERT', default=requests.certs.where()),
            help='Specify a CA bundle file to use in '
            'verifying a TLS (https) server certificate. '
            'Defaults to env[OS_CACERT].')

        parser.add_argument(
            '--os-cert',
            metavar='<certificate>',
            default=utils.env('OS_CERT', default=None),
            help='Defaults to env[OS_CERT].')

        parser.add_argument(
            '--os-key',
            metavar='<key>',
            default=utils.env('OS_KEY', default=None),
            help='Defaults to env[OS_KEY].')

        parser.add_argument(
            '--timeout',
            default=600,
            metavar='<seconds>',
            help='Set request timeout (in seconds).')

        parser.add_argument(
            '--select-flavors',
            default='all',
            choices=['all', 'public', 'private'],
            help='Select all (default), public or private flavors/templates.')

        parser.add_argument(
            '--all-images',
            action='store_true',
            default=False,
            help=('If set, include information about all images (including '
                  'snapshots), otherwise only publish images with cloudkeeper '
                  'metadata, ignoring the others.'))
Пример #14
0
    def populate_parser(parser):
        default_auth = "v3password"
        parser.add_argument('--os-auth-type',
                            '--os-auth-plugin',
                            metavar='<name>',
                            default=default_auth,
                            help='Authentication type to use')

        plugin = loading_base.get_plugin_loader(default_auth)

        for opt in plugin.get_options():
            # FIXME(aloga): the code below has been commented. This commit has
            # been cherry picked from another branch that took into account the
            # VOs and configured projects. The code below needs to be
            # uncommented whenever Glue2.1 is in place.

            # NOTE(aloga): we do not want a project to be passed from the CLI,
            # as we will iterate over it for each configured VO and project.
            # However, as the plugin is expecting them when parsing the
            # arguments we need to set them to None before calling the
            # load_auth_from_argparse_arguments method in the __init__ method
            # of this class.
            # if opt.name in ("project-name", "project-id"):
            #    continue
            parser.add_argument(*opt.argparse_args,
                                default=opt.argparse_default,
                                metavar=opt.metavar,
                                help=opt.help,
                                dest='os_%s' % opt.dest)

        parser.add_argument(
            '--insecure',
            default=utils.env('NOVACLIENT_INSECURE', default=False),
            action='store_true',
            help="Explicitly allow novaclient to perform 'insecure' "
                 "SSL (https) requests. The server's certificate will "
                 'not be verified against any certificate authorities. '
                 'This option should be used with caution.')

        parser.add_argument(
            '--os-cacert',
            metavar='<ca-certificate>',
            default=utils.env('OS_CACERT', default=requests.certs.where()),
            help='Specify a CA bundle file to use in '
            'verifying a TLS (https) server certificate. '
            'Defaults to env[OS_CACERT].')

        parser.add_argument(
            '--os-cert',
            metavar='<certificate>',
            default=utils.env('OS_CERT', default=None),
            help='Defaults to env[OS_CERT].')

        parser.add_argument(
            '--os-key',
            metavar='<key>',
            default=utils.env('OS_KEY', default=None),
            help='Defaults to env[OS_KEY].')

        parser.add_argument(
            '--timeout',
            default=600,
            metavar='<seconds>',
            help='Set request timeout (in seconds).')

        parser.add_argument(
            '--legacy-occi-os',
            default=False,
            action='store_true',
            help="Generate information and ids compatible with OCCI-OS, "
                 "e.g. using the flavor name instead of the flavor id.")
Пример #15
0
    def populate_parser(parser):
        default_auth = "v3password"
        parser.add_argument('--os-auth-type',
                            '--os-auth-plugin',
                            metavar='<name>',
                            default=default_auth,
                            help='Authentication type to use')

        plugin = loading_base.get_plugin_loader(default_auth)

        for opt in plugin.get_options():
            # FIXME(aloga): the code below has been commented. This commit has
            # been cherry picked from another branch that took into account the
            # VOs and configured projects. The code below needs to be
            # uncommented whenever Glue2.1 is in place.

            # NOTE(aloga): we do not want a project to be passed from the CLI,
            # as we will iterate over it for each configured VO and project.
            # However, as the plugin is expecting them when parsing the
            # arguments we need to set them to None before calling the
            # load_auth_from_argparse_arguments method in the __init__ method
            # of this class.
            # if opt.name in ("project-name", "project-id"):
            #    continue
            parser.add_argument(*opt.argparse_args,
                                default=opt.argparse_default,
                                metavar=opt.metavar,
                                help=opt.help,
                                dest='os_%s' % opt.dest)

        parser.add_argument(
            '--insecure',
            default=utils.env('NOVACLIENT_INSECURE', default=False),
            action='store_true',
            help="Explicitly allow novaclient to perform 'insecure' "
            "SSL (https) requests. The server's certificate will "
            'not be verified against any certificate authorities. '
            'This option should be used with caution.')

        parser.add_argument('--os-cacert',
                            metavar='<ca-certificate>',
                            default=utils.env('OS_CACERT',
                                              default=requests.certs.where()),
                            help='Specify a CA bundle file to use in '
                            'verifying a TLS (https) server certificate. '
                            'Defaults to env[OS_CACERT].')

        parser.add_argument('--os-cert',
                            metavar='<certificate>',
                            default=utils.env('OS_CERT', default=None),
                            help='Defaults to env[OS_CERT].')

        parser.add_argument('--os-key',
                            metavar='<key>',
                            default=utils.env('OS_KEY', default=None),
                            help='Defaults to env[OS_KEY].')

        parser.add_argument('--timeout',
                            default=600,
                            metavar='<seconds>',
                            help='Set request timeout (in seconds).')

        parser.add_argument(
            '--legacy-occi-os',
            default=False,
            action='store_true',
            help="Generate information and ids compatible with OCCI-OS, "
            "e.g. using the flavor name instead of the flavor id.")

        parser.add_argument(
            '--select-flavors',
            default='all',
            choices=['all', 'public', 'private'],
            help='Select all (default), public or private flavors/templates.')
Пример #16
0
    def populate_parser(parser):
        plugins = loading_base.get_available_plugin_names()
        default_auth = "v3password"

        parser.add_argument('--os-auth-type',
                            '--os-auth-plugin',
                            metavar='<name>',
                            default=utils.env('OS_AUTH_TYPE',
                                              default=default_auth),
                            choices=plugins,
                            help='Authentication type to use, available '
                            'types are: %s' % ", ".join(plugins))

        # arguments come from session and plugins
        loading_session.register_argparse_arguments(parser)
        for plugin_name in plugins:
            plugin = loading_base.get_plugin_loader(plugin_name)
            for opt in plugin.get_options():
                # NOTE(aloga): we do not want a project to be passed from the
                # CLI, as we will iterate over it for each configured VO and
                # project. However, as the plugin is expecting them when
                # parsing the arguments we need to set them to None before
                # calling the load_auth_from_argparse_arguments method in the
                # __init__ method of this class.
                if opt.name in ("project-name", "project-id"):
                    continue

                parser.add_argument(*opt.argparse_args,
                                    default=opt.argparse_default,
                                    metavar='<auth-%s>' % opt.name,
                                    help=opt.help,
                                    dest='os_%s' % opt.dest.replace("-", "_"))

        parser.add_argument(
            '--insecure',
            default=utils.env('NOVACLIENT_INSECURE', default=False),
            action='store_true',
            help="Explicitly allow novaclient to perform 'insecure' "
            "SSL (https) requests. The server's certificate will "
            'not be verified against any certificate authorities. '
            'This option should be used with caution.')

        parser.add_argument('--os-cacert',
                            metavar='<ca-certificate>',
                            default=utils.env('OS_CACERT',
                                              default=requests.certs.where()),
                            help='Specify a CA bundle file to use in '
                            'verifying a TLS (https) server certificate. '
                            'Defaults to env[OS_CACERT].')

        parser.add_argument('--os-cert',
                            metavar='<certificate>',
                            default=utils.env('OS_CERT', default=None),
                            help='Defaults to env[OS_CERT].')

        parser.add_argument('--os-key',
                            metavar='<key>',
                            default=utils.env('OS_KEY', default=None),
                            help='Defaults to env[OS_KEY].')

        parser.add_argument('--timeout',
                            default=600,
                            metavar='<seconds>',
                            help='Set request timeout (in seconds).')

        parser.add_argument(
            '--select-flavors',
            default='all',
            choices=['all', 'public', 'private'],
            help='Select all (default), public or private flavors/templates.')

        parser.add_argument(
            '--all-images',
            action='store_true',
            default=False,
            help=('If set, include information about all images (including '
                  'snapshots), otherwise only publish images with cloudkeeper '
                  'metadata, ignoring the others.'))