def Client(self):
sess = None
keystone = None
version = self.conf.os_identity_api_version
# switch on keystoneauth1
if self.conf.use_keystoneauth1:
globals()['v2'] = authv2
globals()['v3'] = authv3
globals()['session'] = auth_session
if self.conf.keystoneauth1.use_loading:
if self.conf.debug:
plugin_loaders = loading.get_available_plugin_loaders()
avail_plugins = loading.get_available_plugin_names()
logger.debug('Available plugin loaders: %s' %
sorted(plugin_loaders.iteritems()))
logger.debug('Available plugins: %s' %
sorted(avail_plugins))
loader = loading.get_plugin_loader('password')
self.logger.debug('loader: %s' % loader)
auth_args = self._get_auth_args()
auth = loader.load_from_options(**auth_args)
# Discover with session
if self.conf.keystoneauth1.use_discovery:
if self.conf.null_session_discovery:
# gem from ceilometerclient.client...
s = session.Session()
else:
s = session.Session(auth=auth)
url = self.os_service_endpoint
discover = kauth_discover.Discover(session=s, url=url)
self.logger.debug('discover: %s' % discover)
self.logger.debug('discovered version data: %s' %
discover.version_data())
disc_auth_url = discover.url_for(version)
self.logger.debug('discovered urls: %s' % disc_auth_url)
# Re-init auth args and auth...
# Not doing this generates interesting error using Identity v3: (remove and attempt v2 for magic!!)
# keystoneauth1.exceptions.http.Forbidden: You are not authorized to perform the requested action: identity:list_projects
auth_kwargs = self._get_auth_args(auth_url=disc_auth_url,
version=version)
auth = loader.load_from_options(**auth_kwargs)
else:
raise Exception('Non-discovery approach not implemented.')
else:
auth = self._get_password_auth()
if not self.conf.keystoneauth1.use_sessions:
raise Exception('Non-session approach not supported.')
sess = session.Session(auth=auth)
keystone = keystoneclient.client.Client(version, session=sess)
else:
# Using deprecated keystoneclient mechanisms
# TODO: try generic passwords -- not possible w/o keystoneauth1
auth = self._get_password_auth()
if self.conf.keystoneclient.use_sessions:
# TODO: use discovery
if self.conf.keystoneclient.use_discovery:
# ^^^ seems not possible without versioned urls?
auth_args = self._get_auth_args()
# TODO: could i use keystoneauth1 loading here...?
auth = self._get_password_auth(**auth_args)
sess = legacy_session.Session(auth=auth)
# /home/kmidzi/projects/rdtibcc-679/local/lib/python2.7/site-packages/keystoneclient/session.py:17
# what is implication of import keystoneauth1? advent?
try:
url = self.os_service_endpoint
discover = ks_discover.Discover(session=sess, url=url)
self.logger.debug('discover: %s' % discover)
self.logger.debug('discovered version data: %s' %
discover.version_data())
disc_auth_url = discover.url_for(version)
self.logger.debug('discovered urls: %s' %
disc_auth_url)
except Exception as e:
raise (Exception('Could not discover: %s' % e.message))
else:
sess = keystoneclient.session.Session(auth=auth)
# keystoneclient.exceptions.DiscoveryFailure: Not enough information to determine URL. Provide either auth_url or endpoint
keystone = keystoneclient.client.Client(version, session=sess)
else:
raise Exception('Non-session approach not implemented.')
self._sess = sess
self.logger.info('Auth object: %s' % auth)
self.logger.info('Session object: %s' % sess)
return keystone
def register_argparse_arguments(self, parser, argv, service_keys=None):
"""Register all of the common argparse options needed.
Given an argparse parser, register the keystoneauth Session arguments,
the keystoneauth Auth Plugin Options and os-cloud. Also, peek in the
argv to see if all of the auth plugin options should be registered
or merely the ones already configured.
:param argparse.ArgumentParser: parser to attach argparse options to
:param list argv: the arguments provided to the application
:param string service_keys: Service or list of services this argparse
should be specialized for, if known.
The first item in the list will be used
as the default value for service_type
(optional)
:raises exceptions.OpenStackConfigException if an invalid auth-type
is requested
"""
if service_keys is None:
service_keys = []
# Fix argv in place - mapping any keys with embedded _ in them to -
_fix_argv(argv)
local_parser = argparse_mod.ArgumentParser(add_help=False)
for p in (parser, local_parser):
p.add_argument('--os-cloud',
metavar='<name>',
default=os.environ.get('OS_CLOUD', None),
help='Named cloud to connect to')
# we need to peek to see if timeout was actually passed, since
# the keystoneauth declaration of it has a default, which means
# we have no clue if the value we get is from the ksa default
# for from the user passing it explicitly. We'll stash it for later
local_parser.add_argument('--timeout', metavar='<timeout>')
# We need for get_one_cloud to be able to peek at whether a token
# was passed so that we can swap the default from password to
# token if it was. And we need to also peek for --os-auth-token
# for novaclient backwards compat
local_parser.add_argument('--os-token')
local_parser.add_argument('--os-auth-token')
# Peek into the future and see if we have an auth-type set in
# config AND a cloud set, so that we know which command line
# arguments to register and show to the user (the user may want
# to say something like:
# openstack --os-cloud=foo --os-oidctoken=bar
# although I think that user is the cause of my personal pain
options, _args = local_parser.parse_known_args(argv)
if options.timeout:
self._argv_timeout = True
# validate = False because we're not _actually_ loading here
# we're only peeking, so it's the wrong time to assert that
# the rest of the arguments given are invalid for the plugin
# chosen (for instance, --help may be requested, so that the
# user can see what options he may want to give
cloud = self.get_one_cloud(argparse=options, validate=False)
default_auth_type = cloud.config['auth_type']
try:
loading.register_auth_argparse_arguments(parser,
argv,
default=default_auth_type)
except Exception:
# Hidiing the keystoneauth exception because we're not actually
# loading the auth plugin at this point, so the error message
# from it doesn't actually make sense to os-client-config users
options, _args = parser.parse_known_args(argv)
plugin_names = loading.get_available_plugin_names()
raise exceptions.OpenStackConfigException(
"An invalid auth-type was specified: {auth_type}."
" Valid choices are: {plugin_names}.".format(
auth_type=options.os_auth_type,
plugin_names=",".join(plugin_names)))
if service_keys:
primary_service = service_keys[0]
else:
primary_service = None
loading.register_session_argparse_arguments(parser)
adapter.register_adapter_argparse_arguments(
parser, service_type=primary_service)
for service_key in service_keys:
# legacy clients have un-prefixed api-version options
parser.add_argument('--{service_key}-api-version'.format(
service_key=service_key.replace('_', '-'),
help=argparse_mod.SUPPRESS))
adapter.register_service_adapter_argparse_arguments(
parser, service_type=service_key)
# Backwards compat options for legacy clients
parser.add_argument('--http-timeout', help=argparse_mod.SUPPRESS)
parser.add_argument('--os-endpoint-type', help=argparse_mod.SUPPRESS)
parser.add_argument('--endpoint-type', help=argparse_mod.SUPPRESS)
def register_argparse_arguments(self, parser, argv, service_keys=[]):
"""Register all of the common argparse options needed.
Given an argparse parser, register the keystoneauth Session arguments,
the keystoneauth Auth Plugin Options and os-cloud. Also, peek in the
argv to see if all of the auth plugin options should be registered
or merely the ones already configured.
:param argparse.ArgumentParser: parser to attach argparse options to
:param list argv: the arguments provided to the application
:param string service_keys: Service or list of services this argparse
should be specialized for, if known.
The first item in the list will be used
as the default value for service_type
(optional)
:raises exceptions.OpenStackConfigException if an invalid auth-type
is requested
"""
local_parser = argparse_mod.ArgumentParser(add_help=False)
for p in (parser, local_parser):
p.add_argument(
'--os-cloud',
metavar='<name>',
default=os.environ.get('OS_CLOUD', None),
help='Named cloud to connect to')
# we need to peek to see if timeout was actually passed, since
# the keystoneauth declaration of it has a default, which means
# we have no clue if the value we get is from the ksa default
# for from the user passing it explicitly. We'll stash it for later
local_parser.add_argument('--timeout', metavar='<timeout>')
# Peek into the future and see if we have an auth-type set in
# config AND a cloud set, so that we know which command line
# arguments to register and show to the user (the user may want
# to say something like:
# openstack --os-cloud=foo --os-oidctoken=bar
# although I think that user is the cause of my personal pain
options, _args = local_parser.parse_known_args(argv)
if options.timeout:
self._argv_timeout = True
# validate = False because we're not _actually_ loading here
# we're only peeking, so it's the wrong time to assert that
# the rest of the arguments given are invalid for the plugin
# chosen (for instance, --help may be requested, so that the
# user can see what options he may want to give
cloud = self.get_one_cloud(argparse=options, validate=False)
default_auth_type = cloud.config['auth_type']
try:
loading.register_auth_argparse_arguments(
parser, argv, default=default_auth_type)
except Exception:
# Hidiing the keystoneauth exception because we're not actually
# loading the auth plugin at this point, so the error message
# from it doesn't actually make sense to os-client-config users
options, _args = parser.parse_known_args(argv)
plugin_names = loading.get_available_plugin_names()
raise exceptions.OpenStackConfigException(
"An invalid auth-type was specified: {auth_type}."
" Valid choices are: {plugin_names}.".format(
auth_type=options.os_auth_type,
plugin_names=",".join(plugin_names)))
if service_keys:
primary_service = service_keys[0]
else:
primary_service = None
loading.register_session_argparse_arguments(parser)
adapter.register_adapter_argparse_arguments(
parser, service_type=primary_service)
for service_key in service_keys:
# legacy clients have un-prefixed api-version options
parser.add_argument(
'--{service_key}-api-version'.format(
service_key=service_key.replace('_', '-'),
help=argparse_mod.SUPPRESS))
adapter.register_service_adapter_argparse_arguments(
parser, service_type=service_key)
# Backwards compat options for legacy clients
parser.add_argument('--http-timeout', help=argparse_mod.SUPPRESS)
parser.add_argument('--os-endpoint-type', help=argparse_mod.SUPPRESS)
parser.add_argument('--endpoint-type', help=argparse_mod.SUPPRESS)
