def _create_auth_plugin(self): if self.trust_id: importutils.import_module('keystonemiddleware.auth_token') username = cfg.CONF.keystone_authtoken.admin_user password = cfg.CONF.keystone_authtoken.admin_password return v3.Password(username=username, password=password, user_domain_id='default', auth_url=self._keystone_v3_endpoint, trust_id=self.trust_id) if self.auth_token_info: auth_ref = access.AccessInfo.factory(body=self.auth_token_info, auth_token=self.auth_token) return _AccessInfoPlugin(self._keystone_v3_endpoint, auth_ref) if self.auth_token: # FIXME(jamielennox): This is broken but consistent. If you # only have a token but don't load a service catalog then # url_for wont work. Stub with the keystone endpoint so at # least it might be right. return token_endpoint.Token(endpoint=self._keystone_v3_endpoint, token=self.auth_token) if self.password: return v3.Password(username=self.username, password=self.password, project_id=self.tenant_id, user_domain_id='default', auth_url=self._keystone_v3_endpoint) LOG.error(_LE("Keystone v3 API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure()
def stack_domain_user_token(self, username, project_id, password): """Get a token for a stack domain user.""" if not self.stack_domain: # Note, no legacy fallback path as we don't want to deploy # tokens for non stack-domain users inside instances msg = _('Cannot get stack domain user token, no stack domain id ' 'configured, please fix your heat.conf') raise exception.Error(msg) # Create a keystoneclient session, then request a token with no # catalog (the token is expected to be used inside an instance # where a specific endpoint will be specified, and user-data # space is limited..) if self._stack_domain_is_id: auth = kc_auth_v3.Password(auth_url=self.v3_endpoint, username=username, password=password, project_id=project_id, user_domain_id=self.stack_domain) else: auth = kc_auth_v3.Password(auth_url=self.v3_endpoint, username=username, password=password, project_id=project_id, user_domain_name=self.stack_domain) sess = session.Session(auth=auth) # Note we do this directly via a post as there's currently # no way to get a nocatalog token via keystoneclient token_url = "%s/auth/tokens?nocatalog" % self.v3_endpoint headers = {'Accept': 'application/json'} if self._stack_domain_is_id: domain = {'id': self.stack_domain} else: domain = {'name': self.stack_domain} body = { 'auth': { 'scope': { 'project': { 'id': project_id } }, 'identity': { 'password': { 'user': { 'domain': domain, 'password': password, 'name': username } }, 'methods': ['password'] } } } t = sess.post(token_url, headers=headers, json=body, authenticated=False) return t.headers['X-Subject-Token']
def test_with_multiple_scopes(self): s = session.Session() a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, domain_id='x', project_id='x') self.assertRaises(exceptions.AuthorizationFailure, a.get_auth_ref, s) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, domain_id='x', trust_id='x') self.assertRaises(exceptions.AuthorizationFailure, a.get_auth_ref, s)
def create(name1): auth_url = 'http://10.37.129.10:5000/v3' username = '******' user_domain_name = 'Default' project_name = 'admin' project_domain_name = 'Default' password = '******' auth = v3.Password(auth_url=auth_url, username=username, password=password, project_name=project_name, project_domain_name=project_domain_name, user_domain_name=user_domain_name) sess = session.Session(auth=auth) keystone = keystoneapi.Client(session=sess) # print keystone.projects.list() nova = novapi.Client(2, session=keystone.session) # print nova.glance.list() image = nova.glance.find_image('CentOS7') # print nova.flavors.list() flavor = nova.flavors.find(name='m1.medium') # print nova.neutron.list() network = nova.neutron.find_network('test') #name1="vm_api" server = nova.servers.create(name=name1, image=image, flavor=flavor, nics=[{'net-id': network.id}])
def test_invalidate_response(self): auth_responses = [{ 'status_code': 200, 'json': self.TEST_RESPONSE_DICT, 'headers': { 'X-Subject-Token': 'token1' } }, { 'status_code': 200, 'json': self.TEST_RESPONSE_DICT, 'headers': { 'X-Subject-Token': 'token2' } }] self.requests_mock.post('%s/auth/tokens' % self.TEST_URL, auth_responses) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertEqual('token1', s.get_token()) self.assertEqual({'X-Auth-Token': 'token1'}, s.get_auth_headers()) a.invalidate() self.assertEqual('token2', s.get_token()) self.assertEqual({'X-Auth-Token': 'token2'}, s.get_auth_headers())
def test_authenticate_with_username_password_project_scoped(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, project_id=self.TEST_DOMAIN_ID) s = session.Session(a) self.assertEqual({'X-Auth-Token': self.TEST_TOKEN}, s.get_auth_headers()) req = { 'auth': { 'identity': { 'methods': ['password'], 'password': { 'user': { 'name': self.TEST_USER, 'password': self.TEST_PASS } } }, 'scope': { 'project': { 'id': self.TEST_DOMAIN_ID } } } } self.assertRequestBodyIs(json=req) self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN) self.assertEqual(s.auth.auth_ref.project_id, self.TEST_DOMAIN_ID)
def get_auth_plugin(opts): auth_version = guess_auth_version(opts) if opts.os_username: if auth_version == '3': return v3.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, project_name=opts.os_project_name, user_domain_name=opts.os_user_domain_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, tenant_name=opts.os_tenant_name) elif opts.os_token: if auth_version == '3': return v3.Token(auth_url=opts.os_auth_url, token=opts.os_token, project_name=opts.os_project_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Token(auth_url=opts.os_auth_url, token=opts.os_token, tenant_name=opts.os_tenant_name) raise Exception('Unable to determine correct auth method, please provide' ' either username or token')
def dc_get_subcloud_sysinv_url(subcloud_name): user_auth = v3.Password( auth_url=CONF.endpoint_cache.auth_uri, username=CONF.endpoint_cache.username, user_domain_name=CONF.endpoint_cache.user_domain_name, password=CONF.endpoint_cache.password, project_name=CONF.endpoint_cache.project_name, project_domain_name=CONF.endpoint_cache.project_domain_name, ) timeout = CONF.endpoint_cache.http_connect_timeout admin_session = session.Session(auth=user_auth, timeout=timeout) ks_client = keystone_client.Client( session=admin_session, region_name=constants.REGION_ONE_NAME, interface=constants.OS_INTERFACE_INTERNAL) services = ks_client.services.list(name='sysinv') if len(services) == 0: raise Exception('Cannot find sysinv service') s_id = services[0].id sc_sysinv_urls = ks_client.endpoints.list( service=s_id, interface=constants.OS_INTERFACE_ADMIN, region=subcloud_name) if len(sc_sysinv_urls) == 0: raise Exception('Cannot find sysinv endpoint for %s' % subcloud_name) sc_sysinv_url = sc_sysinv_urls[0].url LOG.info('%s sysinv endpoint %s' % (subcloud_name, sc_sysinv_url)) if not sc_sysinv_url: raise Exception('{} sysinv endpoint is None'.format(subcloud_name)) return sc_sysinv_url
def get_auth_plugin(opts): """Create the right keystone connection depending on the version for the api, if username/password and token are provided, username and password takes precedence. """ auth_version = guess_auth_version(opts) if opts.os_username: if auth_version == '3': return v3.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, project_name=opts.os_project_name, user_domain_name=opts.os_user_domain_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, tenant_name=opts.os_tenant_name) elif opts.os_token: if auth_version == '3': return v3.Token(auth_url=opts.os_auth_url, token=opts.os_token, project_name=opts.os_project_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Token(auth_url=opts.os_auth_url, token=opts.os_token, tenant_name=opts.os_tenant_name) raise Exception('Unable to determine correct auth method, please provide' ' either username or token')
def login(username, password, domain='Default'): """ Perform the initial login to the BLL, using the given credentials. This uses the "normal" keystone workflow of: - Connecting to keystone and obtain an unscoped token (not scoped to any particular project or domain) - Get a list of projects available to the given user - Select a project, and connect to keystone again (with the unscoped token) to receive a project-scoped token. Returns a keystone auth_ref, which contains the token, expiration, and other info about the authentication This function is primarily used in the initial login UI screen, but is also used by the deploy service """ LOG.debug("Obtaining unscoped token for user %s", username) auth = v3.Password(auth_url=get_auth_url(), username=username, password=password, user_domain_name=domain, unscoped=True) unscoped_session = session.Session(auth=auth, user_agent=USER_AGENT, verify=verify_https()) try: unscoped_token = unscoped_session.get_token() except Exception as e: raise BllAuthenticationFailedException( "User is not authorized on the %s domain: [%s]" % (domain, str(e))) return get_appropriate_auth_ref(unscoped_token)
def _get_client(auth_url=None, token=None, login_username=None, login_password=None, login_project_name=None, login_project_domain_name=None, login_user_domain_name=None, login_domain_name=None, insecure=False, ca_cert=None): """Return a ks_client client object""" auth_plugin = None if login_domain_name and login_project_name: raise Exception("Token can be scoped either to project or domain. Use either domain or project") if token: auth_plugin = token_endpoint.Token(endpoint=auth_url, token=token) else: auth_plugin = v3.Password(auth_url=auth_url, username=login_username, password=login_password, project_name=login_project_name, project_domain_name=login_project_domain_name, user_domain_name=login_user_domain_name, domain_name=login_domain_name) verify = False if not insecure: # Caller wants cert verification verify = ca_cert or True # Client cert is not supported now. Will add it later with cert=client_cert option auth_session = session.Session( auth=auth_plugin, verify=verify) return v3client.Client(auth_url=auth_url, session=auth_session)
def v3_authenticate(self): auth = v3.Password(auth_url=self.auth_url, user_id=self.user_id, password=self.password, project_id=self.project_id) self.session = ksc_session.Session(auth=auth, verify=False) self.token = self.session.auth.get_token(self.session)
def _get_keystone_session(cloud): authsplit = cloud.authurl.split('/') version = int(float(authsplit[-1][1:])) if len(authsplit[-1]) > 0 else int( float(authsplit[-2][1:])) if version == 2: try: auth = v2.Password(auth_url=cloud.authurl, username=cloud.username, password=cloud.password, tenant_name=cloud.project) sess = session.Session(auth=auth, verify=config.cert_auth_bundle_path) except Exception as exc: print( "Problem importing keystone modules, and getting session: %s" % exc) return sess elif version == 3: #connect using keystone v3 try: auth = v3.Password(auth_url=cloud.authurl, username=cloud.username, password=cloud.password, project_name=cloud.project, user_domain_name=cloud.user_domain_name, project_domain_name=cloud.project_domain_name) sess = session.Session(auth=auth, verify=config.cert_auth_bundle_path) except Exception as exc: print( "Problem importing keystone modules, and getting session: %s" % exc) return sess
def _password_session(request): # TODO(garcianavalon) better domain usage domain = 'default' endpoint = getattr(settings, 'OPENSTACK_KEYSTONE_URL') insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) verify = getattr(settings, 'OPENSTACK_SSL_CACERT', True) if insecure: verify = False credentials = getattr(settings, 'IDM_USER_CREDENTIALS') LOG.debug( ('Creating a new internal keystoneclient ' 'connection to %s.'), endpoint) auth = v3.Password( username=credentials['username'], password=credentials['password'], project_name=credentials['project'], user_domain_id=domain, project_domain_id=domain, auth_url=endpoint) return session.Session(auth=auth, verify=verify)
def authenticate_keystone_admin(self, keystone_sentry, user, password, tenant=None, api_version=None, keystone_ip=None): """Authenticates admin user with the keystone admin endpoint.""" self.log.debug('Authenticating keystone admin...') unit = keystone_sentry if not keystone_ip: keystone_ip = unit.relation('shared-db', 'mysql:shared-db')['private-address'] base_ep = "http://{}:35357".format(keystone_ip.strip().decode('utf-8')) if not api_version or api_version == 2: ep = base_ep + "/v2.0" return keystone_client.Client(username=user, password=password, tenant_name=tenant, auth_url=ep) else: ep = base_ep + "/v3" auth = keystone_id_v3.Password( user_domain_name='default', username=user, password=password, domain_name='default', auth_url=ep, ) sess = keystone_session.Session(auth=auth) return keystone_client_v3.Client(session=sess)
def trusts_auth_plugin(self): if self._trusts_auth_plugin: return self._trusts_auth_plugin self._trusts_auth_plugin = auth.load_from_conf_options( cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id) if self._trusts_auth_plugin: return self._trusts_auth_plugin LOG.warning(_LW('Using the keystone_authtoken user ' 'as the conveyorheat ' 'trustee user directly is deprecated. Please add the ' 'trustee credentials you need to the %s section of ' 'your heat.conf file.') % TRUSTEE_CONF_GROUP) cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token') trustee_user_domain = 'default' if 'user_domain_id' in cfg.CONF.keystone_authtoken: trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id self._trusts_auth_plugin = v3.Password( username=cfg.CONF.keystone_authtoken.admin_user, password=cfg.CONF.keystone_authtoken.admin_password, user_domain_id=trustee_user_domain, auth_url=self.keystone_v3_endpoint, trust_id=self.trust_id) return self._trusts_auth_plugin
def _resolve_project_name(self, tenant_id): try: username = cfg.CONF[self.name].keystone_auth_name passwd = cfg.CONF[self.name].keystone_auth_pass project = cfg.CONF[self.name].keystone_auth_project url = cfg.CONF[self.name].keystone_auth_url except KeyError: LOG.debug('Missing a config setting for keystone auth.') return try: auth = v3.Password(auth_url=url, user_id=username, password=passwd, project_id=project) sess = session.Session(auth=auth) keystone = client.Client(session=sess, auth_url=url) except keystoneexceptions.AuthorizationFailure: LOG.debug('Keystone client auth failed.') return projectmanager = projects.ProjectManager(keystone) proj = projectmanager.get(tenant_id) if proj: LOG.debug('Resolved project id %s as %s' % (tenant_id, proj.name)) return proj.name else: return 'unknown'
def nova_login(username, password, projectname, auth_url, user_domain_name, project_domain_name, ssl_insecure, cacert, apitimeout): legacy_import = False try: from keystoneauth1 import loading from keystoneauth1 import session as ksc_session from keystoneauth1.exceptions.discovery import DiscoveryFailure from keystoneauth1.exceptions.http import Unauthorized except ImportError: try: from keystoneclient import session as ksc_session from keystoneclient.auth.identity import v3 legacy_import = True except ImportError: fail_usage("Failed: Keystone client not found or not accessible") if not legacy_import: loader = loading.get_plugin_loader("password") auth = loader.load_from_options( auth_url=auth_url, username=username, password=password, project_name=projectname, user_domain_name=user_domain_name, project_domain_name=project_domain_name, ) else: auth = v3.Password( auth_url=auth_url, username=username, password=password, project_name=projectname, user_domain_name=user_domain_name, project_domain_name=project_domain_name, cacert=cacert, ) caverify = True if ssl_insecure: caverify = False elif cacert: caverify = cacert session = ksc_session.Session(auth=auth, verify=caverify, timeout=apitimeout) nova = client.Client("2", session=session, timeout=apitimeout) apiversion = None try: apiversion = nova.versions.get_current() except DiscoveryFailure as e: fail_usage("Failed: Discovery Failure: " + str(e)) except Unauthorized as e: fail_usage("Failed: Unauthorized: " + str(e)) except Exception as e: logging.error(e) logging.debug("Nova version: %s", apiversion) return nova
def dc_get_service_endpoint_url(region, service_name, endpoint_type): user_auth = v3.Password( auth_url=CONF.endpoint_cache.auth_uri, username=CONF.endpoint_cache.username, user_domain_name=CONF.endpoint_cache.user_domain_name, password=CONF.endpoint_cache.password, project_name=CONF.endpoint_cache.project_name, project_domain_name=CONF.endpoint_cache.project_domain_name, ) timeout = CONF.endpoint_cache.http_connect_timeout admin_session = session.Session(auth=user_auth, timeout=timeout) ks_client = keystone_client.Client( session=admin_session, region_name=constants.REGION_ONE_NAME, interface=constants.OS_INTERFACE_INTERNAL) services = ks_client.services.list(name=service_name) if len(services) == 0: raise Exception('Cannot find %s service' % service_name) s_id = services[0].id endpoint_urls = ks_client.endpoints.list(service=s_id, interface=endpoint_type, region=region) if len(endpoint_urls) == 0: raise Exception('Cannot find %s endpoint for %s' % (service_name, region)) endpoint_url = endpoint_urls[0].url LOG.info('%s %s endpoint %s' % (region, service_name, endpoint_url)) return endpoint_url
def _get_keystone_session(self, **kwargs): ks_session = session.Session.construct(kwargs) # discover the supported keystone versions using the given auth url auth_url = kwargs.pop('auth_url', None) (v2_auth_url, v3_auth_url) = self._discover_auth_versions(session=ks_session, auth_url=auth_url) # Determine which authentication plugin to use. First inspect the # auth_url to see the supported version. If both v3 and v2 are # supported, then use the highest version if possible. user_id = kwargs.pop('user_id', None) username = kwargs.pop('username', None) password = kwargs.pop('password', None) user_domain_name = kwargs.pop('user_domain_name', None) user_domain_id = kwargs.pop('user_domain_id', None) # project and tenant can be used interchangeably project_id = (kwargs.pop('project_id', None) or kwargs.pop('tenant_id', None)) project_name = (kwargs.pop('project_name', None) or kwargs.pop('tenant_name', None)) project_domain_id = kwargs.pop('project_domain_id', None) project_domain_name = kwargs.pop('project_domain_name', None) auth = None use_domain = (user_domain_id or user_domain_name or project_domain_id or project_domain_name) use_v3 = v3_auth_url and (use_domain or (not v2_auth_url)) use_v2 = v2_auth_url and not use_domain if use_v3: auth = v3_auth.Password(v3_auth_url, user_id=user_id, username=username, password=password, user_domain_id=user_domain_id, user_domain_name=user_domain_name, project_id=project_id, project_name=project_name, project_domain_id=project_domain_id, project_domain_name=project_domain_name) elif use_v2: auth = v2_auth.Password(v2_auth_url, username, password, tenant_id=project_id, tenant_name=project_name) else: # if we get here it means domain information is provided # (caller meant to use Keystone V3) but the auth url is # actually Keystone V2. Obviously we can't authenticate a V3 # user using V2. exc.CommandError("Credential and auth_url mismatch. The given " "auth_url is using Keystone V2 endpoint, which " "may not able to handle Keystone V3 credentials. " "Please provide a correct Keystone V3 auth_url.") ks_session.auth = auth return ks_session
def keystone_auth(): ''' Authenticate with Keystone NOTE: user_domain_name and project_domain_name are required for auth to work properly. Not documented anywhere! ''' try: rc = myrc() if int(rc['OS_IDENTITY_API_VERSION']) == 3: keystone_version = 3 auth = v3.Password(auth_url=rc['OS_AUTH_URL'], username=rc['OS_USERNAME'], password=rc['OS_PASSWORD'], project_name=rc['OS_TENANT_NAME'], user_domain_name='default', project_domain_name='default') s = session.Session(auth=auth) return s except KeyError: keystone_version = 2 auth = v2.Password(auth_url=rc['OS_AUTH_URL'], username=rc['OS_USERNAME'], password=rc['OS_PASSWORD'], project_name=rc['OS_TENANT_NAME']) s = session.Session(auth=auth) return s except Exception, e: warning('keystone_auth()', repr(e)) sys.exit()
def auth(self): auth = v3.Password(auth_url=self.auth_url, username=self.username, password=self.password, project_name=self.project_name, user_domain_id=self.user_domain_id, project_domain_name=self.project_domain_name) return auth
def test_authenticate_with_username_password(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertEqual({'X-Auth-Token': self.TEST_TOKEN}, s.get_auth_headers()) req = { 'auth': { 'identity': { 'methods': ['password'], 'password': { 'user': { 'name': self.TEST_USER, 'password': self.TEST_PASS } } } } } self.assertRequestBodyIs(json=req) self.assertRequestHeaderEqual('Content-Type', 'application/json') self.assertRequestHeaderEqual('Accept', 'application/json') self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
def test_authenticate_with_username_password_domain_scoped(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, domain_id=self.TEST_DOMAIN_ID) s = session.Session(a) s.get_token() req = { 'auth': { 'identity': { 'methods': ['password'], 'password': { 'user': { 'name': self.TEST_USER, 'password': self.TEST_PASS } } }, 'scope': { 'domain': { 'id': self.TEST_DOMAIN_ID } } } } self.assertRequestBodyIs(json=req) self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
def test_with_trust_id(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v3.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS, trust_id='trust') s = session.Session(a) self.assertEqual({'X-Auth-Token': self.TEST_TOKEN}, s.get_auth_headers()) req = { 'auth': { 'identity': { 'methods': ['password'], 'password': { 'user': { 'name': self.TEST_USER, 'password': self.TEST_PASS } } }, 'scope': { 'OS-TRUST:trust': { 'id': 'trust' } } } } self.assertRequestBodyIs(json=req) self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
def test_with_domain_and_project_scoping(self): a = v3.Password(self.TEST_URL, username='******', password='******', project_id='project', domain_id='domain') self.assertRaises(exceptions.AuthorizationFailure, a.get_token, None)
def client_for_admin_user(): auth = v3.Password(auth_url=OS_AUTH_URL, user_id=OS_USER_ID, password=OS_PASSWORD, project_id=OS_PROJECT_ID) session = ksc_session.Session(auth=auth) return keystone_v3.Client(session=session)
def _get_client(self): if self._client is not None: return self._client if (self.tenant_id is not None or self.tenant_name is not None): auth = v2_auth.Password(auth_url=self.auth_url, username=self.username, password=self.password, tenant_id=self.tenant_id, tenant_name=self.tenant_name) elif self.project_name is not None: auth = v3_auth.Password( auth_url=self.auth_url, username=self.username, password=self.password, project_name=self.project_name, project_domain_name=self.project_domain_name, user_domain_name=self.user_domain_name) else: auth = None session = ks_session.Session(auth=auth) self._client = client.Client(session=session, service_type=self.service_type) return self._client
def get_v3_auth(self, v3_auth_url): username = self.options.os_username user_id = self.options.os_user_id user_domain_name = self.options.os_user_domain_name user_domain_id = self.options.os_user_domain_id password = self.options.os_password project_id = self.options.os_project_id or self.options.os_tenant_id project_name = (self.options.os_project_name or self.options.os_tenant_name) project_domain_name = self.options.os_project_domain_name project_domain_id = self.options.os_project_domain_id return v3_auth.Password( v3_auth_url, username=username, password=password, user_id=user_id, user_domain_name=user_domain_name, user_domain_id=user_domain_id, project_id=project_id, project_name=project_name, project_domain_name=project_domain_name, project_domain_id=project_domain_id, )
def __init__(self, config_path, debug, log=None, region=None): self.config_path = config_path self.config = utils.get_config(config_path) self.logger = utils.get_logger(__name__, self.config, debug, log) self.logger.debug('=> config file: %s' % config_path) self.debug = debug self.dry_run = False openstack = self.get_config_section('openstack') auth = v3.Password(auth_url=openstack['auth_url'], username=openstack['username'], password=openstack['password'], project_name=openstack['project_name'], user_domain_name=openstack['default_domain'], project_domain_name=openstack['default_domain']) if 'keystone_cachain' in openstack: self.sess = session.Session(auth=auth, verify=openstack['keystone_cachain']) else: self.sess = session.Session(auth=auth) if region: self.region = region else: self.region = self.get_config('openstack', 'region')