def _client(username, password=None, token=None, tenant_name=None,
tenant_id=None, trust_id=None, domain_name=None):
if trust_id and not CONF.use_identity_api_v3:
raise Exception("Trusts aren't implemented in keystone api"
" less than v3")
auth_url = base.retrieve_auth_url(
endpoint_type=CONF.keystone.endpoint_type)
client_kwargs = {'username': username,
'password': password,
'token': token,
'tenant_name': tenant_name,
'tenant_id': tenant_id,
'trust_id': trust_id,
'user_domain_name': domain_name,
'auth_url': auth_url,
'cacert': CONF.keystone.ca_file,
'insecure': CONF.keystone.api_insecure
}
if CONF.use_identity_api_v3:
keystone = keystone_client_v3.Client(**client_kwargs)
keystone.management_url = auth_url
else:
keystone = keystone_client.Client(**client_kwargs)
return keystone
def _client(username,
password=None,
token=None,
tenant_name=None,
tenant_id=None,
trust_id=None,
domain_name=None):
if trust_id and not CONF.use_identity_api_v3:
raise Exception("Trusts aren't implemented in keystone api"
" less than v3")
auth_url = base.retrieve_auth_url()
client_kwargs = {
'username': username,
'password': password,
'token': token,
'tenant_name': tenant_name,
'tenant_id': tenant_id,
'trust_id': trust_id,
'user_domain_name': domain_name,
'auth_url': auth_url
}
if CONF.use_identity_api_v3:
keystone = keystone_client_v3.Client(**client_kwargs)
keystone.management_url = auth_url
else:
keystone = keystone_client.Client(**client_kwargs)
return keystone
def token_auth(token, project_id=None, project_name=None,
project_domain_name='Default'):
'''Return a token auth plugin object.
:param token: the token to use for authentication.
:param project_id: the project(ex. tenant) id to scope the auth.
:returns: a token auth plugin object.
'''
token_kwargs = dict(
auth_url=base.retrieve_auth_url(),
token=token
)
if CONF.use_identity_api_v3:
token_kwargs.update(dict(
project_id=project_id,
project_name=project_name,
project_domain_name=project_domain_name,
))
auth = keystone_identity.v3.Token(**token_kwargs)
else:
token_kwargs.update(dict(
tenant_id=project_id,
tenant_name=project_name,
))
auth = keystone_identity.v2.Token(**token_kwargs)
return auth
def token_auth(token,
project_id=None,
project_name=None,
project_domain_name='Default'):
'''Return a token auth plugin object.
:param token: the token to use for authentication.
:param project_id: the project(ex. tenant) id to scope the auth.
:returns: a token auth plugin object.
'''
token_kwargs = dict(auth_url=base.retrieve_auth_url(
CONF.keystone.endpoint_type),
token=token)
if CONF.use_identity_api_v3:
token_kwargs.update(
dict(
project_id=project_id,
project_name=project_name,
project_domain_name=project_domain_name,
))
auth = keystone_identity.v3.Token(**token_kwargs)
else:
token_kwargs.update(
dict(
tenant_id=project_id,
tenant_name=project_name,
))
auth = keystone_identity.v2.Token(**token_kwargs)
return auth
def validate_config():
if CONF.use_barbican_key_manager:
# NOTE (elmiko) there is no need to set the api_class as castellan
# uses barbican by default.
castellan.set_defaults(CONF, auth_endpoint=utils.retrieve_auth_url())
else:
castellan.set_defaults(CONF, api_class='sahara.service.castellan.'
'sahara_key_manager.SaharaKeyManager')
def validate_config():
if CONF.use_barbican_key_manager:
# NOTE (elmiko) there is no need to set the api_class as castellan
# uses barbican by default.
castellan.set_defaults(CONF, auth_endpoint=utils.retrieve_auth_url())
else:
castellan.set_defaults(CONF,
api_class='sahara.service.castellan.'
'sahara_key_manager.SaharaKeyManager')
def retrieve_auth_url(endpoint_type="publicURL"):
"""This function returns auth url v3 api.
"""
version_suffix = 'v3'
# return auth url with trailing slash
return clients_base.retrieve_auth_url(endpoint_type=endpoint_type,
version=version_suffix) + "/"
def retrieve_auth_url(endpoint_type="publicURL"):
"""This function returns auth url v2.0 api.
Hadoop Swift library doesn't support keystone v3 api.
"""
if CONF.use_domain_for_proxy_users:
version_suffix = "v3/auth"
else:
version_suffix = "v2.0"
# return auth url with trailing slash
return clients_base.retrieve_auth_url(endpoint_type=endpoint_type, version=version_suffix) + "/"
def _admin_client(tenant_id=None, trust_id=None):
if not CONF.use_identity_api_v3:
raise Exception('Trusts aren\'t implemented in keystone api'
' less than v3')
auth_url = base.retrieve_auth_url()
keystone = keystone_client_v3.Client(username=CONF.os_admin_username,
password=CONF.os_admin_password,
tenant_id=tenant_id,
auth_url=auth_url,
trust_id=trust_id)
keystone.management_url = auth_url
return keystone
def client():
ctx = context.ctx()
args = {
'username': ctx.username,
'project_name': ctx.tenant_name,
'project_id': ctx.tenant_id,
'input_auth_token': ctx.auth_token,
'auth_url': base.retrieve_auth_url(),
'service_catalog_url': base.url_for(ctx.service_catalog, 'share'),
'ca_cert': CONF.manila.ca_file,
'insecure': CONF.manila.api_insecure
}
return manila_client.Client(CONF.manila.api_version, **args)
def _admin_client(project_name=None, trust_id=None):
if not CONF.use_identity_api_v3:
raise Exception('Trusts aren\'t implemented in keystone api'
' less than v3')
auth_url = base.retrieve_auth_url()
keystone = keystone_client_v3.Client(username=CONF.os_admin_username,
password=CONF.os_admin_password,
project_name=project_name,
auth_url=auth_url,
trust_id=trust_id)
keystone.management_url = auth_url
return keystone
def client():
ctx = context.ctx()
args = {
'username': ctx.username,
'project_name': ctx.tenant_name,
'project_id': ctx.tenant_id,
'input_auth_token': ctx.auth_token,
'auth_url': base.retrieve_auth_url(),
'service_catalog_url': base.url_for(ctx.service_catalog, 'share'),
'ca_cert': CONF.manila.ca_file,
'insecure': CONF.manila.api_insecure
}
return manila_client.Client(CONF.manila.api_version, **args)
def retrieve_auth_url(endpoint_type="publicURL"):
"""This function returns auth url v2.0 api.
Hadoop Swift library doesn't support keystone v3 api.
"""
if CONF.use_domain_for_proxy_users:
version_suffix = 'v3/auth'
else:
version_suffix = 'v2.0'
# return auth url with trailing slash
return clients_base.retrieve_auth_url(endpoint_type=endpoint_type,
version=version_suffix) + "/"
def client():
ctx = context.current()
auth_url = base.retrieve_auth_url()
compute_url = base.url_for(ctx.service_catalog, 'compute')
nova = nova_client.Client(username=ctx.username,
api_key=None,
project_id=ctx.tenant_id,
auth_url=auth_url)
nova.client.auth_token = ctx.token
nova.client.management_url = compute_url
nova.images = images.SaharaImageManager(nova)
return nova
def client():
ctx = context.current()
auth_url = base.retrieve_auth_url()
if CONF.use_identity_api_v3:
keystone = keystone_client_v3.Client(username=ctx.username,
token=ctx.token,
tenant_id=ctx.tenant_id,
auth_url=auth_url)
keystone.management_url = auth_url
else:
keystone = keystone_client.Client(username=ctx.username,
token=ctx.token,
tenant_id=ctx.tenant_id,
auth_url=auth_url)
return keystone
def client():
ctx = context.current()
auth_url = base.retrieve_auth_url()
if CONF.use_identity_api_v3:
keystone = keystone_client_v3.Client(username=ctx.username,
token=ctx.token,
tenant_id=ctx.tenant_id,
auth_url=auth_url)
keystone.management_url = auth_url
else:
keystone = keystone_client.Client(username=ctx.username,
token=ctx.token,
tenant_id=ctx.tenant_id,
auth_url=auth_url)
return keystone
def _session(username,
password,
project_name,
user_domain_name=None,
project_domain_name=None):
passwd_kwargs = dict(auth_url=base.retrieve_auth_url(),
username=CONF.keystone_authtoken.admin_user,
password=CONF.keystone_authtoken.admin_password)
if CONF.use_identity_api_v3:
passwd_kwargs.update(
dict(project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name))
auth = keystone_identity.v3.Password(**passwd_kwargs)
else:
passwd_kwargs.update(dict(tenant_name=project_name))
auth = keystone_identity.v2.Password(**passwd_kwargs)
return keystone_session.Session(auth=auth)
def _session(username, password, project_name, user_domain_name=None,
project_domain_name=None):
passwd_kwargs = dict(
auth_url=base.retrieve_auth_url(),
username=CONF.keystone_authtoken.admin_user,
password=CONF.keystone_authtoken.admin_password
)
if CONF.use_identity_api_v3:
passwd_kwargs.update(dict(
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name
))
auth = keystone_identity.v3.Password(**passwd_kwargs)
else:
passwd_kwargs.update(dict(
tenant_name=project_name
))
auth = keystone_identity.v2.Password(**passwd_kwargs)
return keystone_session.Session(auth=auth)
def _password_auth(username, password,
project_name=None, user_domain_name=None,
project_domain_name=None, trust_id=None):
'''Return a password auth plugin object.
:param username: the user to authenticate as.
:param password: the user's password.
:param project_name: the project(ex. tenant) name to scope the auth.
:param user_domain_name: the domain the user belongs to.
:param project_domain_name: the domain the project belongs to.
:param trust_id: a trust id to scope the auth.
:returns: a password auth plugin object.
'''
passwd_kwargs = dict(
auth_url=base.retrieve_auth_url(CONF.keystone.endpoint_type),
username=username,
password=password
)
if CONF.use_identity_api_v3:
passwd_kwargs.update(dict(
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
trust_id=trust_id
))
auth = keystone_identity.v3.Password(**passwd_kwargs)
else:
passwd_kwargs.update(dict(
tenant_name=project_name,
trust_id=trust_id
))
auth = keystone_identity.v2.Password(**passwd_kwargs)
return auth
def _password_auth(username, password,
project_name=None, user_domain_name=None,
project_domain_name=None, trust_id=None):
'''Return a password auth plugin object.
:param username: the user to authenticate as.
:param password: the user's password.
:param project_name: the project(ex. tenant) name to scope the auth.
:param user_domain_name: the domain the user belongs to.
:param project_domain_name: the domain the project belongs to.
:param trust_id: a trust id to scope the auth.
:returns: a password auth plugin object.
'''
passwd_kwargs = dict(
auth_url=base.retrieve_auth_url(CONF.keystone.endpoint_type),
username=username,
password=password
)
if CONF.use_identity_api_v3:
passwd_kwargs.update(dict(
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
trust_id=trust_id
))
auth = keystone_identity.v3.Password(**passwd_kwargs)
else:
passwd_kwargs.update(dict(
tenant_name=project_name,
trust_id=trust_id
))
auth = keystone_identity.v2.Password(**passwd_kwargs)
return auth
def retrieve_auth_url(endpoint_type="publicURL"):
"""This function returns auth url v2.0 api.
Hadoop Swift library doesn't support keystone v3 api.
"""
auth_url = clients_base.retrieve_auth_url(endpoint_type=endpoint_type)
info = urlparse.urlparse(auth_url)
if CONF.use_domain_for_proxy_users:
url = 'v3/auth'
else:
url = 'v2.0'
if info.port:
returned_url = '{scheme}://{hostname}:{port}/{url}/'
return returned_url.format(scheme=info.scheme,
hostname=info.hostname,
port=info.port,
url=url)
else:
return '{scheme}://{hostname}/{url}/'.format(scheme=info.scheme,
hostname=info.hostname,
url=url)
def retrieve_auth_url():
"""This function returns auth url v2.0 api.
Hadoop Swift library doesn't support keystone v3 api.
"""
auth_url = clients_base.retrieve_auth_url()
info = urlparse.urlparse(auth_url)
if CONF.use_domain_for_proxy_users:
url = 'v3/auth'
else:
url = 'v2.0'
if info.port:
returned_url = '{scheme}://{hostname}:{port}/{url}/'
return returned_url.format(scheme=info.scheme,
hostname=info.hostname,
port=info.port,
url=url)
else:
return '{scheme}://{hostname}/{url}/'.format(scheme=info.scheme,
hostname=info.hostname,
url=url)
def _assert(uri):
self.override_config('auth_url', uri, 'trustee')
self.assertEqual(correct, base.retrieve_auth_url())
def _assert(uri):
self.setup_context(auth_uri=uri)
self.assertEqual(correct, base.retrieve_auth_url())
def _assert(uri):
mock_url_for.return_value = uri
self.assertEqual(correct, base.retrieve_auth_url())
def _assert(uri):
self.override_config('auth_uri', uri, 'keystone_authtoken')
self.assertEqual(correct, base.retrieve_auth_url())
def _assert(uri):
mock_url_for.return_value = uri
self.assertEqual(correct, base.retrieve_auth_url())
def _assert(uri):
self.override_config('auth_uri', uri, 'keystone_authtoken')
self.assertEqual(correct, base.retrieve_auth_url())
def _assert(uri):
self.setup_context(auth_uri=uri)
self.assertEqual(correct, base.retrieve_auth_url())