def _v3_client_init(self):
kwargs = {'auth_url': self.v3_endpoint, 'endpoint': self.v3_endpoint}
# Note try trust_id first, as we can't reuse auth_token in that case
if self.context.trust_id is not None:
# We got a trust_id, so we use the admin credentials
# to authenticate with the trust_id so we can use the
# trust impersonating the trustor user.
kwargs.update(self._service_admin_creds())
kwargs['trust_id'] = self.context.trust_id
kwargs.pop('project_name')
elif self.context.auth_token_info is not None:
# The auth_ref version must be set according to the token version
if 'access' in self.context.auth_token_info:
kwargs['auth_ref'] = copy.deepcopy(
self.context.auth_token_info['access'])
kwargs['auth_ref']['version'] = 'v2.0'
kwargs['auth_ref']['token']['id'] = self.context.auth_token
elif 'token' in self.context.auth_token_info:
kwargs['auth_ref'] = copy.deepcopy(
self.context.auth_token_info['token'])
kwargs['auth_ref']['version'] = 'v3'
kwargs['auth_ref']['auth_token'] = self.context.auth_token
else:
LOG.error("Unknown version in auth_token_info")
raise exception.AuthorizationFailure()
elif self.context.auth_token is not None:
kwargs['token'] = self.context.auth_token
kwargs['project_id'] = self.context.tenant
else:
LOG.error(
_("Keystone v3 API connection failed, no password "
"trust or auth_token!"))
raise exception.AuthorizationFailure()
client = kc_v3.Client(**kwargs)
if 'auth_ref' not in kwargs:
client.authenticate()
# If we are authenticating with a trust set the context auth_token
# with the trust scoped token
if 'trust_id' in kwargs:
# Sanity check
if not client.auth_ref.trust_scoped:
LOG.error(_("trust token re-scoping failed!"))
raise exception.AuthorizationFailure()
# All OK so update the context with the token
self.context.auth_token = client.auth_ref.auth_token
self.context.auth_url = self.v3_endpoint
self.context.user = client.auth_ref.user_id
self.context.tenant = client.auth_ref.project_id
self.context.user_name = client.auth_ref.username
return client
def delete(self, uuid):
"""Delete a languagepack."""
db_obj = objects.registry.Image.get_lp_by_name_or_uuid(
self.context, uuid)
# Check if the languagepack is being used.
if (self._check_lp_referenced_in_any_plan(self.context, db_obj)
or self._check_lp_referenced_in_any_app(self.context, db_obj)):
raise exc.LPStillReferenced(name=uuid)
if db_obj.docker_image_name:
img_filename = db_obj.docker_image_name.split('-', 1)[1]
if cfg.CONF.worker.image_storage == 'swift':
# Delete image file from swift
try:
swift = solum_swiftclient.SwiftClient(self.context)
swift.delete_object('solum_lp', img_filename)
except swiftexp.ClientException:
raise exc.AuthorizationFailure(
client='swift',
message="Unable to delete languagepack image "
"from swift.")
elif cfg.CONF.worker.image_storage == 'glance':
glance = solum_glanceclient.GlanceClient(self.context)
glance.delete_image_by_name(img_filename)
else:
LOG.error("Unrecognized image_storage option specified.")
return
# Delete logs
log_handler = userlog_handler.UserlogHandler(self.context)
log_handler.delete(db_obj.uuid)
return db_obj.destroy(self.context)
def delete(self, uuid):
"""Delete a languagepack."""
db_obj = objects.registry.Image.get_lp_by_name_or_uuid(self.context,
uuid)
# Check if the languagepack is being used.
if (self._check_lp_referenced_in_any_plan(self.context, db_obj) or
self._check_lp_referenced_in_any_app(self.context, db_obj)):
raise exc.LPStillReferenced(name=uuid)
# Delete image file from swift
if db_obj.docker_image_name:
img_filename = db_obj.docker_image_name.split('-', 1)[1]
try:
swift = solum_swiftclient.SwiftClient(self.context)
swift.delete_object('solum_lp', img_filename)
except swiftexp.ClientException:
raise exc.AuthorizationFailure(
client='swift',
message="Unable to delete languagepack image from swift.")
# Delete logs
log_handler = userlog_handler.UserlogHandler(self.context)
log_handler.delete(db_obj.uuid)
return db_obj.destroy(self.context)
def delete(self, resource_uuid):
"""Delete existing logs."""
ulogs = objects.registry.UserlogList.get_all_by_id(
self.context, resource_uuid=resource_uuid)
# Delete log files
swift = solum_swiftclient.SwiftClient(self.context)
for ulog in ulogs:
location = ulog.location
strategy = ulog.strategy
strategy_info = json.loads(ulog.strategy_info)
if strategy == 'swift':
# Delete logs from swift
try:
swift.delete_object(strategy_info['container'], location)
except swiftexp.ClientException:
raise exc.AuthorizationFailure(
client='swift',
message="Unable to delete logs from swift.")
elif strategy == 'local':
# Delete logs from local filesystem
# This setting is exclusively used for single node deployments.
try:
os.remove(location)
except OSError:
pass
# Delete the log reference from db.
ulog.destroy(self.context)
return
def __new__(self, context):
ks_version = cfg.CONF.get('keystone_version')
if ks_version == '3':
return KeystoneClientV3(context)
else:
msg = 'Unsupported version of keystone: %s', ks_version
LOG.error(msg)
raise exception.AuthorizationFailure(client='keystone',
message=msg)
def admin_client(self):
if not self._admin_client:
# Create admin client connection to v3 API
admin_creds = self._service_admin_creds()
c = kc_v3.Client(**admin_creds)
if c.authenticate():
self._admin_client = c
else:
LOG.error("Admin client authentication failed")
raise exception.AuthorizationFailure()
return self._admin_client
def lp_admin_client(self):
if not self._lp_admin_client:
# Create lp operator client connection to v3 API
lp_operator_creds = self._lp_operator_creds()
c = kc_v3.Client(**lp_operator_creds)
if c.authenticate():
self._lp_admin_client = c
else:
LOG.error("LP Operator client authentication failed")
raise exception.AuthorizationFailure()
return self._lp_admin_client
def _v3_client_init(self):
kwargs = {'auth_url': self.endpoint, 'endpoint': self.endpoint}
# Note try trust_id first, as we can't reuse auth_token in that case
if self.context.trust_id is not None:
# We got a trust_id, so we use the admin credentials
# to authenticate with the trust_id so we can use the
# trust impersonating the trustor user.
kwargs.update(self._service_admin_creds())
kwargs['trust_id'] = self.context.trust_id
kwargs.pop('project_name')
auth = ka_loading.load_auth_from_conf_options(
cfg.CONF, 'keystone_authtoken', **kwargs)
elif self.context.auth_token is not None:
kwargs['token'] = self.context.auth_token
kwargs['project_id'] = self.context.tenant
auth = identity.Token(auth_url=kwargs['auth_url'],
token=kwargs['token'],
project_id=kwargs['project_id'])
else:
LOG.error(
_("Keystone v3 API connection failed, no password "
"trust or auth_token!"))
raise exception.AuthorizationFailure()
session = ks_session.Session(auth=auth)
client = kc_v3.Client(session=session)
client.auth_ref = client.session.auth.get_access(client.session)
# If we are authenticating with a trust set the context auth_token
# with the trust scoped token
if 'trust_id' in kwargs:
# Sanity check
if not client.auth_ref.trust_scoped:
LOG.error(_("trust token re-scoping failed!"))
raise exception.AuthorizationFailure()
# All OK so update the context with the token
self.context.auth_token = client.auth_ref.auth_token
self.context.auth_url = self.endpoint
self.context.user = client.auth_ref.user_id
self.context.tenant = client.auth_ref.project_id
self.context.user_name = client.auth_ref.username
return client