def _v3_client_init(self): kwargs = {'auth_url': self.v3_endpoint, 'endpoint': self.v3_endpoint} # Note try trust_id first, as we can't reuse auth_token in that case if self.context.trust_id is not None: # We got a trust_id, so we use the admin credentials # to authenticate with the trust_id so we can use the # trust impersonating the trustor user. kwargs.update(self._service_admin_creds()) kwargs['trust_id'] = self.context.trust_id kwargs.pop('project_name') elif self.context.auth_token_info is not None: # The auth_ref version must be set according to the token version if 'access' in self.context.auth_token_info: kwargs['auth_ref'] = copy.deepcopy( self.context.auth_token_info['access']) kwargs['auth_ref']['version'] = 'v2.0' kwargs['auth_ref']['token']['id'] = self.context.auth_token elif 'token' in self.context.auth_token_info: kwargs['auth_ref'] = copy.deepcopy( self.context.auth_token_info['token']) kwargs['auth_ref']['version'] = 'v3' kwargs['auth_ref']['auth_token'] = self.context.auth_token else: LOG.error("Unknown version in auth_token_info") raise exception.AuthorizationFailure() elif self.context.auth_token is not None: kwargs['token'] = self.context.auth_token kwargs['project_id'] = self.context.tenant else: LOG.error( _("Keystone v3 API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure() client = kc_v3.Client(**kwargs) if 'auth_ref' not in kwargs: client.authenticate() # If we are authenticating with a trust set the context auth_token # with the trust scoped token if 'trust_id' in kwargs: # Sanity check if not client.auth_ref.trust_scoped: LOG.error(_("trust token re-scoping failed!")) raise exception.AuthorizationFailure() # All OK so update the context with the token self.context.auth_token = client.auth_ref.auth_token self.context.auth_url = self.v3_endpoint self.context.user = client.auth_ref.user_id self.context.tenant = client.auth_ref.project_id self.context.user_name = client.auth_ref.username return client
def delete(self, uuid): """Delete a languagepack.""" db_obj = objects.registry.Image.get_lp_by_name_or_uuid( self.context, uuid) # Check if the languagepack is being used. if (self._check_lp_referenced_in_any_plan(self.context, db_obj) or self._check_lp_referenced_in_any_app(self.context, db_obj)): raise exc.LPStillReferenced(name=uuid) if db_obj.docker_image_name: img_filename = db_obj.docker_image_name.split('-', 1)[1] if cfg.CONF.worker.image_storage == 'swift': # Delete image file from swift try: swift = solum_swiftclient.SwiftClient(self.context) swift.delete_object('solum_lp', img_filename) except swiftexp.ClientException: raise exc.AuthorizationFailure( client='swift', message="Unable to delete languagepack image " "from swift.") elif cfg.CONF.worker.image_storage == 'glance': glance = solum_glanceclient.GlanceClient(self.context) glance.delete_image_by_name(img_filename) else: LOG.error("Unrecognized image_storage option specified.") return # Delete logs log_handler = userlog_handler.UserlogHandler(self.context) log_handler.delete(db_obj.uuid) return db_obj.destroy(self.context)
def delete(self, uuid): """Delete a languagepack.""" db_obj = objects.registry.Image.get_lp_by_name_or_uuid(self.context, uuid) # Check if the languagepack is being used. if (self._check_lp_referenced_in_any_plan(self.context, db_obj) or self._check_lp_referenced_in_any_app(self.context, db_obj)): raise exc.LPStillReferenced(name=uuid) # Delete image file from swift if db_obj.docker_image_name: img_filename = db_obj.docker_image_name.split('-', 1)[1] try: swift = solum_swiftclient.SwiftClient(self.context) swift.delete_object('solum_lp', img_filename) except swiftexp.ClientException: raise exc.AuthorizationFailure( client='swift', message="Unable to delete languagepack image from swift.") # Delete logs log_handler = userlog_handler.UserlogHandler(self.context) log_handler.delete(db_obj.uuid) return db_obj.destroy(self.context)
def delete(self, resource_uuid): """Delete existing logs.""" ulogs = objects.registry.UserlogList.get_all_by_id( self.context, resource_uuid=resource_uuid) # Delete log files swift = solum_swiftclient.SwiftClient(self.context) for ulog in ulogs: location = ulog.location strategy = ulog.strategy strategy_info = json.loads(ulog.strategy_info) if strategy == 'swift': # Delete logs from swift try: swift.delete_object(strategy_info['container'], location) except swiftexp.ClientException: raise exc.AuthorizationFailure( client='swift', message="Unable to delete logs from swift.") elif strategy == 'local': # Delete logs from local filesystem # This setting is exclusively used for single node deployments. try: os.remove(location) except OSError: pass # Delete the log reference from db. ulog.destroy(self.context) return
def __new__(self, context): ks_version = cfg.CONF.get('keystone_version') if ks_version == '3': return KeystoneClientV3(context) else: msg = 'Unsupported version of keystone: %s', ks_version LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message=msg)
def admin_client(self): if not self._admin_client: # Create admin client connection to v3 API admin_creds = self._service_admin_creds() c = kc_v3.Client(**admin_creds) if c.authenticate(): self._admin_client = c else: LOG.error("Admin client authentication failed") raise exception.AuthorizationFailure() return self._admin_client
def lp_admin_client(self): if not self._lp_admin_client: # Create lp operator client connection to v3 API lp_operator_creds = self._lp_operator_creds() c = kc_v3.Client(**lp_operator_creds) if c.authenticate(): self._lp_admin_client = c else: LOG.error("LP Operator client authentication failed") raise exception.AuthorizationFailure() return self._lp_admin_client
def _v3_client_init(self): kwargs = {'auth_url': self.endpoint, 'endpoint': self.endpoint} # Note try trust_id first, as we can't reuse auth_token in that case if self.context.trust_id is not None: # We got a trust_id, so we use the admin credentials # to authenticate with the trust_id so we can use the # trust impersonating the trustor user. kwargs.update(self._service_admin_creds()) kwargs['trust_id'] = self.context.trust_id kwargs.pop('project_name') auth = ka_loading.load_auth_from_conf_options( cfg.CONF, 'keystone_authtoken', **kwargs) elif self.context.auth_token is not None: kwargs['token'] = self.context.auth_token kwargs['project_id'] = self.context.tenant auth = identity.Token(auth_url=kwargs['auth_url'], token=kwargs['token'], project_id=kwargs['project_id']) else: LOG.error( _("Keystone v3 API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure() session = ks_session.Session(auth=auth) client = kc_v3.Client(session=session) client.auth_ref = client.session.auth.get_access(client.session) # If we are authenticating with a trust set the context auth_token # with the trust scoped token if 'trust_id' in kwargs: # Sanity check if not client.auth_ref.trust_scoped: LOG.error(_("trust token re-scoping failed!")) raise exception.AuthorizationFailure() # All OK so update the context with the token self.context.auth_token = client.auth_ref.auth_token self.context.auth_url = self.endpoint self.context.user = client.auth_ref.user_id self.context.tenant = client.auth_ref.project_id self.context.user_name = client.auth_ref.username return client