def _v1_auth(self, token_url): creds = self.creds headers = {} headers['X-Auth-User'] = creds['username'] headers['X-Auth-Key'] = creds['password'] tenant = creds.get('tenant') if tenant: headers['X-Auth-Tenant'] = tenant resp, resp_body = self._do_request(token_url, 'GET', headers=headers) if resp.status in (200, 204): try: self.management_url = resp['x-server-management-url'] self.auth_token = resp['x-auth-token'] except KeyError: raise exception.AuthorizationFailure() elif resp.status == 305: raise exception.AuthorizationRedirect(resp['location']) elif resp.status == 400: raise exception.AuthBadRequest() elif resp.status == 401: raise exception.NotAuthorized() elif resp.status == 404: raise exception.AuthUrlNotFound(url=token_url) else: raise Exception(_('Unexpected response: %s' % resp.status))
def _v3_auth(self, token_url): creds = { "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": self.creds['username'], "domain": { "id": self.creds['user_domain_id'] }, "password": self.creds['password'] } } }, "scope": { "project": { "name": self.creds['project'], "domain": { "id": self.creds['project_domain_id'] } } } } } headers = {'Content-Type': 'application/json'} req_body = jsonutils.dumps(creds) resp, resp_body = self._do_request(token_url, 'POST', headers=headers, body=req_body) resp_body = jsonutils.loads(resp_body) if resp.status == 201: resp_auth = resp['x-subject-token'] creds_region = self.creds.get('region') if self.configure_via_auth: endpoint = get_endpoint(resp_body['token']['catalog'], endpoint_region=creds_region) self.management_url = endpoint self.auth_token = resp_auth elif resp.status == 305: raise exception.RedirectException(resp['location']) elif resp.status == 400: raise exception.AuthBadRequest(url=token_url) elif resp.status == 401: raise Exception(_('Unexpected response: %s') % resp.status)
def _v2_auth(self, token_url): creds = self.creds creds = { "auth": { "tenantName": creds['tenant'], "passwordCredentials": { "username": creds['username'], "password": creds['password'] } } } headers = {} headers['Content-Type'] = 'application/json' req_body = json.dumps(creds) resp, resp_body = self._do_request(token_url, 'POST', headers=headers, body=req_body) if resp.status == 200: resp_auth = json.loads(resp_body)['access'] # FIXME(sirp): for now just using the first endpoint we get back # from the service catalog for glance, and using the public url. for service in resp_auth['serviceCatalog']: if service['type'] == 'image': glance_endpoint = service['endpoints'][0]['publicURL'] break else: raise exception.NoServiceEndpoint() self.management_url = glance_endpoint self.auth_token = resp_auth['token']['id'] elif resp.status == 305: raise exception.RedirectException(resp['location']) elif resp.status == 400: raise exception.AuthBadRequest(url=token_url) elif resp.status == 401: raise exception.NotAuthorized() elif resp.status == 404: raise exception.AuthUrlNotFound(url=token_url) else: raise Exception(_('Unexpected response: %s') % resp.status)
def _v2_auth(self, token_url): creds = self.creds creds = { "auth": { "tenantName": creds['tenant'], "passwordCredentials": { "username": creds['username'], "password": creds['password'] } } } headers = {} headers['Content-Type'] = 'application/json' req_body = jsonutils.dumps(creds) resp, resp_body = self._do_request(token_url, 'POST', headers=headers, body=req_body) if resp.status == 200: resp_auth = jsonutils.loads(resp_body)['access'] creds_region = self.creds.get('region') if self.configure_via_auth: endpoint = get_endpoint(resp_auth['serviceCatalog'], endpoint_region=creds_region) self.management_url = endpoint self.auth_token = resp_auth['token']['id'] elif resp.status == 305: raise exception.RedirectException(resp['location']) elif resp.status == 400: raise exception.AuthBadRequest(url=token_url) elif resp.status == 401: raise exception.NotAuthenticated() elif resp.status == 404: raise exception.AuthUrlNotFound(url=token_url) else: raise Exception(_('Unexpected response: %s') % resp.status)
def _v1_auth(self, token_url): creds = self.creds headers = { 'X-Auth-User': creds['username'], 'X-Auth-Key': creds['password'] } tenant = creds.get('tenant') if tenant: headers['X-Auth-Tenant'] = tenant resp, resp_body = self._do_request(token_url, 'GET', headers=headers) def _management_url(self, resp): for url_header in ('x-image-management-url', 'x-server-management-url', 'x-glance'): try: return resp[url_header] except KeyError as e: not_found = e raise not_found if resp.status in (200, 204): try: if self.configure_via_auth: self.management_url = _management_url(self, resp) self.auth_token = resp['x-auth-token'] except KeyError: raise exception.AuthorizationFailure() elif resp.status == 305: raise exception.AuthorizationRedirect(uri=resp['location']) elif resp.status == 400: raise exception.AuthBadRequest(url=token_url) elif resp.status == 401: raise exception.NotAuthenticated() elif resp.status == 404: raise exception.AuthUrlNotFound(url=token_url) else: raise Exception(_('Unexpected response: %s') % resp.status)
def _v2_auth(self, token_url): def get_endpoint(service_catalog): """ Select an endpoint from the service catalog We search the full service catalog for services matching both type and region. If the client supplied no region then any 'image' endpoint is considered a match. There must be one -- and only one -- successful match in the catalog, otherwise we will raise an exception. """ # FIXME(sirp): for now just use the public url. endpoint = None region = self.creds.get('region') for service in service_catalog: try: service_type = service['type'] except KeyError: msg = _('Encountered service with no "type": %s' % service) logger.warn(msg) continue if service_type == 'image': for ep in service['endpoints']: if region is None or region == ep['region']: if endpoint is not None: # This is a second match, abort raise exception.RegionAmbiguity(region=region) endpoint = ep if endpoint is None: raise exception.NoServiceEndpoint() return endpoint['publicURL'] creds = self.creds creds = { "auth": { "tenantName": creds['tenant'], "passwordCredentials": { "username": creds['username'], "password": creds['password'] } } } headers = {} headers['Content-Type'] = 'application/json' req_body = json.dumps(creds) resp, resp_body = self._do_request( token_url, 'POST', headers=headers, body=req_body) if resp.status == 200: resp_auth = json.loads(resp_body)['access'] self.management_url = get_endpoint(resp_auth['serviceCatalog']) self.auth_token = resp_auth['token']['id'] elif resp.status == 305: raise exception.RedirectException(resp['location']) elif resp.status == 400: raise exception.AuthBadRequest(url=token_url) elif resp.status == 401: raise exception.NotAuthenticated() elif resp.status == 404: raise exception.AuthUrlNotFound(url=token_url) else: raise Exception(_('Unexpected response: %s') % resp.status)