def auth_uri(self): if not self._auth_uri: try: self._auth_uri = utils.get_auth_uri() except Exception: msg = 'get keystone auth url failed' raise exception.AuthorizationFailure(obj=msg) return self._auth_uri
def _get_service_user(self, user_name, user_domain_id): try: users = self.client.users.list(name=user_name, domain=user_domain_id) return users[0].id if users else None except Exception as e: raise exception.AuthorizationFailure(obj=e)
def create_user_auth_plugin(self, context): if not context.auth_token_info: msg = ("user=%s, project=%s" % (context.user_id, context.project_id)) raise exception.AuthorizationFailure(obj=msg) auth_ref = access.create(body=context.auth_token_info, auth_token=context.auth_token) return access_plugin.AccessInfoPlugin(auth_url=self.auth_uri, auth_ref=auth_ref)
def _get_service_user(self, user_name, user_domain_id): try: users = self._client.users.list(name=user_name, domain=user_domain_id) return users[0].id if users else None except Exception: msg = ("get service's user(%s) endpoint failed" % user_name) raise exception.AuthorizationFailure(obj=msg)
def _get_keystone_client(self, auth_plugin): cafile = cfg.CONF.keystone_authtoken.cafile try: l_session = keystone_session.Session( auth=auth_plugin, verify=False if CONF.keystone_authtoken.insecure else cafile) return kc_v3.Client(version=KEYSTONECLIENT_VERSION, session=l_session) except Exception: msg = ('create keystone client failed.cafile:(%s)' % cafile) raise exception.AuthorizationFailure(obj=msg)
def _get_karbor_auth_plugin(self, trust_id=None): auth_plugin = loading.load_auth_from_conf_options(CONF, TRUSTEE_CONF_GROUP, trust_id=trust_id) if not auth_plugin: LOG.warning( 'Please add the trustee credentials you need to the' ' %s section of your karbor.conf file.', TRUSTEE_CONF_GROUP) raise exception.AuthorizationFailure(obj=TRUSTEE_CONF_GROUP) return auth_plugin
def create_trust_to_karbor(self, context): if not context.auth_token_info: msg = ("user=%s, project=%s" % (context.user_id, context.project_id)) raise exception.AuthorizationFailure(obj=msg) auth_ref = access.create(body=context.auth_token_info, auth_token=context.auth_token) user_auth_plugin = access_plugin.AccessInfoPlugin( auth_url=self._auth_uri, auth_ref=auth_ref) l_kc_v3 = self._get_keystone_client(user_auth_plugin) try: trust = l_kc_v3.trusts.create(trustor_user=context.user_id, trustee_user=self._karbor_user_id, project=context.project_id, impersonation=True, role_names=context.roles) return trust.id except Exception as e: raise exception.AuthorizationFailure(obj=str(e))
def create_trust_to_karbor(self, context): l_kc_v3 = self._get_keystone_client( self.create_user_auth_plugin(context)) keystone_trust_url = self.auth_uri + 'OS-TRUST' try: trust = l_kc_v3.trusts.create(trustor_user=context.user_id, trustee_user=self.karbor_user_id, project=context.project_id, impersonation=True, role_names=context.roles, base_url=keystone_trust_url) return trust.id except Exception as e: raise exception.AuthorizationFailure(obj=str(e))
def _do_init(self): auth_plugin = self._get_karbor_auth_plugin() # set the project which karbor belongs to auth_plugin._project_name = "service" auth_plugin._project_domain_id = "default" self._client = self._get_keystone_client(auth_plugin) lcfg = CONF[TRUSTEE_CONF_GROUP] self._karbor_user_id = self._get_service_user(lcfg.username, lcfg.user_domain_id) try: self._auth_uri = utils.get_auth_uri() except Exception: msg = 'get keystone auth url failed' raise exception.AuthorizationFailure(obj=msg)
def get_service_endpoint(self, service_name, service_type, region_id, interface='public'): try: service = self.client.services.list(name=service_name, service_type=service_type, base_url=self.auth_uri) endpoint = self.client.endpoints.list(service=service[0], interface=interface, region_id=region_id, base_url=self.auth_uri) return endpoint[0].url if endpoint else None except Exception: msg = ('get service(%s) endpoint failed' % service_name) raise exception.AuthorizationFailure(obj=msg)