def test_will_expire_soon(self): expires = timeutils.utcnow() + datetime.timedelta(minutes=5) UNSCOPED_TOKEN['access']['token']['expires'] = expires.isoformat() auth_ref = access.AccessInfo(UNSCOPED_TOKEN['access']) self.assertFalse(auth_ref.will_expire_soon(stale_duration=120)) self.assertTrue(auth_ref.will_expire_soon(stale_duration=300)) self.assertFalse(auth_ref.will_expire_soon())
def test_building_scoped_accessinfo(self): auth_ref = access.AccessInfo(PROJECT_SCOPED_TOKEN['access']) self.assertTrue(auth_ref) self.assertIn('token', auth_ref) self.assertIn('serviceCatalog', auth_ref) self.assertTrue(auth_ref['serviceCatalog']) self.assertEquals(auth_ref.auth_token, '04c7d5ffaeef485f9dc69c06db285bdb') self.assertEquals(auth_ref.username, 'exampleuser') self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a') self.assertEquals(auth_ref.tenant_name, 'exampleproject') self.assertEquals(auth_ref.tenant_id, '225da22d3ce34b15877ea70b2a575f58') self.assertEquals(auth_ref.tenant_name, auth_ref.project_name) self.assertEquals(auth_ref.tenant_id, auth_ref.project_id) self.assertEquals(auth_ref.auth_url, ('http://public.com:5000/v2.0',)) self.assertEquals(auth_ref.management_url, ('http://admin:35357/v2.0',)) self.assertTrue(auth_ref.scoped)
def test_building_unscoped_accessinfo(self): auth_ref = access.AccessInfo(UNSCOPED_TOKEN['access']) self.assertTrue(auth_ref) self.assertIn('token', auth_ref) self.assertIn('serviceCatalog', auth_ref) self.assertFalse(auth_ref['serviceCatalog']) self.assertEquals(auth_ref.auth_token, '3e2813b7ba0b4006840c3825860b86ed') self.assertEquals(auth_ref.username, 'exampleuser') self.assertEquals(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a') self.assertEquals(auth_ref.tenant_name, None) self.assertEquals(auth_ref.tenant_id, None) self.assertEquals(auth_ref.auth_url, None) self.assertEquals(auth_ref.management_url, None) self.assertFalse(auth_ref.scoped) self.assertEquals( auth_ref.expires, timeutils.parse_isotime( UNSCOPED_TOKEN['access']['token']['expires']))
def authenticate(self, username=None, password=None, tenant_name=None, tenant_id=None, auth_url=None, token=None): """ Authenticate against the Keystone API. Uses the data provided at instantiation to authenticate against the Keystone server. This may use either a username and password or token for authentication. If a tenant name or id was provided then the resulting authenticated client will be scoped to that tenant and contain a service catalog of available endpoints. With the v2.0 API, if a tenant name or ID is not provided, the authenication token returned will be 'unscoped' and limited in capabilities until a fully-scoped token is acquired. If successful, sets the self.auth_ref and self.auth_token with the returned token. If not already set, will also set self.management_url from the details provided in the token. :returns: ``True`` if authentication was successful. :raises: AuthorizationFailure if unable to authenticate or validate the existing authorization token :raises: ValueError if insufficient parameters are used. """ auth_url = auth_url or self.auth_url username = username or self.username password = password or self.password tenant_name = tenant_name or self.tenant_name tenant_id = tenant_id or self.tenant_id token = token or self.auth_token try: raw_token = self._base_authN(auth_url, username=username, tenant_id=tenant_id, tenant_name=tenant_name, password=password, token=token) self.auth_ref = access.AccessInfo(**raw_token) # if we got a response without a service catalog, set the local # list of tenants for introspection, and leave to client user # to determine what to do. Otherwise, load up the service catalog self.auth_token = self.auth_ref.auth_token if self.auth_ref.scoped: if self.management_url is None: self.management_url = self.auth_ref.management_url[0] self.tenant_name = self.auth_ref.tenant_name self.tenant_id = self.auth_ref.tenant_id self.user_id = self.auth_ref.user_id self._extract_service_catalog(self.auth_url, self.auth_ref) return True except (exceptions.AuthorizationFailure, exceptions.Unauthorized): _logger.debug("Authorization Failed.") raise except Exception as e: raise exceptions.AuthorizationFailure("Authorization Failed: " "%s" % e)
def __init__(self, username=None, tenant_id=None, tenant_name=None, password=None, auth_url=None, region_name=None, timeout=None, endpoint=None, token=None, cacert=None, key=None, cert=None, insecure=False, original_ip=None, debug=False, auth_ref=None, use_keyring=False, force_new_token=False, stale_duration=None): """Construct a new http client @param: timeout the request libary timeout in seconds (default None) """ self.version = 'v2.0' # set baseline defaults self.username = None self.tenant_id = None self.tenant_name = None self.auth_url = None self.management_url = None if timeout is not None: self.timeout = float(timeout) else: self.timeout = None # if loading from a dictionary passed in via auth_ref, # load values from AccessInfo parsing that dictionary self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None if self.auth_ref: self.username = self.auth_ref.username self.tenant_id = self.auth_ref.tenant_id self.tenant_name = self.auth_ref.tenant_name self.auth_url = self.auth_ref.auth_url[0] self.management_url = self.auth_ref.management_url[0] # allow override of the auth_ref defaults from explicit # values provided to the client if username: self.username = username if tenant_id: self.tenant_id = tenant_id if tenant_name: self.tenant_name = tenant_name if auth_url: self.auth_url = auth_url.rstrip('/') if token: self.auth_token_from_user = token else: self.auth_token_from_user = None if endpoint: self.management_url = endpoint.rstrip('/') self.password = password self.original_ip = original_ip self.region_name = region_name if cacert: self.verify_cert = cacert else: self.verify_cert = True if insecure: self.verify_cert = False self.cert = cert if cert and key: self.cert = (cert, key,) self.domain = '' # logging setup self.debug_log = debug if self.debug_log: ch = logging.StreamHandler() _logger.setLevel(logging.DEBUG) _logger.addHandler(ch) if hasattr(requests, 'logging'): requests.logging.getLogger(requests.__name__).addHandler(ch) # keyring setup self.use_keyring = use_keyring and try_import_keyring() self.force_new_token = force_new_token self.stale_duration = stale_duration or access.STALE_TOKEN_DURATION self.stale_duration = int(self.stale_duration)
def authenticate(self, username=None, password=None, tenant_name=None, tenant_id=None, auth_url=None, token=None): """ Authenticate user. Uses the data provided at instantiation to authenticate against the Keystone server. This may use either a username and password or token for authentication. If a tenant name or id was provided then the resulting authenticated client will be scoped to that tenant and contain a service catalog of available endpoints. With the v2.0 API, if a tenant name or ID is not provided, the authenication token returned will be 'unscoped' and limited in capabilities until a fully-scoped token is acquired. If successful, sets the self.auth_ref and self.auth_token with the returned token. If not already set, will also set self.management_url from the details provided in the token. :returns: ``True`` if authentication was successful. :raises: AuthorizationFailure if unable to authenticate or validate the existing authorization token :raises: ValueError if insufficient parameters are used. If keyring is used, token is retrieved from keyring instead. Authentication will only be necessary if any of the following conditions are met: * keyring is not used * if token is not found in keyring * if token retrieved from keyring is expired or about to expired (as determined by stale_duration) * if force_new_token is true """ auth_url = auth_url or self.auth_url username = username or self.username password = password or self.password tenant_name = tenant_name or self.tenant_name tenant_id = tenant_id or self.tenant_id if not token: token = self.auth_token_from_user if (not token and self.auth_ref and not self.auth_ref.will_expire_soon(self.stale_duration)): token = self.auth_ref.auth_token (keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url, username, tenant_name, tenant_id, token) new_token_needed = False if auth_ref is None or self.force_new_token: new_token_needed = True raw_token = self.get_raw_token_from_identity_service(auth_url, username, password, tenant_name, tenant_id, token) self.auth_ref = access.AccessInfo(**raw_token) else: self.auth_ref = auth_ref self.process_token() if new_token_needed: self.store_auth_ref_into_keyring(keyring_key) return True
def __init__(self, username=None, tenant_id=None, tenant_name=None, password=None, auth_url=None, region_name=None, timeout=None, endpoint=None, token=None, cacert=None, key=None, cert=None, insecure=False, original_ip=None, debug=False, auth_ref=None): super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert) if cert: if key: self.add_certificate(key=key, cert=cert, domain='') else: self.add_certificate(key=cert, cert=cert, domain='') self.version = 'v2.0' # set baseline defaults self.username = None self.tenant_id = None self.tenant_name = None self.auth_url = None self.token = None self.auth_token = None self.management_url = None # if loading from a dictionary passed in via auth_ref, # load values from AccessInfo parsing that dictionary self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None if self.auth_ref: self.username = self.auth_ref.username self.tenant_id = self.auth_ref.tenant_id self.tenant_name = self.auth_ref.tenant_name self.auth_url = self.auth_ref.auth_url[0] self.management_url = self.auth_ref.management_url[0] self.auth_token = self.auth_ref.auth_token # allow override of the auth_ref defaults from explicit # values provided to the client if username: self.username = username if tenant_id: self.tenant_id = tenant_id if tenant_name: self.tenant_name = tenant_name if auth_url: self.auth_url = auth_url.rstrip('/') if token: self.auth_token = token if endpoint: self.management_url = endpoint.rstrip('/') self.password = password self.original_ip = original_ip self.region_name = region_name # httplib2 overrides self.force_exception_to_status_code = True self.disable_ssl_certificate_validation = insecure # logging setup self.debug_log = debug if self.debug_log: ch = logging.StreamHandler() _logger.setLevel(logging.DEBUG) _logger.addHandler(ch)