def __init__(self, auth_url, username, password, tenant_name, cacert): auth = v2.Password(auth_url=auth_url, username=username, password=password, tenant_name=tenant_name) sess = session.Session(auth=auth, verify=cacert) self.cinder = client.Client("2", session=sess)
def get_session(role): d = cc.conf['keystone'][role] return session.Session(auth=v2.Password( auth_url=d['auth_url'], username=d['username'], password=d['password'], tenant_name=d['tenant_name']))
def do_setup(self, context): """Any initialization the destination driver does while starting.""" super(OpenStackDestinationDriver, self).do_setup(context) auth_url = self.configuration.auth_url if auth_url is None: raise ValueError(_("Cannot authenticate without an auth_url")) username = self.configuration.username password = self.configuration.password tenant_name = self.configuration.tenant_name project_id = self.configuration.project_id user_domain_name = self.configuration.user_domain_name nova_api_version = self.configuration.nova_api_version cinder_api_version = self.configuration.cinder_api_version glance_api_version = self.configuration.glance_api_version keystone_version = self.configuration.keystone_version if keystone_version == 'v3': auth = v3.Password(auth_url=auth_url, username=username, password=password, project_id=project_id, user_domain_name=user_domain_name) sess = v3_session.Session(auth=auth) elif keystone_version == 'v2': auth = v2.Password(auth_url, username=username, password=password, tenant_name=tenant_name) sess = v2_session.Session(auth=auth) self.nova = nova_client.Client(nova_api_version, session=sess) self.cinder = cinder_client.Client(cinder_api_version, session=sess) self.glance = glance_client.Client(glance_api_version, session=sess) self._initialized = True
def get_heat_client(username, password, tenant_name, auth_url, cacert=None, region_name='regionOne'): LOG.debug('Creating Keystone session to fetch Heat endpoint.') auth = v2.Password(auth_url=auth_url, username=username, password=password, tenant_name=tenant_name) ks_session = session.Session(auth=auth) endpoint = ks_session.get_endpoint(service_type='orchestration', interface='public', region_name=region_name) LOG.debug('Creating heat client.') kwargs = { 'username': username, 'password': password, 'tenant_name': tenant_name, 'auth': auth, 'auth_url': auth_url, 'session': ks_session, 'include_pass': False, 'ca_cert': cacert } return heatclient.Client('1', endpoint, **kwargs)
def get_auth_plugin(opts): auth_version = guess_auth_version(opts) if opts.os_username: if auth_version == '3': return v3.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, project_name=opts.os_project_name, user_domain_name=opts.os_user_domain_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, tenant_name=opts.os_tenant_name) elif opts.os_token: if auth_version == '3': return v3.Token(auth_url=opts.os_auth_url, token=opts.os_token, project_name=opts.os_project_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Token(auth_url=opts.os_auth_url, token=opts.os_token, tenant_name=opts.os_tenant_name) raise Exception('Unable to determine correct auth method, please provide' ' either username or token')
def _get_client(self): if self._client is not None: return self._client if (self.tenant_id is not None or self.tenant_name is not None): auth = v2_auth.Password(auth_url=self.auth_url, username=self.username, password=self.password, tenant_id=self.tenant_id, tenant_name=self.tenant_name) elif self.project_name is not None: auth = v3_auth.Password( auth_url=self.auth_url, username=self.username, password=self.password, project_name=self.project_name, project_domain_name=self.project_domain_name, user_domain_name=self.user_domain_name) else: auth = None session = ks_session.Session(auth=auth) self._client = client.Client(session=session, service_type=self.service_type) return self._client
def get_v2_auth(self, v2_auth_url): return v2_auth.Password( v2_auth_url, username=self.options.os_username, password=self.options.os_password, tenant_id=self.options.os_tenant_id, tenant_name=self.options.os_tenant_name)
def _get_openswift_connection(self): auth = v2.Password(auth_url=self.conohaparams.authurl, username=self.conohaparams.username, password=self.conohaparams.key, tenant_name=self.conohaparams.tenant_name) ss = session.Session(auth=auth) return client.Connection(session=ss)
def _get_keystone_session(self, **kwargs): ks_session = session.Session.construct(kwargs) # discover the supported keystone versions using the given auth url auth_url = kwargs.pop('auth_url', None) (v2_auth_url, v3_auth_url) = self._discover_auth_versions(session=ks_session, auth_url=auth_url) # Determine which authentication plugin to use. First inspect the # auth_url to see the supported version. If both v3 and v2 are # supported, then use the highest version if possible. user_id = kwargs.pop('user_id', None) username = kwargs.pop('username', None) password = kwargs.pop('password', None) user_domain_name = kwargs.pop('user_domain_name', None) user_domain_id = kwargs.pop('user_domain_id', None) # project and tenant can be used interchangeably project_id = (kwargs.pop('project_id', None) or kwargs.pop('tenant_id', None)) project_name = (kwargs.pop('project_name', None) or kwargs.pop('tenant_name', None)) project_domain_id = kwargs.pop('project_domain_id', None) project_domain_name = kwargs.pop('project_domain_name', None) auth = None use_domain = (user_domain_id or user_domain_name or project_domain_id or project_domain_name) use_v3 = v3_auth_url and (use_domain or (not v2_auth_url)) use_v2 = v2_auth_url and not use_domain if use_v3: auth = v3_auth.Password(v3_auth_url, user_id=user_id, username=username, password=password, user_domain_id=user_domain_id, user_domain_name=user_domain_name, project_id=project_id, project_name=project_name, project_domain_id=project_domain_id, project_domain_name=project_domain_name) elif use_v2: auth = v2_auth.Password(v2_auth_url, username, password, tenant_id=project_id, tenant_name=project_name) else: # if we get here it means domain information is provided # (caller meant to use Keystone V3) but the auth url is # actually Keystone V2. Obviously we can't authenticate a V3 # user using V2. exc.CommandError("Credential and auth_url mismatch. The given " "auth_url is using Keystone V2 endpoint, which " "may not able to handle Keystone V3 credentials. " "Please provide a correct Keystone V3 auth_url.") ks_session.auth = auth return ks_session
def getSession(self): self.auth = v2.Password(auth_url=self.auth_url, username=self.username, password=self.password, tenant_name=self.tenant) return session.Session(auth=self.auth)
def _get_keystone_session(cloud): authsplit = cloud.authurl.split('/') version = int(float(authsplit[-1][1:])) if len(authsplit[-1]) > 0 else int( float(authsplit[-2][1:])) if version == 2: try: auth = v2.Password(auth_url=cloud.authurl, username=cloud.username, password=cloud.password, tenant_name=cloud.project) sess = session.Session(auth=auth, verify=config.cert_auth_bundle_path) except Exception as exc: print( "Problem importing keystone modules, and getting session: %s" % exc) return sess elif version == 3: #connect using keystone v3 try: auth = v3.Password(auth_url=cloud.authurl, username=cloud.username, password=cloud.password, project_name=cloud.project, user_domain_name=cloud.user_domain_name, project_domain_name=cloud.project_domain_name) sess = session.Session(auth=auth, verify=config.cert_auth_bundle_path) except Exception as exc: print( "Problem importing keystone modules, and getting session: %s" % exc) return sess
def __init__(self, endpoint, **kwargs): try: from keystoneclient.v2_0 import client from keystoneclient.auth.identity import v2 from keystoneclient import session except ImportError: if six.PY2: apt_install(["python-keystoneclient"], fatal=True) else: apt_install(["python3-keystoneclient"], fatal=True) from keystoneclient.v2_0 import client from keystoneclient.auth.identity import v2 from keystoneclient import session self.api_version = 2 token = kwargs.get("token", None) if token: api = client.Client(endpoint=endpoint, token=token) else: auth = v2.Password(username=kwargs.get("username"), password=kwargs.get("password"), tenant_name=kwargs.get("tenant_name"), auth_url=endpoint) sess = session.Session(auth=auth) api = client.Client(session=sess) self.api = api
def __init__(self, authurl, tenant_name, username, password): from keystoneclient.auth.identity import v2 from keystoneclient import session from keystoneclient.v2_0 import client as ksclient from novaclient import client from neutronclient.neutron import client as nclient from cinderclient import client as cclient auth = v2.Password(auth_url=authurl, user_id=username, password=password, tenant_name=tenant_name) sess = session.Session(auth=auth) self.__auth = auth self.__sess = sess __nova = client.Client('2', session=sess) __cinder = cclient.Client('2', session=sess) __neutron = nclient.Client('2.0', session=sess) __keystone = ksclient.Client(session=sess) self.__conn = ConnectionWrapper(__nova, __cinder, __neutron, __keystone) self.conn = ConnectionWrapper(__nova, __cinder, __neutron, __keystone) self.userid = self.__conn.nova.client.get_user_id() self.user_is_project_admin = self.__conn.user_is_project_admin = bool( self.get_user_roles().count('admin')) # FIXME Retain these lines during testing only self.nova = self.__conn.nova self.cinder = self.__conn.cinder self.neutron = self.__conn.neutron self.auth = auth self.sess = sess self.keystone = self.__conn.keystone
def _get_keystone_session(self): if self.version == 2: try: auth = v2.Password(auth_url=self.auth_url, username=self.username, password=self.password, tenant_name=self.project) sess = session.Session(auth=auth, verify=self.cacert) except Exception as exc: print( "Problem importing keystone modules, and getting session: %s" % exc) return sess elif self.version == 3: #connect using keystone v3 try: auth = v3.Password( auth_url=self.auth_url, username=self.username, password=self.password, project_name=self.project, user_domain_name=self.user_domain_name, project_domain_name=self.project_domain_name) sess = session.Session(auth=auth, verify=self.cacert) except Exception as exc: print( "Problem importing keystone modules, and getting session: %s" % exc) return sess
def _get_auth_plugin(self, version, **kwargs): if version == 'v2.0': auth_plugin = v2.Password(**kwargs) else: auth_plugin = v3.Password(**kwargs) return auth_plugin
def network_name_to_id(host_vars, user, password, tenant, auth_url): """ Accept one name of network or list of names of networks and return the same structure, but names replaced by ids of the network(s). """ auth = identity.Password(auth_url=auth_url, username=user, password=password, tenant_name=tenant) sess = session.Session(auth=auth) token = auth.get_token(sess) endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network') neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token) result_as_list = isinstance(host_vars, list) if not result_as_list: host_vars = [host_vars] result = [] for net in host_vars: networks = neutron.list_networks(name=net, fields='name')["networks"] if networks: result += [networks[0]['id']] else: raise errors.AnsibleFilterError( 'There is no network of name {0} accessible for tenant {1}'. format(net, tenant)) if result_as_list: return result else: return result[0]
class OSVM: def __init__(self, InstanceName): self._InstanceName = InstanceName self._Credentials = {} def getNovaCreds(self): print "Gathering credentials..." self._Credentials['username'] = os.environ['OS_USERNAME'] self._Credentials['password'] = os.environ['OS_PASSWORD'] self._Credentials['auth_url'] = os.environ['OS_AUTH_URL'] self._Credentials['tenant_id'] = os.environ['OS_TENANT_ID'] def setNova(self): print "Setting up authentication session..." try: self.getNovaCreds() print "Credentials are set! :). \n" except Exception, e: print "==> error: You need to source the des_labs-openrc file in order to set up your environment.\n Please do that and run your fab command again." exit() auth = v2.Password(**self._Credentials) VERSION = "2" sess = session.Session(auth=auth) self._Nova = client.Client(VERSION, session=sess) print "Choosing flavor, image and ssh key..." self._Flavor = self._Nova.flavors.find(name="m1.medium") self._Image = self._Nova.images.find(name="Ubuntu 14.04.2 LTS") self._Key = self._Nova.keypairs.find(name="acx")
def get_auth_plugin(opts): """Create the right keystone connection depending on the version for the api, if username/password and token are provided, username and password takes precedence. """ auth_version = guess_auth_version(opts) if opts.os_username: if auth_version == '3': return v3.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, project_name=opts.os_project_name, user_domain_name=opts.os_user_domain_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Password(auth_url=opts.os_auth_url, username=opts.os_username, password=opts.os_password, tenant_name=opts.os_tenant_name) elif opts.os_token: if auth_version == '3': return v3.Token(auth_url=opts.os_auth_url, token=opts.os_token, project_name=opts.os_project_name, project_domain_name=opts.os_project_domain_name) elif auth_version == '2.0': return v2.Token(auth_url=opts.os_auth_url, token=opts.os_token, tenant_name=opts.os_tenant_name) raise Exception('Unable to determine correct auth method, please provide' ' either username or token')
def execute(args): """keystone execution.""" missing_environment = [ var for var in (REQUIRED_ENVIRONMENT_REPORTING + REQUIRED_ENVIRONMENT_OPENSTACK) if var not in os.environ ] if len(missing_environment) > 0: sys.exit("Missing environment variables: %s" % " ".join(missing_environment)) api_config = { "server": os.getenv("REPORTING_SERVER"), "username": os.getenv("REPORTING_USERNAME"), "token": os.getenv("REPORTING_TOKEN"), "https_verify": not args.insecure } auth = v2.Password(auth_url=os.getenv("OS_AUTH_URL"), username=os.getenv("OS_USERNAME"), password=os.getenv("OS_PASSWORD"), tenant_name=os.getenv("OS_TENANT_NAME")) keystone_session = session.Session(auth=auth) keystone = client.Client(session=keystone_session) kafka = api.API(**api_config) users = [user._info for user in keystone.users.list()] tenants = ThreadPool().map(process, keystone.tenants.list()) payload = {"users": users, "tenants": tenants} kafka.put(args.topic, SCHEMA, payload)
def get_nova_admin(request): auth = v2.Password(auth_url=settings.AUTH_URL, username=settings.ADMIN_NAME, password=settings.ADMIN_PASS, tenant_name=settings.ADMIN_TENANT_NAME) sess = session.Session(auth=auth) novaClient = Client(settings.NOVA_VERSION, session=sess) return novaClient
def __init__(self, args): credentials = get_credentials() ksclient.Client(**credentials) auth = v2.Password(**credentials) sess = session.Session(auth=auth) self.nova = nclient.Client(2, session=sess) self.json = args.json
def get_keystone_session(env): """Return a keystone session.""" from keystoneclient.auth.identity import v2 from keystoneclient.session import Session auth = v2.Password(auth_url=env['OS_AUTH_URL'], username=env['OS_USERNAME'], password=env['OS_PASSWORD'], tenant_name=env['OS_TENANT_NAME']) return Session(auth=auth)
def Login(user, password, tenant, authURL=auth_url): auth = v2.Password(username=user, auth_url=auth_url, password=password, tenant_name=tenant) auth_session = session.Session(auth=auth) nt2 = nova_client.Client(2, session=auth_session) return nt2
def get_nova_admin(instance): auth = v2.Password(auth_url=settings.AUTH_URL, username=settings.ADMIN_NAME, password=settings.ADMIN_PASS, tenant_name=settings.ADMIN_TENANT_NAME) sess = session.Session(auth=auth) #this should read from settings novaClient = Client(settings.NOVA_VERSION, session=sess) return novaClient
def test_doesnt_log_password(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) password = uuid.uuid4().hex a = v2.Password(self.TEST_URL, username=self.TEST_USER, password=password) s = session.Session(auth=a) self.assertEqual(self.TEST_TOKEN, s.get_token()) self.assertNotIn(password, self.logger.output)
def test_invalid_auth_response_type(self): self.stub_url('POST', ['tokens'], text='testdata') a = v2.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any', authenticated=True)
def test_invalid_auth_response_dict(self): self.stub_auth(json={'hello': 'world'}) a = v2.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertRaises(exceptions.InvalidResponse, s.get, 'http://any', authenticated=True)
def test_endpoint_filter_without_service_type_fails(self): self.stub_auth(json=self.TEST_RESPONSE_DICT) a = v2.Password(self.TEST_URL, username=self.TEST_USER, password=self.TEST_PASS) s = session.Session(auth=a) self.assertRaises(exceptions.EndpointNotFound, s.get, '/path', endpoint_filter={'interface': 'admin'})
def __init__(self, auth_url, username, api_key, tenant_id=None, **kwargs): self.tenant_id = tenant_id self.client = KeystoneClient(session=KeystoneClient.Session( auth=v2.Password(auth_url, username, api_key))) self.backups = self._get_resources('VolumeBackup') self.restores = self._get_resources('VolumeRestore') self.volumes = self._get_resources('Volume') self.volume_snapshots = self._get_resources('VolumeSnapshot') self.quotas = self._get_resources('Quota')
def get_keystone_sess(): auth_details = get_auths() auth = v2.Password(auth_url=auth_details[0]['auth_url'], username=auth_details[0]['username'], password=auth_details[0]['password'], tenant_id=config.PROJECT_ID) ks_session = session.Session(auth=auth) return ks_session