示例#1
0
    def get_endpoint(self, session, interface=None, version=None, **kwargs):
        """Return an endpoint for the client.

        There are no required keyword arguments to ``get_endpoint`` as a plugin
        implementation should use best effort with the information available to
        determine the endpoint.

        :param session: The session object that the auth_plugin belongs to.
        :type session: keystoneclient.session.Session
        :param version: The version number required for this endpoint.
        :type version: tuple or str
        :param str interface: what visibility the endpoint should have.

        :returns: The base URL that will be used to talk to the required
                  service or None if not available.
        :rtype: string
        """
        if interface == auth.AUTH_INTERFACE:
            return self._identity_uri

        if not version:
            # NOTE(jamielennox): This plugin can only be used within auth_token
            # and auth_token will always provide version= with requests.
            return None

        if not self._discover:
            self._discover = discover.Discover(session,
                                               auth_url=self._identity_uri,
                                               authenticated=False)

        if not self._discover.url_for(version):
            # NOTE(jamielennox): The requested version is not supported by the
            # identity server.
            return None

        # NOTE(jamielennox): for backwards compatibility here we don't
        # actually use the URL from discovery we hack it up instead. :(
        # NOTE(blk-u): Normalizing the version is a workaround for bug 1450272.
        # This can be removed once that's fixed. Also fix the docstring for the
        # version parameter to be just "tuple".
        version = discover.normalize_version_number(version)
        if discover.version_match((2, 0), version):
            return '%s/v2.0' % self._identity_uri
        elif discover.version_match((3, 0), version):
            return '%s/v3' % self._identity_uri

        # NOTE(jamielennox): This plugin will only get called from auth_token
        # middleware. The middleware should never request a version that the
        # plugin doesn't know how to handle.
        msg = _('Invalid version asked for in auth_token plugin')
        raise NotImplementedError(msg)
示例#2
0
    def get_endpoint(self, session, interface=None, version=None, **kwargs):
        """Return an endpoint for the client.

        There are no required keyword arguments to ``get_endpoint`` as a plugin
        implementation should use best effort with the information available to
        determine the endpoint.

        :param session: The session object that the auth_plugin belongs to.
        :type session: keystoneclient.session.Session
        :param version: The version number required for this endpoint.
        :type version: tuple or str
        :param str interface: what visibility the endpoint should have.

        :returns: The base URL that will be used to talk to the required
                  service or None if not available.
        :rtype: string
        """
        if interface == auth.AUTH_INTERFACE:
            return self._identity_uri

        if not version:
            # NOTE(jamielennox): This plugin can only be used within auth_token
            # and auth_token will always provide version= with requests.
            return None

        if not self._discover:
            self._discover = discover.Discover(session, auth_url=self._identity_uri, authenticated=False)

        if not self._discover.url_for(version):
            # NOTE(jamielennox): The requested version is not supported by the
            # identity server.
            return None

        # NOTE(jamielennox): for backwards compatibility here we don't
        # actually use the URL from discovery we hack it up instead. :(
        # NOTE(blk-u): Normalizing the version is a workaround for bug 1450272.
        # This can be removed once that's fixed. Also fix the docstring for the
        # version parameter to be just "tuple".
        version = discover.normalize_version_number(version)
        if discover.version_match((2, 0), version):
            return "%s/v2.0" % self._identity_uri
        elif discover.version_match((3, 0), version):
            return "%s/v3" % self._identity_uri

        # NOTE(jamielennox): This plugin will only get called from auth_token
        # middleware. The middleware should never request a version that the
        # plugin doesn't know how to handle.
        msg = _("Invalid version asked for in auth_token plugin")
        raise NotImplementedError(msg)
示例#3
0
 def get_tenants(self):
     keystone_version = discover.normalize_version_number(
         CONF.keystone_fetcher.keystone_version)
     if discover.version_match((2,), keystone_version):
         tenant_list = self.admin_ks.tenants.list()
     else:
         tenant_list = self.admin_ks.projects.list()
     my_user_id = self.session.get_user_id()
     for tenant in tenant_list[:]:
         if discover.version_match((2,), keystone_version):
             roles = self.admin_ks.roles.roles_for_user(
                 my_user_id,
                 tenant)
         else:
             roles = self.admin_ks.roles.list(user=my_user_id,
                                              project=tenant)
         if 'rating' not in [role.name for role in roles]:
             tenant_list.remove(tenant)
     return [tenant.id for tenant in tenant_list]
示例#4
0
    def create_plugin(self, session, version, url, raw_status=None):
        if discover.version_match((2,), version):
            if self._user_domain_id or self._user_domain_name:
                # If you specify any domain parameters it won't work so quit.
                return None

            return v2.Password(auth_url=url,
                               user_id=self._user_id,
                               username=self._username,
                               password=self._password,
                               **self._v2_params)

        elif discover.version_match((3,), version):
            return v3.Password(auth_url=url,
                               user_id=self._user_id,
                               username=self._username,
                               user_domain_id=self._user_domain_id,
                               user_domain_name=self._user_domain_name,
                               password=self._password,
                               **self._v3_params)
示例#5
0
 def get_rate_projects(self):
     keystone_version = discover.normalize_version_number('3')
     auth_dispatch = {
         (3, ): ('project', 'projects', 'list'),
         (2, ): ('tenant', 'tenants', 'roles_for_user')
     }
     for auth_version, auth_version_mapping in six.iteritems(auth_dispatch):
         if discover.version_match(auth_version, keystone_version):
             return self._do_get_projects(auth_version_mapping)
     msg = "Keystone version you've specified is not supported"
     raise exceptions.VersionNotAvailable(msg)
示例#6
0
 def get_tenants(self, conf=None):
     keystone_version = discover.normalize_version_number(
         CONF.keystone_fetcher.keystone_version)
     auth_dispatch = {
         (3, ): ('project', 'projects', 'list'),
         (2, ): ('tenant', 'tenants', 'roles_for_user')
     }
     for auth_version, auth_version_mapping in auth_dispatch.items():
         if discover.version_match(auth_version, keystone_version):
             return self._do_get_tenants(auth_version_mapping, conf)
     msg = "Keystone version you've specified is not supported"
     raise exceptions.VersionNotAvailable(msg)
示例#7
0
    def _do_create_plugin(self, session):
        plugin = None

        try:
            disc = self.get_discovery(session,
                                      self.auth_url,
                                      authenticated=False)
        except (exceptions.DiscoveryFailure,
                exceptions.HTTPError,
                exceptions.ConnectionError):
            LOG.warn(_LW('Discovering versions from the identity service '
                         'failed when creating the password plugin. '
                         'Attempting to determine version from URL.'))

            url_parts = urlparse.urlparse(self.auth_url)
            path = url_parts.path.lower()

            if path.startswith('/v2.0') and not self._has_domain_scope:
                plugin = self.create_plugin(session, (2, 0), self.auth_url)
            elif path.startswith('/v3'):
                plugin = self.create_plugin(session, (3, 0), self.auth_url)

        else:
            disc_data = disc.version_data()

            for data in disc_data:
                version = data['version']

                if (discover.version_match((2,), version) and
                        self._has_domain_scope):
                    # NOTE(jamielennox): if there are domain parameters there
                    # is no point even trying against v2 APIs.
                    continue

                plugin = self.create_plugin(session,
                                            version,
                                            data['url'],
                                            raw_status=data['raw_status'])

                if plugin:
                    break

        if plugin:
            return plugin

        # so there were no URLs that i could use for auth of any version.
        msg = _('Could not determine a suitable URL for the plugin')
        raise exceptions.DiscoveryFailure(msg)
示例#8
0
    def _get_strategy_class(self):
        if self._requested_auth_version:
            # A specific version was requested.
            if discover.version_match(_V3RequestStrategy.AUTH_VERSION,
                                      self._requested_auth_version):
                return _V3RequestStrategy

            # The version isn't v3 so we don't know what to do. Just assume V2.
            return _V2RequestStrategy

        # Specific version was not requested then we fall through to
        # discovering available versions from the server
        for klass in _REQUEST_STRATEGIES:
            if self._adapter.get_endpoint(version=klass.AUTH_VERSION):
                msg = _LI('Auth Token confirmed use of %s apis')
                self._LOG.info(msg, self._requested_auth_version)
                return klass

        versions = ['v%d.%d' % s.AUTH_VERSION for s in _REQUEST_STRATEGIES]
        self._LOG.error(_LE('No attempted versions [%s] supported by server'),
                        ', '.join(versions))

        msg = _('No compatible apis supported by server')
        raise exc.ServiceError(msg)
示例#9
0
    def _get_strategy_class(self):
        if self._requested_auth_version:
            # A specific version was requested.
            if discover.version_match(_V3RequestStrategy.AUTH_VERSION,
                                      self._requested_auth_version):
                return _V3RequestStrategy

            # The version isn't v3 so we don't know what to do. Just assume V2.
            return _V2RequestStrategy

        # Specific version was not requested then we fall through to
        # discovering available versions from the server
        for klass in _REQUEST_STRATEGIES:
            if self._adapter.get_endpoint(version=klass.AUTH_VERSION):
                msg = _LI('Auth Token confirmed use of %s apis')
                self._LOG.info(msg, self._requested_auth_version)
                return klass

        versions = ['v%d.%d' % s.AUTH_VERSION for s in _REQUEST_STRATEGIES]
        self._LOG.error(_LE('No attempted versions [%s] supported by server'),
                        ', '.join(versions))

        msg = _('No compatible apis supported by server')
        raise exc.ServiceError(msg)
示例#10
0
def create_nova_connection(options):
    nova = None

    try:
        from novaclient import client
        from novaclient.exceptions import NotAcceptable
    except ImportError:
        fail_usage("Nova not found or not accessible")

    from keystoneauth1 import loading
    from keystoneauth1 import session
    from keystoneclient import discover

    # Prefer the oldest and strip the leading 'v'
    keystone_versions = discover.available_versions(options["--auth-url"])
    keystone_version = keystone_versions[0]['id'][1:]
    kwargs = dict(auth_url=options["--auth-url"],
                  username=options["--username"],
                  password=options["--password"])

    if discover.version_match("2", keystone_version):
        kwargs["tenant_name"] = options["--tenant-name"]

    elif discover.version_match("3", keystone_version):
        kwargs["project_name"] = options["--tenant-name"]
        kwargs["user_domain_name"] = options["--user-domain"]
        kwargs["project_domain_name"] = options["--project-domain"]

    loader = loading.get_plugin_loader('password')
    keystone_auth = loader.load_from_options(**kwargs)
    keystone_session = session.Session(auth=keystone_auth,
                                       verify=(not options["--insecure"]))

    versions = ["2.11", "2"]
    for version in versions:
        clientargs = inspect.getargspec(client.Client).varargs

        # Some versions of Openstack prior to Ocata only
        # supported positional arguments for username,
        # password, and tenant.
        #
        # Versions since Ocata only support named arguments.
        #
        # So we need to use introspection to figure out how to
        # create a Nova client.
        #
        # Happy days
        #
        if clientargs:
            # OSP < 11
            # ArgSpec(args=['version', 'username', 'password', 'project_id', 'auth_url'],
            #	 varargs=None,
            #	 keywords='kwargs', defaults=(None, None, None, None))
            nova = client.Client(
                version,
                None,  # User
                None,  # Password
                None,  # Tenant
                None,  # Auth URL
                insecure=options["--insecure"],
                region_name=options["--region-name"],
                endpoint_type=options["--endpoint-type"],
                session=keystone_session,
                auth=keystone_auth,
                http_log_debug="--verbose" in options)
        else:
            # OSP >= 11
            # ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None)
            nova = client.Client(version,
                                 region_name=options["--region-name"],
                                 endpoint_type=options["--endpoint-type"],
                                 session=keystone_session,
                                 auth=keystone_auth,
                                 http_log_debug="--verbose" in options)

        try:
            nova.hypervisors.list()
            return nova

        except NotAcceptable as e:
            logging.warning(e)

        except Exception as e:
            logging.warning("Nova connection failed. %s: %s" %
                            (e.__class__.__name__, e))

    logging.warning(
        "Couldn't obtain a supported connection to nova, tried: %s\n" %
        repr(versions))
    return None
示例#11
0
def create_nova_connection(options):
	nova = None

	try:
		from novaclient import client
		from novaclient.exceptions import NotAcceptable
	except ImportError:
		fail_usage("Nova not found or not accessible")

	from keystoneauth1 import loading
	from keystoneauth1 import session
	from keystoneclient import discover

	# Prefer the oldest and strip the leading 'v'
	keystone_versions = discover.available_versions(options["--auth-url"])
	keystone_version = keystone_versions[0]['id'][1:]
	kwargs = dict(
		auth_url=options["--auth-url"],
		username=options["--username"],
		password=options["--password"]
		)

	if discover.version_match("2", keystone_version):
		kwargs["tenant_name"] = options["--tenant-name"]

	elif discover.version_match("3", keystone_version):
		kwargs["project_name"] = options["--tenant-name"]
		kwargs["user_domain_name"] = options["--user-domain"]
		kwargs["project_domain_name"] = options["--project-domain"]

	loader = loading.get_plugin_loader('password')
	keystone_auth = loader.load_from_options(**kwargs)
	keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))

	versions = [ "2.11", "2" ]
	for version in versions:
		clientargs = inspect.getargspec(client.Client).varargs

		# Some versions of Openstack prior to Ocata only
		# supported positional arguments for username,
		# password, and tenant.
		#
		# Versions since Ocata only support named arguments.
		#
		# So we need to use introspection to figure out how to
		# create a Nova client.
		#
		# Happy days
		#
		if clientargs:
			# OSP < 11
			# ArgSpec(args=['version', 'username', 'password', 'project_id', 'auth_url'],
			#	 varargs=None,
			#	 keywords='kwargs', defaults=(None, None, None, None))
			nova = client.Client(version,
					     None, # User
					     None, # Password
					     None, # Tenant
					     None, # Auth URL
					     insecure=options["--insecure"],
					     region_name=options["--region-name"],
					     endpoint_type=options["--endpoint-type"],
					     session=keystone_session, auth=keystone_auth,
					     http_log_debug=options.has_key("--verbose"))
		else:
			# OSP >= 11
			# ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None)
			nova = client.Client(version,
					     region_name=options["--region-name"],
					     endpoint_type=options["--endpoint-type"],
					     session=keystone_session, auth=keystone_auth,
					     http_log_debug=options.has_key("--verbose"))

		try:
			nova.hypervisors.list()
			return nova

		except NotAcceptable as e:
			logging.warning(e)

		except Exception as e:
			logging.warning("Nova connection failed. %s: %s" % (e.__class__.__name__, e))

	logging.warning("Couldn't obtain a supported connection to nova, tried: %s\n" % repr(versions))
	return None
示例#12
0
    def create_plugin(self, session, version, url, raw_status=None):
        if discover.version_match((2, ), version):
            return v2.Token(url, self._token, **self._v2_params)

        elif discover.version_match((3, ), version):
            return v3.Token(url, self._token, **self._v3_params)