#!/bin/python from os import environ as env import keystoneclient.v2_0.client as ksclient keystone = ksclient.Client(auth_url=env['OS_AUTH_URL'], username=env['OS_USERNAME'], password=env['OS_PASSWORD'], tenant_name=env['OS_TENANT_NAME']) #keystone2 =ksclient.Client() #env['tokens']=keystone.auth_token print keystone.auth_token
help='Glance file store image directory', default='/var/lib/glance/images') argparser.add_argument('--debug', help='Enable API debugging', action='store_true') argparser.add_argument('--criticality', help='Set sensu alert level, critical is default', default='critical') options = argparser.parse_args() store_directory = options.imagedir if 'OS_CACERT' in os.environ.keys(): glance_auth['ca_cert'] = os.environ['OS_CACERT'] keystone = ksclient.Client(**glance_auth) auth_token = keystone.auth_token endpoint = keystone.service_catalog.url_for(service_type='image', endpoint_type='publicURL') if options.debug: logging.basicConfig(level=logging.DEBUG) glance = client.Client('2', endpoint=endpoint, token=auth_token) glance.format = 'json' # Fetch the list of files in store_directory matching the UUID regex uuid_re = re.compile( r'[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') files = [(x, os.path.join(store_directory, x))
def func(): auth_ref = self._get_client_by_creds().auth_ref return keystone_client.Client(auth_ref=auth_ref, endpoint=self.config.cloud.auth_url, cacert=self.config.cloud.cacert, insecure=self.config.cloud.insecure)
def _auth(profile=None, api_version=2, **connection_args): ''' Set up glance credentials, returns `glanceclient.client.Client`. Optional parameter "api_version" defaults to 2. Only intended to be used within glance-enabled modules ''' if profile: prefix = profile + ":keystone." else: prefix = "keystone." def get(key, default=None): ''' Checks connection_args, then salt-minion config, falls back to specified default value. ''' return connection_args.get('connection_' + key, __salt__['config.get'](prefix + key, default)) user = get('user', 'admin') password = get('password', None) tenant = get('tenant', 'admin') tenant_id = get('tenant_id') auth_url = get('auth_url', 'http://127.0.0.1:35357/v2.0') insecure = get('insecure', False) admin_token = get('token') region = get('region') ks_endpoint = get('endpoint', 'http://127.0.0.1:9292/') g_endpoint_url = __salt__['keystone.endpoint_get']('glance', profile) # The trailing 'v2' causes URLs like thise one: # http://127.0.0.1:9292/v2/v1/images g_endpoint_url = re.sub('/v2', '', g_endpoint_url['internalurl']) if admin_token and api_version != 1 and not password: # If we had a password we could just # ignore the admin-token and move on... raise SaltInvocationError('Only can use keystone admin token ' + 'with Glance API v1') elif password: # Can't use the admin-token anyway kwargs = {'username': user, 'password': password, 'tenant_id': tenant_id, 'auth_url': auth_url, 'endpoint_url': g_endpoint_url, 'region_name': region, 'tenant_name': tenant} # 'insecure' keyword not supported by all v2.0 keystone clients # this ensures it's only passed in when defined if insecure: kwargs['insecure'] = True elif api_version == 1 and admin_token: kwargs = {'token': admin_token, 'auth_url': auth_url, 'endpoint_url': g_endpoint_url} else: raise SaltInvocationError('No credentials to authenticate with.') if HAS_KEYSTONE: log.debug('Calling keystoneclient.v2_0.client.Client(' + '{0}, **{1})'.format(ks_endpoint, kwargs)) keystone = kstone.Client(**kwargs) log.debug(help(keystone.get_token)) kwargs['token'] = keystone.get_token(keystone.session) # This doesn't realy prevent the password to show up # in the minion log as keystoneclient.session is # logging it anyway when in debug-mode kwargs.pop('password') log.debug('Calling glanceclient.client.Client(' + '{0}, {1}, **{2})'.format(api_version, g_endpoint_url, kwargs)) # may raise exc.HTTPUnauthorized, exc.HTTPNotFound # but we deal with those elsewhere return client.Client(api_version, g_endpoint_url, **kwargs) else: raise NotImplementedError( "Can't retrieve a auth_token without keystone")
Developer: [email protected] """ import os import time import pdb import novaclient.v1_1.client as nvclient from novaclient.base import * from novaclient.exceptions import NotFound from config import FLOATING_IP_CREATION, IMAGE_NAME, FLAVOUR_NAME,OS_USERNAME, OS_TENANT_NAME, OS_PASSWORD, OS_AUTH_URL from credentials import get_nova_credentials, get_tenant_nova_credentials,get_credentials from floating_ips import add_floating_ip_for_vm import glanceclient.v2.client as glance_client import keystoneclient.v2_0.client as ksclient keystone = ksclient.Client(auth_url="http://172.168.2.40:35357/v2.0", username="******", password="******", tenant_name="admin") token = keystone.auth_ref['token']['id'] credentials = get_nova_credentials() nova = nvclient.Client(**credentials) #glance=glance_client.Client(username=OS_USERNAME,password=OS_PASSWORD,tenant_name=OS_TENANT_NAME,auth_url=OS_AUTH_URL) glance=glance_client.Client(endpoint="http://172.168.2.40:9292", token=token) if not nova.keypairs.findall(name="admin"): with open(os.path.expanduser('~/.ssh/id_rsa.pub')) as fpubkey: nova.keypairs.create(name="admin", public_key=fpubkey.read()) def upload_image_glance(): pdb.set_trace()
print "listorphans.py <object> where object is one or more of", print "'networks', 'routers', 'subnets', 'floatingips' or 'all'" def get_credentials(): d = {} d['username'] = os.environ['OS_USERNAME'] d['password'] = os.environ['OS_PASSWORD'] d['auth_url'] = os.environ['OS_AUTH_URL'] d['tenant_name'] = os.environ['OS_TENANT_NAME'] return d credentials = get_credentials() neutron = nclient.Client(**credentials) keystone = ksclient.Client(**credentials) def get_tenantids(): return [tenant.id for tenant in keystone.tenants.list()] def get_orphaned_neutron_objects(object): objects = getattr(neutron, 'list_' + object)() tenantids = get_tenantids() orphans = [] for object in objects.get(object): if object['tenant_id'] not in tenantids: orphans.append(object['id']) return orphans
def nova_deploy_instace(): service_types = [] service_status = {} INITIAL_STATUS = "UNKNOWN" service_url = {} FLAVOR_NAME = "cirros.1" NETWORK_NAME = "default" IMAGE_NAME = "cirros-0.3.4" #keystone = client.Client(username=os.environ['OS_USERNAME'], # password=os.environ['OS_PASSWORD'], # tenant_name=os.environ['OS_TENANT_NAME'], # auth_url=os.environ['OS_AUTH_URL']) auth = v2.Password(auth_url=os.environ["OS_AUTH_URL"], username=os.environ["OS_USERNAME"], password=os.environ['OS_PASSWORD'], tenant_name=os.environ['OS_TENANT_NAME']) sess = session.Session(auth=auth) #get keystone session keystone = client.Client(session=sess) #print keystone.tenants.list() nova = novaClient.Client("2", session=keystone.session, timings=True, timeout=1) flavor = nova.flavors.find(name=FLAVOR_NAME) if not flavor: print "No flavour found" exit(0) #Get glance images glance = glanceClient.Client("1", session=keystone.session) image = glance.images.find(name=IMAGE_NAME) if not image: print "No image found" exit(0) #get neutron /netrowk info neutron = neutronClient.Client(session=keystone.session) networks = neutron.list_networks(name=NETWORK_NAME) if not networks: print "No default network found" exit(0) nics = [{'net-id': networks['networks'][0]['id']}] index = 0 while index == 0: results = [] try: # Starting nova instance result = initResult() nova.reset_timings() result["action"] = "Create" result["invoked_time"] = str(datetime.datetime.now()) instance = nova.servers.create(name="PUTTUR_IS_HERE", image=image, flavor=flavor, nics=nics) instance_id = instance.id result["time"] = getTimings(nova.get_timings()) result['id'] = instance_id result['name'] = instance.name nova.reset_timings() # Poll at 2?? second intervals, until the status is no longer 'BUILD' or need to decide when to stop '' till it is running? status = instance.status result["status"] = status if status == "ERROR": result["error_state"] = instance.error results.append(result) print_result(results) exit(0) results.append(result) #exit(0) #check status while status == 'BUILD': time.sleep(1) result = initResult() # Retrieve the instance again so the status field updates try: nova.reset_timings() instance = nova.servers.get(instance_id) if instance.status != status: result["invoked_time"] = str(datetime.datetime.now()) status = instance.status result["action"] = "GET_STATUS" result["status"] = status if hasattr(instance, "fault"): result["fault"] = get_fault(instance.fault) result["time"] = getTimings(nova.get_timings()) results.append(result) except Exception as err: result["error_state"] = err results.append(result) #if the status is Not Build, delete except Exception as err: result["error_state"] = err results.append(result) #print_result(results) #Delete instance and print result = delete_instance(nova, instance_id) results.append(result) print_result(results)
# This script creates an instance called "instance2" from keystoneclient.v2_0 import client as keystone_client from glanceclient import Client as glance_client from novaclient.v1_1 import client as nova_client keystone = keystone_client.Client(username='******', password='******', tenant_name='userj', auth_url='http://controller:35357/v2.0') endpoint = keystone.service_catalog.url_for(service_type='image', endpoint_type='publicURL') glance = glance_client('2', endpoint, token=keystone.auth_token) nova = nova_client.Client('userj', 'Password123', 'userj', 'http://controller:35357/v2.0') nova.servers.create(name='instance2', flavor=nova.flavors.find(name="m1.small"), image=nova.images.find(name="ubuntu-trusty-14.04"), nics=[{'net-id': '71ae39ba-28a0-4635-baa7-8bdc28dac1ea'}], key_name="demo-key")
def get_keystone_client(username=None, password=None, auth_url=None, tenant_name=None): """Get keystone client """ return ksclient.Client(username=username, password=password, auth_url=auth_url, tenant_name=tenant_name)
def post_handle(message): cf = ConfigParser.ConfigParser() logger = logging.getLogger("GlanceHandler") glanceDao = DRGlanceDao() cf.read("/home/eshufan/projects/drcontroller/drcontroller/conf/set.conf") drf_keystone = keystoneclient.Client(auth_url=cf.get("drf", "auth_url"), username=cf.get("drf", "user"), password=cf.get("drf", "password"), tenant_name=cf.get( "drf", "tenant_name")) drf_glance_endpoint = drf_keystone.service_catalog.url_for( service_type='image', endpoint_type='publicURL') drf_glance = glanceclient.Client('1', drf_glance_endpoint, token=drf_keystone.auth_token) # print "drf:", drf_glance_endpoint # pdb.set_trace() image_id = message['Response']['image']['id'] status = message['Response']['image']['status'] logger.info('Create shadow image for ' + image_id + ' in dr site') # status=drf_glance.images.get(image_id).status # count=0 # while (status != 'active') and (status != 'killed'): # time.sleep(1) # if status == 'queued': # count +=1 # else: # count = 0 # if count == 5: # glanceDao.add(DRGlance(primary_uuid=image_id,status='queued')) # break # status=drf_glance.images.get(image_id).status if status == 'queued': glanceDao.add(DRGlance(primary_uuid=image_id, status='queued')) if status == 'active': new_data = drf_glance.images.data(image_id)._resp drc_keystone = keystoneclient.Client( auth_url=cf.get("drc", "auth_url"), username=cf.get("drc", "user"), password=cf.get("drc", "password"), tenant_name=cf.get("drc", "tenant_name")) drc_glance_endpoint = drc_keystone.service_catalog.url_for( service_type='image', endpoint_type='publicURL') drc_glance = glanceclient.Client('1', drc_glance_endpoint, token=drc_keystone.auth_token) image = drc_glance.images.create( name=message['Response']['image']['name'] + "_shadow", container_format=message['Response']['image']['container_format'], min_ram=message['Response']['image']['min_ram'], disk_format=message['Response']['image']['disk_format'], min_disk=message['Response']['image']['min_disk'], protected=str(message['Response']['image']['protected']), is_public=str(message['Response']['image']['is_public']), owner=message['Response']['image']['owner'], data=new_data) glanceDao.add( DRGlance(primary_uuid=image_id, secondary_uuid=image.id, status='active')) logger.info('Shadow image ' + image.id + ' created for ' + image_id)
def keystoneclient(request, username=None, password=None, tenant_id=None, token_id=None, endpoint=None, endpoint_type=None, admin=False): """Returns a client connected to the Keystone backend. Several forms of authentication are supported: * Username + password -> Unscoped authentication * Username + password + tenant id -> Scoped authentication * Unscoped token -> Unscoped authentication * Unscoped token + tenant id -> Scoped authentication * Scoped token -> Scoped authentication Available services and data from the backend will vary depending on whether the authentication was scoped or unscoped. Lazy authentication if an ``endpoint`` parameter is provided. Calls requiring the admin endpoint should have ``admin=True`` passed in as a keyword argument. The client is cached so that subsequent API calls during the same request/response cycle don't have to be re-authenticated. """ user = request.user if admin: if not user.is_admin(): raise exceptions.NotAuthorized endpoint_type = 'adminURL' else: endpoint_type = endpoint_type or getattr( settings, 'OPENSTACK_ENDPOINT_TYPE', 'internalURL') # Take care of client connection caching/fetching a new client. # Admin vs. non-admin clients are cached separately for token matching. cache_attr = "_keystone_admin" if admin else "_keystone" if hasattr(request, cache_attr) and (not token_id or getattr( request, cache_attr).auth_token == token_id): LOG.debug("Using cached client for token: %s" % user.token) conn = getattr(request, cache_attr) else: endpoint_lookup = _get_endpoint_url(request, endpoint_type) auth_url = endpoint or endpoint_lookup LOG.debug("Creating a new keystoneclient connection to %s." % auth_url) conn = keystone_client.Client(username=username or user.username, password=password, tenant_id=tenant_id or user.tenant_id, token=token_id or user.token, auth_url=auth_url, endpoint=endpoint) setattr(request, cache_attr, conn) # Fetch the correct endpoint if we've re-scoped the token. catalog = getattr(conn, 'service_catalog', None) if catalog and "serviceCatalog" in catalog.catalog.keys(): catalog = catalog.catalog['serviceCatalog'] endpoint = _get_endpoint_url(request, endpoint_type, catalog) conn.management_url = endpoint return conn
def put_handle(message): glanceDao = DRGlanceDao() cf = ConfigParser.ConfigParser() cf.read("/home/eshufan/projects/drcontroller/drcontroller/conf/set.conf") image_id = message['Response']['image']['id'] try: glancedb = glanceDao.get_by_primary_uuid(image_id) gl_status = glancedb.status except: return if gl_status == 'queued': drf_keystone = keystoneclient.Client( auth_url=cf.get("drf", "auth_url"), username=cf.get("drf", "user"), password=cf.get("drf", "password"), tenant_name=cf.get("drf", "tenant_name")) drf_glance_endpoint = drf_keystone.service_catalog.url_for( service_type='image', endpoint_type='publicURL') drf_glance = glanceclient.Client('1', drf_glance_endpoint, token=drf_keystone.auth_token) # status=drf_glance.images.get(image_id).status # count=0 # while (status != 'active') and (status != 'killed'): # time.sleep(1) # if status == 'queued': # count +=1 # else: # count = 0 # if count == 5: # break # status=drf_glance.images.get(image_id).status status = message['Response']['image']['status'] if status == 'active': new_data = drf_glance.images.data(image_id)._resp drc_keystone = keystoneclient.Client( auth_url=cf.get("drc", "auth_url"), username=cf.get("drc", "user"), password=cf.get("drc", "password"), tenant_name=cf.get("drc", "tenant_name")) drc_glance_endpoint = drc_keystone.service_catalog.url_for( service_type='image', endpoint_type='publicURL') drc_glance = glanceclient.Client('1', drc_glance_endpoint, token=drc_keystone.auth_token) image = drc_glance.images.create( name=message['Response']['image']['name'] + "_shadow", container_format=message['Response']['image'] ['container_format'], min_ram=message['Response']['image']['min_ram'], disk_format=message['Response']['image']['disk_format'], min_disk=message['Response']['image']['min_disk'], protected=str(message['Response']['image']['protected']), is_public=str(message['Response']['image']['is_public']), owner=message['Response']['image']['owner'], data=new_data) glanceDao.delete_by_primary_uuid(image_id) glanceDao.add( DRGlance(primary_uuid=image_id, secondary_uuid=image.id, status='active')) if gl_status == 'active': try: drc_id = glanceDao.get_by_primary_uuid(image_id).secondary_uuid except: return drc_keystone = keystoneclient.Client( auth_url=cf.get("drc", "auth_url"), username=cf.get("drc", "user"), password=cf.get("drc", "password"), tenant_name=cf.get("drc", "tenant_name")) drc_glance_endpoint = drc_keystone.service_catalog.url_for( service_type='image', endpoint_type='publicURL') drc_glance = glanceclient.Client('1', drc_glance_endpoint, token=drc_keystone.auth_token) image = drc_glance.images.update( image=drc_id, name=message['Response']['image']['name'] + "_shadow", container_format=message['Response']['image']['container_format'], min_ram=message['Response']['image']['min_ram'], disk_format=message['Response']['image']['disk_format'], min_disk=message['Response']['image']['min_disk'], protected=str(message['Response']['image']['protected']), is_public=str(message['Response']['image']['is_public']), owner=message['Response']['image']['owner'])
def keystone(self): if self._keystone is None: ret_count = self.options.get('retries', 1) tmp_passwd = self.generate_random_passwd() while True: if ret_count <= 0: self.log.error( ">>> Keystone error: no more retries for connect to keystone server." ) sys.exit(1) try: a_token = self.options.get('auth-token') a_url = self.options.get('admin-auth-url') if a_token and a_url: self.log.debug("Authentication by predefined token.") # create keystone instance, authorized by service token ks = ks_client.Client( token=a_token, endpoint=a_url, ) service_tenant = ks.tenants.find(name='services') auth_url = ks.endpoints.find( service_id=ks.services.find( type='identity').id).internalurl # find and re-create temporary rescheduling-admin user with random password try: user = ks.users.find(username=TMP_USER_NAME) ks.users.delete(user) except ks_NotFound: # user not found, it's OK pass user = ks.users.create(TMP_USER_NAME, tmp_passwd, tenant_id=service_tenant.id) ks.roles.add_user_role(user, ks.roles.find(name='admin'), service_tenant) # authenticate newly-created tmp neutron admin self._keystone = ks_client.Client( username=user.username, password=tmp_passwd, tenant_id=user.tenantId, auth_url=auth_url, ) self._need_cleanup_tmp_admin = True else: self.log.debug( "Authentication by given credentionals.") self._keystone = ks_client.Client( username=self.auth_config['OS_USERNAME'], password=self.auth_config['OS_PASSWORD'], tenant_name=self.auth_config['OS_TENANT_NAME'], auth_url=self.auth_config['OS_AUTH_URL'], ) break except Exception as e: errmsg = str(e.message).strip( ) # str() need, because keystone may use int as message in exception if re.search(r"Connection\s+refused$", errmsg, re.I) or \ re.search(r"Connection\s+timed\s+out$", errmsg, re.I) or\ re.search(r"Lost\s+connection\s+to\s+MySQL\s+server", errmsg, re.I) or\ re.search(r"Service\s+Unavailable$", errmsg, re.I) or\ re.search(r"'*NoneType'*\s+object\s+has\s+no\s+attribute\s+'*__getitem__'*$", errmsg, re.I) or \ re.search(r"No\s+route\s+to\s+host$", errmsg, re.I): self.log.info( ">>> Can't connect to {0}, wait for server ready..." .format(self.auth_config['OS_AUTH_URL'])) time.sleep(self.options.sleep) else: self.log.error(">>> Keystone error:\n{0}".format( e.message)) raise e ret_count -= 1 return self._keystone
# Config config = yaml.load(open("config.yaml", "r")) # Slack def slack(s): payload = { "text" : "image-builder: " + s } requests.post(config["slack"]["webhook"], data=json.dumps(payload)) # OpenStack openstack = config["openstack"] nova_client = nova.Client(username=openstack["username"], api_key=openstack["password"], project_id=openstack["tenant"], auth_url=openstack["auth_url"]) keystone_client = keystone.Client(username=openstack["username"], password=openstack["password"], tenant_name=openstack["tenant"], auth_url=openstack["auth_url"]) glance_url = keystone_client.service_catalog.url_for(service_type="image", endpoint_type="publicURL") swift_url = keystone_client.service_catalog.url_for(service_type="object-store", endpoint_type="publicURL") glance_client = glanceclient.Client(endpoint=glance_url, token=keystone_client.auth_token) def horizon(type, id, name = None): if name is None: name = id return "<%s|%s>" % (config["openstack"]["horizon"][type] % id, name) def initiate(): """Boot the builder.""" user_data = open("user-data.sh").read() flavor = nova_client.flavors.find(name=openstack["flavor"]) builder = nova_client.servers.create(availability_zone=openstack["region"], name="image-builder", image=openstack["image"]["base"], flavor=flavor, userdata=user_data, security_groups=[openstack["security_group"]])
def __init__(self, adap, **kwargs): super(_V2RequestStrategy, self).__init__(adap, **kwargs) self._client = v2_client.Client(session=adap)
def setUp(self): super(ITestCase, self).setUp() self.common_config = cfg.ITConfig().common_config self.vanilla_config = cfg.ITConfig().vanilla_config self.vanilla_two_config = cfg.ITConfig().vanilla_two_config self.hdp_config = cfg.ITConfig().hdp_config telnetlib.Telnet( self.common_config.SAHARA_HOST, self.common_config.SAHARA_PORT ) keystone = keystone_client.Client( username=self.common_config.OS_USERNAME, password=self.common_config.OS_PASSWORD, tenant_name=self.common_config.OS_TENANT_NAME, auth_url=self.common_config.OS_AUTH_URL) keystone.management_url = self.common_config.OS_AUTH_URL self.common_config.OS_TENANT_ID = [ tenant.id for tenant in keystone.tenants.list() if tenant.name == self.common_config.OS_TENANT_NAME][0] self.sahara = sahara_client.Client( version=self.common_config.SAHARA_API_VERSION, username=self.common_config.OS_USERNAME, api_key=self.common_config.OS_PASSWORD, project_name=self.common_config.OS_TENANT_NAME, auth_url=self.common_config.OS_AUTH_URL, sahara_url='http://%s:%s/v%s/%s' % ( self.common_config.SAHARA_HOST, self.common_config.SAHARA_PORT, self.common_config.SAHARA_API_VERSION, self.common_config.OS_TENANT_ID )) self.nova = nova_client.Client( username=self.common_config.OS_USERNAME, api_key=self.common_config.OS_PASSWORD, project_id=self.common_config.OS_TENANT_NAME, auth_url=self.common_config.OS_AUTH_URL) self.neutron = neutron_client.Client( username=self.common_config.OS_USERNAME, password=self.common_config.OS_PASSWORD, tenant_name=self.common_config.OS_TENANT_NAME, auth_url=self.common_config.OS_AUTH_URL) if not self.common_config.FLAVOR_ID: self.flavor_id = self.nova.flavors.create( name='i-test-flavor-%s' % str(uuid.uuid4())[:8], ram=1024, vcpus=1, disk=10, ephemeral=10).id else: self.flavor_id = self.common_config.FLAVOR_ID if not self.common_config.PATH_TO_SSH_KEY: self.common_config.USER_KEYPAIR_ID += str(uuid.uuid4())[:8] self.private_key = self.nova.keypairs.create( self.common_config.USER_KEYPAIR_ID).private_key else: self.private_key = open(self.common_config.PATH_TO_SSH_KEY).read()
extra_config = dict(config.items("extra_conf")) # kwargs for connection kwargs_conn = { "tenant_name": connection['username'], "auth_url": connection['auth_url'], "username": connection['username'], "password": connection['password'], "nova_version": extra_config['nova_version'], "cloudkitty_version": extra_config['cloudkitty_version'], "log_file": extra_config['log_file'], "region_name": connection['region'] } # keystone client establish connection keystone = kclient.Client(**kwargs_conn) # Establish the connection Cloudkitty ck = client.get_client(kwargs_conn.get('cloudkitty_version'), **kwargs_conn) # Establish the connection NOVA nt = nova_client.Client(kwargs_conn.get('nova_version'), kwargs_conn.get('username'), kwargs_conn.get('password'), kwargs_conn.get('tenant_name'), kwargs_conn.get('auth_url')) # Logging the items # Log Definition logging.basicConfig(filename=kwargs_conn.get('log_file'), level=logging.INFO,
def authenticate(auth_url, user, key, tenant, **kwargs): """Authenticates against the endpoint to use. The correct endpoint to use is looked up in the service catalog. The caller can override this lookup by passing the endpoint as a parameter. :param auth_url: The keystone auth endpoint to use :param user: The username to use for auth :param key: The apikey to use for authentiation :param endpoint: The Barbican endpoint to use. IOW, don't look up an endpoint in the service catalog, just use this one instead. :param tenant_name: The optional tenant-name to use :param tenant_id: The optional tenant ID toi use :param cacert: The cacert PEM file to use :param service_type: The service type to look for in the service catalog :param endpoint_type The endpoint type to reference in the service catalog :param region_name The region to pass for authentication :returns: Tuple containing Barbican endpoint and token :raises: ClientException """ insecure = kwargs.get('insecure', False) endpoint = kwargs.get('endpoint') cacert = kwargs.get('cacert') try: _ksclient = ksclient.Client(username=user, password=key, tenant_name=tenant, cacert=cacert, auth_url=auth_url, insecure=insecure) except exceptions.Unauthorized: raise ClientException('Unauthorized. Check username, password' ' and tenant name/id') except exceptions.AuthorizationFailure: raise ClientException('Authorization Failure. %s') if not endpoint: # The user did not pass in an endpoint, so we need to # look one up on their behalf in the service catalog # TODO(jdp): Ensure that this is the correct service_type field service_type = kwargs.get('service_type', 'queueing') endpoint_type = kwargs.get('endpoint_type', 'publicURL') region = kwargs.get('region_name') try: endpoint = _ksclient.service_catalog.url_for( attr='region', filter_value=region, service_type=service_type, endpoint_type=endpoint_type) except exceptions.EndpointNotFound: raise ClientException('Endpoint not found in service catalog') return endpoint, _ksclient.auth_token
''' ================== STUFF AS DEMO USER YOU SHOULD CARE ========================= ''' def get_demo_creds(): d = {} d['username'] = os.environ['OS_USERNAME'] d['password'] = os.environ['OS_PASSWORD'] d['auth_url'] = os.environ['OS_AUTH_URL'] d['tenant_name'] = os.environ['OS_TENANT_NAME'] return d demo_creds = get_demo_creds() print demo_creds, "\n" # get auth_token to connect to heat API # you need an auth token to connect to Heat API always. me = ksclient.Client(**demo_creds) print "auth_token: ", me.auth_token, "\n" # get the heat endpoint URL from service_catalog heat_endpoint = me.service_catalog.url_for(service_type='orchestration', endpoint_type='publicURL') print "demo_heat_endpoint: ", heat_endpoint, '\n' # create heat client for demo/demo # heat client asks for auth_token, not all clients ask for this, you may # want to check the openstack documents once. # from heatclient import client as hc import heatclient.client as hc HEAT_VERSION = 1 heat = hc.Client(HEAT_VERSION,
def get_keystone_client(auth_url=AUTH_URL): return client.Client(username=USER, password=PASS, tenant_name=TENANT, auth_url=auth_url, endpoint_type='adminURL')
def add_user_to_tenant(user, tenant): keystone = client.Client(username=username, password=password, tenant_name=tenant_name, auth_url=auth_url) db = DataBase.acctDB()
def authenticate(self, username=None, password=None, tenant=None, auth_url=None, otp=None): """ Authenticates a user via the Keystone Identity API. """ LOG.debug('Beginning user authentication for user "%s".' % username) insecure = False try: client = keystone_client.Client(username=username, password=password, tenant_id=tenant, auth_url=auth_url, insecure=insecure, timeout=8) except (keystone_exceptions.Unauthorized, keystone_exceptions.Forbidden, keystone_exceptions.NotFound) as exc: msg = ('Invalid user name or password.') LOG.debug(exc.message) return username, u'Invalid' except (keystone_exceptions.ClientException, keystone_exceptions.AuthorizationFailure) as exc: msg = ("An error occurred authenticating. " "Please try again later.") #if u'Authorization Failed: InvalidResponse' == exc.args[0]: # print exc.args[0] LOG.debug(exc.message) return username, u'IPError' try: tenants = client.tenants.list() except (keystone_exceptions.ClientException, keystone_exceptions.AuthorizationFailure): msg = ('Unable to retrieve authorized projects.') if not tenants: msg = ('You are not authorized for any projects.') alltoken = {} alltoken.clear() while tenants: tenant = tenants.pop() try: token = client.tokens.authenticate(username=username, password=password, tenant_id=tenant.id) alltoken[tenant.id] = token except (keystone_exceptions.ClientException, keystone_exceptions.AuthorizationFailure): token = None if token is None: msg = ("Unable to authenticate to any available projects.") user = create_user_from_token(token, client.auth_url, alltoken, client) LOG.debug('Authentication completed for user "%s".' % username) return user, u''
required_images, valid_image, len(required_images)) sys.exit(STATE_WARNING) if args.req_images and args.req_count: print "OK - image %s found and enough images >=%d" % (required_images, required_count) elif args.req_images: print "OK - image %s found" % required_images elif args.req_count: print "OK - more than %d images found" % required_count else: print "OK - Connection glance established" if __name__ == '__main__': args = collect_args().parse_args() try: ks_client = ksclient.Client(username=args.username, password=args.password, tenant_name=args.tenant, auth_url=args.auth_url) token = ks_client.auth_token endpoint = ks_client.service_catalog.url_for(service_type='image') endpoint = endpoint.replace('v1', '') c = glance_client.Client('1', endpoint, token=token) sys.exit(check_glance(c, args)) except Exception as e: print str(e) sys.exit(STATE_CRITICAL)
def main(): exit_code = -1 start_time = time.time() ks_creds = openstack_utils.get_credentials("keystone") nv_creds = openstack_utils.get_credentials("nova") nt_creds = openstack_utils.get_credentials("neutron") keystone = ksclient.Client(**ks_creds) user_id = openstack_utils.get_user_id(keystone, ks_creds['username']) if user_id == '': logger.error("Error : Failed to get id of %s user" % ks_creds['username']) exit(-1) logger.info("Creating tenant '%s'..." % PROMISE_TENANT_NAME) tenant_id = openstack_utils.create_tenant(keystone, PROMISE_TENANT_NAME, TENANT_DESCRIPTION) if not tenant_id: logger.error("Error : Failed to create %s tenant" % PROMISE_TENANT_NAME) exit(-1) logger.debug("Tenant '%s' created successfully." % PROMISE_TENANT_NAME) roles_name = ["admin", "Admin"] role_id = '' for role_name in roles_name: if role_id == '': role_id = openstack_utils.get_role_id(keystone, role_name) if role_id == '': logger.error("Error : Failed to get id for %s role" % role_name) exit(-1) logger.info("Adding role '%s' to tenant '%s'..." % (role_id, PROMISE_TENANT_NAME)) if not openstack_utils.add_role_user(keystone, user_id, role_id, tenant_id): logger.error("Error : Failed to add %s on tenant %s" % (ks_creds['username'], PROMISE_TENANT_NAME)) exit(-1) logger.debug("Role added successfully.") logger.info("Creating user '%s'..." % PROMISE_USER_NAME) user_id = openstack_utils.create_user(keystone, PROMISE_USER_NAME, PROMISE_USER_PWD, None, tenant_id) if not user_id: logger.error("Error : Failed to create %s user" % PROMISE_USER_NAME) exit(-1) logger.debug("User '%s' created successfully." % PROMISE_USER_NAME) logger.info("Updating OpenStack credentials...") ks_creds.update({ "username": PROMISE_TENANT_NAME, "password": PROMISE_TENANT_NAME, "tenant_name": PROMISE_TENANT_NAME, }) nt_creds.update({ "tenant_name": PROMISE_TENANT_NAME, }) nv_creds.update({ "project_id": PROMISE_TENANT_NAME, }) glance = openstack_utils.get_glance_client() nova = nvclient.Client("2", **nv_creds) logger.info("Creating image '%s' from '%s'..." % (PROMISE_IMAGE_NAME, GLANCE_IMAGE_PATH)) image_id = openstack_utils.create_glance_image(glance, PROMISE_IMAGE_NAME, GLANCE_IMAGE_PATH) if not image_id: logger.error("Failed to create the Glance image...") exit(-1) logger.debug("Image '%s' with ID '%s' created successfully." % (PROMISE_IMAGE_NAME, image_id)) flavor_id = openstack_utils.get_flavor_id(nova, PROMISE_FLAVOR_NAME) if flavor_id == '': logger.info("Creating flavor '%s'..." % PROMISE_FLAVOR_NAME) flavor_id = openstack_utils.create_flavor(nova, PROMISE_FLAVOR_NAME, PROMISE_FLAVOR_RAM, PROMISE_FLAVOR_DISK, PROMISE_FLAVOR_VCPUS) if not flavor_id: logger.error("Failed to create the Flavor...") exit(-1) logger.debug("Flavor '%s' with ID '%s' created successfully." % (PROMISE_FLAVOR_NAME, flavor_id)) else: logger.debug("Using existing flavor '%s' with ID '%s'..." % (PROMISE_FLAVOR_NAME, flavor_id)) neutron = ntclient.Client(**nt_creds) network_dic = openstack_utils.create_network_full(neutron, PROMISE_NET_NAME, PROMISE_SUBNET_NAME, PROMISE_ROUTER_NAME, PROMISE_SUBNET_CIDR) if not network_dic: logger.error("Failed to create the private network...") exit(-1) logger.info("Exporting environment variables...") os.environ["NODE_ENV"] = "functest" os.environ["OS_PASSWORD"] = PROMISE_USER_PWD os.environ["OS_TEST_IMAGE"] = image_id os.environ["OS_TEST_FLAVOR"] = flavor_id os.environ["OS_TEST_NETWORK"] = network_dic["net_id"] os.environ["OS_TENANT_NAME"] = PROMISE_TENANT_NAME os.environ["OS_USERNAME"] = PROMISE_USER_NAME os.chdir(PROMISE_REPO_DIR + '/source/') results_file_name = os.path.join(RESULTS_DIR, 'promise-results.json') results_file = open(results_file_name, 'w+') cmd = 'npm run -s test -- --reporter json' logger.info("Running command: %s" % cmd) ret = subprocess.call(cmd, shell=True, stdout=results_file, stderr=subprocess.STDOUT) results_file.close() if ret == 0: logger.info("The test succeeded.") # test_status = 'OK' else: logger.info("The command '%s' failed." % cmd) # test_status = "Failed" # Print output of file with open(results_file_name, 'r') as results_file: data = results_file.read() logger.debug("\n%s" % data) json_data = json.loads(data) suites = json_data["stats"]["suites"] tests = json_data["stats"]["tests"] passes = json_data["stats"]["passes"] pending = json_data["stats"]["pending"] failures = json_data["stats"]["failures"] start_time_json = json_data["stats"]["start"] end_time = json_data["stats"]["end"] duration = float(json_data["stats"]["duration"]) / float(1000) logger.info("\n" "****************************************\n" " Promise test report\n\n" "****************************************\n" " Suites: \t%s\n" " Tests: \t%s\n" " Passes: \t%s\n" " Pending: \t%s\n" " Failures:\t%s\n" " Start: \t%s\n" " End: \t%s\n" " Duration:\t%s\n" "****************************************\n\n" % (suites, tests, passes, pending, failures, start_time_json, end_time, duration)) if args.report: stop_time = time.time() json_results = { "timestart": start_time, "duration": duration, "tests": int(tests), "failures": int(failures) } logger.debug("Promise Results json: " + str(json_results)) # criteria for Promise in Release B was 100% of tests OK status = "FAIL" if int(tests) > 32 and int(failures) < 1: status = "PASS" exit_code = 0 ft_utils.push_results_to_db("promise", "promise", start_time, stop_time, status, json_results) exit(exit_code)
def factory_fn(token, endpoint): return v2_0_client.Client(token=token, endpoint=endpoint, endpoint_override=endpoint, insecure=credential.https_insecure, cacert=credential.https_cacert)
def get_admin_client(instance=None): admin_client = client.Client(token=settings.ADMIN_TOKEN, endpoint=settings.ENDPOINT) return admin_client
def client_create_wrapper(): client.Client(username=self.TEST_USER, password="******", tenant_id=self.TEST_TENANT_ID, auth_url=self.TEST_URL)
def __init__(self, endpoint, token): self.api_version = 2 self.api = client.Client(endpoint=endpoint, token=token)
def __init__(self): self.keystone=ksclient.Client(auth_url="http://controller:35357/v2.0",username="******",password="******",tenant_name="admin") self.users=self.keystone.users self.roles=self.keystone.roles print "keystoneclient initialization successfully!"
def all(ip='127.0.0.1', port=8082, domain_name='default-domain', proj_name='my-proj', subnet='192.168.1.0', prefix=24, vn_name='my-vn'): testfail = 0 testpass = 0 fqdn = [domain_name] pobjs = {} kc = client.Client(username='******', password='******', tenant_name='admin', auth_url='http://127.0.0.1:5000/v2.0') # create admin account first to ensure there are no permission problems admin = User(ip, port, kc, 'admin', 'contrail123', 'admin', 'admin') alice = User(ip, port, kc, 'alice', 'alice123', 'alice-role', 'alice-proj') bob = User(ip, port, kc, 'bob', 'bob123', 'bob-role', 'bob-proj') # create domain domain = vnc_read_obj(admin.vnc_lib, 'domain', name=fqdn) if domain == None: domain = Domain(domain_name) admin.vnc_lib.domain_create(domain) domain = vnc_read_obj(vnc_lib, 'domain', name=domain.get_fq_name()) print 'Created domain %s' % fqdn # read projects alice.project_obj = vnc_read_obj(admin.vnc_lib, 'project', obj_uuid=alice.project_uuid) print 'Created Project object for %s' % alice.project bob.project_obj = vnc_read_obj(admin.vnc_lib, 'project', obj_uuid=bob.project_uuid) print 'Created Project object for %s' % bob.project # reassign ownership of projects to alice and bob (from admin) for user in [alice, bob]: print 'Change owner of project %s to %s' % (user.project, user.project_uuid) set_perms(user.project_obj, owner=user.project_uuid, share=[]) admin.vnc_lib.project_update(user.project_obj) # delete test VN if it exists for net_name in [vn_name, 'second-vn', 'bob-vn-in-alice-project']: vn_fq_name = [domain_name, alice.project, net_name] vn = vnc_read_obj(admin.vnc_lib, 'virtual-network', name=vn_fq_name) if vn: print '%s exists ... deleting to start fresh' % vn_fq_name admin.vnc_lib.virtual_network_delete(fq_name=vn_fq_name) print print '########### API ACCESS (CREATE) ##################' # delete api-access-list for alice and bob and disallow api access to their projects for user in [alice, bob]: print "Delete api-acl for project %s to disallow api access" % user.project vnc_fix_api_access_list(admin.vnc_lib, user.project_obj, rule_str=None) print 'alice: trying to create VN in her project' vn = VirtualNetwork(vn_name, alice.project_obj) try: alice.vnc_lib.virtual_network_create(vn) print '*** Created virtual network %s ... test failed!' % vn.get_fq_name( ) testfail += 1 except PermissionDenied as e: print 'Failed to create VN ... Test passes!' testpass += 1 if testfail > 0: sys.exit() # allow permission to create virtual-network for user in [alice, bob]: print "%s: project %s to allow full access to role %s" % \ (user.name, user.project, user.role) # note that collection API is set for create operation vnc_fix_api_access_list(admin.vnc_lib, user.project_obj, rule_str='virtual-networks %s:C' % user.role) print '' print 'alice: trying to create VN in her project' try: alice.vnc_lib.virtual_network_create(vn) print 'Created virtual network %s ... test passed!' % vn.get_fq_name() testpass += 1 except PermissionDenied as e: print 'Failed to create VN ... Test failed!' testfail += 1 if testfail > 0: sys.exit() print print '########### API ACCESS (READ) ##################' print 'alice: trying to read VN in her project (should fail)' try: vn2 = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn.get_fq_name()) print '*** Read VN without read permission ... test failed!!!' testfail += 1 except PermissionDenied as e: print 'Unable to read VN ... test passed' testpass += 1 if testfail > 0: sys.exit() # allow read access vnc_fix_api_access_list(admin.vnc_lib, alice.project_obj, rule_str='virtual-network %s:R' % alice.role) print 'alice: added permission to read virtual-network' print 'alice: trying to read VN in her project (should succeed)' try: vn2 = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn.get_fq_name()) print 'Read VN successfully ... test passed' testpass += 1 except PermissionDenied as e: testfail += 1 print '*** Read VN failed ... test failed!!!' if testfail > 0: sys.exit() print print '########### API ACCESS (UPDATE) ##################' print 'alice: trying to update VN in her project (should fail)' try: vn.display_name = "foobar" alice.vnc_lib.virtual_network_update(vn) print '*** Set field in virtual network %s ... test failed!' % vn.get_fq_name( ) testfail += 1 except PermissionDenied as e: print 'Unable to update field in VN ... Test succeeded!' testpass += 1 if testfail > 0: sys.exit() vnc_fix_api_access_list(admin.vnc_lib, alice.project_obj, rule_str='virtual-network %s:U' % alice.role) print '' print 'alice: added permission to update virtual-network' print 'alice: trying to set field in her VN ' try: vn.display_name = "foobar" alice.vnc_lib.virtual_network_update(vn) print 'Set field in virtual network %s ... test passed!' % vn.get_fq_name( ) testpass += 1 except PermissionDenied as e: print '*** Failed to update field in VN ... Test failed!' testfail += 1 if testfail > 0: sys.exit() vn2 = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn.get_fq_name()) print 'alice: display_name %s' % vn2.display_name if vn2.display_name != "foobar": testfail += 1 print '*** Failed to update shared field correctly in VN ... Test failed!' else: testpass += 1 print 'Updated shared field correctly in virtual network %s ... test passed!' % vn.get_fq_name( ) if testfail > 0: sys.exit() print print '########### API ACCESS (update field) ##################' print 'Restricting update of field to admin only ' vnc_fix_api_access_list(admin.vnc_lib, alice.project_obj, rule_str='virtual-network.display_name admin:U') try: vn.display_name = "alice" alice.vnc_lib.virtual_network_update(vn) print '*** Set field in virtual network %s ... test failed!' % vn.get_fq_name( ) testfail += 1 except PermissionDenied as e: print 'Failed to update field in VN ... Test passed!' testpass += 1 if testfail > 0: sys.exit() print print '########### API ACCESS (DELETE) ##################' # delete test VN ... should fail vn_fq_name = [domain_name, alice.project, vn_name] try: alice.vnc_lib.virtual_network_delete(fq_name=vn_fq_name) print '*** %s: Deleted VN %s ... test failed!' % (alice.name, vn_fq_name) testfail += 1 except PermissionDenied as e: print '%s: Error deleting VN %s ... test passed!' % (alice.name, vn_fq_name) testpass += 1 if testfail > 0: sys.exit() print print '############### PERMS2 ##########################' print 'Giving bob API level access to perform all ops on virtual-network' vnc_fix_api_access_list(admin.vnc_lib, bob.project_obj, rule_str='virtual-network %s:RUD' % bob.role) print '' print 'bob: trying to create VN in alice project ... should fail' try: vn2 = VirtualNetwork('bob-vn-in-alice-project', alice.project_obj) bob.vnc_lib.virtual_network_create(vn2) print '*** Created virtual network %s ... test failed!' % vn2.get_fq_name( ) testfail += 1 except PermissionDenied as e: print 'Failed to create VN ... Test passed!' testpass += 1 if testfail > 0: sys.exit() vn = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn_fq_name) print print '########### READ (SHARED WITH TENANT) ##################' print 'Disable share in virtual networks for others' set_perms(vn, share=[], global_access=PERMS_NONE) alice.vnc_lib.virtual_network_update(vn) print 'Reading VN as bob ... should fail' try: net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid()) print '*** Succeeded in reading VN. Test failed!' testfail += 1 except PermissionDenied as e: print 'Failed to read VN ... Test passed!' testpass += 1 if testfail > 0: sys.exit() print 'Enable share in virtual network for bob project' set_perms(vn, share=[(bob.project_uuid, PERMS_R)]) alice.vnc_lib.virtual_network_update(vn) print 'Reading VN as bob ... should succeed' try: net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid()) print 'Succeeded in reading VN. Test passed!' testpass += 1 except PermissionDenied as e: print '*** Failed to read VN ... Test failed!' testfail += 1 if testfail > 0: sys.exit() print print '########### READ (GLOBALLY SHARED ) ##################' print 'Disable share in virtual networks for others' set_perms(vn, share=[]) alice.vnc_lib.virtual_network_update(vn) print 'Reading VN as bob ... should fail' try: net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid()) print 'Succeeded in reading VN. Test failed!' testfail += 1 except PermissionDenied as e: print '*** Failed to read VN ... Test passed!' testpass += 1 if testfail > 0: sys.exit() print print 'Enable virtual networks in alice project for global sharing (read only)' set_perms(vn, share=[], global_access=PERMS_R) alice.vnc_lib.virtual_network_update(vn) print 'Reading VN as bob ... should succeed' try: net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid()) print 'Succeeded in reading VN. Test passed!' testpass += 1 except PermissionDenied as e: print '*** Failed to read VN ... Test failed!' testfail += 1 if testfail > 0: sys.exit() print 'Writing shared VN as bob ... should fail' try: vn.display_name = "foobar" bob.vnc_lib.virtual_network_update(vn) print '*** Succeeded in updating VN. Test failed!!' testfail += 1 except PermissionDenied as e: print 'Failed to update VN ... Test passed!' testpass += 1 if testfail > 0: sys.exit() print print 'Enable virtual networks in alice project for global sharing (read, write)' print 'Writing shared VN as bob ... should succeed' # important: read VN afresh to overwrite display_name update pending status vn = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn_fq_name) set_perms(vn, global_access=PERMS_RW) alice.vnc_lib.virtual_network_update(vn) try: bob.vnc_lib.virtual_network_update(vn) print 'Succeeded in updating VN. Test passed!' testpass += 1 except PermissionDenied as e: print '*** Failed to update VN ... Test failed!!' testfail += 1 if testfail > 0: sys.exit() print '' print '########################### Collections #################' print 'User should be able to see VN in own project and any shared' print '' print 'alice: get virtual network collection ... should fail' try: x = alice.vnc_lib.virtual_networks_list(parent_id=alice.project_uuid) print '*** Read VN collection without list permission ... test failed!' testfail += 1 except PermissionDenied as e: print 'Failed to read VN collection ... test passed' testpass += 1 if testfail > 0: sys.exit() # allow permission to read virtual-network collection for user in [alice, bob]: print "%s: project %s to allow collection access to role %s" % \ (user.name, user.project, user.role) # note that collection API is set for create operation vnc_fix_api_access_list(admin.vnc_lib, user.project_obj, rule_str='virtual-networks %s:CR' % user.role) # create one more VN in alice project to differentiate from what bob sees vn2 = VirtualNetwork('second-vn', alice.project_obj) alice.vnc_lib.virtual_network_create(vn2) print 'Alice: created additional VN %s in her project' % vn2.get_fq_name() print 'Alice: network list' x = alice.vnc_lib.virtual_networks_list(parent_id=alice.project_uuid) for item in x['virtual-networks']: print ' %s: %s' % (item['uuid'], item['fq_name']) expected = set(['my-vn', 'second-vn']) received = set([item['fq_name'][-1] for item in x['virtual-networks']]) if received != expected: print 'Alice: *** Received incorrect VN list ... test failed!' testfail += 1 else: print 'Alice: Received correct VN list ... test passed' testpass += 1 if testfail > 0: sys.exit() print print 'Bob: network list' y = bob.vnc_lib.virtual_networks_list(parent_id=bob.project_uuid) for item in y['virtual-networks']: print ' %s: %s' % (item['uuid'], item['fq_name']) # need changes in auto code generation for lists expected = set(['my-vn']) received = set([item['fq_name'][-1] for item in y['virtual-networks']]) if received != expected: print 'Bob: *** Received incorrect VN list ... test failed!' testfail += 1 else: print 'Bob: Received correct VN list ... test passed' testpass += 1 if testfail > 0: sys.exit() print print 'Tests fail=%d, pass=%d' % (testfail, testpass)