def authenticate_keystone_user(self, keystone, user, password, tenant): """Authenticates a regular user with the keystone public endpoint.""" ep = keystone.service_catalog.url_for(service_type='identity', endpoint_type='publicURL') return keystone_client.Client(username=user, password=password, tenant_name=tenant, auth_url=ep)
def authenticate_keystone_admin(self, keystone_sentry, user, password, tenant): """Authenticates admin user with the keystone admin endpoint.""" unit = keystone_sentry service_ip = unit.relation('shared-db', 'mysql:shared-db')['private-address'] ep = "http://{}:35357/v2.0".format(service_ip.strip().decode('utf-8')) return keystone_client.Client(username=user, password=password, tenant_name=tenant, auth_url=ep)
def authenticate_user(self): """Make sure the user has provided all of the authentication info we need. """ if not self.options.os_token: if not self.options.os_username: raise exception.CommandError( "You must provide a username via" " either --os-username or env[OS_USERNAME]") if not self.options.os_password: raise exception.CommandError( "You must provide a password via" " either --os-password or env[OS_PASSWORD]") if (not self.options.os_tenant_name and not self.options.os_tenant_id): raise exception.CommandError( "You must provide a tenant_name or tenant_id via" " --os-tenant-name, env[OS_TENANT_NAME]" " --os-tenant-id, or via env[OS_TENANT_ID]") if not self.options.os_auth_url: raise exception.CommandError( "You must provide an auth url via" " either --os-auth-url or via env[OS_AUTH_URL]") keystone = keystone_client.Client( token=self.options.os_token, auth_url=self.options.os_auth_url, tenant_id=self.options.os_tenant_id, tenant_name=self.options.os_tenant_name, password=self.options.os_password, region_name=self.options.os_region_name, username=self.options.os_username, insecure=self.options.insecure, cert=self.options.os_cacert) auth = keystone.authenticate() if auth: try: kwstandby_url = keystone.service_catalog.url_for( service_type='standby') except keystone_exceptions.EndpointNotFound: raise exception.NoKwstandbyEndpoint() else: raise exception.NotAuthorized("User %s is not authorized." % self.options.os_username) client = kwstandby_client.Client(1, kwstandby_url=kwstandby_url, auth_token=keystone.auth_token) self.client = client return
def main(args=None): cfg = parse_args(args) # Make the inventory of the OpenStack install keystone = kc.Client( username=cfg.os_username, tenant_name=cfg.os_tenant_name, password=cfg.os_password, auth_url=cfg.os_auth_url, ) endpoints = keystone.service_catalog.get_endpoints() cli_surveil = sc.Client(cfg.api_url, version='1_0') for ep in endpoints.get('identity', []): cli_surveil.hosts.create( host_name='OS_keystone_host_%s' % ep['id'], use='linux-keystone', address=urlparse.urlparse(ep['publicURL']).hostname, custom_fields={ '_OS_AUTH_URL': ep['publicURL'], '_OS_USERNAME': cfg.os_username, '_OS_PASSWORD': cfg.os_password, '_OS_TENANT_NAME': cfg.os_tenant_name, '_KS_SERVICES': 'identity', } ) for ep in endpoints.get('image', []): cli_surveil.hosts.create( host_name='OS_glance_host_%s' % ep['id'], use='linux-glance', address=urlparse.urlparse(ep['publicURL']).hostname, custom_fields={ '_OS_AUTH_URL': ep['publicURL'], '_OS_USERNAME': cfg.os_username, '_OS_PASSWORD': cfg.os_password, '_OS_TENANT_NAME': cfg.os_tenant_name, '_OS_GLANCE_URL': ep['publicURL'] + '/v1', } ) # Reload the surveil config cli_surveil.reload_config()
def _authenticate_keystone_admin(self, keystone_sentry, user, password, tenant, service_ip=None): """Authenticates admin user with the keystone admin endpoint. This should be factored into:L charmhelpers.contrib.openstack.amulet.utils.OpenStackAmuletUtils """ if not service_ip: unit = keystone_sentry service_ip = unit.relation('shared-db', 'mysql:shared-db')['private-address'] ep = "http://{}:35357/v2.0".format(service_ip.strip().decode('utf-8')) return keystone_client.Client(username=user, password=password, tenant_name=tenant, auth_url=ep)