示例#1
0
    def create_client(self, version=None):
        """Return a keystone client.

        :param version: Keystone API version, can be one of:
            ("2", "3")

        If this object was constructed with a version in the api_info
        then that will be used unless the version parameter is passed.
        """
        from keystoneclient import client

        # Use the version in the api_info if provided, otherwise fall
        # back to the passed version (which may be None, in which case
        # keystoneclient chooses).

        version = self.choose_version(version)

        auth_url = self.credential.auth_url
        if version is not None:
            auth_url = self._remove_url_version()
        sess, plugin = self._get_session(auth_url=auth_url, version=version)
        # NOTE(bigjools): When using sessions, keystoneclient no longer
        # does any pre-auth and calling client.authenticate() with
        # sessions is deprecated (it's still possible to call it but if
        # endpoint is defined it'll crash). We're forcing that pre-auth
        # here because the use of the service_catalog depends on doing
        # this. Also note that while the API has got the
        # endpoints.list() equivalent, there is no service_type in that
        # list which is why we need to ensure service_catalog is still
        # present.
        auth_ref = plugin.get_access(sess)
        ks = client.Client(version=version, session=sess,
                           timeout=CONF.openstack_client_http_timeout)
        ks.auth_ref = auth_ref
        return ks
示例#2
0
    def create_client(self, version=None):
        """Return a keystone client.

        :param version: Keystone API version, can be one of:
            ("2", "3")

        If this object was constructed with a version in the api_info
        then that will be used unless the version parameter is passed.
        """
        import keystoneclient
        from keystoneclient import client

        # Use the version in the api_info if provided, otherwise fall
        # back to the passed version (which may be None, in which case
        # keystoneclient chooses).

        version = self.choose_version(version)

        auth_url = self.credential.auth_url
        if version is not None:
            auth_url = self._remove_url_version()
        sess, plugin = self._get_session(auth_url=auth_url, version=version)
        # NOTE(bigjools): When using sessions, keystoneclient no longer
        # does any pre-auth and calling client.authenticate() with
        # sessions is deprecated (it's still possible to call it but if
        # endpoint is defined it'll crash). We're forcing that pre-auth
        # here because the use of the service_catalog depends on doing
        # this. Also note that while the API has got the
        # endpoints.list() equivalent, there is no service_type in that
        # list which is why we need to ensure service_catalog is still
        # present.
        auth_ref = plugin.get_access(sess)
        kw = {"version": version, "session": sess,
              "timeout": CONF.openstack_client_http_timeout}
        if keystoneclient.__version__[0] == "1":
            # NOTE(andreykurilin): let's leave this hack for envs which uses
            #  old(<2.0.0) keystoneclient version. Upstream fix:
            #  https://github.com/openstack/python-keystoneclient/commit/d9031c252848d89270a543b67109a46f9c505c86
            from keystoneclient import base
            kw["auth_url"] = sess.get_endpoint(interface=base.AUTH_INTERFACE)
        if self.credential.endpoint_type:
            kw["endpoint_type"] = self.credential.endpoint_type
        ks = client.Client(**kw)
        ks.auth_ref = auth_ref
        return ks
示例#3
0
 def auth_ref(self):
     try:
         if "keystone_auth_ref" not in self.cache:
             sess, plugin = self.get_session()
             self.cache["keystone_auth_ref"] = plugin.get_access(sess)
     except Exception as e:
         if logging.is_debug():
             LOG.exception("Unable to authenticate for user"
                           " %(username)s in project"
                           " %(tenant_name)s" %
                           {"username": self.credential.username,
                            "tenant_name": self.credential.tenant_name})
         raise exceptions.AuthenticationFailed(
             username=self.credential.username,
             project=self.credential.tenant_name,
             url=self.credential.auth_url,
             etype=e.__class__.__name__,
             error=str(e))
     return self.cache["keystone_auth_ref"]
示例#4
0
    def auth_ref(self):
        try:
            if "keystone_auth_ref" not in self.cache:
                sess, plugin = self.get_session()
                self.cache["keystone_auth_ref"] = plugin.get_access(sess)
        except Exception as original_e:
            e = AuthenticationFailed(
                error=original_e,
                username=self.credential.username,
                project=self.credential.tenant_name,
                url=self.credential.auth_url
            )
            if logging.is_debug() and e.is_trace_helpful():
                LOG.exception("Unable to authenticate for user"
                              " %(username)s in project"
                              " %(tenant_name)s" %
                              {"username": self.credential.username,
                               "tenant_name": self.credential.tenant_name})

            raise e from None
        return self.cache["keystone_auth_ref"]
示例#5
0
    def create_client(self, version=None):
        """Return a keystone client.

        :param version: Keystone API version, can be one of:
            ("2", "3")

        If this object was constructed with a version in the api_info
        then that will be used unless the version parameter is passed.
        """
        from keystoneclient import client

        # Use the version in the api_info if provided, otherwise fall
        # back to the passed version (which may be None, in which case
        # keystoneclient chooses).

        version = self.choose_version(version)

        auth_url = self.credential.auth_url
        if version is not None:
            auth_url = self._remove_url_version()
        sess, plugin = self._get_session(auth_url=auth_url, version=version)
        # NOTE(bigjools): When using sessions, keystoneclient no longer
        # does any pre-auth and calling client.authenticate() with
        # sessions is deprecated (it's still possible to call it but if
        # endpoint is defined it'll crash). We're forcing that pre-auth
        # here because the use of the service_catalog depends on doing
        # this. Also note that while the API has got the
        # endpoints.list() equivalent, there is no service_type in that
        # list which is why we need to ensure service_catalog is still
        # present.
        auth_ref = plugin.get_access(sess)
        ks = client.Client(version=version,
                           session=sess,
                           timeout=CONF.openstack_client_http_timeout)
        ks.auth_ref = auth_ref
        return ks
示例#6
0
 def auth_ref(self):
     if "keystone_auth_ref" not in self.cache:
         sess, plugin = self.get_session()
         self.cache["keystone_auth_ref"] = plugin.get_access(sess)
     return self.cache["keystone_auth_ref"]
示例#7
0
 def auth_ref(self):
     if "keystone_auth_ref" not in self.cache:
         sess, plugin = self.get_session()
         self.cache["keystone_auth_ref"] = plugin.get_access(sess)
     return self.cache["keystone_auth_ref"]