def get_credentials(fill_in=True, identity_version=None, **kwargs):
"""Get credentials from dict based on config
Wrapper around auth.get_credentials to use the configured identity version
if none is specified.
:param fill_in: If True, a request to the Token API is submitted, and the
credential object is filled in with all names and IDs from
the token API response.
:param identity_version: The identity version to talk to and the type of
credentials object to be created. 'v2' or 'v3'.
:param kwargs: Attributes to be used to build the Credentials object.
:returns: An object of a sub-type of `auth.Credentials`
"""
params = dict(DEFAULT_PARAMS, **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
# To honour the "default_credentials_domain_name", if not domain
# field is specified at all, add it the credential dict.
if identity_version == 'v3':
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
if 'domain' in x)
if not domain_fields.intersection(kwargs.keys()):
domain_name = CONF.auth.default_credentials_domain_name
# NOTE(andreaf) Setting domain_name implicitly sets user and
# project domain names, if they are None
params['domain_name'] = domain_name
auth_url = CONF.identity.uri_v3
else:
auth_url = CONF.identity.uri
return auth.get_credentials(auth_url,
fill_in=fill_in,
identity_version=identity_version,
**params)
def get_credentials(fill_in=True, identity_version=None, **kwargs):
"""Get credentials from dict based on config
Wrapper around auth.get_credentials to use the configured identity version
if none is specified.
:param fill_in: If True, a request to the Token API is submitted, and the
credential object is filled in with all names and IDs from
the token API response.
:param identity_version: The identity version to talk to and the type of
credentials object to be created. 'v2' or 'v3'.
:param kwargs: Attributes to be used to build the Credentials object.
:returns: An object of a sub-type of `auth.Credentials`
"""
params = dict(config.service_client_config(), **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
# To honour the "default_credentials_domain_name", if not domain
# field is specified at all, add it the credential dict.
if identity_version == 'v3':
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
if 'domain' in x)
if not domain_fields.intersection(kwargs.keys()):
domain_name = CONF.auth.default_credentials_domain_name
# NOTE(andreaf) Setting domain_name implicitly sets user and
# project domain names, if they are None
params['domain_name'] = domain_name
auth_url = CONF.identity.uri_v3
else:
auth_url = CONF.identity.uri
return auth.get_credentials(auth_url,
fill_in=fill_in,
identity_version=identity_version,
**params)
def get_credentials(self, user, project, password):
# User and project already include both ID and name here,
# so there's no need to use the fill_in mode
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version='v2',
username=user['name'], user_id=user['id'],
tenant_name=project['name'], tenant_id=project['id'],
password=password)
def get_credentials(self, user, project, password):
# User and project already include both ID and name here,
# so there's no need to use the fill_in mode
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version='v2',
username=user['name'], user_id=user['id'],
tenant_name=project['name'], tenant_id=project['id'],
password=password)
def test_get_hash(self):
self.stubs.Set(token_client.TokenClient, 'raw_request',
fake_identity._fake_v2_response)
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hash_list = self._get_hash_list(self.test_accounts)
test_cred_dict = self.test_accounts[3]
test_creds = auth.get_credentials(fake_identity.FAKE_AUTH_URL,
**test_cred_dict)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[3], results)
def set_credentials(self):
"""Gets and saves Tempest credentials from auth library."""
creds_kwargs = self._get_creds_kwargs()
disable_ssl = self.disable_ssl_certificate_validation
self.tempest_creds = auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version=self.identity_version,
disable_ssl_certificate_validation=disable_ssl,
ca_certs=self.ca_certs,
**creds_kwargs)
def test_get_hash(self):
self.stubs.Set(token_client.TokenClient, 'raw_request',
fake_identity._fake_v2_response)
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hash_list = self._get_hash_list(self.test_accounts)
test_cred_dict = self.test_accounts[3]
test_creds = auth.get_credentials(fake_identity.FAKE_AUTH_URL,
**test_cred_dict)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[3], results)
def get_credentials(self, user, project, password):
# User, project and domain already include both ID and name here,
# so there's no need to use the fill_in mode.
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version='v3',
username=user['name'], user_id=user['id'],
project_name=project['name'], project_id=project['id'],
password=password,
project_domain_id=self.creds_domain['id'],
project_domain_name=self.creds_domain['name'])
def get_credentials(self, user, project, password):
# User, project and domain already include both ID and name here,
# so there's no need to use the fill_in mode.
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version='v3',
username=user['name'], user_id=user['id'],
project_name=project['name'], project_id=project['id'],
password=password,
project_domain_id=self.creds_domain['id'],
project_domain_name=self.creds_domain['name'])
def test_get_hash(self):
# Test with all accounts to make sure we try all combinations
# and hide no race conditions
hash_index = 0
for test_cred_dict in self.test_accounts:
test_account_class = preprov_creds.PreProvisionedCredentialProvider(**self.fixed_params)
hash_list = self._get_hash_list(self.test_accounts)
test_creds = auth.get_credentials(
fake_identity.FAKE_AUTH_URL, identity_version=self.fixed_params["identity_version"], **test_cred_dict
)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[hash_index], results)
hash_index += 1
def get_credentials(fill_in=True, identity_version=None, **kwargs):
params = dict(DEFAULT_PARAMS, **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
if identity_version == "v3":
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES if "domain" in x)
if not domain_fields.intersection(kwargs.keys()):
domain_name = CONF.auth.default_credentials_domain_name
params["user_domain_name"] = domain_name
auth_url = CONF.identity.uri_v3
else:
auth_url = CONF.identity.uri
return auth.get_credentials(auth_url, fill_in=fill_in, identity_version=identity_version, **params)
def test_get_hash(self):
# Test with all accounts to make sure we try all combinations
# and hide no race conditions
hash_index = 0
for test_cred_dict in self.test_accounts:
test_account_class = (
preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params))
hash_list = self._get_hash_list(self.test_accounts)
test_creds = auth.get_credentials(
fake_identity.FAKE_AUTH_URL,
identity_version=self.fixed_params['identity_version'],
**test_cred_dict)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[hash_index], results)
hash_index += 1
def get_credentials(self, user, project, password):
# User, project and domain already include both ID and name here,
# so there's no need to use the fill_in mode.
# NOTE(andreaf) We need to set all fields in the returned credentials.
# Scope is then used to pick only those relevant for the type of
# token needed by each service client.
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version='v3',
username=user['name'], user_id=user['id'],
project_name=project['name'], project_id=project['id'],
password=password,
project_domain_id=self.creds_domain['id'],
project_domain_name=self.creds_domain['name'],
domain_id=self.creds_domain['id'],
domain_name=self.creds_domain['name'])
def get_credentials(fill_in=True, identity_version=None, **kwargs):
params = dict(DEFAULT_PARAMS, **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
if identity_version == 'v3':
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
if 'domain' in x)
if not domain_fields.intersection(kwargs.keys()):
domain_name = CONF.auth.default_credentials_domain_name
params['user_domain_name'] = domain_name
auth_url = CONF.identity.uri_v3
else:
auth_url = CONF.identity.uri
return auth.get_credentials(auth_url,
fill_in=fill_in,
identity_version=identity_version,
**params)
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict["creds"][hash]
# Make sure a domain scope if defined for users in case of V3
# Make sure a tenant is available in case of V2
creds_dict = self._extend_credentials(creds_dict)
# This just builds a Credentials object, it does not validate
# nor fill with missing fields.
credential = auth.get_credentials(
auth_url=None, fill_in=False, identity_version=self.identity_version, **creds_dict
)
net_creds = cred_provider.TestResources(credential)
net_clients = clients.Manager(credentials=credential)
compute_network_client = net_clients.compute_networks_client
net_name = self.hash_dict["networks"].get(hash, None)
try:
network = fixed_network.get_network_from_name(net_name, compute_network_client)
except exceptions.InvalidTestResource:
network = {}
net_creds.set_resources(network=network)
return net_creds
def get_client_manager(os_auth_url, username, password,
tenant_name=None,
identity_version='v2',
**kwargs):
halt = kwargs.pop('halt', False)
verbose = kwargs.pop('verbose', True)
cm_conf = dict(
username=username,
password=password,
identity_version=identity_version,
fill_in=True,
tenant_name=(tenant_name if tenant_name else username),
disable_ssl_certificate_validation=True)
cmgr = None
cm_conf.update(kwargs)
if halt:
import pdb;
pdb.set_trace()
l_creds = l_auth.get_credentials(os_auth_url, **cm_conf)
cmgr = clients.Manager(l_creds, os_auth_url, verbose=verbose)
return cmgr
def get_credentials(self, conf, username, tenant_name, password,
identity_version='v2'):
creds_kwargs = {'username': username,
'password': password}
if identity_version == 'v3':
creds_kwargs.update({'project_name': tenant_name,
'domain_name': 'Default',
'user_domain_name': 'Default'})
else:
creds_kwargs.update({'tenant_name': tenant_name})
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version=identity_version,
disable_ssl_certificate_validation=conf.get_defaulted(
'identity',
'disable_ssl_certificate_validation'),
ca_certs=conf.get_defaulted(
'identity',
'ca_certificates_file'),
**creds_kwargs)
def get_credentials(self, conf, username, tenant_name, password,
identity_version='v2'):
creds_kwargs = {'username': username,
'password': password}
if identity_version == 'v3':
creds_kwargs.update({'project_name': tenant_name,
'domain_name': 'Default',
'user_domain_name': 'Default'})
else:
creds_kwargs.update({'tenant_name': tenant_name})
return auth.get_credentials(
auth_url=None,
fill_in=False,
identity_version=identity_version,
disable_ssl_certificate_validation=conf.get_defaulted(
'identity',
'disable_ssl_certificate_validation'),
ca_certs=conf.get_defaulted(
'identity',
'ca_certificates_file'),
**creds_kwargs)
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash]
# Make sure a domain scope if defined for users in case of V3
# Make sure a tenant is available in case of V2
creds_dict = self._extend_credentials(creds_dict)
# This just builds a Credentials object, it does not validate
# nor fill with missing fields.
credential = auth.get_credentials(
auth_url=None, fill_in=False,
identity_version=self.identity_version, **creds_dict)
net_creds = cred_provider.TestResources(credential)
net_clients = clients.ServiceClients(credentials=credential,
identity_uri=self.identity_uri)
networks_client = net_clients.network.NetworksClient()
net_name = self.hash_dict['networks'].get(hash, None)
try:
network = fixed_network.get_network_from_name(
net_name, networks_client)
except lib_exc.InvalidTestResource:
network = {}
net_creds.set_resources(network=network)
return net_creds
def get_credentials(fill_in=True, identity_version=None, **kwargs):
params = dict(DEFAULT_PARAMS, **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
# To honour the "default_credentials_domain_name", if not domain
# field is specified at all, add it the credential dict.
if identity_version == 'v3':
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
if 'domain' in x)
if not domain_fields.intersection(kwargs.keys()):
domain_name = CONF.auth.default_credentials_domain_name
# NOTE(andreaf) Setting domain_name implicitly sets user and
# project domain names, if they are None
params['domain_name'] = domain_name
auth_url = CONF.identity.uri_v3
else:
auth_url = CONF.identity.uri
return auth.get_credentials(auth_url,
fill_in=fill_in,
identity_version=identity_version,
**params)
def get_credentials(fill_in=True, identity_version=None, **kwargs):
params = dict(DEFAULT_PARAMS, **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
# To honour the "default_credentials_domain_name", if not domain
# field is specified at all, add it the credential dict.
if identity_version == 'v3':
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
if 'domain' in x)
if not domain_fields.intersection(kwargs.keys()):
domain_name = CONF.auth.default_credentials_domain_name
# NOTE(andreaf) Setting domain_name implicitly sets user and
# project domain names, if they are None
params['domain_name'] = domain_name
auth_url = CONF.identity.uri_v3
else:
auth_url = CONF.identity.uri
return auth.get_credentials(auth_url,
fill_in=fill_in,
identity_version=identity_version,
**params)
def _verify_credentials(self, credentials_class, creds_dict, filled=True):
creds = auth.get_credentials(fake_identity.FAKE_AUTH_URL,
fill_in=filled,
identity_version=self.identity_version,
**creds_dict)
self._check(creds, credentials_class, filled)
def _verify_credentials(self, credentials_class, creds_dict, filled=True):
creds = auth.get_credentials(
fake_identity.FAKE_AUTH_URL, fill_in=filled, identity_version=self.identity_version, **creds_dict
)
self._check(creds, credentials_class, filled)
def test_invalid_identity_version(self):
with testtools.ExpectedException(exceptions.InvalidIdentityVersion,
'.* v1 .*'):
auth.get_credentials('http://localhost/identity/v3',
identity_version='v1')
