def get_credentials(fill_in=True, identity_version=None, **kwargs): """Get credentials from dict based on config Wrapper around auth.get_credentials to use the configured identity version if none is specified. :param fill_in: If True, a request to the Token API is submitted, and the credential object is filled in with all names and IDs from the token API response. :param identity_version: The identity version to talk to and the type of credentials object to be created. 'v2' or 'v3'. :param kwargs: Attributes to be used to build the Credentials object. :returns: An object of a sub-type of `auth.Credentials` """ params = dict(DEFAULT_PARAMS, **kwargs) identity_version = identity_version or CONF.identity.auth_version # In case of "v3" add the domain from config if not specified # To honour the "default_credentials_domain_name", if not domain # field is specified at all, add it the credential dict. if identity_version == 'v3': domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES if 'domain' in x) if not domain_fields.intersection(kwargs.keys()): domain_name = CONF.auth.default_credentials_domain_name # NOTE(andreaf) Setting domain_name implicitly sets user and # project domain names, if they are None params['domain_name'] = domain_name auth_url = CONF.identity.uri_v3 else: auth_url = CONF.identity.uri return auth.get_credentials(auth_url, fill_in=fill_in, identity_version=identity_version, **params)
def get_credentials(fill_in=True, identity_version=None, **kwargs): """Get credentials from dict based on config Wrapper around auth.get_credentials to use the configured identity version if none is specified. :param fill_in: If True, a request to the Token API is submitted, and the credential object is filled in with all names and IDs from the token API response. :param identity_version: The identity version to talk to and the type of credentials object to be created. 'v2' or 'v3'. :param kwargs: Attributes to be used to build the Credentials object. :returns: An object of a sub-type of `auth.Credentials` """ params = dict(config.service_client_config(), **kwargs) identity_version = identity_version or CONF.identity.auth_version # In case of "v3" add the domain from config if not specified # To honour the "default_credentials_domain_name", if not domain # field is specified at all, add it the credential dict. if identity_version == 'v3': domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES if 'domain' in x) if not domain_fields.intersection(kwargs.keys()): domain_name = CONF.auth.default_credentials_domain_name # NOTE(andreaf) Setting domain_name implicitly sets user and # project domain names, if they are None params['domain_name'] = domain_name auth_url = CONF.identity.uri_v3 else: auth_url = CONF.identity.uri return auth.get_credentials(auth_url, fill_in=fill_in, identity_version=identity_version, **params)
def get_credentials(self, user, project, password): # User and project already include both ID and name here, # so there's no need to use the fill_in mode return auth.get_credentials( auth_url=None, fill_in=False, identity_version='v2', username=user['name'], user_id=user['id'], tenant_name=project['name'], tenant_id=project['id'], password=password)
def test_get_hash(self): self.stubs.Set(token_client.TokenClient, 'raw_request', fake_identity._fake_v2_response) test_account_class = preprov_creds.PreProvisionedCredentialProvider( **self.fixed_params) hash_list = self._get_hash_list(self.test_accounts) test_cred_dict = self.test_accounts[3] test_creds = auth.get_credentials(fake_identity.FAKE_AUTH_URL, **test_cred_dict) results = test_account_class.get_hash(test_creds) self.assertEqual(hash_list[3], results)
def set_credentials(self): """Gets and saves Tempest credentials from auth library.""" creds_kwargs = self._get_creds_kwargs() disable_ssl = self.disable_ssl_certificate_validation self.tempest_creds = auth.get_credentials( auth_url=None, fill_in=False, identity_version=self.identity_version, disable_ssl_certificate_validation=disable_ssl, ca_certs=self.ca_certs, **creds_kwargs)
def get_credentials(self, user, project, password): # User, project and domain already include both ID and name here, # so there's no need to use the fill_in mode. return auth.get_credentials( auth_url=None, fill_in=False, identity_version='v3', username=user['name'], user_id=user['id'], project_name=project['name'], project_id=project['id'], password=password, project_domain_id=self.creds_domain['id'], project_domain_name=self.creds_domain['name'])
def test_get_hash(self): # Test with all accounts to make sure we try all combinations # and hide no race conditions hash_index = 0 for test_cred_dict in self.test_accounts: test_account_class = preprov_creds.PreProvisionedCredentialProvider(**self.fixed_params) hash_list = self._get_hash_list(self.test_accounts) test_creds = auth.get_credentials( fake_identity.FAKE_AUTH_URL, identity_version=self.fixed_params["identity_version"], **test_cred_dict ) results = test_account_class.get_hash(test_creds) self.assertEqual(hash_list[hash_index], results) hash_index += 1
def get_credentials(fill_in=True, identity_version=None, **kwargs): params = dict(DEFAULT_PARAMS, **kwargs) identity_version = identity_version or CONF.identity.auth_version # In case of "v3" add the domain from config if not specified if identity_version == "v3": domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES if "domain" in x) if not domain_fields.intersection(kwargs.keys()): domain_name = CONF.auth.default_credentials_domain_name params["user_domain_name"] = domain_name auth_url = CONF.identity.uri_v3 else: auth_url = CONF.identity.uri return auth.get_credentials(auth_url, fill_in=fill_in, identity_version=identity_version, **params)
def test_get_hash(self): # Test with all accounts to make sure we try all combinations # and hide no race conditions hash_index = 0 for test_cred_dict in self.test_accounts: test_account_class = ( preprov_creds.PreProvisionedCredentialProvider( **self.fixed_params)) hash_list = self._get_hash_list(self.test_accounts) test_creds = auth.get_credentials( fake_identity.FAKE_AUTH_URL, identity_version=self.fixed_params['identity_version'], **test_cred_dict) results = test_account_class.get_hash(test_creds) self.assertEqual(hash_list[hash_index], results) hash_index += 1
def get_credentials(self, user, project, password): # User, project and domain already include both ID and name here, # so there's no need to use the fill_in mode. # NOTE(andreaf) We need to set all fields in the returned credentials. # Scope is then used to pick only those relevant for the type of # token needed by each service client. return auth.get_credentials( auth_url=None, fill_in=False, identity_version='v3', username=user['name'], user_id=user['id'], project_name=project['name'], project_id=project['id'], password=password, project_domain_id=self.creds_domain['id'], project_domain_name=self.creds_domain['name'], domain_id=self.creds_domain['id'], domain_name=self.creds_domain['name'])
def get_credentials(fill_in=True, identity_version=None, **kwargs): params = dict(DEFAULT_PARAMS, **kwargs) identity_version = identity_version or CONF.identity.auth_version # In case of "v3" add the domain from config if not specified if identity_version == 'v3': domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES if 'domain' in x) if not domain_fields.intersection(kwargs.keys()): domain_name = CONF.auth.default_credentials_domain_name params['user_domain_name'] = domain_name auth_url = CONF.identity.uri_v3 else: auth_url = CONF.identity.uri return auth.get_credentials(auth_url, fill_in=fill_in, identity_version=identity_version, **params)
def _wrap_creds_with_network(self, hash): creds_dict = self.hash_dict["creds"][hash] # Make sure a domain scope if defined for users in case of V3 # Make sure a tenant is available in case of V2 creds_dict = self._extend_credentials(creds_dict) # This just builds a Credentials object, it does not validate # nor fill with missing fields. credential = auth.get_credentials( auth_url=None, fill_in=False, identity_version=self.identity_version, **creds_dict ) net_creds = cred_provider.TestResources(credential) net_clients = clients.Manager(credentials=credential) compute_network_client = net_clients.compute_networks_client net_name = self.hash_dict["networks"].get(hash, None) try: network = fixed_network.get_network_from_name(net_name, compute_network_client) except exceptions.InvalidTestResource: network = {} net_creds.set_resources(network=network) return net_creds
def get_client_manager(os_auth_url, username, password, tenant_name=None, identity_version='v2', **kwargs): halt = kwargs.pop('halt', False) verbose = kwargs.pop('verbose', True) cm_conf = dict( username=username, password=password, identity_version=identity_version, fill_in=True, tenant_name=(tenant_name if tenant_name else username), disable_ssl_certificate_validation=True) cmgr = None cm_conf.update(kwargs) if halt: import pdb; pdb.set_trace() l_creds = l_auth.get_credentials(os_auth_url, **cm_conf) cmgr = clients.Manager(l_creds, os_auth_url, verbose=verbose) return cmgr
def get_credentials(self, conf, username, tenant_name, password, identity_version='v2'): creds_kwargs = {'username': username, 'password': password} if identity_version == 'v3': creds_kwargs.update({'project_name': tenant_name, 'domain_name': 'Default', 'user_domain_name': 'Default'}) else: creds_kwargs.update({'tenant_name': tenant_name}) return auth.get_credentials( auth_url=None, fill_in=False, identity_version=identity_version, disable_ssl_certificate_validation=conf.get_defaulted( 'identity', 'disable_ssl_certificate_validation'), ca_certs=conf.get_defaulted( 'identity', 'ca_certificates_file'), **creds_kwargs)
def _wrap_creds_with_network(self, hash): creds_dict = self.hash_dict['creds'][hash] # Make sure a domain scope if defined for users in case of V3 # Make sure a tenant is available in case of V2 creds_dict = self._extend_credentials(creds_dict) # This just builds a Credentials object, it does not validate # nor fill with missing fields. credential = auth.get_credentials( auth_url=None, fill_in=False, identity_version=self.identity_version, **creds_dict) net_creds = cred_provider.TestResources(credential) net_clients = clients.ServiceClients(credentials=credential, identity_uri=self.identity_uri) networks_client = net_clients.network.NetworksClient() net_name = self.hash_dict['networks'].get(hash, None) try: network = fixed_network.get_network_from_name( net_name, networks_client) except lib_exc.InvalidTestResource: network = {} net_creds.set_resources(network=network) return net_creds
def get_credentials(fill_in=True, identity_version=None, **kwargs): params = dict(DEFAULT_PARAMS, **kwargs) identity_version = identity_version or CONF.identity.auth_version # In case of "v3" add the domain from config if not specified # To honour the "default_credentials_domain_name", if not domain # field is specified at all, add it the credential dict. if identity_version == 'v3': domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES if 'domain' in x) if not domain_fields.intersection(kwargs.keys()): domain_name = CONF.auth.default_credentials_domain_name # NOTE(andreaf) Setting domain_name implicitly sets user and # project domain names, if they are None params['domain_name'] = domain_name auth_url = CONF.identity.uri_v3 else: auth_url = CONF.identity.uri return auth.get_credentials(auth_url, fill_in=fill_in, identity_version=identity_version, **params)
def _verify_credentials(self, credentials_class, creds_dict, filled=True): creds = auth.get_credentials(fake_identity.FAKE_AUTH_URL, fill_in=filled, identity_version=self.identity_version, **creds_dict) self._check(creds, credentials_class, filled)
def _verify_credentials(self, credentials_class, creds_dict, filled=True): creds = auth.get_credentials( fake_identity.FAKE_AUTH_URL, fill_in=filled, identity_version=self.identity_version, **creds_dict ) self._check(creds, credentials_class, filled)
def test_invalid_identity_version(self): with testtools.ExpectedException(exceptions.InvalidIdentityVersion, '.* v1 .*'): auth.get_credentials('http://localhost/identity/v3', identity_version='v1')