Python keystoneauth1.loading.load_session_from_conf_options() Examples
The following are 27
code examples of keystoneauth1.loading.load_session_from_conf_options().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
keystoneauth1.loading
, or try the search function
.
.
Example #1
| Source File: client.py From neutron-lib with Apache License 2.0 | 6 votes |
|
def _create_client(self):
"""Create the HTTP session accessing the placement service."""
# Flush _resource_providers and aggregates so we start from a
# clean slate.
self._resource_providers = {}
self._provider_aggregate_map = {}
# TODO(lajoskatona): perhaps not the best to override config options,
# actually the abused keystoneauth1 options are:
# auth_type (used for deciding for NoAuthClient) and auth_section
# (used for communicating the url for the NoAuthClient)
if self._conf.placement.auth_type == 'noauth':
return NoAuthClient(self._conf.placement.auth_section)
else:
auth_plugin = keystone.load_auth_from_conf_options(
self._conf, 'placement')
return keystone.load_session_from_conf_options(
self._conf, 'placement', auth=auth_plugin,
additional_headers={'accept': 'application/json'})
Example #2
| Source File: client_auth.py From manila with Apache License 2.0 | 6 votes |
|
def get_client(self, context, admin=False, **kwargs):
"""Get's the client with the correct auth/session context
"""
auth_plugin = None
if not self.session:
self.session = ks_loading.load_session_from_conf_options(
self.conf, self.group)
if admin or (context.is_admin and not context.auth_token):
if not self.admin_auth:
self.admin_auth = self._load_auth_plugin()
auth_plugin = self.admin_auth
else:
# NOTE(mkoderer): Manila basically needs admin clients for
# it's actions. If needed this must be enhanced later
raise exception.ManilaException(
_("Client (%s) is not flagged as admin") % self.group)
return self.client_class(session=self.session, auth=auth_plugin,
**kwargs)
Example #3
| Source File: keystone.py From mistral-extra with Apache License 2.0 | 6 votes |
|
def get_admin_session():
"""Returns a keystone session from Mistral's service credentials."""
if CONF.keystone_authtoken.auth_type is None:
auth = auth_plugins.Password(
CONF.keystone_authtoken.www_authenticate_uri,
username=CONF.keystone_authtoken.admin_user,
password=CONF.keystone_authtoken.admin_password,
project_name=CONF.keystone_authtoken.admin_tenant_name,
# NOTE(jaosorior): Once mistral supports keystone v3 properly, we
# can fetch the following values from the configuration.
user_domain_name='Default',
project_domain_name='Default')
return ks_session.Session(auth=auth)
else:
auth = loading.load_auth_from_conf_options(
CONF,
'keystone_authtoken'
)
return loading.load_session_from_conf_options(
CONF,
'keystone',
auth=auth
)
Example #4
| Source File: monasca.py From cloudkitty with Apache License 2.0 | 6 votes |
|
def __init__(self, **kwargs):
super(MonascaCollector, self).__init__(**kwargs)
self.auth = ks_loading.load_auth_from_conf_options(
CONF,
COLLECTOR_MONASCA_OPTS)
self.session = ks_loading.load_session_from_conf_options(
CONF,
COLLECTOR_MONASCA_OPTS,
auth=self.auth)
self.ks_client = ks_client.Client(
session=self.session,
interface=CONF.collector_monasca.interface,
)
self.mon_endpoint = self._get_monasca_endpoint()
if not self.mon_endpoint:
raise EndpointNotFound()
self._conn = mclient.Client(
api_version=MONASCA_API_VERSION,
session=self.session,
endpoint=self.mon_endpoint)
# NOTE(lukapeschke) This function should be removed as soon as the endpoint
# it no longer required by monascaclient
Example #5
| Source File: gnocchi.py From cloudkitty with Apache License 2.0 | 6 votes |
|
def __init__(self, **kwargs):
super(GnocchiStorage, self).__init__(**kwargs)
conf = kwargs.get('conf') or ck_utils.load_conf(
CONF.collect.metrics_conf)
self.conf = validate_conf(conf)
self.auth = ks_loading.load_auth_from_conf_options(
CONF,
GNOCCHI_STORAGE_OPTS)
self.session = ks_loading.load_session_from_conf_options(
CONF,
GNOCCHI_STORAGE_OPTS,
auth=self.auth)
self._conn = gclient.Client(
'1',
session=self.session,
adapter_options={'connect_retries': 3,
'interface': CONF.storage_gnocchi.interface})
self._archive_policy_name = (
CONF.storage_gnocchi.archive_policy_name)
self._archive_policy_definition = json.loads(
CONF.storage_gnocchi.archive_policy_definition)
self._period = kwargs.get('period') or CONF.collect.period
self._measurements = dict()
self._resource_type_data = dict()
self._init_resource_types()
Example #6
| Source File: clients.py From ec2-api with Apache License 2.0 | 5 votes |
|
def get_os_admin_session():
"""Create a context to interact with OpenStack as an administrator."""
# NOTE(ft): this is a singletone because keystone's session looks thread
# safe for both regular and token renewal requests
global _admin_session
if not _admin_session:
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF, GROUP_AUTHTOKEN)
_admin_session = ks_loading.load_session_from_conf_options(
CONF, GROUP_AUTHTOKEN, auth=auth_plugin)
return _admin_session
Example #7
| Source File: utils.py From kuryr with Apache License 2.0 | 5 votes |
|
def get_keystone_session(conf_group, auth_plugin):
return ks_loading.load_session_from_conf_options(cfg.CONF,
conf_group,
auth=auth_plugin)
Example #8
| Source File: keystone_client.py From aodh with Apache License 2.0 | 5 votes |
|
def get_client_on_behalf_user(conf, auth_plugin):
"""Return a client for keystone v3 endpoint."""
sess = ka_loading.load_session_from_conf_options(conf, CFG_GROUP,
auth=auth_plugin)
return ks_client_v3.Client(session=sess)
Example #9
| Source File: keystone_client.py From aodh with Apache License 2.0 | 5 votes |
|
def get_trusted_client(conf, trust_id):
# Ideally we would use load_session_from_conf_options, but we can't do that
# *and* specify a trust, so let's create the object manually.
auth_plugin = password.Password(
username=conf[CFG_GROUP].username,
password=conf[CFG_GROUP].password,
auth_url=conf[CFG_GROUP].auth_url,
user_domain_id=conf[CFG_GROUP].user_domain_id,
user_domain_name=conf[CFG_GROUP].user_domain_name,
trust_id=trust_id)
sess = ka_loading.load_session_from_conf_options(conf, CFG_GROUP,
auth=auth_plugin)
return ks_client_v3.Client(session=sess)
Example #10
| Source File: keystone_client.py From aodh with Apache License 2.0 | 5 votes |
|
def get_session(conf):
"""Get an aodh service credentials auth session."""
auth_plugin = ka_loading.load_auth_from_conf_options(conf, CFG_GROUP)
return ka_loading.load_session_from_conf_options(
conf, CFG_GROUP, auth=auth_plugin
)
Example #11
| Source File: keystone.py From ironic-inspector with Apache License 2.0 | 5 votes |
|
def get_session(group):
auth = loading.load_auth_from_conf_options(CONF, group)
session = loading.load_session_from_conf_options(
CONF, group, auth=auth)
return session
Example #12
| Source File: glance.py From cyborg with Apache License 2.0 | 5 votes |
|
def _session_and_auth(context):
# Session is cached, but auth needs to be pulled from context each time.
global _SESSION
if not _SESSION:
_SESSION = ks_loading.load_session_from_conf_options(
CONF, cyborg.conf.glance.glance_group.name)
auth = service_auth.get_auth_plugin(context)
return _SESSION, auth
Example #13
| Source File: utils.py From cyborg with Apache License 2.0 | 5 votes |
|
def _get_auth_and_session(confgrp):
ksa_auth = ks_loading.load_auth_from_conf_options(CONF, confgrp)
return ks_loading.load_session_from_conf_options(
CONF, confgrp, auth=ksa_auth)
Example #14
| Source File: message.py From senlin with Apache License 2.0 | 5 votes |
|
def _build_trust(self):
# Get zaqar trustee user ID for trust building
auth = ks_loading.load_auth_from_conf_options(CONF, 'zaqar')
session = ks_loading.load_session_from_conf_options(CONF, 'zaqar')
zaqar_trustee_user_id = session.get_user_id(auth=auth)
try:
trust = self.keystone().trust_get_by_trustor(self.user,
zaqar_trustee_user_id,
self.project)
if not trust:
# Create a trust if no existing one found
roles = self.notifier_roles
for role in roles:
# Remove 'admin' role from delegated roles list
# unless it is the only role user has
if role == 'admin' and len(roles) > 1:
roles.remove(role)
trust = self.keystone().trust_create(self.user,
zaqar_trustee_user_id,
self.project,
roles)
except exc.InternalError as ex:
LOG.error('Can not build trust between user %(user)s and zaqar '
'service user %(zaqar)s for receiver %(receiver)s.',
{
'user': self.user,
'zaqar': zaqar_trustee_user_id,
'receiver': self.id
})
raise exc.EResourceCreation(type='trust',
message=str(ex))
return trust.id
Example #15
| Source File: clients.py From watcher with Apache License 2.0 | 5 votes |
|
def _get_keystone_session(self):
auth = ka_loading.load_auth_from_conf_options(CONF,
_CLIENTS_AUTH_GROUP)
sess = ka_loading.load_session_from_conf_options(CONF,
_CLIENTS_AUTH_GROUP,
auth=auth)
return sess
Example #16
| Source File: keystone.py From cloudkitty with Apache License 2.0 | 5 votes |
|
def __init__(self):
self.auth = ks_loading.load_auth_from_conf_options(
CONF,
FETCHER_KEYSTONE_OPTS)
self.session = ks_loading.load_session_from_conf_options(
CONF,
FETCHER_KEYSTONE_OPTS,
auth=self.auth)
self.admin_ks = kclient.Client(
version=CONF.fetcher_keystone.keystone_version,
session=self.session,
auth_url=self.auth.auth_url)
Example #17
| Source File: keystone_client.py From vitrage with Apache License 2.0 | 5 votes |
|
def get_session():
"""Get a vitrage service credentials auth session."""
auth_plugin = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP)
return ka_loading.load_session_from_conf_options(
CONF, CFG_GROUP, auth=auth_plugin
)
Example #18
| Source File: keystone.py From magnum with Apache License 2.0 | 5 votes |
|
def _get_session(self, auth):
session = ka_loading.load_session_from_conf_options(
CONF, ksconf.CFG_GROUP, auth=auth)
return session
Example #19
| Source File: openstack_clients.py From searchlight with Apache License 2.0 | 5 votes |
|
def _get_session():
global _session
if not _session:
auth = ka_loading.load_auth_from_conf_options(CONF, GROUP)
_session = ka_loading.load_session_from_conf_options(
CONF, GROUP, auth=auth)
return _session
Example #20
| Source File: keystone.py From octavia with Apache License 2.0 | 5 votes |
|
def get_session(self):
"""Initializes a Keystone session.
:return: a Keystone Session object
"""
if not self._session:
self._session = ks_loading.load_session_from_conf_options(
cfg.CONF, self.section, auth=self.get_auth())
return self._session
Example #21
| Source File: keystone.py From zun with Apache License 2.0 | 5 votes |
|
def _get_session(self, auth):
session = ka_loading.load_session_from_conf_options(
CONF, ksconf.CFG_GROUP, auth=auth)
return session
Example #22
| Source File: test_clients.py From watcher with Apache License 2.0 | 4 votes |
|
def _register_watcher_clients_auth_opts(self):
_AUTH_CONF_GROUP = 'watcher_clients_auth'
ka_loading.register_auth_conf_options(CONF, _AUTH_CONF_GROUP)
ka_loading.register_session_conf_options(CONF, _AUTH_CONF_GROUP)
CONF.set_override('auth_type', 'password', group=_AUTH_CONF_GROUP)
# ka_loading.load_auth_from_conf_options(CONF, _AUTH_CONF_GROUP)
# ka_loading.load_session_from_conf_options(CONF, _AUTH_CONF_GROUP)
# CONF.set_override(
# 'auth-url', 'http://server.ip:5000', group=_AUTH_CONF_GROUP)
# If we don't clean up the _AUTH_CONF_GROUP conf options, then other
# tests that run after this one will fail, complaining about required
# options that _AUTH_CONF_GROUP wants.
def cleanup_conf_from_loading():
# oslo_config doesn't seem to allow unregistering groups through a
# single method, so we do this instead
CONF.reset()
del CONF._groups[_AUTH_CONF_GROUP]
self.addCleanup(cleanup_conf_from_loading)
def reset_register_opts_mock(conf_obj, original_method):
conf_obj.register_opts = original_method
original_register_opts = CONF.register_opts
self.addCleanup(reset_register_opts_mock,
CONF,
original_register_opts)
expected = {'username': 'foousername',
'password': 'foopassword',
'auth_url': 'http://server.ip:5000',
'cafile': None,
'certfile': None,
'keyfile': None,
'insecure': False,
'user_domain_id': 'foouserdomainid',
'project_domain_id': 'fooprojdomainid'}
# Because some of the conf options for auth plugins are not registered
# until right before they are loaded, and because the method that does
# the actual loading of the conf option values is an anonymous method
# (see _getter method of load_from_conf_options in
# keystoneauth1.loading.conf.py), we need to manually monkey patch
# the register opts method so that we can override the conf values to
# our custom values.
def mock_register_opts(*args, **kwargs):
ret = original_register_opts(*args, **kwargs)
if 'group' in kwargs and kwargs['group'] == _AUTH_CONF_GROUP:
for key, value in expected.items():
CONF.set_override(key, value, group=_AUTH_CONF_GROUP)
return ret
CONF.register_opts = mock_register_opts
Example #23
| Source File: utils.py From cyborg with Apache License 2.0 | 4 votes |
|
def get_ksa_adapter(service_type, ksa_auth=None, ksa_session=None,
min_version=None, max_version=None):
"""Construct a keystoneauth1 Adapter for a given service type.
We expect to find a conf group whose name corresponds to the service_type's
project according to the service-types-authority. That conf group must
provide at least ksa adapter options. Depending how the result is to be
used, ksa auth and/or session options may also be required, or the relevant
parameter supplied.
:param service_type: String name of the service type for which the Adapter
is to be constructed.
:param ksa_auth: A keystoneauth1 auth plugin. If not specified, we attempt
to find one in ksa_session. Failing that, we attempt to
load one from the conf.
:param ksa_session: A keystoneauth1 Session. If not specified, we attempt
to load one from the conf.
:param min_version: The minimum major version of the adapter's endpoint,
intended to be used as the lower bound of a range with
max_version.
If min_version is given with no max_version it is as
if max version is 'latest'.
:param max_version: The maximum major version of the adapter's endpoint,
intended to be used as the upper bound of a range with
min_version.
:return: A keystoneauth1 Adapter object for the specified service_type.
:raise: ConfGroupForServiceTypeNotFound If no conf group name could be
found for the specified service_type.
"""
# Get the conf group corresponding to the service type.
confgrp = _SERVICE_TYPES.get_project_name(service_type)
if not confgrp or not hasattr(CONF, confgrp):
# Try the service type as the conf group. This is necessary for e.g.
# placement, while it's still part of the nova project.
# Note that this might become the first thing we try if/as we move to
# using service types for conf group names in general.
confgrp = service_type
if not confgrp or not hasattr(CONF, confgrp):
raise exception.ConfGroupForServiceTypeNotFound(stype=service_type)
# Ensure we have an auth.
# NOTE(efried): This could be None, and that could be okay - e.g. if the
# result is being used for get_endpoint() and the conf only contains
# endpoint_override.
if not ksa_auth:
if ksa_session and ksa_session.auth:
ksa_auth = ksa_session.auth
else:
ksa_auth = ks_loading.load_auth_from_conf_options(CONF, confgrp)
if not ksa_session:
ksa_session = ks_loading.load_session_from_conf_options(
CONF, confgrp, auth=ksa_auth)
return ks_loading.load_adapter_from_conf_options(
CONF, confgrp, session=ksa_session, auth=ksa_auth,
min_version=min_version, max_version=max_version)
Example #24
| Source File: keystone.py From mistral-extra with Apache License 2.0 | 4 votes |
|
def _admin_client(trust_id=None):
if CONF.keystone_authtoken.auth_type is None:
auth_url = CONF.keystone_authtoken.www_authenticate_uri
project_name = CONF.keystone_authtoken.admin_tenant_name
# You can't use trust and project together
if trust_id:
project_name = None
cl = ks_client.Client(
username=CONF.keystone_authtoken.admin_user,
password=CONF.keystone_authtoken.admin_password,
project_name=project_name,
auth_url=auth_url,
trusts=trust_id
)
cl.management_url = auth_url
return cl
else:
kwargs = {}
if trust_id:
# Remove domain_id, domain_name, project_name and project_id,
# since we need a trust scoped auth object
kwargs['domain_id'] = None
kwargs['domain_name'] = None
kwargs['project_name'] = None
kwargs['project_domain_name'] = None
kwargs['project_id'] = None
kwargs['trust_id'] = trust_id
auth = loading.load_auth_from_conf_options(
CONF,
'keystone_authtoken',
**kwargs
)
sess = loading.load_session_from_conf_options(
CONF,
'keystone',
auth=auth
)
return ks_client.Client(session=sess)
Example #25
| Source File: keystone.py From designate with Apache License 2.0 | 4 votes |
|
def verify_project_id(context, project_id):
"""verify that a project_id exists.
This attempts to verify that a project id exists. If it does not,
an HTTPBadRequest is emitted.
"""
session = ksa_loading.load_session_from_conf_options(
CONF, 'keystone', auth=context.get_auth_plugin())
adap = ksa_loading.load_adapter_from_conf_options(
CONF, 'keystone',
session=session, min_version=(3, 0), max_version=(3, 'latest'))
try:
resp = adap.get('/projects/%s' % project_id, raise_exc=False)
except kse.EndpointNotFound:
LOG.error(
"Keystone identity service version 3.0 was not found. This might "
"be because your endpoint points to the v2.0 versioned endpoint "
"which is not supported. Please fix this.")
raise exceptions.KeystoneCommunicationFailure(
_("KeystoneV3 endpoint not found"))
except kse.ClientException:
# something is wrong, like there isn't a keystone v3 endpoint,
# or nova isn't configured for the interface to talk to it;
# we'll take the pass and default to everything being ok.
LOG.info("Unable to contact keystone to verify project_id")
return True
if resp:
# All is good with this 20x status
return True
elif resp.status_code == 404:
# we got access, and we know this project is not there
raise exceptions.InvalidProject(
_("%s is not a valid project ID.") % project_id)
elif resp.status_code == 403:
# we don't have enough permission to verify this, so default
# to "it's ok".
LOG.info(
"Insufficient permissions for user %(user)s to verify "
"existence of project_id %(pid)s",
{"user": context.user_id, "pid": project_id})
return True
else:
LOG.warning(
"Unexpected response from keystone trying to "
"verify project_id %(pid)s - resp: %(code)s %(content)s",
{"pid": project_id,
"code": resp.status_code,
"content": resp.content})
# realize we did something wrong, but move on with a warning
return True
Example #26
| Source File: keystone.py From tripleo-common with Apache License 2.0 | 4 votes |
|
def get_session_and_auth(context, **kwargs):
"""Get session and auth parameters
:param context: action context
:return: dict to be used as kwargs for client serviceinitialization
"""
if not context:
raise AssertionError('context is mandatory')
if context.trust_id:
kwargs['project_name'] = None
kwargs['project_domain_name'] = None
kwargs['project_id'] = None
kwargs['trust_id'] = context.trust_id
kwargs.pop('service_name')
auth = loading.load_auth_from_conf_options(
CONF,
'keystone_authtoken',
**kwargs
)
session = loading.load_session_from_conf_options(
CONF,
'keystone',
auth=auth
)
else:
project_endpoint = get_endpoint_for_project(context, **kwargs)
endpoint = format_url(
project_endpoint.url,
{
'tenant_id': context.project_id,
'project_id': context.project_id
}
)
auth = SimpleToken(endpoint=endpoint, token=context.auth_token)
auth_uri = context.auth_uri or CONF.keystone_authtoken.auth_uri
ks_auth = SimpleToken(
endpoint=auth_uri,
token=context.auth_token
)
session = ks_session.Session(
auth=ks_auth,
verify=_determine_verify(context)
)
return {
"session": session,
"auth": auth
}
# NOTE(dtantsur): get_session_and_auth returns a session tied to a specific
# service. This function returns a generic session. Eventually we should switch
# everything to using it and service-specific Adapter on top.
Example #27
| Source File: keystone.py From tripleo-common with Apache License 2.0 | 4 votes |
|
def _admin_client(trust_id=None):
if CONF.keystone_authtoken.auth_type is None:
auth_url = CONF.keystone_authtoken.auth_uri
project_name = CONF.keystone_authtoken.admin_tenant_name
# You can't use trust and project together
if trust_id:
project_name = None
cl = ks_client.Client(
username=CONF.keystone_authtoken.admin_user,
password=CONF.keystone_authtoken.admin_password,
project_name=project_name,
auth_url=auth_url,
trust_id=trust_id
)
cl.management_url = auth_url
return cl
else:
kwargs = {}
if trust_id:
# Remove project_name and project_id, since we need a trust scoped
# auth object
kwargs['domain_id'] = None
kwargs['domain_name'] = None
kwargs['project_name'] = None
kwargs['project_domain_name'] = None
kwargs['project_id'] = None
kwargs['trust_id'] = trust_id
auth = loading.load_auth_from_conf_options(
CONF,
'keystone_authtoken',
**kwargs
)
sess = loading.load_session_from_conf_options(
CONF,
'keystone',
auth=auth
)
return ks_client.Client(session=sess)
