Python keystoneauth1.loading.load_auth_from_conf_options() Examples
The following are 30
code examples of keystoneauth1.loading.load_auth_from_conf_options().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
keystoneauth1.loading
, or try the search function
.
.
Example #1
| Source File: monasca.py From cloudkitty with Apache License 2.0 | 6 votes |
|
def __init__(self, **kwargs):
super(MonascaCollector, self).__init__(**kwargs)
self.auth = ks_loading.load_auth_from_conf_options(
CONF,
COLLECTOR_MONASCA_OPTS)
self.session = ks_loading.load_session_from_conf_options(
CONF,
COLLECTOR_MONASCA_OPTS,
auth=self.auth)
self.ks_client = ks_client.Client(
session=self.session,
interface=CONF.collector_monasca.interface,
)
self.mon_endpoint = self._get_monasca_endpoint()
if not self.mon_endpoint:
raise EndpointNotFound()
self._conn = mclient.Client(
api_version=MONASCA_API_VERSION,
session=self.session,
endpoint=self.mon_endpoint)
# NOTE(lukapeschke) This function should be removed as soon as the endpoint
# it no longer required by monascaclient
Example #2
| Source File: client.py From neutron-lib with Apache License 2.0 | 6 votes |
|
def _create_client(self):
"""Create the HTTP session accessing the placement service."""
# Flush _resource_providers and aggregates so we start from a
# clean slate.
self._resource_providers = {}
self._provider_aggregate_map = {}
# TODO(lajoskatona): perhaps not the best to override config options,
# actually the abused keystoneauth1 options are:
# auth_type (used for deciding for NoAuthClient) and auth_section
# (used for communicating the url for the NoAuthClient)
if self._conf.placement.auth_type == 'noauth':
return NoAuthClient(self._conf.placement.auth_section)
else:
auth_plugin = keystone.load_auth_from_conf_options(
self._conf, 'placement')
return keystone.load_session_from_conf_options(
self._conf, 'placement', auth=auth_plugin,
additional_headers={'accept': 'application/json'})
Example #3
| Source File: service_endpoints.py From shipyard with Apache License 2.0 | 6 votes |
|
def _get_ks_session():
# Establishes a keystone session
try:
auth = loading.load_auth_from_conf_options(CONF, "keystone_authtoken")
return session.Session(auth=auth)
except exc.AuthorizationFailure as aferr:
LOG.error('Could not authorize against keystone: %s',
str(aferr))
raise AppError(
title='Could not authorize Shipyard against Keystone',
description=(
'Keystone has rejected the authorization request by Shipyard'
),
status=falcon.HTTP_500,
retry=False
)
Example #4
| Source File: gnocchi.py From cloudkitty with Apache License 2.0 | 6 votes |
|
def __init__(self, **kwargs):
super(GnocchiStorage, self).__init__(**kwargs)
conf = kwargs.get('conf') or ck_utils.load_conf(
CONF.collect.metrics_conf)
self.conf = validate_conf(conf)
self.auth = ks_loading.load_auth_from_conf_options(
CONF,
GNOCCHI_STORAGE_OPTS)
self.session = ks_loading.load_session_from_conf_options(
CONF,
GNOCCHI_STORAGE_OPTS,
auth=self.auth)
self._conn = gclient.Client(
'1',
session=self.session,
adapter_options={'connect_retries': 3,
'interface': CONF.storage_gnocchi.interface})
self._archive_policy_name = (
CONF.storage_gnocchi.archive_policy_name)
self._archive_policy_definition = json.loads(
CONF.storage_gnocchi.archive_policy_definition)
self._period = kwargs.get('period') or CONF.collect.period
self._measurements = dict()
self._resource_type_data = dict()
self._init_resource_types()
Example #5
| Source File: keystone.py From zun with Apache License 2.0 | 6 votes |
|
def _get_auth(self):
if self.context.auth_token_info:
access_info = ka_access.create(body=self.context.auth_token_info,
auth_token=self.context.auth_token)
auth = ka_access_plugin.AccessInfoPlugin(access_info)
elif self.context.auth_token:
auth = ka_v3.Token(auth_url=self.auth_url,
token=self.context.auth_token)
elif self.context.is_admin:
auth = ka_loading.load_auth_from_conf_options(CONF,
ksconf.CFG_GROUP)
else:
msg = ('Keystone API connection failed: no password, '
'trust_id or token found.')
LOG.error(msg)
raise exception.AuthorizationFailure(client='keystone',
message='reason %s' % msg)
return auth
Example #6
| Source File: keystone.py From mistral-extra with Apache License 2.0 | 6 votes |
|
def get_admin_session():
"""Returns a keystone session from Mistral's service credentials."""
if CONF.keystone_authtoken.auth_type is None:
auth = auth_plugins.Password(
CONF.keystone_authtoken.www_authenticate_uri,
username=CONF.keystone_authtoken.admin_user,
password=CONF.keystone_authtoken.admin_password,
project_name=CONF.keystone_authtoken.admin_tenant_name,
# NOTE(jaosorior): Once mistral supports keystone v3 properly, we
# can fetch the following values from the configuration.
user_domain_name='Default',
project_domain_name='Default')
return ks_session.Session(auth=auth)
else:
auth = loading.load_auth_from_conf_options(
CONF,
'keystone_authtoken'
)
return loading.load_session_from_conf_options(
CONF,
'keystone',
auth=auth
)
Example #7
| Source File: clients.py From watcher with Apache License 2.0 | 5 votes |
|
def _get_keystone_session(self):
auth = ka_loading.load_auth_from_conf_options(CONF,
_CLIENTS_AUTH_GROUP)
sess = ka_loading.load_session_from_conf_options(CONF,
_CLIENTS_AUTH_GROUP,
auth=auth)
return sess
Example #8
| Source File: clients.py From ec2-api with Apache License 2.0 | 5 votes |
|
def get_os_admin_session():
"""Create a context to interact with OpenStack as an administrator."""
# NOTE(ft): this is a singletone because keystone's session looks thread
# safe for both regular and token renewal requests
global _admin_session
if not _admin_session:
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF, GROUP_AUTHTOKEN)
_admin_session = ks_loading.load_session_from_conf_options(
CONF, GROUP_AUTHTOKEN, auth=auth_plugin)
return _admin_session
Example #9
| Source File: keystone.py From octavia with Apache License 2.0 | 5 votes |
|
def get_auth(self):
if not self._auth:
self._auth = ks_loading.load_auth_from_conf_options(
cfg.CONF, self.section)
return self._auth
Example #10
| Source File: utils.py From kuryr with Apache License 2.0 | 5 votes |
|
def get_auth_plugin(conf_group):
return ks_loading.load_auth_from_conf_options(
cfg.CONF, conf_group)
Example #11
| Source File: karbor_keystone_plugin.py From karbor with Apache License 2.0 | 5 votes |
|
def _get_karbor_auth_plugin(self, trust_id=None):
auth_plugin = loading.load_auth_from_conf_options(
CONF, TRUSTEE_CONF_GROUP, trust_id=trust_id)
if not auth_plugin:
LOG.warning('Please add the trustee credentials you need to the'
' %s section of your karbor.conf file.',
TRUSTEE_CONF_GROUP)
raise exception.AuthorizationFailure(obj=TRUSTEE_CONF_GROUP)
return auth_plugin
Example #12
| Source File: service.py From aodh with Apache License 2.0 | 5 votes |
|
def prepare_service(argv=None, config_files=None):
conf = cfg.ConfigOpts()
oslo_i18n.enable_lazy()
log.register_options(conf)
log_levels = (
conf.default_log_levels +
[
'futurist=INFO',
'keystoneclient=INFO',
'oslo_db.sqlalchemy=WARN',
'cotyledon=INFO'
]
)
log.set_defaults(default_log_levels=log_levels)
defaults.set_cors_middleware_defaults()
db_options.set_defaults(conf)
if profiler_opts:
profiler_opts.set_defaults(conf)
policy_opts.set_defaults(conf, policy_file=os.path.abspath(
os.path.join(os.path.dirname(__file__), "api", "policy.json")))
from aodh import opts
# Register our own Aodh options
for group, options in opts.list_opts():
conf.register_opts(list(options),
group=None if group == "DEFAULT" else group)
keystone_client.register_keystoneauth_opts(conf)
conf(argv, project='aodh', validate_default_values=True,
default_config_files=config_files)
ka_loading.load_auth_from_conf_options(conf, "service_credentials")
log.setup(conf, 'aodh')
profiler.setup(conf)
messaging.setup()
return conf
Example #13
| Source File: keystone_client.py From aodh with Apache License 2.0 | 5 votes |
|
def get_session(conf):
"""Get an aodh service credentials auth session."""
auth_plugin = ka_loading.load_auth_from_conf_options(conf, CFG_GROUP)
return ka_loading.load_session_from_conf_options(
conf, CFG_GROUP, auth=auth_plugin
)
Example #14
| Source File: keystone.py From ironic-inspector with Apache License 2.0 | 5 votes |
|
def get_session(group):
auth = loading.load_auth_from_conf_options(CONF, group)
session = loading.load_session_from_conf_options(
CONF, group, auth=auth)
return session
Example #15
| Source File: utils.py From cyborg with Apache License 2.0 | 5 votes |
|
def _get_auth_and_session(confgrp):
ksa_auth = ks_loading.load_auth_from_conf_options(CONF, confgrp)
return ks_loading.load_session_from_conf_options(
CONF, confgrp, auth=ksa_auth)
Example #16
| Source File: keystone.py From coriolis with GNU Affero General Public License v3.0 | 5 votes |
|
def _get_trusts_auth_plugin(trust_id=None):
return loading.load_auth_from_conf_options(
CONF, TRUSTEE_CONF_GROUP, trust_id=trust_id)
Example #17
| Source File: message.py From senlin with Apache License 2.0 | 5 votes |
|
def _build_trust(self):
# Get zaqar trustee user ID for trust building
auth = ks_loading.load_auth_from_conf_options(CONF, 'zaqar')
session = ks_loading.load_session_from_conf_options(CONF, 'zaqar')
zaqar_trustee_user_id = session.get_user_id(auth=auth)
try:
trust = self.keystone().trust_get_by_trustor(self.user,
zaqar_trustee_user_id,
self.project)
if not trust:
# Create a trust if no existing one found
roles = self.notifier_roles
for role in roles:
# Remove 'admin' role from delegated roles list
# unless it is the only role user has
if role == 'admin' and len(roles) > 1:
roles.remove(role)
trust = self.keystone().trust_create(self.user,
zaqar_trustee_user_id,
self.project,
roles)
except exc.InternalError as ex:
LOG.error('Can not build trust between user %(user)s and zaqar '
'service user %(zaqar)s for receiver %(receiver)s.',
{
'user': self.user,
'zaqar': zaqar_trustee_user_id,
'receiver': self.id
})
raise exc.EResourceCreation(type='trust',
message=str(ex))
return trust.id
Example #18
| Source File: keystone.py From magnum with Apache License 2.0 | 5 votes |
|
def _get_auth(self):
if self.context.auth_token_info:
access_info = ka_access.create(body=self.context.auth_token_info,
auth_token=self.context.auth_token)
auth = ka_access_plugin.AccessInfoPlugin(access_info)
elif self.context.auth_token:
auth = ka_v3.Token(auth_url=self.auth_url,
token=self.context.auth_token)
elif self.context.trust_id:
auth_info = {
'auth_url': self.auth_url,
'username': self.context.user_name,
'password': self.context.password,
'user_domain_id': self.context.user_domain_id,
'user_domain_name': self.context.user_domain_name,
'trust_id': self.context.trust_id
}
auth = ka_v3.Password(**auth_info)
elif self.context.is_admin:
try:
auth = ka_loading.load_auth_from_conf_options(
CONF, ksconf.CFG_GROUP)
except ka_exception.MissingRequiredOptions:
auth = self._get_legacy_auth()
else:
msg = ('Keystone API connection failed: no password, '
'trust_id or token found.')
LOG.error(msg)
raise exception.AuthorizationFailure(client='keystone',
message='reason %s' % msg)
return auth
Example #19
| Source File: keystone.py From armada with Apache License 2.0 | 5 votes |
|
def get_keystone_session():
auth = loading.load_auth_from_conf_options(cfg.CONF, "keystone_authtoken")
return session.Session(auth=auth)
Example #20
| Source File: keystone.py From vdi-broker with Apache License 2.0 | 5 votes |
|
def _get_trusts_auth_plugin(trust_id=None):
return loading.load_auth_from_conf_options(
CONF, TRUSTEE_CONF_GROUP, trust_id=trust_id)
Example #21
| Source File: gnocchi.py From cloudkitty with Apache License 2.0 | 5 votes |
|
def __init__(self, **kwargs):
super(GnocchiCollector, self).__init__(**kwargs)
adapter_options = {'connect_retries': 3}
if CONF.collector_gnocchi.gnocchi_auth_type == 'keystone':
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF,
COLLECTOR_GNOCCHI_OPTS,
)
adapter_options['interface'] = CONF.collector_gnocchi.interface
else:
auth_plugin = gauth.GnocchiBasicPlugin(
user=CONF.collector_gnocchi.gnocchi_user,
endpoint=CONF.collector_gnocchi.gnocchi_endpoint,
)
adapter_options['region_name'] = CONF.collector_gnocchi.region_name
verify = True
if CONF.collector_gnocchi.cafile:
verify = CONF.collector_gnocchi.cafile
elif CONF.collector_gnocchi.insecure:
verify = False
self._conn = gclient.Client(
'1',
session_options={'auth': auth_plugin, 'verify': verify},
adapter_options=adapter_options,
)
Example #22
| Source File: gnocchi.py From cloudkitty with Apache License 2.0 | 5 votes |
|
def __init__(self):
super(GnocchiFetcher, self).__init__()
adapter_options = {'connect_retries': 3}
if CONF.fetcher_gnocchi.gnocchi_auth_type == 'keystone':
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF,
FETCHER_GNOCCHI_OPTS,
)
adapter_options['interface'] = CONF.fetcher_gnocchi.interface
else:
auth_plugin = gauth.GnocchiBasicPlugin(
user=CONF.fetcher_gnocchi.gnocchi_user,
endpoint=CONF.fetcher_gnocchi.gnocchi_endpoint,
)
adapter_options['region_name'] = CONF.fetcher_gnocchi.region_name
verify = True
if CONF.fetcher_gnocchi.cafile:
verify = CONF.fetcher_gnocchi.cafile
elif CONF.fetcher_gnocchi.insecure:
verify = False
self._conn = gclient.Client(
'1',
session_options={'auth': auth_plugin, 'verify': verify},
adapter_options=adapter_options,
)
Example #23
| Source File: keystone.py From cloudkitty with Apache License 2.0 | 5 votes |
|
def __init__(self):
self.auth = ks_loading.load_auth_from_conf_options(
CONF,
FETCHER_KEYSTONE_OPTS)
self.session = ks_loading.load_session_from_conf_options(
CONF,
FETCHER_KEYSTONE_OPTS,
auth=self.auth)
self.admin_ks = kclient.Client(
version=CONF.fetcher_keystone.keystone_version,
session=self.session,
auth_url=self.auth.auth_url)
Example #24
| Source File: keystone_client.py From vitrage with Apache License 2.0 | 5 votes |
|
def get_session():
"""Get a vitrage service credentials auth session."""
auth_plugin = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP)
return ka_loading.load_session_from_conf_options(
CONF, CFG_GROUP, auth=auth_plugin
)
Example #25
| Source File: openstack_clients.py From searchlight with Apache License 2.0 | 5 votes |
|
def _get_session():
global _session
if not _session:
auth = ka_loading.load_auth_from_conf_options(CONF, GROUP)
_session = ka_loading.load_session_from_conf_options(
CONF, GROUP, auth=auth)
return _session
Example #26
| Source File: client_auth.py From manila with Apache License 2.0 | 5 votes |
|
def _load_auth_plugin(self):
if self.admin_auth:
return self.admin_auth
self.auth_plugin = ks_loading.load_auth_from_conf_options(
CONF, self.group)
if self.auth_plugin:
return self.auth_plugin
msg = _('Cannot load auth plugin for %s') % self.group
raise self.exception_module.Unauthorized(message=msg)
Example #27
| Source File: test_client_auth.py From manila with Apache License 2.0 | 5 votes |
|
def test_load_auth_plugin_no_auth(self):
auth.load_auth_from_conf_options.return_value = None
self.assertRaises(fake_client_exception_class.Unauthorized,
self.auth._load_auth_plugin)
Example #28
| Source File: test_client_auth.py From manila with Apache License 2.0 | 5 votes |
|
def test_get_client_admin_true(self):
mock_load_session = self.mock_object(auth,
'load_session_from_conf_options')
self.auth.get_client(self.context, admin=True)
mock_load_session.assert_called_once_with(client_auth.CONF,
'foo_group')
self.fake_client.assert_called_once_with(
session=mock_load_session(),
auth=auth.load_auth_from_conf_options(
client_auth.CONF, 'foo_group'))
Example #29
| Source File: test_clients.py From watcher with Apache License 2.0 | 4 votes |
|
def _register_watcher_clients_auth_opts(self):
_AUTH_CONF_GROUP = 'watcher_clients_auth'
ka_loading.register_auth_conf_options(CONF, _AUTH_CONF_GROUP)
ka_loading.register_session_conf_options(CONF, _AUTH_CONF_GROUP)
CONF.set_override('auth_type', 'password', group=_AUTH_CONF_GROUP)
# ka_loading.load_auth_from_conf_options(CONF, _AUTH_CONF_GROUP)
# ka_loading.load_session_from_conf_options(CONF, _AUTH_CONF_GROUP)
# CONF.set_override(
# 'auth-url', 'http://server.ip:5000', group=_AUTH_CONF_GROUP)
# If we don't clean up the _AUTH_CONF_GROUP conf options, then other
# tests that run after this one will fail, complaining about required
# options that _AUTH_CONF_GROUP wants.
def cleanup_conf_from_loading():
# oslo_config doesn't seem to allow unregistering groups through a
# single method, so we do this instead
CONF.reset()
del CONF._groups[_AUTH_CONF_GROUP]
self.addCleanup(cleanup_conf_from_loading)
def reset_register_opts_mock(conf_obj, original_method):
conf_obj.register_opts = original_method
original_register_opts = CONF.register_opts
self.addCleanup(reset_register_opts_mock,
CONF,
original_register_opts)
expected = {'username': 'foousername',
'password': 'foopassword',
'auth_url': 'http://server.ip:5000',
'cafile': None,
'certfile': None,
'keyfile': None,
'insecure': False,
'user_domain_id': 'foouserdomainid',
'project_domain_id': 'fooprojdomainid'}
# Because some of the conf options for auth plugins are not registered
# until right before they are loaded, and because the method that does
# the actual loading of the conf option values is an anonymous method
# (see _getter method of load_from_conf_options in
# keystoneauth1.loading.conf.py), we need to manually monkey patch
# the register opts method so that we can override the conf values to
# our custom values.
def mock_register_opts(*args, **kwargs):
ret = original_register_opts(*args, **kwargs)
if 'group' in kwargs and kwargs['group'] == _AUTH_CONF_GROUP:
for key, value in expected.items():
CONF.set_override(key, value, group=_AUTH_CONF_GROUP)
return ret
CONF.register_opts = mock_register_opts
Example #30
| Source File: utils.py From cyborg with Apache License 2.0 | 4 votes |
|
def get_ksa_adapter(service_type, ksa_auth=None, ksa_session=None,
min_version=None, max_version=None):
"""Construct a keystoneauth1 Adapter for a given service type.
We expect to find a conf group whose name corresponds to the service_type's
project according to the service-types-authority. That conf group must
provide at least ksa adapter options. Depending how the result is to be
used, ksa auth and/or session options may also be required, or the relevant
parameter supplied.
:param service_type: String name of the service type for which the Adapter
is to be constructed.
:param ksa_auth: A keystoneauth1 auth plugin. If not specified, we attempt
to find one in ksa_session. Failing that, we attempt to
load one from the conf.
:param ksa_session: A keystoneauth1 Session. If not specified, we attempt
to load one from the conf.
:param min_version: The minimum major version of the adapter's endpoint,
intended to be used as the lower bound of a range with
max_version.
If min_version is given with no max_version it is as
if max version is 'latest'.
:param max_version: The maximum major version of the adapter's endpoint,
intended to be used as the upper bound of a range with
min_version.
:return: A keystoneauth1 Adapter object for the specified service_type.
:raise: ConfGroupForServiceTypeNotFound If no conf group name could be
found for the specified service_type.
"""
# Get the conf group corresponding to the service type.
confgrp = _SERVICE_TYPES.get_project_name(service_type)
if not confgrp or not hasattr(CONF, confgrp):
# Try the service type as the conf group. This is necessary for e.g.
# placement, while it's still part of the nova project.
# Note that this might become the first thing we try if/as we move to
# using service types for conf group names in general.
confgrp = service_type
if not confgrp or not hasattr(CONF, confgrp):
raise exception.ConfGroupForServiceTypeNotFound(stype=service_type)
# Ensure we have an auth.
# NOTE(efried): This could be None, and that could be okay - e.g. if the
# result is being used for get_endpoint() and the conf only contains
# endpoint_override.
if not ksa_auth:
if ksa_session and ksa_session.auth:
ksa_auth = ksa_session.auth
else:
ksa_auth = ks_loading.load_auth_from_conf_options(CONF, confgrp)
if not ksa_session:
ksa_session = ks_loading.load_session_from_conf_options(
CONF, confgrp, auth=ksa_auth)
return ks_loading.load_adapter_from_conf_options(
CONF, confgrp, session=ksa_session, auth=ksa_auth,
min_version=min_version, max_version=max_version)
