diff options
Diffstat (limited to 'ceilometerclient/client.py')
-rw-r--r-- | ceilometerclient/client.py | 158 |
1 files changed, 113 insertions, 45 deletions
diff --git a/ceilometerclient/client.py b/ceilometerclient/client.py index b66e547..283e24e 100644 --- a/ceilometerclient/client.py +++ b/ceilometerclient/client.py @@ -14,10 +14,11 @@ from keystoneclient.auth.identity import v2 as v2_auth from keystoneclient.auth.identity import v3 as v3_auth from keystoneclient import discover from keystoneclient import session -import six from ceilometerclient.common import utils from ceilometerclient import exc +from ceilometerclient.openstack.common.apiclient import auth +from ceilometerclient.openstack.common.apiclient import exceptions def _get_keystone_session(**kwargs): @@ -139,12 +140,94 @@ def _get_endpoint(ks_session, **kwargs): return endpoint -def get_client(api_version, **kwargs): +class AuthPlugin(auth.BaseAuthPlugin): + opt_names = ['tenant_id', 'region_name', 'auth_token', + 'service_type', 'endpoint_type', 'cacert', + 'auth_url', 'insecure', 'cert_file', 'key_file', + 'cert', 'key', 'tenant_name', 'project_name', + 'project_id', 'user_domain_id', 'user_domain_name', + 'password', 'username'] + + def __init__(self, auth_system=None, **kwargs): + self.opt_names.extend(self.common_opt_names) + super(AuthPlugin, self).__init__(auth_system, **kwargs) + + def _do_authenticate(self, http_client): + if self.opts.get('token') and self.opts.get('endpoint'): + token = self.opts.get('token') + endpoint = self.opts.get('endpoint') + else: + project_id = self.opts.get('project_id') \ + or self.opts.get('tenant_id') + project_name = (self.opts.get('project_name') or + self.opts.get('tenant_name')) + ks_kwargs = { + 'username': self.opts.get('username'), + 'password': self.opts.get('password'), + 'user_id': self.opts.get('user_id'), + 'user_domain_id': self.opts.get('user_domain_id'), + 'user_domain_name': self.opts.get('user_domain_name'), + 'project_id': project_id, + 'project_name': project_name, + 'project_domain_name': self.opts.get('project_domain_name'), + 'project_domain_id': self.opts.get('project_domain_id'), + 'auth_url': self.opts.get('auth_url'), + 'cacert': self.opts.get('cacert'), + 'cert': self.opts.get('cert'), + 'key': self.opts.get('key'), + 'insecure': self.opts.get('insecure') + } + + # retrieve session + ks_session = _get_keystone_session(**ks_kwargs) + token = lambda: ks_session.get_token() + endpoint = self.opts.get('endpoint') or \ + _get_endpoint(ks_session, **ks_kwargs) + self.opts['token'] = token() + self.opts['endpoint'] = endpoint + + def token_and_endpoint(self, endpoint_type, service_type): + token = self.opts.get('token') + if callable(token): + token = token() + return token, self.opts.get('endpoint') + + def sufficient_options(self): + """Check if all required options are present. + + :raises: AuthPluginOptionsMissing + """ + missing = not ((self.opts.get('token') and + self.opts.get('endpoint')) or + (self.opts.get('username') + and self.opts.get('password') + and self.opts.get('auth_url') and + (self.opts.get('tenant_id') + or self.opts.get('tenant_name')))) + + if missing: + missing_opts = [] + opts = ['token', 'endpoint', 'username', 'password', 'auth_url', + 'tenant_id', 'tenant_name'] + for opt in opts: + if not self.opts.get(opt): + missing_opts.append(opt) + raise exceptions.AuthPluginOptionsMissing(missing_opts) + + +def Client(version, *args, **kwargs): + module = utils.import_versioned_module(version, 'client') + client_class = getattr(module, 'Client') + return client_class(*args, **kwargs) + + +def get_client(version, **kwargs): """Get an authtenticated client, based on the credentials - in the keyword args. + in the keyword args. :param api_version: the API version to use ('1' or '2') :param kwargs: keyword args containing credentials, either: + * os_auth_token: pre-existing token to re-use * ceilometer_url: ceilometer API endpoint or: @@ -164,53 +247,38 @@ def get_client(api_version, **kwargs): * os_key: SSL private key * insecure: allow insecure SSL (no cert verification) """ - token = kwargs.get('os_auth_token') - if token and not six.callable(token): - token = lambda: kwargs.get('os_auth_token') - - if token and kwargs.get('ceilometer_url'): - endpoint = kwargs.get('ceilometer_url') - else: - project_id = kwargs.get('os_project_id') or kwargs.get('os_tenant_id') - project_name = (kwargs.get('os_project_name') or - kwargs.get('os_tenant_name')) - ks_kwargs = { - 'username': kwargs.get('os_username'), - 'password': kwargs.get('os_password'), - 'user_id': kwargs.get('os_user_id'), - 'user_domain_id': kwargs.get('os_user_domain_id'), - 'user_domain_name': kwargs.get('os_user_domain_name'), - 'project_id': project_id, - 'project_name': project_name, - 'project_domain_name': kwargs.get('os_project_domain_name'), - 'project_domain_id': kwargs.get('os_project_domain_id'), - 'auth_url': kwargs.get('os_auth_url'), - 'cacert': kwargs.get('os_cacert'), - 'cert': kwargs.get('os_cert'), - 'key': kwargs.get('os_key'), - 'insecure': kwargs.get('insecure') - } - - # retrieve session - ks_session = _get_keystone_session(**ks_kwargs) - token = token or (lambda: ks_session.get_token()) - - endpoint = kwargs.get('ceilometer_url') or \ - _get_endpoint(ks_session, **ks_kwargs) + endpoint = kwargs.get('ceilometer_url') cli_kwargs = { - 'token': token, - 'insecure': kwargs.get('insecure'), - 'timeout': kwargs.get('timeout'), + 'username': kwargs.get('os_username'), + 'password': kwargs.get('os_password'), + 'tenant_id': kwargs.get('os_tenant_id'), + 'tenant_name': kwargs.get('os_tenant_name'), + 'auth_url': kwargs.get('os_auth_url'), + 'region_name': kwargs.get('os_region_name'), + 'service_type': kwargs.get('os_service_type'), + 'endpoint_type': kwargs.get('os_endpoint_type'), 'cacert': kwargs.get('os_cacert'), 'cert_file': kwargs.get('os_cert'), - 'key_file': kwargs.get('os_key') + 'key_file': kwargs.get('os_key'), + 'token': kwargs.get('os_auth_token'), } - return Client(api_version, endpoint, **cli_kwargs) + cli_kwargs.update(kwargs) + return Client(version, endpoint, **cli_kwargs) -def Client(version, *args, **kwargs): - module = utils.import_versioned_module(version, 'client') - client_class = getattr(module, 'Client') - return client_class(*args, **kwargs) +def get_auth_plugin(endpoint, **kwargs): + auth_plugin = AuthPlugin( + auth_url=kwargs.get('auth_url'), + service_type=kwargs.get('service_type'), + token=kwargs.get('token'), + endpoint_type=kwargs.get('endpoint_type'), + cacert=kwargs.get('ca_file'), + tenant_id=kwargs.get('project_id') or kwargs.get('tenant_id'), + endpoint=endpoint, + username=kwargs.get('username'), + password=kwargs.get('password'), + tenant_name=kwargs.get('tenant_name'), + ) + return auth_plugin |