diff options
| author | Dean Troyer <dtroyer@gmail.com> | 2014-08-22 17:26:07 -0500 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2014-09-08 00:06:52 -0500 |
| commit | ae957b176e5918f41024c00cbc39ea371a0c37c6 (patch) | |
| tree | f087abc03197bdbfbfe07ab46cefde083a487c56 /openstackclient/common | |
| parent | 3317e0abf694c56cb3b24bdf2b2b10577ea47f6b (diff) | |
| download | python-openstackclient-ae957b176e5918f41024c00cbc39ea371a0c37c6.tar.gz | |
Use Keystone client session.Session
This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
Diffstat (limited to 'openstackclient/common')
| -rw-r--r-- | openstackclient/common/clientmanager.py | 68 | ||||
| -rw-r--r-- | openstackclient/common/restapi.py | 332 |
2 files changed, 57 insertions, 343 deletions
diff --git a/openstackclient/common/clientmanager.py b/openstackclient/common/clientmanager.py index 4dcec8e0..4206ad00 100644 --- a/openstackclient/common/clientmanager.py +++ b/openstackclient/common/clientmanager.py @@ -19,7 +19,9 @@ import logging import pkg_resources import sys -from openstackclient.common import restapi +from keystoneclient.auth.identity import v2 as v2_auth +from keystoneclient.auth.identity import v3 as v3_auth +from keystoneclient import session from openstackclient.identity import client as identity_client @@ -80,24 +82,68 @@ class ClientManager(object): self._cacert = verify self._insecure = False - self.session = restapi.RESTApi( - verify=verify, - debug=True, - ) + ver_prefix = identity_client.AUTH_VERSIONS[ + self._api_version[identity_client.API_NAME] + ] # Get logging from root logger root_logger = logging.getLogger('') LOG.setLevel(root_logger.getEffectiveLevel()) - restapi_logger = logging.getLogger('restapi') - restapi_logger.setLevel(root_logger.getEffectiveLevel()) - self.auth_ref = None + # NOTE(dtroyer): These plugins are hard-coded for the first step + # in using the new Keystone auth plugins. + + if self._url: + LOG.debug('Using token auth %s', ver_prefix) + if ver_prefix == 'v2': + self.auth = v2_auth.Token( + auth_url=url, + token=token, + ) + else: + self.auth = v3_auth.Token( + auth_url=url, + token=token, + ) + else: + LOG.debug('Using password auth %s', ver_prefix) + if ver_prefix == 'v2': + self.auth = v2_auth.Password( + auth_url=auth_url, + username=username, + password=password, + trust_id=trust_id, + tenant_id=project_id, + tenant_name=project_name, + ) + else: + self.auth = v3_auth.Password( + auth_url=auth_url, + username=username, + password=password, + trust_id=trust_id, + user_domain_id=user_domain_id, + user_domain_name=user_domain_name, + domain_id=domain_id, + domain_name=domain_name, + project_id=project_id, + project_name=project_name, + project_domain_id=project_domain_id, + project_domain_name=project_domain_name, + ) + + self.session = session.Session( + auth=self.auth, + verify=verify, + ) + self.auth_ref = None if not self._url: + # Trigger the auth call + self.auth_ref = self.session.auth.get_auth_ref(self.session) # Populate other password flow attributes - self.auth_ref = self.identity.auth_ref - self._token = self.identity.auth_token - self._service_catalog = self.identity.service_catalog + self._token = self.session.auth.get_token(self.session) + self._service_catalog = self.auth_ref.service_catalog return diff --git a/openstackclient/common/restapi.py b/openstackclient/common/restapi.py deleted file mode 100644 index a646acb3..00000000 --- a/openstackclient/common/restapi.py +++ /dev/null @@ -1,332 +0,0 @@ -# Copyright 2013 Nebula Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -"""REST API bits""" - -import json -import logging -import requests - -try: - from urllib.parse import urlencode # noqa -except ImportError: - from urllib import urlencode # noqa - - -USER_AGENT = 'RAPI' - -_logger = logging.getLogger(__name__) - - -class RESTApi(object): - """A REST API client that handles the interface from us to the server - - RESTApi is requests.Session wrapper that knows how to do: - * JSON serialization/deserialization - * log requests in 'curl' format - * basic API boilerplate for create/delete/list/set/show verbs - - * authentication is handled elsewhere and a token is passed in - - The expectation that there will be a RESTApi object per authentication - token in use, i.e. project/username/auth_endpoint - - On the other hand, a Client knows details about the specific REST Api that - it communicates with, such as the available endpoints, API versions, etc. - """ - - def __init__( - self, - session=None, - auth_header=None, - user_agent=USER_AGENT, - verify=True, - logger=None, - debug=None, - ): - """Construct a new REST client - - :param object session: A Session object to be used for - communicating with the identity service. - :param string auth_header: A token from an initialized auth_reference - to be used in the X-Auth-Token header - :param string user_agent: Set the User-Agent header in the requests - :param boolean/string verify: If ``True``, the SSL cert will be - verified. A CA_BUNDLE path can also be - provided. - :param logging.Logger logger: A logger to output to. (optional) - :param boolean debug: Enables debug logging of all request and - responses to identity service. - default False (optional) - """ - - self.set_auth(auth_header) - self.debug = debug - - if not session: - # We create a default session object - session = requests.Session() - self.session = session - self.session.verify = verify - self.session.user_agent = user_agent - - if logger: - self.logger = logger - else: - self.logger = _logger - - def set_auth(self, auth_header): - """Sets the current auth blob""" - self.auth_header = auth_header - - def set_header(self, header, content): - """Sets passed in headers into the session headers - - Replaces existing headers!! - """ - if content is None: - del self.session.headers[header] - else: - self.session.headers[header] = content - - def request(self, method, url, **kwargs): - """Make an authenticated (if token available) request - - :param method: Request HTTP method - :param url: Request URL - :param data: Request body - :param json: Request body to be encoded as JSON - Overwrites ``data`` argument if present - """ - - kwargs.setdefault('headers', {}) - if self.auth_header: - kwargs['headers']['X-Auth-Token'] = self.auth_header - - if 'json' in kwargs and isinstance(kwargs['json'], type({})): - kwargs['data'] = json.dumps(kwargs.pop('json')) - kwargs['headers']['Content-Type'] = 'application/json' - - kwargs.setdefault('allow_redirects', True) - - if self.debug: - self._log_request(method, url, **kwargs) - - response = self.session.request(method, url, **kwargs) - - if self.debug: - self._log_response(response) - - return self._error_handler(response) - - def _error_handler(self, response): - if response.status_code < 200 or response.status_code >= 300: - self.logger.debug( - "ERROR: %s", - response.text, - ) - response.raise_for_status() - return response - - # Convenience methods to mimic the ones provided by requests.Session - - def delete(self, url, **kwargs): - """Send a DELETE request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - return self.request('DELETE', url, **kwargs) - - def get(self, url, **kwargs): - """Send a GET request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - return self.request('GET', url, **kwargs) - - def head(self, url, **kwargs): - """Send a HEAD request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - kwargs.setdefault('allow_redirects', False) - return self.request('HEAD', url, **kwargs) - - def options(self, url, **kwargs): - """Send an OPTIONS request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - return self.request('OPTIONS', url, **kwargs) - - def patch(self, url, data=None, json=None, **kwargs): - """Send a PUT request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param data: Request body - :param json: Request body to be encoded as JSON - Overwrites ``data`` argument if present - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - if json: - kwargs['json'] = json - if data: - kwargs['data'] = data - return self.request('PATCH', url, **kwargs) - - def post(self, url, data=None, json=None, **kwargs): - """Send a POST request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param data: Request body - :param json: Request body to be encoded as JSON - Overwrites ``data`` argument if present - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - if json: - kwargs['json'] = json - if data: - kwargs['data'] = data - return self.request('POST', url, **kwargs) - - def put(self, url, data=None, json=None, **kwargs): - """Send a PUT request. Returns :class:`requests.Response` object. - - :param url: Request URL - :param data: Request body - :param json: Request body to be encoded as JSON - Overwrites ``data`` argument if present - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - if json: - kwargs['json'] = json - if data: - kwargs['data'] = data - return self.request('PUT', url, **kwargs) - - # Command verb methods - - def create(self, url, data=None, response_key=None, **kwargs): - """Create a new object via a POST request - - :param url: Request URL - :param data: Request body, wil be JSON encoded - :param response_key: Dict key in response body to extract - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - response = self.request('POST', url, json=data, **kwargs) - if response_key: - return response.json()[response_key] - else: - return response.json() - - def list(self, url, data=None, response_key=None, **kwargs): - """Retrieve a list of objects via a GET or POST request - - :param url: Request URL - :param data: Request body, will be JSON encoded - :param response_key: Dict key in response body to extract - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - if data: - response = self.request('POST', url, json=data, **kwargs) - else: - response = self.request('GET', url, **kwargs) - - if response_key: - return response.json()[response_key] - else: - return response.json() - - def set(self, url, data=None, response_key=None, **kwargs): - """Update an object via a PUT request - - :param url: Request URL - :param data: Request body - :param json: Request body to be encoded as JSON - Overwrites ``data`` argument if present - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - response = self.request('PUT', url, json=data) - if data: - if response_key: - return response.json()[response_key] - else: - return response.json() - else: - # Nothing to do here - return None - - def show(self, url, response_key=None, **kwargs): - """Retrieve a single object via a GET request - - :param url: Request URL - :param response_key: Dict key in response body to extract - :param \*\*kwargs: Optional arguments passed to ``request`` - """ - - response = self.request('GET', url, **kwargs) - if response_key: - return response.json()[response_key] - else: - return response.json() - - def _log_request(self, method, url, **kwargs): - if 'params' in kwargs and kwargs['params'] != {}: - url += '?' + urlencode(kwargs['params']) - - string_parts = [ - "curl -i", - "-X '%s'" % method, - "'%s'" % url, - ] - - for element in kwargs['headers']: - header = " -H '%s: %s'" % (element, kwargs['headers'][element]) - string_parts.append(header) - - self.logger.debug("REQ: %s" % " ".join(string_parts)) - if 'data' in kwargs: - self.logger.debug(" REQ BODY: %r\n" % (kwargs['data'])) - - def _log_response(self, response): - self.logger.debug( - "RESP: [%s] %r\n", - response.status_code, - response.headers, - ) - if response._content_consumed: - self.logger.debug( - " RESP BODY: %s\n", - response.text, - ) - self.logger.debug( - " encoding: %s", - response.encoding, - ) |