summaryrefslogtreecommitdiff
path: root/openstackclient/common
diff options
context:
space:
mode:
Diffstat (limited to 'openstackclient/common')
-rw-r--r--openstackclient/common/clientmanager.py129
-rw-r--r--openstackclient/common/utils.py28
2 files changed, 71 insertions, 86 deletions
diff --git a/openstackclient/common/clientmanager.py b/openstackclient/common/clientmanager.py
index 4206ad00..387721a4 100644
--- a/openstackclient/common/clientmanager.py
+++ b/openstackclient/common/clientmanager.py
@@ -19,9 +19,11 @@ import logging
import pkg_resources
import sys
-from keystoneclient.auth.identity import v2 as v2_auth
-from keystoneclient.auth.identity import v3 as v3_auth
+from keystoneclient.auth import base
from keystoneclient import session
+import requests
+
+from openstackclient.api import auth
from openstackclient.identity import client as identity_client
@@ -45,118 +47,79 @@ class ClientManager(object):
"""Manages access to API clients, including authentication."""
identity = ClientCache(identity_client.make_client)
- def __init__(self, token=None, url=None, auth_url=None,
- domain_id=None, domain_name=None,
- project_name=None, project_id=None,
- username=None, password=None,
- user_domain_id=None, user_domain_name=None,
- project_domain_id=None, project_domain_name=None,
- region_name=None, api_version=None, verify=True,
- trust_id=None, timing=None):
- self._token = token
- self._url = url
- self._auth_url = auth_url
- self._domain_id = domain_id
- self._domain_name = domain_name
- self._project_name = project_name
- self._project_id = project_id
- self._username = username
- self._password = password
- self._user_domain_id = user_domain_id
- self._user_domain_name = user_domain_name
- self._project_domain_id = project_domain_id
- self._project_domain_name = project_domain_name
- self._region_name = region_name
+ def __getattr__(self, name):
+ # this is for the auth-related parameters.
+ if name in ['_' + o.replace('-', '_')
+ for o in auth.OPTIONS_LIST]:
+ return self._auth_params[name[1:]]
+
+ def __init__(self, auth_options, api_version=None, verify=True):
+
+ if not auth_options.os_auth_plugin:
+ auth._guess_authentication_method(auth_options)
+
+ self._auth_plugin = auth_options.os_auth_plugin
+ self._url = auth_options.os_url
+ self._auth_params = auth.build_auth_params(auth_options)
+ self._region_name = auth_options.os_region_name
self._api_version = api_version
- self._trust_id = trust_id
self._service_catalog = None
- self.timing = timing
+ self.timing = auth_options.timing
+
+ # For compatability until all clients can be updated
+ if 'project_name' in self._auth_params:
+ self._project_name = self._auth_params['project_name']
+ elif 'tenant_name' in self._auth_params:
+ self._project_name = self._auth_params['tenant_name']
# verify is the Requests-compatible form
self._verify = verify
# also store in the form used by the legacy client libs
self._cacert = None
- if verify is True or verify is False:
+ if isinstance(verify, bool):
self._insecure = not verify
else:
self._cacert = verify
self._insecure = False
- ver_prefix = identity_client.AUTH_VERSIONS[
- self._api_version[identity_client.API_NAME]
- ]
-
# Get logging from root logger
root_logger = logging.getLogger('')
LOG.setLevel(root_logger.getEffectiveLevel())
- # NOTE(dtroyer): These plugins are hard-coded for the first step
- # in using the new Keystone auth plugins.
-
- if self._url:
- LOG.debug('Using token auth %s', ver_prefix)
- if ver_prefix == 'v2':
- self.auth = v2_auth.Token(
- auth_url=url,
- token=token,
- )
- else:
- self.auth = v3_auth.Token(
- auth_url=url,
- token=token,
- )
- else:
- LOG.debug('Using password auth %s', ver_prefix)
- if ver_prefix == 'v2':
- self.auth = v2_auth.Password(
- auth_url=auth_url,
- username=username,
- password=password,
- trust_id=trust_id,
- tenant_id=project_id,
- tenant_name=project_name,
- )
- else:
- self.auth = v3_auth.Password(
- auth_url=auth_url,
- username=username,
- password=password,
- trust_id=trust_id,
- user_domain_id=user_domain_id,
- user_domain_name=user_domain_name,
- domain_id=domain_id,
- domain_name=domain_name,
- project_id=project_id,
- project_name=project_name,
- project_domain_id=project_domain_id,
- project_domain_name=project_domain_name,
- )
-
- self.session = session.Session(
- auth=self.auth,
- verify=verify,
- )
+ self.session = None
+ if not self._url:
+ LOG.debug('Using auth plugin: %s' % self._auth_plugin)
+ auth_plugin = base.get_plugin_class(self._auth_plugin)
+ self.auth = auth_plugin.load_from_options(**self._auth_params)
+ # needed by SAML authentication
+ request_session = requests.session()
+ self.session = session.Session(
+ auth=self.auth,
+ session=request_session,
+ verify=verify,
+ )
self.auth_ref = None
- if not self._url:
- # Trigger the auth call
+ if not self._auth_plugin.endswith("token") and not self._url:
+ LOG.debug("Populate other password flow attributes")
self.auth_ref = self.session.auth.get_auth_ref(self.session)
- # Populate other password flow attributes
self._token = self.session.auth.get_token(self.session)
self._service_catalog = self.auth_ref.service_catalog
+ else:
+ self._token = self._auth_params.get('token')
return
- def get_endpoint_for_service_type(self, service_type):
+ def get_endpoint_for_service_type(self, service_type, region_name=None):
"""Return the endpoint URL for the service type."""
# See if we are using password flow auth, i.e. we have a
# service catalog to select endpoints from
if self._service_catalog:
endpoint = self._service_catalog.url_for(
- service_type=service_type)
+ service_type=service_type, region_name=region_name)
else:
# Hope we were given the correct URL.
- endpoint = self._url
+ endpoint = self._auth_url or self._url
return endpoint
diff --git a/openstackclient/common/utils.py b/openstackclient/common/utils.py
index 818f8d47..9ad3823c 100644
--- a/openstackclient/common/utils.py
+++ b/openstackclient/common/utils.py
@@ -26,8 +26,27 @@ from oslo.utils import importutils
from openstackclient.common import exceptions
-def find_resource(manager, name_or_id):
- """Helper for the _find_* methods."""
+def find_resource(manager, name_or_id, **kwargs):
+ """Helper for the _find_* methods.
+
+ :param manager: A client manager class
+ :param name_or_id: The resource we are trying to find
+ :param kwargs: To be used in calling .find()
+ :rtype: The found resource
+
+ This method will attempt to find a resource in a variety of ways.
+ Primarily .get() methods will be called with `name_or_id` as an integer
+ value, and tried again as a string value.
+
+ If both fail, then a .find() is attempted, which is essentially calling
+ a .list() function with a 'name' query parameter that is set to
+ `name_or_id`.
+
+ Lastly, if any kwargs are passed in, they will be treated as additional
+ query parameters. This is particularly handy in the case of finding
+ resources in a domain.
+
+ """
# Try to get entity as integer id
try:
@@ -49,7 +68,10 @@ def find_resource(manager, name_or_id):
except Exception:
pass
- kwargs = {}
+ if len(kwargs) == 0:
+ kwargs = {}
+
+ # Prepare the kwargs for calling find
if 'NAME_ATTR' in manager.resource_class.__dict__:
# novaclient does this for oddball resources
kwargs[manager.resource_class.NAME_ATTR] = name_or_id
View Lorry Controller Status