0fb5b904f9
It provides a configuration property region_name_for_services which contains a default region name used to get services endpoints in the case that they are several regions Closes Bug: #1479260 Change-Id: I8ca3ee5aebd54c177b958327fdaa5906aa6a4cb2
105 lines
3.2 KiB
Python
105 lines
3.2 KiB
Python
# Copyright (c) 2014 Mirantis, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
from keystoneclient.v3 import client as ks_client
|
|
from oslo_config import cfg
|
|
from oslo_utils import importutils
|
|
|
|
|
|
def get_client(token, tenant_id):
|
|
settings = _get_keystone_settings()
|
|
kwargs = {
|
|
'token': token,
|
|
'tenant_id': tenant_id,
|
|
'auth_url': settings['auth_url']
|
|
}
|
|
kwargs.update(settings['ssl'])
|
|
|
|
kwargs['region_name'] = settings['region_name']
|
|
keystone = ks_client.Client(**kwargs)
|
|
keystone.management_url = settings['auth_url']
|
|
|
|
return keystone
|
|
|
|
|
|
def get_client_for_admin(project_name):
|
|
return _admin_client(project_name=project_name)
|
|
|
|
|
|
def _admin_client(trust_id=None, project_name=None):
|
|
settings = _get_keystone_settings()
|
|
|
|
kwargs = {
|
|
'project_name': project_name,
|
|
'trust_id': trust_id
|
|
}
|
|
for key in ('username', 'password', 'auth_url'):
|
|
kwargs[key] = settings[key]
|
|
kwargs.update(settings['ssl'])
|
|
kwargs['region_name'] = settings['region_name']
|
|
|
|
client = ks_client.Client(**kwargs)
|
|
|
|
# without resetting this attributes keystone client cannot re-authenticate
|
|
client.project_id = None
|
|
client.project_name = None
|
|
|
|
client.management_url = settings['auth_url']
|
|
|
|
return client
|
|
|
|
|
|
def get_client_for_trusts(trust_id):
|
|
return _admin_client(trust_id)
|
|
|
|
|
|
def create_trust(token, tenant_id):
|
|
client = get_client(token, tenant_id)
|
|
|
|
settings = _get_keystone_settings()
|
|
trustee_id = get_client_for_admin(
|
|
settings['project_name']).user_id
|
|
|
|
roles = [t['name'] for t in client.auth_ref['roles']]
|
|
trust = client.trusts.create(trustor_user=client.user_id,
|
|
trustee_user=trustee_id,
|
|
impersonation=True,
|
|
role_names=roles,
|
|
project=tenant_id)
|
|
|
|
return trust.id
|
|
|
|
|
|
def delete_trust(trust_id):
|
|
keystone_client = get_client_for_trusts(trust_id)
|
|
keystone_client.trusts.delete(trust_id)
|
|
|
|
|
|
def _get_keystone_settings():
|
|
importutils.import_module('keystonemiddleware.auth_token')
|
|
return {
|
|
'auth_url': cfg.CONF.keystone_authtoken.auth_uri.replace('v2.0', 'v3'),
|
|
'username': cfg.CONF.keystone_authtoken.admin_user,
|
|
'password': cfg.CONF.keystone_authtoken.admin_password,
|
|
'project_name': cfg.CONF.keystone_authtoken.admin_tenant_name,
|
|
'ssl': {
|
|
'cacert': cfg.CONF.keystone.ca_file,
|
|
'insecure': cfg.CONF.keystone.insecure,
|
|
'cert': cfg.CONF.keystone.cert_file,
|
|
'key': cfg.CONF.keystone.key_file,
|
|
},
|
|
'region_name': cfg.CONF.murano.region_name_for_services
|
|
}
|