Implements v3 auth client.
Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
This commit is contained in:
parent
8c18672504
commit
7ef052f7b8
@ -20,13 +20,41 @@ import datetime
|
|||||||
from keystoneclient.openstack.common import timeutils
|
from keystoneclient.openstack.common import timeutils
|
||||||
from keystoneclient import service_catalog
|
from keystoneclient import service_catalog
|
||||||
|
|
||||||
|
|
||||||
# gap, in seconds, to determine whether the given token is about to expire
|
# gap, in seconds, to determine whether the given token is about to expire
|
||||||
STALE_TOKEN_DURATION = 30
|
STALE_TOKEN_DURATION = 30
|
||||||
|
|
||||||
|
|
||||||
class AccessInfo(dict):
|
class AccessInfo(dict):
|
||||||
"""An object for encapsulating a raw authentication token from keystone
|
"""Encapsulates a raw authentication token from keystone.
|
||||||
and helper methods for extracting useful values from that token."""
|
|
||||||
|
Provides helper methods for extracting useful values from that token.
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def factory(cls, resp=None, body=None, **kwargs):
|
||||||
|
"""Create AccessInfo object given a successful auth response & body
|
||||||
|
or a user-provided dict.
|
||||||
|
"""
|
||||||
|
if body is not None or len(kwargs):
|
||||||
|
if AccessInfoV3.is_valid(body, **kwargs):
|
||||||
|
token = None
|
||||||
|
if resp:
|
||||||
|
token = resp.headers['X-Subject-Token']
|
||||||
|
if body:
|
||||||
|
return AccessInfoV3(token, **body['token'])
|
||||||
|
else:
|
||||||
|
return AccessInfoV3(token, **kwargs)
|
||||||
|
elif AccessInfoV2.is_valid(body, **kwargs):
|
||||||
|
if body:
|
||||||
|
return AccessInfoV2(**body['access'])
|
||||||
|
else:
|
||||||
|
return AccessInfoV2(**kwargs)
|
||||||
|
else:
|
||||||
|
raise NotImplementedError('Unrecognized auth response')
|
||||||
|
else:
|
||||||
|
return AccessInfoV2(**kwargs)
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
super(AccessInfo, self).__init__(*args, **kwargs)
|
super(AccessInfo, self).__init__(*args, **kwargs)
|
||||||
@ -37,7 +65,7 @@ class AccessInfo(dict):
|
|||||||
return 'serviceCatalog' in self
|
return 'serviceCatalog' in self
|
||||||
|
|
||||||
def will_expire_soon(self, stale_duration=None):
|
def will_expire_soon(self, stale_duration=None):
|
||||||
""" Determines if expiration is about to occur.
|
"""Determines if expiration is about to occur.
|
||||||
|
|
||||||
:return: boolean : true if expiration is within the given duration
|
:return: boolean : true if expiration is within the given duration
|
||||||
|
|
||||||
@ -51,71 +79,243 @@ class AccessInfo(dict):
|
|||||||
seconds=stale_duration))
|
seconds=stale_duration))
|
||||||
return norm_expires < soon
|
return norm_expires < soon
|
||||||
|
|
||||||
@property
|
@classmethod
|
||||||
def expires(self):
|
def is_valid(cls, body, **kwargs):
|
||||||
""" Returns the token expiration (as datetime object)
|
"""Determines if processing v2 or v3 token given a successful
|
||||||
|
auth body or a user-provided dict.
|
||||||
:returns: datetime
|
|
||||||
|
|
||||||
|
:return: boolean : true if auth body matches implementing class
|
||||||
"""
|
"""
|
||||||
return timeutils.parse_isotime(self['token']['expires'])
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
def has_service_catalog(self):
|
||||||
|
"""Returns true if the authorization token has a service catalog.
|
||||||
|
|
||||||
|
:returns: boolean
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def auth_token(self):
|
def auth_token(self):
|
||||||
""" Returns the token_id associated with the auth request, to be used
|
"""Returns the token_id associated with the auth request, to be used
|
||||||
in headers for authenticating OpenStack API requests.
|
in headers for authenticating OpenStack API requests.
|
||||||
|
|
||||||
:returns: str
|
:returns: str
|
||||||
"""
|
"""
|
||||||
return self['token'].get('id', None)
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def expires(self):
|
||||||
|
"""Returns the token expiration (as datetime object)
|
||||||
|
|
||||||
|
:returns: datetime
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def username(self):
|
def username(self):
|
||||||
""" Returns the username associated with the authentication request.
|
"""Returns the username associated with the authentication request.
|
||||||
Follows the pattern defined in the V2 API of first looking for 'name',
|
Follows the pattern defined in the V2 API of first looking for 'name',
|
||||||
returning that if available, and falling back to 'username' if name
|
returning that if available, and falling back to 'username' if name
|
||||||
is unavailable.
|
is unavailable.
|
||||||
|
|
||||||
:returns: str
|
:returns: str
|
||||||
"""
|
"""
|
||||||
name = self['user'].get('name', None)
|
raise NotImplementedError()
|
||||||
if name:
|
|
||||||
return name
|
|
||||||
else:
|
|
||||||
return self['user'].get('username', None)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def user_id(self):
|
def user_id(self):
|
||||||
""" Returns the user id associated with the authentication request.
|
"""Returns the user id associated with the authentication request.
|
||||||
|
|
||||||
:returns: str
|
:returns: str
|
||||||
"""
|
"""
|
||||||
return self['user'].get('id', None)
|
raise NotImplementedError()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def tenant_name(self):
|
def user_domain_id(self):
|
||||||
""" Returns the tenant (project) name associated with the
|
"""Returns the domain id of the user associated with the authentication
|
||||||
authentication request.
|
request.
|
||||||
|
|
||||||
|
For v2, it always returns 'default' which maybe different from the
|
||||||
|
Keystone configuration.
|
||||||
:returns: str
|
:returns: str
|
||||||
"""
|
"""
|
||||||
tenant_dict = self['token'].get('tenant', None)
|
raise NotImplementedError()
|
||||||
if tenant_dict:
|
|
||||||
return tenant_dict.get('name', None)
|
@property
|
||||||
return None
|
def domain_name(self):
|
||||||
|
"""Returns the domain name associated with the authentication token.
|
||||||
|
|
||||||
|
:returns: str or None (if no domain associated with the token)
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_id(self):
|
||||||
|
"""Returns the domain id associated with the authentication token.
|
||||||
|
|
||||||
|
:returns: str or None (if no domain associated with the token)
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def project_name(self):
|
def project_name(self):
|
||||||
""" Synonym for tenant_name """
|
"""Returns the project name associated with the authentication request.
|
||||||
return self.tenant_name
|
|
||||||
|
:returns: str or None (if no project associated with the token)
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def tenant_name(self):
|
||||||
|
"""Synonym for project_name"""
|
||||||
|
return self.project_name
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def scoped(self):
|
def scoped(self):
|
||||||
""" Returns true if the authorization token was scoped to a tenant
|
""" Returns true if the authorization token was scoped to a tenant
|
||||||
(project), and contains a populated service catalog.
|
(project), and contains a populated service catalog.
|
||||||
|
|
||||||
|
This is deprecated, use project_scoped instead.
|
||||||
|
|
||||||
:returns: bool
|
:returns: bool
|
||||||
"""
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_scoped(self):
|
||||||
|
""" Returns true if the authorization token was scoped to a tenant
|
||||||
|
(project).
|
||||||
|
|
||||||
|
:returns: bool
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_scoped(self):
|
||||||
|
""" Returns true if the authorization token was scoped to a domain.
|
||||||
|
|
||||||
|
:returns: bool
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_id(self):
|
||||||
|
"""Returns the project ID associated with the authentication
|
||||||
|
request, or None if the authentication request wasn't scoped to a
|
||||||
|
project.
|
||||||
|
|
||||||
|
:returns: str or None ((if no project associated with the token)
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def tenant_id(self):
|
||||||
|
"""Synonym for project_id """
|
||||||
|
return self.project_id
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_domain_id(self):
|
||||||
|
"""Returns the domain id of the project associated with the
|
||||||
|
authentication request.
|
||||||
|
|
||||||
|
For v2, it always returns 'default' which maybe different from the
|
||||||
|
keystone configuration.
|
||||||
|
:returns: str
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_url(self):
|
||||||
|
"""Returns a tuple of URLs from publicURL and adminURL for the service
|
||||||
|
'identity' from the service catalog associated with the authorization
|
||||||
|
request. If the authentication request wasn't scoped to a tenant
|
||||||
|
(project), this property will return None.
|
||||||
|
|
||||||
|
:returns: tuple of urls
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def management_url(self):
|
||||||
|
"""Returns the first adminURL for 'identity' from the service catalog
|
||||||
|
associated with the authorization request, or None if the
|
||||||
|
authentication request wasn't scoped to a tenant (project).
|
||||||
|
|
||||||
|
:returns: tuple of urls
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def version(self):
|
||||||
|
"""Returns the version of the auth token from identity service.
|
||||||
|
|
||||||
|
:returns: str
|
||||||
|
"""
|
||||||
|
return self.get('version')
|
||||||
|
|
||||||
|
|
||||||
|
class AccessInfoV2(AccessInfo):
|
||||||
|
"""An object for encapsulating a raw v2 auth token from identity
|
||||||
|
service.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super(AccessInfo, self).__init__(*args, **kwargs)
|
||||||
|
self.update(version='v2.0')
|
||||||
|
self.service_catalog = service_catalog.ServiceCatalog.factory(
|
||||||
|
resource_dict=self,
|
||||||
|
token=self['token']['id'],
|
||||||
|
region_name=self.get('region_name'))
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def is_valid(cls, body, **kwargs):
|
||||||
|
if body:
|
||||||
|
return 'access' in body
|
||||||
|
elif kwargs:
|
||||||
|
return kwargs.get('version') == 'v2.0'
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
def has_service_catalog(self):
|
||||||
|
return 'serviceCatalog' in self
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_token(self):
|
||||||
|
return self['token']['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def expires(self):
|
||||||
|
return timeutils.parse_isotime(self['token']['expires'])
|
||||||
|
|
||||||
|
@property
|
||||||
|
def username(self):
|
||||||
|
return self['user'].get('name', self['user'].get('username'))
|
||||||
|
|
||||||
|
@property
|
||||||
|
def user_id(self):
|
||||||
|
return self['user']['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def user_domain_id(self):
|
||||||
|
return 'default'
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_name(self):
|
||||||
|
return None
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_id(self):
|
||||||
|
return None
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_name(self):
|
||||||
|
tenant_dict = self['token'].get('tenant', None)
|
||||||
|
if tenant_dict:
|
||||||
|
return tenant_dict.get('name', None)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def scoped(self):
|
||||||
if ('serviceCatalog' in self
|
if ('serviceCatalog' in self
|
||||||
and self['serviceCatalog']
|
and self['serviceCatalog']
|
||||||
and 'tenant' in self['token']):
|
and 'tenant' in self['token']):
|
||||||
@ -123,51 +323,143 @@ class AccessInfo(dict):
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def tenant_id(self):
|
def project_scoped(self):
|
||||||
""" Returns the tenant (project) id associated with the authentication
|
return 'tenant' in self['token']
|
||||||
request, or None if the authentication request wasn't scoped to a
|
|
||||||
tenant (project).
|
|
||||||
|
|
||||||
:returns: str
|
@property
|
||||||
"""
|
def domain_scoped(self):
|
||||||
|
return False
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_id(self):
|
||||||
tenant_dict = self['token'].get('tenant', None)
|
tenant_dict = self['token'].get('tenant', None)
|
||||||
if tenant_dict:
|
if tenant_dict:
|
||||||
return tenant_dict.get('id', None)
|
return tenant_dict.get('id', None)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def project_id(self):
|
def project_domain_id(self):
|
||||||
""" Synonym for project_id """
|
if self.project_id:
|
||||||
return self.tenant_id
|
return 'default'
|
||||||
|
|
||||||
def _get_identity_endpoint(self, endpoint_type):
|
|
||||||
if not self.get('serviceCatalog'):
|
|
||||||
return
|
|
||||||
|
|
||||||
identity_services = [x for x in self['serviceCatalog']
|
|
||||||
if x['type'] == 'identity']
|
|
||||||
return tuple(endpoint[endpoint_type]
|
|
||||||
for svc in identity_services
|
|
||||||
for endpoint in svc['endpoints']
|
|
||||||
if endpoint_type in endpoint)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def auth_url(self):
|
def auth_url(self):
|
||||||
""" Returns a tuple of URLs from publicURL and adminURL for the service
|
if self.service_catalog:
|
||||||
'identity' from the service catalog associated with the authorization
|
return self.service_catalog.get_urls(service_type='identity',
|
||||||
request. If the authentication request wasn't scoped to a tenant
|
endpoint_type='publicURL')
|
||||||
(project), this property will return None.
|
else:
|
||||||
|
return None
|
||||||
:returns: tuple of urls
|
|
||||||
"""
|
|
||||||
return self._get_identity_endpoint('publicURL')
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def management_url(self):
|
def management_url(self):
|
||||||
""" Returns the first adminURL for 'identity' from the service catalog
|
if self.service_catalog:
|
||||||
associated with the authorization request, or None if the
|
return self.service_catalog.get_urls(service_type='identity',
|
||||||
authentication request wasn't scoped to a tenant (project).
|
endpoint_type='adminURL')
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
:returns: tuple of urls
|
|
||||||
"""
|
class AccessInfoV3(AccessInfo):
|
||||||
return self._get_identity_endpoint('adminURL')
|
"""An object for encapsulating a raw v3 auth token from identity
|
||||||
|
service.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, token, *args, **kwargs):
|
||||||
|
super(AccessInfo, self).__init__(*args, **kwargs)
|
||||||
|
self.update(version='v3')
|
||||||
|
self.service_catalog = service_catalog.ServiceCatalog.factory(
|
||||||
|
resource_dict=self,
|
||||||
|
token=token,
|
||||||
|
region_name=self.get('region_name'))
|
||||||
|
if token:
|
||||||
|
self.update(auth_token=token)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def is_valid(cls, body, **kwargs):
|
||||||
|
if body:
|
||||||
|
return 'token' in body
|
||||||
|
elif kwargs:
|
||||||
|
return kwargs.get('version') == 'v3'
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
def has_service_catalog(self):
|
||||||
|
return 'catalog' in self
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_token(self):
|
||||||
|
return self['auth_token']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def expires(self):
|
||||||
|
return timeutils.parse_isotime(self['expires_at'])
|
||||||
|
|
||||||
|
@property
|
||||||
|
def user_id(self):
|
||||||
|
return self['user']['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def user_domain_id(self):
|
||||||
|
return self['user']['domain']['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def username(self):
|
||||||
|
return self['user']['name']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_name(self):
|
||||||
|
domain = self.get('domain')
|
||||||
|
if domain:
|
||||||
|
return domain['name']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_id(self):
|
||||||
|
domain = self.get('domain')
|
||||||
|
if domain:
|
||||||
|
return domain['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_id(self):
|
||||||
|
project = self.get('project')
|
||||||
|
if project:
|
||||||
|
return project['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_domain_id(self):
|
||||||
|
project = self.get('project')
|
||||||
|
if project:
|
||||||
|
return project['domain']['id']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_name(self):
|
||||||
|
project = self.get('project')
|
||||||
|
if project:
|
||||||
|
return project['name']
|
||||||
|
|
||||||
|
@property
|
||||||
|
def scoped(self):
|
||||||
|
return ('catalog' in self and self['catalog'] and 'project' in self)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_scoped(self):
|
||||||
|
return 'project' in self
|
||||||
|
|
||||||
|
@property
|
||||||
|
def domain_scoped(self):
|
||||||
|
return 'domain' in self
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_url(self):
|
||||||
|
if self.service_catalog:
|
||||||
|
return self.service_catalog.get_urls(service_type='identity',
|
||||||
|
endpoint_type='public')
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
|
@property
|
||||||
|
def management_url(self):
|
||||||
|
if self.service_catalog:
|
||||||
|
return self.service_catalog.get_urls(service_type='identity',
|
||||||
|
endpoint_type='admin')
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
@ -23,9 +23,15 @@ from keystoneclient import exceptions
|
|||||||
class ServiceCatalog(object):
|
class ServiceCatalog(object):
|
||||||
"""Helper methods for dealing with a Keystone Service Catalog."""
|
"""Helper methods for dealing with a Keystone Service Catalog."""
|
||||||
|
|
||||||
def __init__(self, resource_dict, region_name=None):
|
@classmethod
|
||||||
self.catalog = resource_dict
|
def factory(cls, resource_dict, token=None, region_name=None):
|
||||||
self.region_name = region_name
|
"""Create ServiceCatalog object given a auth token."""
|
||||||
|
if ServiceCatalogV3.is_valid(resource_dict):
|
||||||
|
return ServiceCatalogV3(token, resource_dict, region_name)
|
||||||
|
elif ServiceCatalogV2.is_valid(resource_dict):
|
||||||
|
return ServiceCatalogV2(resource_dict, region_name)
|
||||||
|
else:
|
||||||
|
raise NotImplementedError('Unrecognized auth response')
|
||||||
|
|
||||||
def get_token(self):
|
def get_token(self):
|
||||||
"""Fetch token details from service catalog.
|
"""Fetch token details from service catalog.
|
||||||
@ -36,8 +42,71 @@ class ServiceCatalog(object):
|
|||||||
- `expires`: Token's expiration
|
- `expires`: Token's expiration
|
||||||
- `user_id`: Authenticated user's ID
|
- `user_id`: Authenticated user's ID
|
||||||
- `tenant_id`: Authorized project's ID
|
- `tenant_id`: Authorized project's ID
|
||||||
|
- `domain_id`: Authorized domain's ID
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
def get_endpoints(self, service_type=None, endpoint_type=None):
|
||||||
|
"""Fetch and filter endpoints for the specified service(s).
|
||||||
|
|
||||||
|
Returns endpoints for the specified service (or all) and
|
||||||
|
that contain the specified type (or all).
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
def get_urls(self, attr=None, filter_value=None,
|
||||||
|
service_type='identity', endpoint_type='publicURL'):
|
||||||
|
"""Fetch endpoint urls from the service catalog.
|
||||||
|
|
||||||
|
Fetch the endpoints from the service catalog for a particular
|
||||||
|
endpoint attribute. If no attribute is given, return the first
|
||||||
|
endpoint of the specified type.
|
||||||
|
|
||||||
|
:param string attr: Endpoint attribute name.
|
||||||
|
:param string filter_value: Endpoint attribute value.
|
||||||
|
:param string service_type: Service type of the endpoint.
|
||||||
|
:param string endpoint_type: Type of endpoint.
|
||||||
|
Possible values: public or publicURL,
|
||||||
|
internal or internalURL,
|
||||||
|
admin or adminURL
|
||||||
|
:param string region_name: Region of the endpoint.
|
||||||
|
|
||||||
|
:returns: tuple of urls or None (if no match found)
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
def url_for(self, attr=None, filter_value=None,
|
||||||
|
service_type='identity', endpoint_type='publicURL'):
|
||||||
|
"""Fetch an endpoint from the service catalog.
|
||||||
|
|
||||||
|
Fetch the specified endpoint from the service catalog for
|
||||||
|
a particular endpoint attribute. If no attribute is given, return
|
||||||
|
the first endpoint of the specified type.
|
||||||
|
|
||||||
|
Valid endpoint types: `public` or `publicURL`,
|
||||||
|
`internal` or `internalURL`,
|
||||||
|
`admin` or 'adminURL`
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
|
||||||
|
class ServiceCatalogV2(ServiceCatalog):
|
||||||
|
"""An object for encapsulating the service catalog using raw v2 auth token
|
||||||
|
from Keystone."""
|
||||||
|
|
||||||
|
def __init__(self, resource_dict, region_name=None):
|
||||||
|
self.catalog = resource_dict
|
||||||
|
self.region_name = region_name
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def is_valid(cls, resource_dict):
|
||||||
|
# This class is also used for reading token info of an unscoped token.
|
||||||
|
# Unscoped token does not have 'serviceCatalog' in V2, checking this
|
||||||
|
# will not work. Use 'token' attribute instead.
|
||||||
|
return 'token' in resource_dict
|
||||||
|
|
||||||
|
def get_token(self):
|
||||||
token = {'id': self.catalog['token']['id'],
|
token = {'id': self.catalog['token']['id'],
|
||||||
'expires': self.catalog['token']['expires']}
|
'expires': self.catalog['token']['expires']}
|
||||||
try:
|
try:
|
||||||
@ -48,23 +117,50 @@ class ServiceCatalog(object):
|
|||||||
pass
|
pass
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
def get_endpoints(self, service_type=None, endpoint_type=None):
|
||||||
|
if endpoint_type and 'URL' not in endpoint_type:
|
||||||
|
endpoint_type = endpoint_type + 'URL'
|
||||||
|
|
||||||
|
sc = {}
|
||||||
|
for service in self.catalog.get('serviceCatalog', []):
|
||||||
|
if service_type and service_type != service['type']:
|
||||||
|
continue
|
||||||
|
sc[service['type']] = []
|
||||||
|
for endpoint in service['endpoints']:
|
||||||
|
if endpoint_type and endpoint_type not in endpoint.keys():
|
||||||
|
continue
|
||||||
|
sc[service['type']].append(endpoint)
|
||||||
|
return sc
|
||||||
|
|
||||||
|
def get_urls(self, attr=None, filter_value=None,
|
||||||
|
service_type='identity', endpoint_type='publicURL'):
|
||||||
|
sc_endpoints = self.get_endpoints(service_type=service_type,
|
||||||
|
endpoint_type=endpoint_type)
|
||||||
|
endpoints = sc_endpoints.get(service_type)
|
||||||
|
if not endpoints:
|
||||||
|
return
|
||||||
|
|
||||||
|
if endpoint_type and 'URL' not in endpoint_type:
|
||||||
|
endpoint_type = endpoint_type + 'URL'
|
||||||
|
|
||||||
|
return tuple(endpoint[endpoint_type]
|
||||||
|
for endpoint in endpoints
|
||||||
|
if (endpoint_type in endpoint
|
||||||
|
and (not self.region_name
|
||||||
|
or endpoint.get('region') == self.region_name)
|
||||||
|
and (not filter_value
|
||||||
|
or endpoint.get(attr) == filter_value)))
|
||||||
|
|
||||||
def url_for(self, attr=None, filter_value=None,
|
def url_for(self, attr=None, filter_value=None,
|
||||||
service_type='identity', endpoint_type='publicURL'):
|
service_type='identity', endpoint_type='publicURL'):
|
||||||
"""Fetch an endpoint from the service catalog.
|
|
||||||
|
|
||||||
Fetch the specified endpoint from the service catalog for
|
|
||||||
a particular endpoint attribute. If no attribute is given, return
|
|
||||||
the first endpoint of the specified type.
|
|
||||||
|
|
||||||
Valid endpoint types: `publicURL`, `internalURL`, `adminURL`
|
|
||||||
|
|
||||||
See tests for a sample service catalog.
|
|
||||||
"""
|
|
||||||
catalog = self.catalog.get('serviceCatalog', [])
|
catalog = self.catalog.get('serviceCatalog', [])
|
||||||
|
|
||||||
if not catalog:
|
if not catalog:
|
||||||
raise exceptions.EmptyCatalog('The service catalog is empty.')
|
raise exceptions.EmptyCatalog('The service catalog is empty.')
|
||||||
|
|
||||||
|
if 'URL' not in endpoint_type:
|
||||||
|
endpoint_type = endpoint_type + 'URL'
|
||||||
|
|
||||||
for service in catalog:
|
for service in catalog:
|
||||||
if service['type'] != service_type:
|
if service['type'] != service_type:
|
||||||
continue
|
continue
|
||||||
@ -80,19 +176,96 @@ class ServiceCatalog(object):
|
|||||||
raise exceptions.EndpointNotFound('%s endpoint for %s not found.' %
|
raise exceptions.EndpointNotFound('%s endpoint for %s not found.' %
|
||||||
(endpoint_type, service_type))
|
(endpoint_type, service_type))
|
||||||
|
|
||||||
def get_endpoints(self, service_type=None, endpoint_type=None):
|
|
||||||
"""Fetch and filter endpoints for the specified service(s).
|
|
||||||
|
|
||||||
Returns endpoints for the specified service (or all) and
|
class ServiceCatalogV3(ServiceCatalog):
|
||||||
that contain the specified type (or all).
|
"""An object for encapsulating the service catalog using raw v3 auth token
|
||||||
"""
|
from Keystone."""
|
||||||
|
|
||||||
|
def __init__(self, token, resource_dict, region_name=None):
|
||||||
|
self._auth_token = token
|
||||||
|
self.catalog = resource_dict
|
||||||
|
self.region_name = region_name
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def is_valid(cls, resource_dict):
|
||||||
|
# This class is also used for reading token info of an unscoped token.
|
||||||
|
# Unscoped token does not have 'catalog', checking this
|
||||||
|
# will not work. Use 'methods' attribute instead.
|
||||||
|
return 'methods' in resource_dict
|
||||||
|
|
||||||
|
def get_token(self):
|
||||||
|
token = {'id': self._auth_token,
|
||||||
|
'expires': self.catalog['expires_at']}
|
||||||
|
try:
|
||||||
|
token['user_id'] = self.catalog['user']['id']
|
||||||
|
domain = self.catalog.get('domain')
|
||||||
|
if domain:
|
||||||
|
token['domain_id'] = domain['id']
|
||||||
|
project = self.catalog.get('project')
|
||||||
|
if project:
|
||||||
|
token['tenant_id'] = project['id']
|
||||||
|
except Exception:
|
||||||
|
# just leave the domain, project and user out if it doesn't exist
|
||||||
|
pass
|
||||||
|
return token
|
||||||
|
|
||||||
|
def get_endpoints(self, service_type=None, endpoint_type=None):
|
||||||
|
if endpoint_type:
|
||||||
|
endpoint_type = endpoint_type.rstrip('URL')
|
||||||
sc = {}
|
sc = {}
|
||||||
for service in self.catalog.get('serviceCatalog', []):
|
for service in self.catalog.get('catalog', []):
|
||||||
if service_type and service_type != service['type']:
|
if service_type and service_type != service['type']:
|
||||||
continue
|
continue
|
||||||
sc[service['type']] = []
|
sc[service['type']] = []
|
||||||
for endpoint in service['endpoints']:
|
for endpoint in service['endpoints']:
|
||||||
if endpoint_type and endpoint_type not in endpoint.keys():
|
if endpoint_type and endpoint_type != endpoint['interface']:
|
||||||
continue
|
continue
|
||||||
sc[service['type']].append(endpoint)
|
sc[service['type']].append(endpoint)
|
||||||
return sc
|
return sc
|
||||||
|
|
||||||
|
def get_urls(self, attr=None, filter_value=None,
|
||||||
|
service_type='identity', endpoint_type='public'):
|
||||||
|
if endpoint_type:
|
||||||
|
endpoint_type = endpoint_type.rstrip('URL')
|
||||||
|
sc_endpoints = self.get_endpoints(service_type=service_type,
|
||||||
|
endpoint_type=endpoint_type)
|
||||||
|
endpoints = sc_endpoints.get(service_type)
|
||||||
|
if not endpoints:
|
||||||
|
return None
|
||||||
|
|
||||||
|
urls = list()
|
||||||
|
for endpoint in endpoints:
|
||||||
|
if (endpoint['interface'] == endpoint_type
|
||||||
|
and (not self.region_name
|
||||||
|
or endpoint.get('region') == self.region_name)
|
||||||
|
and (not filter_value
|
||||||
|
or endpoint.get(attr) == filter_value)):
|
||||||
|
urls.append(endpoint['url'])
|
||||||
|
return tuple(urls)
|
||||||
|
|
||||||
|
def url_for(self, attr=None, filter_value=None,
|
||||||
|
service_type='identity', endpoint_type='public'):
|
||||||
|
catalog = self.catalog.get('catalog', [])
|
||||||
|
|
||||||
|
if not catalog:
|
||||||
|
raise exceptions.EmptyCatalog('The service catalog is empty.')
|
||||||
|
|
||||||
|
if endpoint_type:
|
||||||
|
endpoint_type = endpoint_type.rstrip('URL')
|
||||||
|
|
||||||
|
for service in catalog:
|
||||||
|
if service['type'] != service_type:
|
||||||
|
continue
|
||||||
|
|
||||||
|
endpoints = service['endpoints']
|
||||||
|
for endpoint in endpoints:
|
||||||
|
if endpoint.get('interface') != endpoint_type:
|
||||||
|
continue
|
||||||
|
if (self.region_name and
|
||||||
|
endpoint.get('region') != self.region_name):
|
||||||
|
continue
|
||||||
|
if not filter_value or endpoint.get(attr) == filter_value:
|
||||||
|
return endpoint['url']
|
||||||
|
|
||||||
|
raise exceptions.EndpointNotFound('%s endpoint for %s not found.' %
|
||||||
|
(endpoint_type, service_type))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user