2014-05-28 11:02:12 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
#
|
2013-09-18 22:38:25 +01:00
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
# not use this file except in compliance with the License. You may obtain
|
|
|
|
|
# a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
|
# License for the specific language governing permissions and limitations
|
|
|
|
|
# under the License.
|
|
|
|
|
|
|
|
|
|
from keystoneclient.v2_0 import client as ksclient
|
|
|
|
|
|
2013-11-11 12:09:16 +01:00
|
|
|
from ironicclient.common import utils
|
2014-03-10 16:47:59 -07:00
|
|
|
from ironicclient import exc
|
|
|
|
|
from ironicclient.openstack.common import gettextutils
|
|
|
|
|
|
|
|
|
|
gettextutils.install('ironicclient')
|
2013-11-11 12:09:16 +01:00
|
|
|
|
2013-09-18 22:38:25 +01:00
|
|
|
|
|
|
|
|
def _get_ksclient(**kwargs):
|
|
|
|
|
"""Get an endpoint and auth token from Keystone.
|
|
|
|
|
|
|
|
|
|
:param kwargs: keyword args containing credentials:
|
|
|
|
|
* username: name of user
|
|
|
|
|
* password: user's password
|
|
|
|
|
* auth_url: endpoint to authenticate against
|
|
|
|
|
* insecure: allow insecure SSL (no cert verification)
|
|
|
|
|
* tenant_{name|id}: name or ID of tenant
|
|
|
|
|
"""
|
|
|
|
|
return ksclient.Client(username=kwargs.get('username'),
|
|
|
|
|
password=kwargs.get('password'),
|
|
|
|
|
tenant_id=kwargs.get('tenant_id'),
|
|
|
|
|
tenant_name=kwargs.get('tenant_name'),
|
|
|
|
|
auth_url=kwargs.get('auth_url'),
|
|
|
|
|
insecure=kwargs.get('insecure'))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _get_endpoint(client, **kwargs):
|
|
|
|
|
"""Get an endpoint using the provided keystone client."""
|
2014-09-11 20:31:46 +05:30
|
|
|
attr = None
|
|
|
|
|
filter_value = None
|
|
|
|
|
if kwargs.get('region_name'):
|
|
|
|
|
attr = 'region'
|
|
|
|
|
filter_value = kwargs.get('region_name')
|
2013-09-18 22:38:25 +01:00
|
|
|
return client.service_catalog.url_for(
|
2013-09-27 09:10:21 -07:00
|
|
|
service_type=kwargs.get('service_type') or 'baremetal',
|
2014-09-11 20:31:46 +05:30
|
|
|
attr=attr,
|
|
|
|
|
filter_value=filter_value,
|
2013-09-18 22:38:25 +01:00
|
|
|
endpoint_type=kwargs.get('endpoint_type') or 'publicURL')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_client(api_version, **kwargs):
|
2014-10-02 10:40:11 +00:00
|
|
|
"""Get an authenticated client, based on the credentials in args.
|
2013-09-18 22:38:25 +01:00
|
|
|
|
2014-04-08 17:05:55 +00:00
|
|
|
:param api_version: the API version to use. Valid value: '1'.
|
2013-09-18 22:38:25 +01:00
|
|
|
:param kwargs: keyword args containing credentials, either:
|
|
|
|
|
* os_auth_token: pre-existing token to re-use
|
|
|
|
|
* ironic_url: ironic API endpoint
|
|
|
|
|
or:
|
|
|
|
|
* os_username: name of user
|
|
|
|
|
* os_password: user's password
|
|
|
|
|
* os_auth_url: endpoint to authenticate against
|
|
|
|
|
* insecure: allow insecure SSL (no cert verification)
|
|
|
|
|
* os_tenant_{name|id}: name or ID of tenant
|
|
|
|
|
"""
|
2014-03-10 16:47:59 -07:00
|
|
|
|
2013-09-18 22:38:25 +01:00
|
|
|
if kwargs.get('os_auth_token') and kwargs.get('ironic_url'):
|
|
|
|
|
token = kwargs.get('os_auth_token')
|
|
|
|
|
endpoint = kwargs.get('ironic_url')
|
2014-06-30 09:11:40 +09:30
|
|
|
auth_ref = None
|
2013-09-18 22:38:25 +01:00
|
|
|
elif (kwargs.get('os_username') and
|
|
|
|
|
kwargs.get('os_password') and
|
|
|
|
|
kwargs.get('os_auth_url') and
|
|
|
|
|
(kwargs.get('os_tenant_id') or kwargs.get('os_tenant_name'))):
|
|
|
|
|
|
|
|
|
|
ks_kwargs = {
|
|
|
|
|
'username': kwargs.get('os_username'),
|
|
|
|
|
'password': kwargs.get('os_password'),
|
|
|
|
|
'tenant_id': kwargs.get('os_tenant_id'),
|
|
|
|
|
'tenant_name': kwargs.get('os_tenant_name'),
|
|
|
|
|
'auth_url': kwargs.get('os_auth_url'),
|
|
|
|
|
'service_type': kwargs.get('os_service_type'),
|
|
|
|
|
'endpoint_type': kwargs.get('os_endpoint_type'),
|
|
|
|
|
'insecure': kwargs.get('insecure'),
|
|
|
|
|
}
|
|
|
|
|
_ksclient = _get_ksclient(**ks_kwargs)
|
2013-10-25 16:57:52 -05:00
|
|
|
token = (kwargs.get('os_auth_token')
|
2013-09-18 22:38:25 +01:00
|
|
|
if kwargs.get('os_auth_token')
|
2013-10-25 16:57:52 -05:00
|
|
|
else _ksclient.auth_token)
|
2013-09-18 22:38:25 +01:00
|
|
|
|
2014-09-11 20:31:46 +05:30
|
|
|
ks_kwargs['region_name'] = kwargs.get('os_region_name')
|
2014-10-02 10:40:11 +00:00
|
|
|
endpoint = (kwargs.get('ironic_url') or
|
2015-03-10 14:07:06 -07:00
|
|
|
_get_endpoint(_ksclient, **ks_kwargs))
|
2014-06-30 09:11:40 +09:30
|
|
|
|
|
|
|
|
auth_ref = _ksclient.auth_ref
|
|
|
|
|
|
2014-03-10 16:47:59 -07:00
|
|
|
else:
|
|
|
|
|
e = (_('Must provide Keystone credentials or user-defined endpoint '
|
|
|
|
|
'and token'))
|
2014-08-18 09:12:18 +00:00
|
|
|
raise exc.AmbiguousAuthSystem(e)
|
2013-09-18 22:38:25 +01:00
|
|
|
|
|
|
|
|
cli_kwargs = {
|
|
|
|
|
'token': token,
|
|
|
|
|
'insecure': kwargs.get('insecure'),
|
|
|
|
|
'timeout': kwargs.get('timeout'),
|
|
|
|
|
'ca_file': kwargs.get('ca_file'),
|
|
|
|
|
'cert_file': kwargs.get('cert_file'),
|
|
|
|
|
'key_file': kwargs.get('key_file'),
|
2014-06-30 09:11:40 +09:30
|
|
|
'auth_ref': auth_ref,
|
2015-02-13 10:47:16 +08:00
|
|
|
'os_ironic_api_version': kwargs.get('os_ironic_api_version'),
|
2013-09-18 22:38:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Client(api_version, endpoint, **cli_kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def Client(version, *args, **kwargs):
|
|
|
|
|
module = utils.import_versioned_module(version, 'client')
|
|
|
|
|
client_class = getattr(module, 'Client')
|
|
|
|
|
return client_class(*args, **kwargs)
|
