2013-09-18 22:38:25 +01:00
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
# not use this file except in compliance with the License. You may obtain
|
|
|
|
|
# a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
|
# License for the specific language governing permissions and limitations
|
|
|
|
|
# under the License.
|
|
|
|
|
|
2016-02-03 16:20:06 +02:00
|
|
|
from keystoneauth1 import loading as kaloading
|
2016-11-02 11:22:37 +08:00
|
|
|
from oslo_utils import importutils
|
2013-09-18 22:38:25 +01:00
|
|
|
|
2015-03-10 00:31:46 +01:00
|
|
|
from ironicclient.common.i18n import _
|
2014-03-10 16:47:59 -07:00
|
|
|
from ironicclient import exc
|
2013-11-11 12:09:16 +01:00
|
|
|
|
2013-09-18 22:38:25 +01:00
|
|
|
|
2016-02-03 16:20:06 +02:00
|
|
|
def get_client(api_version, os_auth_token=None, ironic_url=None,
|
|
|
|
|
os_username=None, os_password=None, os_auth_url=None,
|
|
|
|
|
os_project_id=None, os_project_name=None, os_tenant_id=None,
|
|
|
|
|
os_tenant_name=None, os_region_name=None,
|
|
|
|
|
os_user_domain_id=None, os_user_domain_name=None,
|
|
|
|
|
os_project_domain_id=None, os_project_domain_name=None,
|
|
|
|
|
os_service_type=None, os_endpoint_type=None,
|
|
|
|
|
insecure=None, timeout=None, os_cacert=None, ca_file=None,
|
|
|
|
|
os_cert=None, cert_file=None, os_key=None, key_file=None,
|
|
|
|
|
os_ironic_api_version=None, max_retries=None,
|
|
|
|
|
retry_interval=None, session=None, **ignored_kwargs):
|
|
|
|
|
"""Get an authenticated client, based on the credentials.
|
2013-09-18 22:38:25 +01:00
|
|
|
|
2014-04-08 17:05:55 +00:00
|
|
|
:param api_version: the API version to use. Valid value: '1'.
|
2016-02-03 16:20:06 +02:00
|
|
|
:param os_auth_token: pre-existing token to re-use
|
|
|
|
|
:param ironic_url: ironic API endpoint
|
|
|
|
|
:param os_username: name of a user
|
|
|
|
|
:param os_password: user's password
|
|
|
|
|
:param os_auth_url: endpoint to authenticate against
|
|
|
|
|
:param os_tenant_name: name of a tenant (deprecated in favour of
|
|
|
|
|
os_project_name)
|
|
|
|
|
:param os_tenant_id: ID of a tenant (deprecated in favour of
|
|
|
|
|
os_project_id)
|
|
|
|
|
:param os_project_name: name of a project
|
|
|
|
|
:param os_project_id: ID of a project
|
|
|
|
|
:param os_region_name: name of a keystone region
|
|
|
|
|
:param os_user_domain_name: name of a domain the user belongs to
|
|
|
|
|
:param os_user_domain_id: ID of a domain the user belongs to
|
|
|
|
|
:param os_project_domain_name: name of a domain the project belongs to
|
|
|
|
|
:param os_project_domain_id: ID of a domain the project belongs to
|
|
|
|
|
:param os_service_type: the type of service to lookup the endpoint for
|
|
|
|
|
:param os_endpoint_type: the type (exposure) of the endpoint
|
|
|
|
|
:param insecure: allow insecure SSL (no cert verification)
|
|
|
|
|
:param timeout: allows customization of the timeout for client HTTP
|
|
|
|
|
requests
|
|
|
|
|
:param os_cacert: path to cacert file
|
|
|
|
|
:param ca_file: path to cacert file, deprecated in favour of os_cacert
|
|
|
|
|
:param os_cert: path to cert file
|
|
|
|
|
:param cert_file: path to cert file, deprecated in favour of os_cert
|
|
|
|
|
:param os_key: path to key file
|
|
|
|
|
:param key_file: path to key file, deprecated in favour of os_key
|
2018-01-04 02:14:08 -08:00
|
|
|
:param os_ironic_api_version: ironic API version to use or a list of
|
|
|
|
|
available API versions to attempt to negotiate.
|
2016-02-03 16:20:06 +02:00
|
|
|
:param max_retries: Maximum number of retries in case of conflict error
|
|
|
|
|
:param retry_interval: Amount of time (in seconds) between retries in case
|
|
|
|
|
of conflict error
|
|
|
|
|
:param session: Keystone session to use
|
|
|
|
|
:param ignored_kwargs: all the other params that are passed. Left for
|
|
|
|
|
backwards compatibility. They are ignored.
|
2013-09-18 22:38:25 +01:00
|
|
|
"""
|
2018-01-02 21:46:59 -08:00
|
|
|
# TODO(TheJulia): At some point, we should consider possibly noting
|
|
|
|
|
# the "latest" flag for os_ironic_api_version to cause the client to
|
|
|
|
|
# auto-negotiate to the greatest available version, however we do not
|
|
|
|
|
# have the ability yet for a caller to cap the version, and will hold
|
|
|
|
|
# off doing so until then.
|
2016-02-03 16:20:06 +02:00
|
|
|
os_service_type = os_service_type or 'baremetal'
|
|
|
|
|
os_endpoint_type = os_endpoint_type or 'publicURL'
|
|
|
|
|
project_id = (os_project_id or os_tenant_id)
|
|
|
|
|
project_name = (os_project_name or os_tenant_name)
|
|
|
|
|
kwargs = {
|
|
|
|
|
'os_ironic_api_version': os_ironic_api_version,
|
|
|
|
|
'max_retries': max_retries,
|
|
|
|
|
'retry_interval': retry_interval,
|
2013-09-18 22:38:25 +01:00
|
|
|
}
|
2016-02-03 16:20:06 +02:00
|
|
|
endpoint = ironic_url
|
|
|
|
|
cacert = os_cacert or ca_file
|
|
|
|
|
cert = os_cert or cert_file
|
|
|
|
|
key = os_key or key_file
|
|
|
|
|
if os_auth_token and endpoint:
|
|
|
|
|
kwargs.update({
|
|
|
|
|
'token': os_auth_token,
|
|
|
|
|
'insecure': insecure,
|
|
|
|
|
'ca_file': cacert,
|
|
|
|
|
'cert_file': cert,
|
|
|
|
|
'key_file': key,
|
|
|
|
|
'timeout': timeout,
|
|
|
|
|
})
|
|
|
|
|
elif os_auth_url:
|
|
|
|
|
auth_type = 'password'
|
|
|
|
|
auth_kwargs = {
|
|
|
|
|
'auth_url': os_auth_url,
|
|
|
|
|
'project_id': project_id,
|
|
|
|
|
'project_name': project_name,
|
|
|
|
|
'user_domain_id': os_user_domain_id,
|
|
|
|
|
'user_domain_name': os_user_domain_name,
|
|
|
|
|
'project_domain_id': os_project_domain_id,
|
|
|
|
|
'project_domain_name': os_project_domain_name,
|
|
|
|
|
}
|
|
|
|
|
if os_username and os_password:
|
|
|
|
|
auth_kwargs.update({
|
|
|
|
|
'username': os_username,
|
|
|
|
|
'password': os_password,
|
|
|
|
|
})
|
|
|
|
|
elif os_auth_token:
|
|
|
|
|
auth_type = 'token'
|
|
|
|
|
auth_kwargs.update({
|
|
|
|
|
'token': os_auth_token,
|
|
|
|
|
})
|
|
|
|
|
# Create new session only if it was not passed in
|
|
|
|
|
if not session:
|
|
|
|
|
loader = kaloading.get_plugin_loader(auth_type)
|
|
|
|
|
auth_plugin = loader.load_from_options(**auth_kwargs)
|
|
|
|
|
# Let keystoneauth do the necessary parameter conversions
|
|
|
|
|
session = kaloading.session.Session().load_from_options(
|
|
|
|
|
auth=auth_plugin, insecure=insecure, cacert=cacert,
|
|
|
|
|
cert=cert, key=key, timeout=timeout,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
exception_msg = _('Must provide Keystone credentials or user-defined '
|
|
|
|
|
'endpoint and token')
|
|
|
|
|
if not endpoint:
|
|
|
|
|
if session:
|
|
|
|
|
try:
|
2016-03-14 20:29:53 +02:00
|
|
|
# Pass the endpoint, it will be used to get hostname
|
|
|
|
|
# and port that will be used for API version caching. It will
|
|
|
|
|
# be also set as endpoint_override.
|
2016-02-03 16:20:06 +02:00
|
|
|
endpoint = session.get_endpoint(
|
|
|
|
|
service_type=os_service_type,
|
|
|
|
|
interface=os_endpoint_type,
|
|
|
|
|
region_name=os_region_name
|
|
|
|
|
)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
raise exc.AmbiguousAuthSystem(
|
2016-12-14 16:16:23 +02:00
|
|
|
_('%(message)s, error was: %(error)s') %
|
|
|
|
|
{'message': exception_msg, 'error': e})
|
2016-02-03 16:20:06 +02:00
|
|
|
else:
|
|
|
|
|
# Neither session, nor valid auth parameters provided
|
|
|
|
|
raise exc.AmbiguousAuthSystem(exception_msg)
|
|
|
|
|
|
|
|
|
|
# Always pass the session
|
|
|
|
|
kwargs['session'] = session
|
|
|
|
|
|
|
|
|
|
return Client(api_version, endpoint, **kwargs)
|
2013-09-18 22:38:25 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def Client(version, *args, **kwargs):
|
2016-11-02 11:22:37 +08:00
|
|
|
module = importutils.import_versioned_module('ironicclient',
|
|
|
|
|
version, 'client')
|
2013-09-18 22:38:25 +01:00
|
|
|
client_class = getattr(module, 'Client')
|
|
|
|
|
return client_class(*args, **kwargs)
|
