python-keystoneclient/keystoneclient/client.py

# Copyright 2010 Jacob Kaplan-Moss
# Copyright 2011 OpenStack LLC.
# Copyright 2011 Piston Cloud Computing, Inc.
# Copyright 2011 Nebula, Inc.

# All Rights Reserved.
"""
OpenStack Client interface. Handles the REST calls and responses.
"""

import copy
import logging
import os
import urlparse

import httplib2

try:
    import json
except ImportError:
    import simplejson as json

# Python 2.5 compat fix
if not hasattr(urlparse, 'parse_qsl'):
    import cgi
    urlparse.parse_qsl = cgi.parse_qsl


from keystoneclient import exceptions


_logger = logging.getLogger(__name__)


class HTTPClient(httplib2.Http):

    USER_AGENT = 'python-keystoneclient'

    def __init__(self, username=None, tenant_id=None, tenant_name=None,
                 password=None, auth_url=None, region_name=None, timeout=None,
                 endpoint=None, token=None, cacert=None, key=None,
                 cert=None, insecure=False):
        super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
        if cert:
            if key:
                self.add_certificate(key=key, cert=cert, domain='')
            else:
                self.add_certificate(key=cert, cert=cert, domain='')
        self.username = username
        self.tenant_id = tenant_id
        self.tenant_name = tenant_name
        self.password = password
        self.auth_url = auth_url.rstrip('/') if auth_url else None
        self.version = 'v2.0'
        self.region_name = region_name
        self.auth_token = token

        self.management_url = endpoint

        # httplib2 overrides
        self.force_exception_to_status_code = True
        self.disable_ssl_certificate_validation = insecure

        # logging setup
        self.debug_log = os.environ.get('KEYSTONECLIENT_DEBUG', False)
        if self.debug_log:
            ch = logging.StreamHandler()
            _logger.setLevel(logging.DEBUG)
            _logger.addHandler(ch)

    def authenticate(self):
        """ Authenticate against the keystone API.

        Not implemented here because auth protocols should be API
        version-specific.
        """
        raise NotImplementedError

    def _extract_service_catalog(self, url, body):
        """ Set the client's service catalog from the response data.

        Not implemented here because data returned may be API
        version-specific.
        """
        raise NotImplementedError

    def http_log_req(self, args, kwargs):
        if not self.debug_log:
            return

        string_parts = ['curl -i']
        for element in args:
            if element in ('GET', 'POST'):
                string_parts.append(' -X %s' % element)
            else:
                string_parts.append(' %s' % element)

        for element in kwargs['headers']:
            header = ' -H "%s: %s"' % (element, kwargs['headers'][element])
            string_parts.append(header)

        _logger.debug("REQ: %s\n" % "".join(string_parts))
        if 'body' in kwargs:
            _logger.debug("REQ BODY: %s\n" % (kwargs['body']))

    def http_log_resp(self, resp, body):
        if self.debug_log:
            _logger.debug("RESP: %s\nRESP BODY: %s\n", resp, body)

    def request(self, url, method, **kwargs):
        """ Send an http request with the specified characteristics.

        Wrapper around httplib2.Http.request to handle tasks such as
        setting headers, JSON encoding/decoding, and error handling.
        """
        # Copy the kwargs so we can reuse the original in case of redirects
        request_kwargs = copy.copy(kwargs)
        request_kwargs.setdefault('headers', kwargs.get('headers', {}))
        request_kwargs['headers']['User-Agent'] = self.USER_AGENT
        if 'body' in kwargs:
            request_kwargs['headers']['Content-Type'] = 'application/json'
            request_kwargs['body'] = json.dumps(kwargs['body'])

        self.http_log_req((url, method,), request_kwargs)
        resp, body = super(HTTPClient, self).request(url,
                                                     method,
                                                     **request_kwargs)
        self.http_log_resp(resp, body)

        if body:
            try:
                body = json.loads(body)
            except ValueError:
                _logger.debug("Could not decode JSON from body: %s" % body)
        else:
            _logger.debug("No body was returned.")
            body = None

        if resp.status in (400, 401, 403, 404, 408, 409, 413, 500, 501):
            _logger.exception("Request returned failure status.")
            raise exceptions.from_response(resp, body)
        elif resp.status in (301, 302, 305):
            # Redirected. Reissue the request to the new location.
            return self.request(resp['location'], method, **kwargs)

        return resp, body

    def _cs_request(self, url, method, **kwargs):
        if not self.management_url:
            self.authenticate()

        kwargs.setdefault('headers', {})
        if self.auth_token:
            kwargs['headers']['X-Auth-Token'] = self.auth_token

        # Perform the request once. If we get a 401 back then it
        # might be because the auth token expired, so try to
        # re-authenticate and try again. If it still fails, bail.
        try:
            resp, body = self.request(self.management_url + url, method,
                                      **kwargs)
            return resp, body
        except exceptions.Unauthorized:
            try:
                if getattr(self, '_failures', 0) < 1:
                    self._failures = getattr(self, '_failures', 0) + 1
                    self.authenticate()
                    resp, body = self.request(self.management_url + url,
                                              method, **kwargs)
                    return resp, body
                else:
                    raise
            except exceptions.Unauthorized:
                raise

    def get(self, url, **kwargs):
        return self._cs_request(url, 'GET', **kwargs)

    def post(self, url, **kwargs):
        return self._cs_request(url, 'POST', **kwargs)

    def put(self, url, **kwargs):
        return self._cs_request(url, 'PUT', **kwargs)

    def delete(self, url, **kwargs):
        return self._cs_request(url, 'DELETE', **kwargs)
Initial commit. 2011-10-25 16:50:08 -07:00			`# Copyright 2010 Jacob Kaplan-Moss`
			`# Copyright 2011 OpenStack LLC.`
			`# Copyright 2011 Piston Cloud Computing, Inc.`
			`# Copyright 2011 Nebula, Inc.`

			`# All Rights Reserved.`
			`"""`
			`OpenStack Client interface. Handles the REST calls and responses.`
			`"""`

			`import copy`
			`import logging`
			`import os`
			`import urlparse`

			`import httplib2`

			`try:`
			`import json`
			`except ImportError:`
			`import simplejson as json`

			`# Python 2.5 compat fix`
			`if not hasattr(urlparse, 'parse_qsl'):`
			`import cgi`
			`urlparse.parse_qsl = cgi.parse_qsl`


			`from keystoneclient import exceptions`


			`_logger = logging.getLogger(__name__)`


			`class HTTPClient(httplib2.Http):`

			`USER_AGENT = 'python-keystoneclient'`

more work on standardization of cliauth 2011-12-17 22:36:59 -08:00			`def __init__(self, username=None, tenant_id=None, tenant_name=None,`
finish removing project_id 2011-12-19 10:00:39 -08:00			`password=None, auth_url=None, region_name=None, timeout=None,`
Support 2-way SSL with Keystone server if it is configured to enforce 2-way SSL. See also https://review.openstack.org/#/c/7706/ for the corresponding review for the 2-way SSL addition to Keystone. Change-Id: If0cb46a43d663687396d93604a7139d85a4e7114 2012-05-23 18:16:50 +00:00			`endpoint=None, token=None, cacert=None, key=None,`
Add '--insecure' commandline argument Allows to ignore validation errors that typically occur with self-signed SSL certificates. Making this explicit is important as one would typically only use this in development or in-house deployments. This should also fix bug 1012591. Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557 2012-07-09 17:07:41 +02:00			`cert=None, insecure=False):`
Support 2-way SSL with Keystone server if it is configured to enforce 2-way SSL. See also https://review.openstack.org/#/c/7706/ for the corresponding review for the 2-way SSL addition to Keystone. Change-Id: If0cb46a43d663687396d93604a7139d85a4e7114 2012-05-23 18:16:50 +00:00			`super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)`
			`if cert:`
			`if key:`
			`self.add_certificate(key=key, cert=cert, domain='')`
			`else:`
			`self.add_certificate(key=cert, cert=cert, domain='')`
more work on standardization of cliauth 2011-12-17 22:36:59 -08:00			`self.username = username`
initial pass to cliauth blueprint 2011-12-17 22:07:13 -08:00			`self.tenant_id = tenant_id`
			`self.tenant_name = tenant_name`
Initial commit. 2011-10-25 16:50:08 -07:00			`self.password = password`
Blueprint cli-auth: common cli args Remove os_ from internal variable names corresponding to OS_ env variables. Strip trailing '/' from --auth_url since server doesn't seem to tolerate '//' in the URL path. Fixes lp923920 Change-Id: I3e48441d63b6504fd088aa07241f66d63590d935 2012-01-30 14:13:57 -06:00			`self.auth_url = auth_url.rstrip('/') if auth_url else None`
Initial commit. 2011-10-25 16:50:08 -07:00			`self.version = 'v2.0'`
			`self.region_name = region_name`
initial pass to cliauth blueprint 2011-12-17 22:07:13 -08:00			`self.auth_token = token`
Initial commit. 2011-10-25 16:50:08 -07:00
			`self.management_url = endpoint`

			`# httplib2 overrides`
			`self.force_exception_to_status_code = True`
Add '--insecure' commandline argument Allows to ignore validation errors that typically occur with self-signed SSL certificates. Making this explicit is important as one would typically only use this in development or in-house deployments. This should also fix bug 1012591. Change-Id: I1210fafc9257648c902176fbcfae9d47e47fc557 2012-07-09 17:07:41 +02:00			`self.disable_ssl_certificate_validation = insecure`
Initial commit. 2011-10-25 16:50:08 -07:00
splitting http req and resp logging also some pep8 cleanup in shell.py Change-Id: I71aa2586a0196c0a6ba64b892b56c9d221bdcc1d 2012-08-16 18:18:22 -07:00			`# logging setup`
			`self.debug_log = os.environ.get('KEYSTONECLIENT_DEBUG', False)`
			`if self.debug_log:`
			`ch = logging.StreamHandler()`
			`_logger.setLevel(logging.DEBUG)`
			`_logger.addHandler(ch)`

Initial commit. 2011-10-25 16:50:08 -07:00			`def authenticate(self):`
			`""" Authenticate against the keystone API.`

			`Not implemented here because auth protocols should be API`
			`version-specific.`
			`"""`
			`raise NotImplementedError`

			`def _extract_service_catalog(self, url, body):`
			`""" Set the client's service catalog from the response data.`

			`Not implemented here because data returned may be API`
			`version-specific.`
			`"""`
			`raise NotImplementedError`

splitting http req and resp logging also some pep8 cleanup in shell.py Change-Id: I71aa2586a0196c0a6ba64b892b56c9d221bdcc1d 2012-08-16 18:18:22 -07:00			`def http_log_req(self, args, kwargs):`
			`if not self.debug_log:`
Initial commit. 2011-10-25 16:50:08 -07:00			`return`

			`string_parts = ['curl -i']`
			`for element in args:`
			`if element in ('GET', 'POST'):`
			`string_parts.append(' -X %s' % element)`
			`else:`
			`string_parts.append(' %s' % element)`

			`for element in kwargs['headers']:`
			`header = ' -H "%s: %s"' % (element, kwargs['headers'][element])`
			`string_parts.append(header)`

			`_logger.debug("REQ: %s\n" % "".join(string_parts))`
			`if 'body' in kwargs:`
			`_logger.debug("REQ BODY: %s\n" % (kwargs['body']))`
splitting http req and resp logging also some pep8 cleanup in shell.py Change-Id: I71aa2586a0196c0a6ba64b892b56c9d221bdcc1d 2012-08-16 18:18:22 -07:00
			`def http_log_resp(self, resp, body):`
			`if self.debug_log:`
			`_logger.debug("RESP: %s\nRESP BODY: %s\n", resp, body)`
Initial commit. 2011-10-25 16:50:08 -07:00
			`def request(self, url, method, **kwargs):`
			`""" Send an http request with the specified characteristics.`

			`Wrapper around httplib2.Http.request to handle tasks such as`
			`setting headers, JSON encoding/decoding, and error handling.`
			`"""`
			`# Copy the kwargs so we can reuse the original in case of redirects`
			`request_kwargs = copy.copy(kwargs)`
			`request_kwargs.setdefault('headers', kwargs.get('headers', {}))`
			`request_kwargs['headers']['User-Agent'] = self.USER_AGENT`
			`if 'body' in kwargs:`
			`request_kwargs['headers']['Content-Type'] = 'application/json'`
			`request_kwargs['body'] = json.dumps(kwargs['body'])`

splitting http req and resp logging also some pep8 cleanup in shell.py Change-Id: I71aa2586a0196c0a6ba64b892b56c9d221bdcc1d 2012-08-16 18:18:22 -07:00			`self.http_log_req((url, method,), request_kwargs)`
more pep8 cleanup 2011-11-10 17:23:48 -08:00			`resp, body = super(HTTPClient, self).request(url,`
			`method,`
			`**request_kwargs)`
splitting http req and resp logging also some pep8 cleanup in shell.py Change-Id: I71aa2586a0196c0a6ba64b892b56c9d221bdcc1d 2012-08-16 18:18:22 -07:00			`self.http_log_resp(resp, body)`
Initial commit. 2011-10-25 16:50:08 -07:00
			`if body:`
			`try:`
			`body = json.loads(body)`
Removed unused imports and variables. Also fixes AUTHORS file. Previous version was copied directly from python-novaclient. Change-Id: I33654b6fe7197efbff300ebaf4892a8b53d85c54 2012-04-05 17:25:37 -05:00			`except ValueError:`
Initial commit. 2011-10-25 16:50:08 -07:00			`_logger.debug("Could not decode JSON from body: %s" % body)`
			`else:`
			`_logger.debug("No body was returned.")`
			`body = None`

			`if resp.status in (400, 401, 403, 404, 408, 409, 413, 500, 501):`
Improved logging/error messages. 2011-11-17 14:25:04 -08:00			`_logger.exception("Request returned failure status.")`
Initial commit. 2011-10-25 16:50:08 -07:00			`raise exceptions.from_response(resp, body)`
			`elif resp.status in (301, 302, 305):`
			`# Redirected. Reissue the request to the new location.`
			`return self.request(resp['location'], method, **kwargs)`

			`return resp, body`

			`def _cs_request(self, url, method, **kwargs):`
			`if not self.management_url:`
			`self.authenticate()`

			`kwargs.setdefault('headers', {})`
Allow --token and --endpoint to bypass catalog * allows skipping of service catalog * removes odd logic about password equivalence * also removes extra call to authenticate Change-Id: I5c0979107da99593b4ce8eb16c9695ba530da095 2012-02-09 01:44:11 +00:00			`if self.auth_token:`
Initial commit. 2011-10-25 16:50:08 -07:00			`kwargs['headers']['X-Auth-Token'] = self.auth_token`

			`# Perform the request once. If we get a 401 back then it`
			`# might be because the auth token expired, so try to`
			`# re-authenticate and try again. If it still fails, bail.`
			`try:`
			`resp, body = self.request(self.management_url + url, method,`
			`**kwargs)`
			`return resp, body`
			`except exceptions.Unauthorized:`
			`try:`
			`if getattr(self, '_failures', 0) < 1:`
			`self._failures = getattr(self, '_failures', 0) + 1`
			`self.authenticate()`
			`resp, body = self.request(self.management_url + url,`
			`method, **kwargs)`
			`return resp, body`
			`else:`
			`raise`
			`except exceptions.Unauthorized:`
			`raise`

			`def get(self, url, **kwargs):`
			`return self._cs_request(url, 'GET', **kwargs)`

			`def post(self, url, **kwargs):`
			`return self._cs_request(url, 'POST', **kwargs)`

			`def put(self, url, **kwargs):`
			`return self._cs_request(url, 'PUT', **kwargs)`

			`def delete(self, url, **kwargs):`
			`return self._cs_request(url, 'DELETE', **kwargs)`