# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from debtcollector import removals from keystoneauth1 import adapter from keystoneauth1 import session from keystoneclient import client as ks_client import manilaclient from manilaclient.common import constants from manilaclient.common import httpclient from manilaclient import exceptions from manilaclient.v2 import limits from manilaclient.v2 import quota_classes from manilaclient.v2 import quotas from manilaclient.v2 import scheduler_stats from manilaclient.v2 import security_services from manilaclient.v2 import services from manilaclient.v2 import share_networks from manilaclient.v2 import share_servers from manilaclient.v2 import share_snapshots from manilaclient.v2 import share_type_access from manilaclient.v2 import share_types from manilaclient.v2 import shares @removals.removed_class("Client", message="Please use 'v2.Client' instead", removal_version='2.0.0') class Client(object): """Top-level object to access the OpenStack Manila API. Create an instance with your creds:: >>> client = Client(username=USERNAME, password=PASSWORD, project_name=PROJECT_NAME, auth_url=AUTH_URL) Or, alternatively, you can create a client instance using the keystoneauth1.session API:: >>> from keystoneclient.auth.identity import v2 >>> from keystoneauth1 import session >>> from manilaclient import client >>> auth = v2.Password(auth_url=AUTH_URL, username=USERNAME, password=PASSWORD, project_name=PROJECT_ID) >>> sess = session.Session(auth=auth) >>> manila = client.Client(VERSION, session=sess) Then call methods on its managers:: >>> client.shares.list() ... """ def __init__(self, username=None, project_id=None, auth_url=None, insecure=False, timeout=None, tenant_id=None, project_name=None, region_name=None, endpoint_type='publicURL', extensions=None, service_type=constants.V1_SERVICE_TYPE, service_name=None, retries=None, http_log_debug=False, input_auth_token=None, session=None, auth=None, cacert=None, service_catalog_url=None, user_agent='python-manilaclient', use_keyring=False, force_new_token=False, cached_token_lifetime=300, api_version=manilaclient.API_DEPRECATED_VERSION, user_id=None, user_domain_id=None, user_domain_name=None, project_domain_id=None, project_domain_name=None, cert=None, password=None, **kwargs): self.username = username self.password = password self.tenant_id = tenant_id or project_id self.tenant_name = project_name self.user_id = user_id self.project_id = project_id or tenant_id self.project_name = project_name self.user_domain_id = user_domain_id self.user_domain_name = user_domain_name self.project_domain_id = project_domain_id self.project_domain_name = project_domain_name self.endpoint_type = endpoint_type self.auth_url = auth_url self.region_name = region_name self.cacert = cacert self.cert = cert self.insecure = insecure self.use_keyring = use_keyring self.force_new_token = force_new_token self.cached_token_lifetime = cached_token_lifetime if input_auth_token and not service_catalog_url: msg = ("For token-based authentication you should " "provide 'input_auth_token' and 'service_catalog_url'.") raise exceptions.ClientException(msg) self.project_id = tenant_id if tenant_id is not None else project_id self.keystone_client = None self.session = session # NOTE(u_glide): token authorization has highest priority. # That's why session and/or password will be ignored # if token is provided. if not input_auth_token: if session: self.keystone_client = adapter.LegacyJsonAdapter( session=session, auth=auth, interface=endpoint_type, service_type=service_type, service_name=service_name, region_name=region_name) input_auth_token = self.keystone_client.session.get_token(auth) else: self.keystone_client = self._get_keystone_client() input_auth_token = self.keystone_client.auth_token if not input_auth_token: raise RuntimeError("Not Authorized") if session and not service_catalog_url: service_catalog_url = self.keystone_client.session.get_endpoint( auth, interface=endpoint_type, service_type=service_type) elif not service_catalog_url: catalog = self.keystone_client.service_catalog.get_endpoints( service_type) for catalog_entry in catalog.get(service_type, []): if (catalog_entry.get("interface") == ( endpoint_type.lower().split("url")[0]) or catalog_entry.get(endpoint_type)): if (region_name and not region_name == ( catalog_entry.get( "region", catalog_entry.get("region_id")))): continue service_catalog_url = catalog_entry.get( "url", catalog_entry.get(endpoint_type)) break if not service_catalog_url: raise RuntimeError("Could not find Manila endpoint in catalog") self.api_version = api_version self.client = httpclient.HTTPClient(service_catalog_url, input_auth_token, user_agent, insecure=insecure, cacert=cacert, cert=cert, timeout=timeout, retries=retries, http_log_debug=http_log_debug, api_version=self.api_version) self.limits = limits.LimitsManager(self) self.services = services.ServiceManager(self) self.security_services = security_services.SecurityServiceManager(self) self.share_networks = share_networks.ShareNetworkManager(self) self.quota_classes = quota_classes.QuotaClassSetManager(self) self.quotas = quotas.QuotaSetManager(self) self.shares = shares.ShareManager(self) self.share_snapshots = share_snapshots.ShareSnapshotManager(self) self.share_types = share_types.ShareTypeManager(self) self.share_type_access = share_type_access.ShareTypeAccessManager(self) self.share_servers = share_servers.ShareServerManager(self) self.pools = scheduler_stats.PoolManager(self) self._load_extensions(extensions) def _load_extensions(self, extensions): if not extensions: return for extension in extensions: if extension.manager_class: setattr(self, extension.name, extension.manager_class(self)) def _get_keystone_client(self): # First create a Keystone session if self.insecure: verify = False else: verify = self.cacert or True ks_session = session.Session(verify=verify, cert=self.cert) # Discover the supported keystone versions using the given url ks_discover = session.discover.Discover(ks_session, self.auth_url) # Inspect the auth_url to see the supported version. If both v3 and v2 # are supported, then use the highest version if possible. v2_auth_url = ks_discover.url_for('v2.0') v3_auth_url = ks_discover.url_for('v3.0') if v3_auth_url: keystone_client = ks_client.Client( session=ks_session, version=(3, 0), auth_url=v3_auth_url, username=self.username, password=self.password, user_id=self.user_id, user_domain_name=self.user_domain_name, user_domain_id=self.user_domain_id, project_id=self.project_id or self.tenant_id, project_name=self.project_name, project_domain_name=self.project_domain_name, project_domain_id=self.project_domain_id, region_name=self.region_name) elif v2_auth_url: keystone_client = ks_client.Client( session=ks_session, version=(2, 0), auth_url=v2_auth_url, username=self.username, password=self.password, tenant_id=self.tenant_id, tenant_name=self.tenant_name, region_name=self.region_name, cert=self.cert, use_keyring=self.use_keyring, force_new_token=self.force_new_token, stale_duration=self.cached_token_lifetime) else: raise exceptions.CommandError( 'Unable to determine the Keystone version to authenticate ' 'with using the given auth_url.') keystone_client.authenticate() return keystone_client