142 lines
5.7 KiB
Python
142 lines
5.7 KiB
Python
#
|
|
# Copyright (c) 2013-2020 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
from cgtsclient._i18n import _
|
|
from cgtsclient.common import utils
|
|
from cgtsclient import exc
|
|
|
|
|
|
def _get_ksclient(**kwargs):
|
|
"""Get an endpoint and auth token from Keystone.
|
|
|
|
:param kwargs: keyword args containing credentials:
|
|
* username: name of user
|
|
* password: user's password
|
|
* user_domain_name: User's domain name for authentication.
|
|
* project_domain_name: Project's domain name for project
|
|
* auth_url: endpoint to authenticate against
|
|
* insecure: allow insecure SSL (no cert verification)
|
|
* project_name: Project name for project scoping.
|
|
"""
|
|
from keystoneclient.v3 import client as ksclient
|
|
return ksclient.Client(username=kwargs.get('username'),
|
|
password=kwargs.get('password'),
|
|
user_domain_name=kwargs.get('user_domain_name'),
|
|
project_domain_name=kwargs.get('project_domain_name'),
|
|
project_name=kwargs.get('project_name'),
|
|
auth_url=kwargs.get('auth_url'),
|
|
insecure=kwargs.get('insecure'),
|
|
cacert=kwargs.get('os_cacert'))
|
|
|
|
|
|
def _get_sm_endpoint(client, **kwargs):
|
|
"""Get an endpoint for smapi using the provided keystone client."""
|
|
return client.auth_ref.service_catalog.url_for(
|
|
service_type=kwargs.get('service_name') or 'smapi',
|
|
endpoint_type=kwargs.get('endpoint_type') or 'public',
|
|
region_name=kwargs.get('os_region_name') or 'RegionOne')
|
|
|
|
|
|
def _get_endpoint(client, **kwargs):
|
|
"""Get an endpoint using the provided keystone client."""
|
|
return client.auth_ref.service_catalog.url_for(
|
|
service_type=kwargs.get('service_type') or 'platform',
|
|
endpoint_type=kwargs.get('endpoint_type') or 'public',
|
|
region_name=kwargs.get('os_region_name') or 'RegionOne')
|
|
|
|
|
|
def get_client(api_version, **kwargs):
|
|
"""Get an authenticated client, based on the credentials
|
|
in the keyword args.
|
|
|
|
:param api_version: the API version to use ('1' or '2')
|
|
:param kwargs: keyword args containing credentials, either:
|
|
* os_auth_token: pre-existing token to re-use
|
|
* system_url: system API endpoint
|
|
or:
|
|
* os_username: name of user
|
|
* os_password: user's password
|
|
* os_auth_url: endpoint to authenticate against
|
|
* insecure: allow insecure SSL (no cert verification)
|
|
* os_tenant_{name|id}: name or ID of tenant
|
|
* os_region_name: region of the service
|
|
* os_project_name: name of a project
|
|
* os_project_id: ID of a project
|
|
* os_user_domain_name: name of a domain the user belongs to
|
|
* os_user_domain_id: ID of a domain the user belongs to
|
|
* os_project_domain_name: name of a domain the project belongs to
|
|
* os_project_domain_id: ID of a domain the project belongs to
|
|
"""
|
|
if kwargs.get('os_auth_token') and kwargs.get('system_url'):
|
|
token = kwargs.get('os_auth_token')
|
|
endpoint = kwargs.get('system_url')
|
|
auth_ref = None
|
|
elif (kwargs.get('os_username') and
|
|
kwargs.get('os_password') and
|
|
kwargs.get('os_auth_url') and
|
|
(kwargs.get('os_project_id') or kwargs.get('os_project_name'))):
|
|
|
|
ks_kwargs = {
|
|
'username': kwargs.get('os_username'),
|
|
'password': kwargs.get('os_password'),
|
|
'project_id': kwargs.get('os_project_id'),
|
|
'project_name': kwargs.get('os_project_name'),
|
|
'user_domain_id': kwargs.get('os_user_domain_id'),
|
|
'user_domain_name': kwargs.get('os_user_domain_name'),
|
|
'project_domain_id': kwargs.get('os_project_domain_id'),
|
|
'project_domain_name': kwargs.get('os_project_domain_name'),
|
|
'auth_url': kwargs.get('os_auth_url'),
|
|
'service_type': kwargs.get('os_service_type'),
|
|
'endpoint_type': kwargs.get('os_endpoint_type'),
|
|
'insecure': kwargs.get('insecure'),
|
|
'os_cacert': kwargs.get('ca_file')
|
|
}
|
|
_ksclient = _get_ksclient(**ks_kwargs)
|
|
token = kwargs.get('os_auth_token') if kwargs.get('os_auth_token') else _ksclient.auth_ref.auth_token
|
|
|
|
ep_kwargs = {
|
|
'service_type': kwargs.get('os_service_type'),
|
|
'endpoint_type': kwargs.get('os_endpoint_type'),
|
|
'os_region_name': kwargs.get('os_region_name'),
|
|
}
|
|
endpoint = kwargs.get('system_url') or \
|
|
_get_endpoint(_ksclient, **ep_kwargs)
|
|
|
|
auth_ref = _ksclient.auth_ref
|
|
|
|
else:
|
|
e = (_('Must provide Keystone credentials or user-defined endpoint '
|
|
'and token'))
|
|
raise exc.AmbigiousAuthSystem(e)
|
|
|
|
try:
|
|
smapi_endpoint = _get_sm_endpoint(_ksclient, **ep_kwargs)
|
|
except Exception:
|
|
# Could be invoked during controller bootstrap where smapi
|
|
# endpoint is not yet available.
|
|
smapi_endpoint = None
|
|
|
|
cli_kwargs = {
|
|
'token': token,
|
|
'insecure': kwargs.get('insecure'),
|
|
'cacert': kwargs.get('cacert'),
|
|
'timeout': kwargs.get('timeout'),
|
|
'ca_file': kwargs.get('ca_file'),
|
|
'cert_file': kwargs.get('cert_file'),
|
|
'key_file': kwargs.get('key_file'),
|
|
'auth_ref': auth_ref,
|
|
'auth_url': kwargs.get('os_auth_url'),
|
|
'smapi_endpoint': smapi_endpoint,
|
|
}
|
|
|
|
return Client(api_version, endpoint, **cli_kwargs)
|
|
|
|
|
|
def Client(version, *args, **kwargs):
|
|
module = utils.import_versioned_module(version, 'client')
|
|
client_class = getattr(module, 'Client')
|
|
return client_class(*args, **kwargs)
|