diff --git a/synergy_scheduler_manager/common/trust.py b/synergy_scheduler_manager/common/trust.py index 7d8477b..e61b268 100644 --- a/synergy_scheduler_manager/common/trust.py +++ b/synergy_scheduler_manager/common/trust.py @@ -35,6 +35,8 @@ class Trust(object): self.remaining_uses = data["remaining_uses"] self.expires_at = None self.keystone_url = None + self.ssl_ca_file = None + self.ssl_cert_file = None if data["expires_at"] is not None: self.expires_at = datetime.strptime(data["expires_at"], @@ -88,7 +90,9 @@ class Trust(object): response = requests.post(url=self.keystone_url + "/auth/tokens", headers=headers, - data=json.dumps(data)) + data=json.dumps(data), + verify=self.ssl_ca_file, + cert=self.ssl_cert_file) if response.status_code != requests.codes.ok: response.raise_for_status() @@ -128,19 +132,11 @@ class Trust(object): if expires_at is not None: data["trust"]["expires_at"] = token.isotime(expires_at, True) - service = token.getService("keystone") - if not service: - raise Exception("keystone service not found!") - - endpoint = service.getEndpoint("admin") - if not endpoint: - raise Exception("keystone endpoint not found!") - - endpoint_url = endpoint.getURL() - - response = requests.post(url=endpoint_url + "/OS-TRUST/trusts", + response = requests.post(url=Trust.keystone_url + "/OS-TRUST/trusts", headers=headers, - data=json.dumps(data)) + data=json.dumps(data), + verify=Trust.ssl_ca_file, + cert=Trust.ssl_cert_file) if response.status_code != requests.codes.ok: response.raise_for_status() @@ -151,6 +147,8 @@ class Trust(object): response = response.json() trust = Trust(response["trust"]) - trust.keystone_url = endpoint_url + trust.keystone_url = Trust.keystone_url + trust.ssl_ca_file = Trust.ssl_ca_file + trust.ssl_cert_file = Trust.ssl_cert_file return trust diff --git a/synergy_scheduler_manager/keystone_manager.py b/synergy_scheduler_manager/keystone_manager.py index 4fe73d7..4ee4e59 100644 --- a/synergy_scheduler_manager/keystone_manager.py +++ b/synergy_scheduler_manager/keystone_manager.py @@ -104,19 +104,9 @@ class KeystoneManager(Manager): self.trust_expiration = CONF.KeystoneManager.trust_expiration self.clock_skew = CONF.KeystoneManager.clock_skew self.token = None - self.auth_public_url = None self.authenticate() - service = self.getToken().getService("keystone") - if not service: - raise Exception("keystone service not found!") - - endpoint = service.getEndpoint("public") - if not endpoint: - raise Exception("keystone endpoint not found!") - self.auth_public_url = endpoint.getURL() - def task(self): pass @@ -329,7 +319,7 @@ class KeystoneManager(Manager): return project - def getProjects(self, usr_id=None): + def getProjects(self, usr_id=None, domain_id=None): if usr_id: try: response = self.getResource( @@ -340,8 +330,12 @@ class KeystoneManager(Manager): "%r): %s" % (usr_id, response["error"]["message"])) else: + data = None + if domain_id: + data = {"domain_id": domain_id} + try: - response = self.getResource("/projects", "GET") + response = self.getResource("/projects", "GET", data=data) except requests.exceptions.HTTPError as ex: response = ex.response.json() raise Exception("error on retrieving the projects list: %s" @@ -430,7 +424,9 @@ class KeystoneManager(Manager): % (id, response["error"]["message"])) trust = Trust(response["trust"]) - trust.keystone_url = self.auth_public_url + trust.keystone_url = self.auth_url + trust.ssl_ca_file = self.ssl_ca_file + trust.ssl_cert_file = self.ssl_cert_file return trust @@ -446,7 +442,9 @@ class KeystoneManager(Manager): if response: trust = Trust(response["trust"]) - trust.keystone_url = self.auth_public_url + trust.keystone_url = self.auth_url + trust.ssl_ca_file = self.ssl_ca_file + trust.ssl_cert_file = self.ssl_cert_file return trust @@ -466,15 +464,16 @@ class KeystoneManager(Manager): def getTrusts(self, user_id=None, isTrustor=True, token=None): url = "/OS-TRUST/trusts" + data = None if user_id: if isTrustor: - url += "?trustor_user_id=%s" % user_id + data = {"trustor_user_id": user_id} else: - url += "?trustee_user_id=%s" % user_id + data = {"trustee_user_id": user_id} try: - response = self.getResource(url, "GET", token=token) + response = self.getResource(url, "GET", token=token, data=data) except requests.exceptions.HTTPError as ex: response = ex.response.json() raise Exception("error on retrieving the trust list (id=%r): %s" @@ -485,7 +484,9 @@ class KeystoneManager(Manager): if response: for data in response["trusts"]: trust = Trust(data) - trust.keystone_url = self.auth_public_url + trust.keystone_url = self.auth_url + trust.ssl_ca_file = self.ssl_ca_file + trust.ssl_cert_file = self.ssl_cert_file trusts.append(trust) @@ -686,12 +687,11 @@ class KeystoneManager(Manager): if token: if token.isExpired(): raise Exception("token expired!") - - url = self.auth_public_url else: self.authenticate() token = self.getToken() - url = self.auth_url + + url = self.auth_url if version: url = url[:url.rfind("/") + 1] + version