00c3de2a03
Most OpenStack clients support a common set of SSL options, such as os-cacert, os-cert, and os-key. This change uses keystoneclient.session.register_cli_opts to add those to the argument parser and passes the resulting values to the Keystone client so they take effect. Change-Id: I24c2c2fa5be51590cc2d8a9278563dd4f7ba091d
83 lines
2.9 KiB
Python
83 lines
2.9 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
from keystoneclient.v2_0 import client as ksclient
|
|
|
|
from tuskarclient.openstack.common.apiclient import auth
|
|
from tuskarclient.openstack.common.apiclient import exceptions
|
|
|
|
|
|
class KeystoneAuthPlugin(auth.BaseAuthPlugin):
|
|
opt_names = [
|
|
"username",
|
|
"password",
|
|
"tenant_id",
|
|
"tenant_name",
|
|
"token",
|
|
"auth_url",
|
|
"endpoint",
|
|
"cacert",
|
|
"cert",
|
|
"key",
|
|
]
|
|
|
|
def _do_authenticate(self, httpclient):
|
|
if self.opts.get('token') is None:
|
|
ks_kwargs = {
|
|
'username': self.opts.get('username'),
|
|
'password': self.opts.get('password'),
|
|
'tenant_id': self.opts.get('tenant_id'),
|
|
'tenant_name': self.opts.get('tenant_name'),
|
|
'auth_url': self.opts.get('auth_url'),
|
|
'cacert': self.opts.get('cacert'),
|
|
'cert': self.opts.get('cert'),
|
|
'key': self.opts.get('key'),
|
|
}
|
|
|
|
self._ksclient = ksclient.Client(**ks_kwargs)
|
|
|
|
def token_and_endpoint(self, endpoint_type, service_type):
|
|
token = endpoint = None
|
|
|
|
if self.opts.get('token') and self.opts.get('endpoint'):
|
|
token = self.opts.get('token')
|
|
endpoint = self.opts.get('endpoint')
|
|
elif hasattr(self, '_ksclient'):
|
|
token = self._ksclient.auth_token
|
|
endpoint = (self.opts.get('endpoint') or
|
|
self._ksclient.service_catalog.url_for(
|
|
service_type=service_type or 'management',
|
|
endpoint_type=endpoint_type))
|
|
|
|
return (token, endpoint)
|
|
|
|
def sufficient_options(self):
|
|
"""Check if all required options are present.
|
|
|
|
:raises: AuthPluginOptionsMissing
|
|
"""
|
|
if self.opts.get('token'):
|
|
lookup_table = ["token", "endpoint"]
|
|
else:
|
|
lookup_table = [
|
|
"username",
|
|
"password",
|
|
"auth_url"
|
|
]
|
|
tenant_opts = ["tenant_id", "tenant_name"]
|
|
if not any([self.opts.get(opt) for opt in tenant_opts]):
|
|
raise exceptions.AuthPluginOptionsMissing(
|
|
' or '.join(tenant_opts))
|
|
|
|
missing = [opt for opt in lookup_table if not self.opts.get(opt)]
|
|
if missing:
|
|
raise exceptions.AuthPluginOptionsMissing(missing)
|