1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
#
# Copyright 2015 eNovance <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
from keystoneauth1 import loading as ka_loading
from keystoneclient.v3 import client as ks_client_v3
from oslo_config import cfg
DEFAULT_GROUP = "service_credentials"
# List of group that can set auth_section to use a different
# credentials section
OVERRIDABLE_GROUPS = ['gnocchi', 'zaqar', 'monasca']
def get_session(conf, requests_session=None, group=None, timeout=None):
"""Get a ceilometer service credentials auth session."""
group = group or DEFAULT_GROUP
auth_plugin = ka_loading.load_auth_from_conf_options(conf, group)
kwargs = {'auth': auth_plugin, 'session': requests_session}
if timeout is not None:
kwargs['timeout'] = timeout
session = ka_loading.load_session_from_conf_options(conf, group, **kwargs)
return session
def get_client(conf, trust_id=None, requests_session=None,
group=DEFAULT_GROUP):
"""Return a client for keystone v3 endpoint, optionally using a trust."""
session = get_session(conf, requests_session=requests_session, group=group)
return ks_client_v3.Client(session=session, trust_id=trust_id,
region_name=conf[group].region_name)
def get_service_catalog(client):
return client.session.auth.get_access(client.session).service_catalog
def get_auth_token(client):
return client.session.auth.get_access(client.session).auth_token
CLI_OPTS = [
cfg.StrOpt('region-name',
deprecated_group="DEFAULT",
deprecated_name="os-region-name",
default=os.environ.get('OS_REGION_NAME'),
help='Region name to use for OpenStack service endpoints.'),
cfg.StrOpt('interface',
default=os.environ.get(
'OS_INTERFACE', os.environ.get('OS_ENDPOINT_TYPE',
'public')),
deprecated_name="os-endpoint-type",
choices=('public', 'internal', 'admin', 'auth', 'publicURL',
'internalURL', 'adminURL'),
help='Type of endpoint in Identity service catalog to use for '
'communication with OpenStack services.'),
]
def register_keystoneauth_opts(conf):
_register_keystoneauth_group(conf, DEFAULT_GROUP)
for group in OVERRIDABLE_GROUPS:
_register_keystoneauth_group(conf, group)
conf.set_default('auth_section', DEFAULT_GROUP, group=group)
def _register_keystoneauth_group(conf, group):
ka_loading.register_auth_conf_options(conf, group)
ka_loading.register_session_conf_options(
conf, group,
deprecated_opts={'cacert': [
cfg.DeprecatedOpt('os-cacert', group=group),
cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
})
conf.register_opts(CLI_OPTS, group=group)
def post_register_keystoneauth_opts(conf):
for group in OVERRIDABLE_GROUPS:
if conf[group].auth_section != DEFAULT_GROUP:
# NOTE(sileht): We register this again after the auth_section have
# been read from the configuration file
_register_keystoneauth_group(conf, conf[group].auth_section)
|
