1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import abc
from keystoneclient import auth
from keystoneclient.auth.identity import v2
from keystoneclient.auth.identity import v3
from keystoneclient import exceptions
from keystoneclient import session
from oslo_config import cfg
import six
from heat.common import context
from heat.common.i18n import _
@six.add_metaclass(abc.ABCMeta)
class ClientPlugin(object):
# Module which contains all exceptions classes which the client
# may emit
exceptions_module = None
# supported service types, service like cinder support multiple service
# types, so its used in list format
service_types = []
def __init__(self, context):
self.context = context
self.clients = context.clients
self._client = None
self._keystone_session_obj = None
@property
def _keystone_session(self):
# FIXME(jamielennox): This session object is essentially static as the
# options won't change. Further it is allowed to be shared by multiple
# authentication requests so there is no reason to construct it fresh
# for every client plugin. It should be global and shared amongst them.
if not self._keystone_session_obj:
o = {'cacert': self._get_client_option('keystone', 'ca_file'),
'insecure': self._get_client_option('keystone', 'insecure'),
'cert': self._get_client_option('keystone', 'cert_file'),
'key': self._get_client_option('keystone', 'key_file')}
self._keystone_session_obj = session.Session.construct(o)
return self._keystone_session_obj
def client(self):
if not self._client:
self._client = self._create()
return self._client
@abc.abstractmethod
def _create(self):
'''Return a newly created client.'''
pass
@property
def auth_token(self):
# NOTE(jamielennox): use the session defined by the keystoneclient
# options as traditionally the token was always retrieved from
# keystoneclient.
return self.context.auth_plugin.get_token(self._keystone_session)
def url_for(self, **kwargs):
def get_endpoint():
auth_plugin = self.context.auth_plugin
return auth_plugin.get_endpoint(self._keystone_session, **kwargs)
# NOTE(jamielennox): use the session defined by the keystoneclient
# options as traditionally the token was always retrieved from
# keystoneclient.
try:
kwargs.setdefault('interface', kwargs.pop('endpoint_type'))
except KeyError:
pass
reg = self.context.region_name or cfg.CONF.region_name_for_services
kwargs.setdefault('region_name', reg)
try:
url = get_endpoint()
except exceptions.EmptyCatalog:
kc = self.clients.client('keystone').client
auth_plugin = self.context.auth_plugin
endpoint = auth_plugin.get_endpoint(None,
interface=auth.AUTH_INTERFACE)
token = auth_plugin.get_token(None)
project_id = auth_plugin.get_project_id(None)
if kc.version == 'v3':
token_obj = v3.Token(endpoint, token, project_id=project_id)
catalog_key = 'catalog'
access_key = 'token'
elif kc.version == 'v2.0':
endpoint = endpoint.replace('v3', 'v2.0')
token_obj = v2.Token(endpoint, token, tenant_id=project_id)
catalog_key = 'serviceCatalog'
access_key = 'access'
else:
raise exceptions.Error(_("Unknown Keystone version"))
auth_ref = token_obj.get_auth_ref(self._keystone_session)
if catalog_key in auth_ref:
cxt = self.context.to_dict()
access_info = cxt['auth_token_info'][access_key]
access_info[catalog_key] = auth_ref[catalog_key]
self.context = context.RequestContext.from_dict(cxt)
url = get_endpoint()
# NOTE(jamielennox): raising exception maintains compatibility with
# older keystoneclient service catalog searching.
if url is None:
raise exceptions.EndpointNotFound()
return url
def _get_client_option(self, client, option):
# look for the option in the [clients_${client}] section
# unknown options raise cfg.NoSuchOptError
try:
group_name = 'clients_' + client
cfg.CONF.import_opt(option, 'heat.common.config',
group=group_name)
v = getattr(getattr(cfg.CONF, group_name), option)
if v is not None:
return v
except cfg.NoSuchGroupError:
pass # do not error if the client is unknown
# look for the option in the generic [clients] section
cfg.CONF.import_opt(option, 'heat.common.config', group='clients')
return getattr(cfg.CONF.clients, option)
def is_client_exception(self, ex):
'''Returns True if the current exception comes from the client.'''
if self.exceptions_module:
if isinstance(self.exceptions_module, list):
for m in self.exceptions_module:
if type(ex) in six.itervalues(m.__dict__):
return True
else:
return type(ex) in six.itervalues(
self.exceptions_module.__dict__)
return False
def is_not_found(self, ex):
'''Returns True if the exception is a not-found.'''
return False
def is_over_limit(self, ex):
'''Returns True if the exception is an over-limit.'''
return False
def is_conflict(self, ex):
"""Returns True if the exception is a conflict."""
return False
def ignore_not_found(self, ex):
'''Raises the exception unless it is a not-found.'''
if not self.is_not_found(ex):
raise ex
def ignore_conflict_and_not_found(self, ex):
"""Raises the exception unless it is a conflict or not-found."""
if self.is_conflict(ex) or self.is_not_found(ex):
return
else:
raise ex
def _get_client_args(self,
service_name,
service_type):
endpoint_type = self._get_client_option(service_name,
'endpoint_type')
endpoint = self.url_for(service_type=service_type,
endpoint_type=endpoint_type)
args = {
'auth_url': self.context.auth_url,
'service_type': service_type,
'project_id': self.context.tenant_id,
'token': lambda: self.auth_token,
'endpoint_type': endpoint_type,
'os_endpoint': endpoint,
'cacert': self._get_client_option(service_name, 'ca_file'),
'cert_file': self._get_client_option(service_name, 'cert_file'),
'key_file': self._get_client_option(service_name, 'key_file'),
'insecure': self._get_client_option(service_name, 'insecure')
}
return args
# FIXME(kanagaraj-manickam) Update other client plugins to leverage
# this method (bug 1461041)
|
