summaryrefslogtreecommitdiff
path: root/ceilometerclient/client.py
diff options
context:
space:
mode:
Diffstat (limited to 'ceilometerclient/client.py')
-rw-r--r--ceilometerclient/client.py131
1 files changed, 104 insertions, 27 deletions
diff --git a/ceilometerclient/client.py b/ceilometerclient/client.py
index a3fbba5..4f9f3da 100644
--- a/ceilometerclient/client.py
+++ b/ceilometerclient/client.py
@@ -129,6 +129,66 @@ def _get_keystone_session(**kwargs):
return ks_session
+def _get_token_auth_ks_session(**kwargs):
+
+ cacert = kwargs.pop('cacert', None)
+ cert = kwargs.pop('cert', None)
+ key = kwargs.pop('key', None)
+ insecure = kwargs.pop('insecure', False)
+ auth_url = kwargs.pop('auth_url', None)
+ project_id = kwargs.pop('project_id', None)
+ project_name = kwargs.pop('project_name', None)
+ timeout = kwargs.get('timeout')
+ token = kwargs['token']
+
+ if insecure:
+ verify = False
+ else:
+ verify = cacert or True
+
+ if cert and key:
+ # passing cert and key together is deprecated in favour of the
+ # requests lib form of having the cert and key as a tuple
+ cert = (cert, key)
+
+ # create the keystone client session
+ ks_session = session.Session(verify=verify, cert=cert, timeout=timeout)
+ v2_auth_url, v3_auth_url = _discover_auth_versions(ks_session, auth_url)
+
+ user_domain_name = kwargs.pop('user_domain_name', None)
+ user_domain_id = kwargs.pop('user_domain_id', None)
+ project_domain_name = kwargs.pop('project_domain_name', None)
+ project_domain_id = kwargs.pop('project_domain_id', None)
+ auth = None
+
+ use_domain = (user_domain_id or user_domain_name or
+ project_domain_id or project_domain_name)
+ use_v3 = v3_auth_url and (use_domain or (not v2_auth_url))
+ use_v2 = v2_auth_url and not use_domain
+
+ if use_v3:
+ auth = v3_auth.Token(
+ v3_auth_url,
+ token=token,
+ project_name=project_name,
+ project_id=project_id,
+ project_domain_name=project_domain_name,
+ project_domain_id=project_domain_id)
+ elif use_v2:
+ auth = v2_auth.Token(
+ v2_auth_url,
+ token=token,
+ tenant_id=project_id,
+ tenant_name=project_name)
+ else:
+ raise exc.CommandError('Unable to determine the Keystone version '
+ 'to authenticate with using the given '
+ 'auth_url.')
+
+ ks_session.auth = auth
+ return ks_session
+
+
def _get_endpoint(ks_session, **kwargs):
"""Get an endpoint using the provided keystone session."""
@@ -160,32 +220,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
token = self.opts.get('token') or self.opts.get('auth_token')
endpoint = self.opts.get('endpoint')
if not (token and endpoint):
- project_id = (self.opts.get('project_id') or
- self.opts.get('tenant_id'))
- project_name = (self.opts.get('project_name') or
- self.opts.get('tenant_name'))
- ks_kwargs = {
- 'username': self.opts.get('username'),
- 'password': self.opts.get('password'),
- 'user_id': self.opts.get('user_id'),
- 'user_domain_id': self.opts.get('user_domain_id'),
- 'user_domain_name': self.opts.get('user_domain_name'),
- 'project_id': project_id,
- 'project_name': project_name,
- 'project_domain_name': self.opts.get('project_domain_name'),
- 'project_domain_id': self.opts.get('project_domain_id'),
- 'auth_url': self.opts.get('auth_url'),
- 'cacert': self.opts.get('cacert'),
- 'cert': self.opts.get('cert'),
- 'key': self.opts.get('key'),
- 'insecure': strutils.bool_from_string(
- self.opts.get('insecure')),
- 'endpoint_type': self.opts.get('endpoint_type'),
- 'region_name': self.opts.get('region_name'),
- 'timeout': http_client.timeout,
- }
-
- # retrieve session
+ ks_kwargs = self._get_ks_kwargs(http_timeout=http_client.timeout)
ks_session = _get_keystone_session(**ks_kwargs)
token = lambda: ks_session.get_token()
endpoint = (self.opts.get('endpoint') or
@@ -193,6 +228,48 @@ class AuthPlugin(auth.BaseAuthPlugin):
self.opts['token'] = token
self.opts['endpoint'] = endpoint
+ def _get_ks_kwargs(self, http_timeout):
+ project_id = (self.opts.get('project_id') or
+ self.opts.get('tenant_id'))
+ project_name = (self.opts.get('project_name') or
+ self.opts.get('tenant_name'))
+ ks_kwargs = {
+ 'username': self.opts.get('username'),
+ 'password': self.opts.get('password'),
+ 'user_id': self.opts.get('user_id'),
+ 'user_domain_id': self.opts.get('user_domain_id'),
+ 'user_domain_name': self.opts.get('user_domain_name'),
+ 'project_id': project_id,
+ 'project_name': project_name,
+ 'project_domain_name': self.opts.get('project_domain_name'),
+ 'project_domain_id': self.opts.get('project_domain_id'),
+ 'auth_url': self.opts.get('auth_url'),
+ 'cacert': self.opts.get('cacert'),
+ 'cert': self.opts.get('cert'),
+ 'key': self.opts.get('key'),
+ 'insecure': strutils.bool_from_string(
+ self.opts.get('insecure')),
+ 'endpoint_type': self.opts.get('endpoint_type'),
+ 'region_name': self.opts.get('region_name'),
+ 'timeout': http_timeout,
+ }
+ return ks_kwargs
+
+ def redirect_to_aodh_endpoint(self, http_timeout):
+ ks_kwargs = self._get_ks_kwargs(http_timeout)
+ token = self.opts.get('token') or self.opts.get('auth_token')
+ # NOTE(liusheng): if token provided, we try to get keystone session
+ # with token, else, we get keystone session with user info and
+ # password. And then use the keystone session to get aodh's endpoint.
+ if token:
+ token = token() if callable(token) else token
+ ks_kwargs.update(token=token)
+ ks_session = _get_token_auth_ks_session(**ks_kwargs)
+ else:
+ ks_session = _get_keystone_session(**ks_kwargs)
+ ks_kwargs.update(service_type='alarming')
+ self.opts['endpoint'] = _get_endpoint(ks_session, **ks_kwargs)
+
def token_and_endpoint(self, endpoint_type, service_type):
token = self.opts.get('token')
if callable(token):
@@ -325,7 +402,7 @@ def get_auth_plugin(endpoint, **kwargs):
endpoint=endpoint,
username=kwargs.get('username'),
password=kwargs.get('password'),
- tenant_name=kwargs.get('tenant_name'),
+ tenant_name=kwargs.get('tenant_name') or kwargs.get('project_name'),
user_domain_name=kwargs.get('user_domain_name'),
user_domain_id=kwargs.get('user_domain_id'),
project_domain_name=kwargs.get('project_domain_name'),
View Lorry Controller Status