Support v3 application credentials auth.

Use keystoneauth1 application credential plugin and session to fetch a token and endpoint catalog url. $ swift --os-auth-url http://172.16.1.2:5000/v3 --auth-version 3\ --os-application-credential-id THE_ID \ --os-application-credential-secret THE_SECRET \ --os-auth-type v3applicationcredential auth Change-Id: I9190e5e7e24b6a741970fa0d0ac792deccf73d25 Closes-Bug: 1843901 Closes-Bug: 1856635
author: Charles Hsu <charles0126@gmail.com> 2019-12-18 00:32:36 +0800
committer: Charles Hsu <charles0126@gmail.com> 2020-04-16 12:41:04 +0800
commit: 02b637cdca6963e8dcab5170422347df99606f92 (patch)
tree: e245ccc06d484fbc6981deff47cf3f50018d8d52 /swiftclient/client.py
parent: c36616292fa27d5da956d58fcb20470e04fd9946 (diff)
download: python-swiftclient-02b637cdca6963e8dcab5170422347df99606f92.tar.gz
1 files changed, 50 insertions, 9 deletions
diff --git a/swiftclient/client.py b/swiftclient/client.py
index 449b6cd..ee85a14 100644
--- a/swiftclient/client.py
+++ b/swiftclient/client.py
@@ -70,6 +70,9 @@ except ImportError:
     pass
 try:
     from keystoneclient.v3 import client as ksclient_v3
+    from keystoneauth1.identity import v3
+    from keystoneauth1 import session
+    from keystoneauth1 import exceptions as ksauthexceptions
 except ImportError:
     pass
 
@@ -615,6 +618,46 @@ Auth versions 2.0 and 3 require python-keystoneclient, install it or use Auth
 version 1.0 which requires ST_AUTH, ST_USER, and ST_KEY environment
 variables to be set or overridden with -A, -U, or -K.''')
 
+    filter_kwargs = {}
+    service_type = os_options.get('service_type') or 'object-store'
+    endpoint_type = os_options.get('endpoint_type') or 'publicURL'
+    if os_options.get('region_name'):
+        filter_kwargs['attr'] = 'region'
+        filter_kwargs['filter_value'] = os_options['region_name']
+
+    if os_options.get('auth_type') == 'v3applicationcredential':
+        try:
+            v3
+        except NameError:
+            raise ClientException('Auth v3applicationcredential requires '
+                                  'python-keystoneclient>=2.0.0')
+
+        try:
+            auth = v3.ApplicationCredential(
+                auth_url=auth_url,
+                application_credential_secret=os_options.get(
+                    'application_credential_secret'),
+                application_credential_id=os_options.get(
+                    'application_credential_id'))
+            sses = session.Session(auth=auth)
+            token = sses.get_token()
+        except ksauthexceptions.Unauthorized:
+            msg = 'Unauthorized. Check application credential id and secret.'
+            raise ClientException(msg)
+        except ksauthexceptions.AuthorizationFailure as err:
+            raise ClientException('Authorization Failure. %s' % err)
+
+        try:
+            endpoint = sses.get_endpoint_data(service_type=service_type,
+                                              endpoint_type=endpoint_type,
+                                              **filter_kwargs)
+
+            return endpoint.catalog_url, token
+        except ksauthexceptions.EndpointNotFound:
+            raise ClientException(
+                'Endpoint for %s not found - '
+                'have you specified a region?' % service_type)
+
     try:
         _ksclient = ksclient.Client(
             username=user,
@@ -642,13 +685,8 @@ variables to be set or overridden with -A, -U, or -K.''')
         raise ClientException(msg)
     except ksexceptions.AuthorizationFailure as err:
         raise ClientException('Authorization Failure. %s' % err)
-    service_type = os_options.get('service_type') or 'object-store'
-    endpoint_type = os_options.get('endpoint_type') or 'publicURL'
+
     try:
-        filter_kwargs = {}
-        if os_options.get('region_name'):
-            filter_kwargs['attr'] = 'region'
-            filter_kwargs['filter_value'] = os_options['region_name']
         endpoint = _ksclient.service_catalog.url_for(
             service_type=service_type,
             endpoint_type=endpoint_type,
@@ -717,9 +755,12 @@ def get_auth(auth_url, user, key, **kwargs):
         if kwargs.get('tenant_name'):
             os_options['tenant_name'] = kwargs['tenant_name']
 
-        if not (os_options.get('tenant_name') or os_options.get('tenant_id') or
-                os_options.get('project_name') or
-                os_options.get('project_id')):
+        if os_options.get('auth_type') == 'v3applicationcredential':
+            pass
+        elif not (os_options.get('tenant_name') or
+                  os_options.get('tenant_id') or
+                  os_options.get('project_name') or
+                  os_options.get('project_id')):
             if auth_version in AUTH_VERSIONS_V2:
                 raise ClientException('No tenant specified')
             raise ClientException('No project name or project id specified.')
author	Charles Hsu <charles0126@gmail.com>	2019-12-18 00:32:36 +0800
committer	Charles Hsu <charles0126@gmail.com>	2020-04-16 12:41:04 +0800
commit	02b637cdca6963e8dcab5170422347df99606f92 (patch)
tree	e245ccc06d484fbc6981deff47cf3f50018d8d52 /swiftclient/client.py
parent	c36616292fa27d5da956d58fcb20470e04fd9946 (diff)
download	python-swiftclient-02b637cdca6963e8dcab5170422347df99606f92.tar.gz