diff options
author | Charles Hsu <charles0126@gmail.com> | 2019-12-18 00:32:36 +0800 |
---|---|---|
committer | Charles Hsu <charles0126@gmail.com> | 2020-04-16 12:41:04 +0800 |
commit | 02b637cdca6963e8dcab5170422347df99606f92 (patch) | |
tree | e245ccc06d484fbc6981deff47cf3f50018d8d52 /swiftclient/client.py | |
parent | c36616292fa27d5da956d58fcb20470e04fd9946 (diff) | |
download | python-swiftclient-02b637cdca6963e8dcab5170422347df99606f92.tar.gz |
Support v3 application credentials auth.
Use keystoneauth1 application credential plugin and session to fetch
a token and endpoint catalog url.
$ swift --os-auth-url http://172.16.1.2:5000/v3 --auth-version 3\
--os-application-credential-id THE_ID \
--os-application-credential-secret THE_SECRET \
--os-auth-type v3applicationcredential auth
Change-Id: I9190e5e7e24b6a741970fa0d0ac792deccf73d25
Closes-Bug: 1843901
Closes-Bug: 1856635
Diffstat (limited to 'swiftclient/client.py')
-rw-r--r-- | swiftclient/client.py | 59 |
1 files changed, 50 insertions, 9 deletions
diff --git a/swiftclient/client.py b/swiftclient/client.py index 449b6cd..ee85a14 100644 --- a/swiftclient/client.py +++ b/swiftclient/client.py @@ -70,6 +70,9 @@ except ImportError: pass try: from keystoneclient.v3 import client as ksclient_v3 + from keystoneauth1.identity import v3 + from keystoneauth1 import session + from keystoneauth1 import exceptions as ksauthexceptions except ImportError: pass @@ -615,6 +618,46 @@ Auth versions 2.0 and 3 require python-keystoneclient, install it or use Auth version 1.0 which requires ST_AUTH, ST_USER, and ST_KEY environment variables to be set or overridden with -A, -U, or -K.''') + filter_kwargs = {} + service_type = os_options.get('service_type') or 'object-store' + endpoint_type = os_options.get('endpoint_type') or 'publicURL' + if os_options.get('region_name'): + filter_kwargs['attr'] = 'region' + filter_kwargs['filter_value'] = os_options['region_name'] + + if os_options.get('auth_type') == 'v3applicationcredential': + try: + v3 + except NameError: + raise ClientException('Auth v3applicationcredential requires ' + 'python-keystoneclient>=2.0.0') + + try: + auth = v3.ApplicationCredential( + auth_url=auth_url, + application_credential_secret=os_options.get( + 'application_credential_secret'), + application_credential_id=os_options.get( + 'application_credential_id')) + sses = session.Session(auth=auth) + token = sses.get_token() + except ksauthexceptions.Unauthorized: + msg = 'Unauthorized. Check application credential id and secret.' + raise ClientException(msg) + except ksauthexceptions.AuthorizationFailure as err: + raise ClientException('Authorization Failure. %s' % err) + + try: + endpoint = sses.get_endpoint_data(service_type=service_type, + endpoint_type=endpoint_type, + **filter_kwargs) + + return endpoint.catalog_url, token + except ksauthexceptions.EndpointNotFound: + raise ClientException( + 'Endpoint for %s not found - ' + 'have you specified a region?' % service_type) + try: _ksclient = ksclient.Client( username=user, @@ -642,13 +685,8 @@ variables to be set or overridden with -A, -U, or -K.''') raise ClientException(msg) except ksexceptions.AuthorizationFailure as err: raise ClientException('Authorization Failure. %s' % err) - service_type = os_options.get('service_type') or 'object-store' - endpoint_type = os_options.get('endpoint_type') or 'publicURL' + try: - filter_kwargs = {} - if os_options.get('region_name'): - filter_kwargs['attr'] = 'region' - filter_kwargs['filter_value'] = os_options['region_name'] endpoint = _ksclient.service_catalog.url_for( service_type=service_type, endpoint_type=endpoint_type, @@ -717,9 +755,12 @@ def get_auth(auth_url, user, key, **kwargs): if kwargs.get('tenant_name'): os_options['tenant_name'] = kwargs['tenant_name'] - if not (os_options.get('tenant_name') or os_options.get('tenant_id') or - os_options.get('project_name') or - os_options.get('project_id')): + if os_options.get('auth_type') == 'v3applicationcredential': + pass + elif not (os_options.get('tenant_name') or + os_options.get('tenant_id') or + os_options.get('project_name') or + os_options.get('project_id')): if auth_version in AUTH_VERSIONS_V2: raise ClientException('No tenant specified') raise ClientException('No project name or project id specified.') |