1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
# Copyright 2010-2012 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_utils.importutils import import_class
from trove.common import cfg
from trove.common import exception
from trove.common.strategies.cluster import strategy
from cinderclient.v3 import client as CinderClient
import glanceclient
from keystoneauth1.identity import v3
from keystoneauth1 import session as ka_session
from keystoneclient.service_catalog import ServiceCatalog
from neutronclient.v2_0 import client as NeutronClient
from novaclient.client import Client
from swiftclient.client import Connection
CONF = cfg.CONF
def normalize_url(url):
"""Adds trailing slash if necessary."""
if not url.endswith('/'):
return '%(url)s/' % {'url': url}
else:
return url
def get_endpoint(service_catalog, service_type=None,
endpoint_region=None, endpoint_type='publicURL'):
"""
Select an endpoint from the service catalog
We search the full service catalog for services
matching both type and region. The client is expected to
supply the region matching the service_type. There must
be one -- and only one -- successful match in the catalog,
otherwise we will raise an exception.
Some parts copied from glance/common/auth.py.
"""
endpoint_region = endpoint_region or CONF.service_credentials.region_name
if not service_catalog:
raise exception.EmptyCatalog()
# per IRC chat, X-Service-Catalog will be a v2 catalog regardless of token
# format; see https://bugs.launchpad.net/python-keystoneclient/+bug/1302970
# 'token' key necessary to get past factory validation
sc = ServiceCatalog.factory({'token': None,
'serviceCatalog': service_catalog})
urls = sc.get_urls(service_type=service_type, region_name=endpoint_region,
endpoint_type=endpoint_type)
if not urls:
raise exception.NoServiceEndpoint(service_type=service_type,
endpoint_region=endpoint_region,
endpoint_type=endpoint_type)
return urls[0]
def dns_client(context):
from trove.dns.manager import DnsManager
return DnsManager()
def guest_client(context, id, manager=None):
from trove.guestagent.api import API
if manager:
clazz = strategy.load_guestagent_strategy(manager).guest_client_class
else:
clazz = API
return clazz(context, id)
def nova_client(context, region_name=None, password=None):
if CONF.nova_compute_url:
url = '%(nova_url)s%(tenant)s' % {
'nova_url': normalize_url(CONF.nova_compute_url),
'tenant': context.project_id}
else:
region = region_name or CONF.service_credentials.region_name
url = get_endpoint(
context.service_catalog,
service_type=CONF.nova_compute_service_type,
endpoint_region=region,
endpoint_type=CONF.nova_compute_endpoint_type
)
client = Client(CONF.nova_client_version,
username=context.user_id,
password=password,
endpoint_override=url,
project_id=context.project_id,
project_domain_name=context.project_domain_name,
user_domain_name=context.user_domain_name,
auth_url=CONF.service_credentials.auth_url,
auth_token=context.auth_token,
insecure=CONF.nova_api_insecure)
client.client.auth_token = context.auth_token
client.client.endpoint_override = url
return client
def create_admin_nova_client(context):
"""
Creates client that uses trove admin credentials
:return: a client for nova for the trove admin
"""
client = create_nova_client(
context, password=CONF.service_credentials.password
)
return client
def cinder_client(context, region_name=None):
if CONF.cinder_url:
url = '%(cinder_url)s%(tenant)s' % {
'cinder_url': normalize_url(CONF.cinder_url),
'tenant': context.project_id}
else:
region = region_name or CONF.service_credentials.region_name
url = get_endpoint(
context.service_catalog,
service_type=CONF.cinder_service_type,
endpoint_region=region,
endpoint_type=CONF.cinder_endpoint_type
)
client = CinderClient.Client(context.user_id, context.auth_token,
project_id=context.project_id,
auth_url=CONF.service_credentials.auth_url,
insecure=CONF.cinder_api_insecure)
client.client.auth_token = context.auth_token
client.client.management_url = url
return client
def swift_client(context, region_name=None):
if CONF.swift_url:
# swift_url has a different format so doesn't need to be normalized
url = '%(swift_url)s%(tenant)s' % {'swift_url': CONF.swift_url,
'tenant': context.project_id}
else:
region = region_name or CONF.service_credentials.region_name
url = get_endpoint(context.service_catalog,
service_type=CONF.swift_service_type,
endpoint_region=region,
endpoint_type=CONF.swift_endpoint_type)
client = Connection(preauthurl=url,
preauthtoken=context.auth_token,
tenant_name=context.project_id,
snet=CONF.backup_use_snet,
insecure=CONF.swift_api_insecure)
return client
def neutron_client(context, region_name=None):
if CONF.neutron_url:
# neutron endpoint url / publicURL does not include tenant segment
url = CONF.neutron_url
else:
region = region_name or CONF.service_credentials.region_name
url = get_endpoint(context.service_catalog,
service_type=CONF.neutron_service_type,
endpoint_region=region,
endpoint_type=CONF.neutron_endpoint_type)
client = NeutronClient.Client(token=context.auth_token,
endpoint_url=url,
insecure=CONF.neutron_api_insecure)
return client
def glance_client(context, region_name=None):
# We should allow glance to get the endpoint from the service
# catalog, but to do so we would need to be able to specify
# the endpoint_filter on the API calls, but glance
# doesn't currently allow that. As a result, we must
# specify the endpoint explicitly.
if CONF.glance_url:
endpoint_url = '%(url)s%(tenant)s' % {
'url': normalize_url(CONF.glance_url),
'tenant': context.project_id}
else:
region = region_name or CONF.service_credentials.region_name
endpoint_url = get_endpoint(
context.service_catalog, service_type=CONF.glance_service_type,
endpoint_region=region,
endpoint_type=CONF.glance_endpoint_type
)
auth = v3.Token(CONF.service_credentials.auth_url, context.auth_token)
session = ka_session.Session(auth=auth)
return glanceclient.Client(
CONF.glance_client_version, endpoint=endpoint_url,
session=session
)
def create_dns_client(*arg, **kwargs):
return import_class(CONF.remote_dns_client)(*arg, **kwargs)
def create_guest_client(*arg, **kwargs):
return import_class(CONF.remote_guest_client)(*arg, **kwargs)
def create_nova_client(*arg, **kwargs):
return import_class(CONF.remote_nova_client)(*arg, **kwargs)
def create_swift_client(*arg, **kwargs):
return import_class(CONF.remote_swift_client)(*arg, **kwargs)
def create_cinder_client(*arg, **kwargs):
return import_class(CONF.remote_cinder_client)(*arg, **kwargs)
def create_neutron_client(*arg, **kwargs):
return import_class(CONF.remote_neutron_client)(*arg, **kwargs)
def create_glance_client(*arg, **kwargs):
return import_class(CONF.remote_glance_client)(*arg, **kwargs)
|
