diff options
Diffstat (limited to 'openstackclient/api')
| -rw-r--r-- | openstackclient/api/auth.py | 97 | ||||
| -rw-r--r-- | openstackclient/api/auth_plugin.py | 118 |
2 files changed, 118 insertions, 97 deletions
diff --git a/openstackclient/api/auth.py b/openstackclient/api/auth.py index 2097d716..ba51bee1 100644 --- a/openstackclient/api/auth.py +++ b/openstackclient/api/auth.py @@ -16,13 +16,9 @@ import argparse import logging -from six.moves.urllib import parse as urlparse import stevedore -from oslo_config import cfg - from keystoneclient.auth import base -from keystoneclient.auth.identity.generic import password as ksc_password from openstackclient.common import exceptions as exc from openstackclient.common import utils @@ -201,96 +197,3 @@ def build_auth_plugins_option_parser(parser): help=argparse.SUPPRESS, ) return parser - - -class TokenEndpoint(base.BaseAuthPlugin): - """Auth plugin to handle traditional token/endpoint usage - - Implements the methods required to handle token authentication - with a user-specified token and service endpoint; no Identity calls - are made for re-scoping, service catalog lookups or the like. - - The purpose of this plugin is to get rid of the special-case paths - in the code to handle this authentication format. Its primary use - is for bootstrapping the Keystone database. - """ - - def __init__(self, url, token, **kwargs): - """A plugin for static authentication with an existing token - - :param string url: Service endpoint - :param string token: Existing token - """ - super(TokenEndpoint, self).__init__() - self.endpoint = url - self.token = token - - def get_endpoint(self, session, **kwargs): - """Return the supplied endpoint""" - return self.endpoint - - def get_token(self, session): - """Return the supplied token""" - return self.token - - def get_auth_ref(self, session, **kwargs): - """Stub this method for compatibility""" - return None - - # Override this because it needs to be a class method... - @classmethod - def get_options(self): - options = super(TokenEndpoint, self).get_options() - - options.extend([ - # Maintain name 'url' for compatibility - cfg.StrOpt('url', - help='Specific service endpoint to use'), - cfg.StrOpt('token', - secret=True, - help='Authentication token to use'), - ]) - - return options - - -class OSCGenericPassword(ksc_password.Password): - """Auth plugin hack to work around broken Keystone configurations - - The default Keystone configuration uses http://localhost:xxxx in - admin_endpoint and public_endpoint and are returned in the links.href - attribute by the version routes. Deployments that do not set these - are unusable with newer keystoneclient version discovery. - - """ - - def create_plugin(self, session, version, url, raw_status=None): - """Handle default Keystone endpoint configuration - - Build the actual API endpoint from the scheme, host and port of the - original auth URL and the rest from the returned version URL. - """ - - ver_u = urlparse.urlparse(url) - - # Only hack this if it is the default setting - if ver_u.netloc.startswith('localhost'): - auth_u = urlparse.urlparse(self.auth_url) - # from original auth_url: scheme, netloc - # from api_url: path, query (basically, the rest) - url = urlparse.urlunparse(( - auth_u.scheme, - auth_u.netloc, - ver_u.path, - ver_u.params, - ver_u.query, - ver_u.fragment, - )) - LOG.debug('Version URL updated: %s' % url) - - return super(OSCGenericPassword, self).create_plugin( - session=session, - version=version, - url=url, - raw_status=raw_status, - ) diff --git a/openstackclient/api/auth_plugin.py b/openstackclient/api/auth_plugin.py new file mode 100644 index 00000000..a995476a --- /dev/null +++ b/openstackclient/api/auth_plugin.py @@ -0,0 +1,118 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +"""Authentication Plugin Library""" + +import logging + +from oslo_config import cfg +from six.moves.urllib import parse as urlparse + +from keystoneclient.auth import base +from keystoneclient.auth.identity.generic import password as ksc_password + + +LOG = logging.getLogger(__name__) + + +class TokenEndpoint(base.BaseAuthPlugin): + """Auth plugin to handle traditional token/endpoint usage + + Implements the methods required to handle token authentication + with a user-specified token and service endpoint; no Identity calls + are made for re-scoping, service catalog lookups or the like. + + The purpose of this plugin is to get rid of the special-case paths + in the code to handle this authentication format. Its primary use + is for bootstrapping the Keystone database. + """ + + def __init__(self, url, token, **kwargs): + """A plugin for static authentication with an existing token + + :param string url: Service endpoint + :param string token: Existing token + """ + super(TokenEndpoint, self).__init__() + self.endpoint = url + self.token = token + + def get_endpoint(self, session, **kwargs): + """Return the supplied endpoint""" + return self.endpoint + + def get_token(self, session): + """Return the supplied token""" + return self.token + + def get_auth_ref(self, session, **kwargs): + """Stub this method for compatibility""" + return None + + # Override this because it needs to be a class method... + @classmethod + def get_options(self): + options = super(TokenEndpoint, self).get_options() + + options.extend([ + # Maintain name 'url' for compatibility + cfg.StrOpt('url', + help='Specific service endpoint to use'), + cfg.StrOpt('token', + secret=True, + help='Authentication token to use'), + ]) + + return options + + +class OSCGenericPassword(ksc_password.Password): + """Auth plugin hack to work around broken Keystone configurations + + The default Keystone configuration uses http://localhost:xxxx in + admin_endpoint and public_endpoint and are returned in the links.href + attribute by the version routes. Deployments that do not set these + are unusable with newer keystoneclient version discovery. + + """ + + def create_plugin(self, session, version, url, raw_status=None): + """Handle default Keystone endpoint configuration + + Build the actual API endpoint from the scheme, host and port of the + original auth URL and the rest from the returned version URL. + """ + + ver_u = urlparse.urlparse(url) + + # Only hack this if it is the default setting + if ver_u.netloc.startswith('localhost'): + auth_u = urlparse.urlparse(self.auth_url) + # from original auth_url: scheme, netloc + # from api_url: path, query (basically, the rest) + url = urlparse.urlunparse(( + auth_u.scheme, + auth_u.netloc, + ver_u.path, + ver_u.params, + ver_u.query, + ver_u.fragment, + )) + LOG.debug('Version URL updated: %s' % url) + + return super(OSCGenericPassword, self).create_plugin( + session=session, + version=version, + url=url, + raw_status=raw_status, + ) |