56
57
:param string key: Path to the Privacy Enhanced Mail (PEM) file which
57
58
contains the unencrypted client private key needed
58
59
to established two-way SSL connection with the
59
identity service. (optional)
60
identity service. (optional)
60
61
:param string cacert: Path to the Privacy Enhanced Mail (PEM) file which
61
62
contains the trusted authority X.509 certificates
62
63
needed to established SSL connection with the
138
139
self.ec2 = ec2.CredentialsManager(self)
140
if self.management_url is None:
141
# DEPRECATED: if session is passed then we go to the new behaviour of
142
# authenticating on the first required call.
143
if not kwargs.get('session') and self.management_url is None:
141
144
self.authenticate()
143
146
def get_raw_token_from_identity_service(self, auth_url, username=None,
149
152
"""Authenticate against the v2 Identity API.
151
:returns: (``resp``, ``body``) if authentication was successful.
154
:returns: access.AccessInfo if authentication was successful.
152
155
:raises: AuthorizationFailure if unable to authenticate or validate
153
156
the existing authorization token
154
:raises: ValueError if insufficient parameters are used.
158
return self._base_authN(auth_url,
160
tenant_id=project_id or tenant_id,
161
tenant_name=project_name or tenant_name,
160
raise ValueError("Cannot authenticate without an auth_url")
162
a = v2_auth.Auth._factory(auth_url,
167
tenant_id=project_id or tenant_id,
168
tenant_name=project_name or tenant_name)
170
return a.get_auth_ref(self.session)
165
171
except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
166
172
_logger.debug("Authorization Failed.")
174
except exceptions.EndpointNotFound:
175
msg = 'There was no suitable authentication url for this request'
176
raise exceptions.AuthorizationFailure(msg)
168
177
except Exception as e:
169
178
raise exceptions.AuthorizationFailure("Authorization Failed: "
172
def _base_authN(self, auth_url, username=None, password=None,
173
tenant_name=None, tenant_id=None, trust_id=None,
175
"""Takes a username, password, and optionally a tenant_id or
176
tenant_name to get an authentication token from keystone.
177
May also take a token and a tenant_id to re-scope a token
178
to a tenant, or a token, tenant_id and trust_id and re-scope
179
the token to the trust
183
raise ValueError("Cannot authenticate without a valid auth_url")
184
url = auth_url + "/tokens"
186
headers['X-Auth-Token'] = token
187
params = {"auth": {"token": {"id": token}}}
188
elif username and password:
189
params = {"auth": {"passwordCredentials": {"username": username,
190
"password": password}}}
192
raise ValueError('A username and password or token is required.')
194
params['auth']['tenantId'] = tenant_id
196
params['auth']['tenantName'] = tenant_name
198
params['auth']['trust_id'] = trust_id
199
resp, body = self.request(url, 'POST', body=params, headers=headers)