← Back to branch summary

~ubuntu-branches/ubuntu/trusty/python-keystoneclient/trusty-proposed

« back to all changes in this revision

Viewing changes to keystoneclient/v2_0/client.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2014-03-27 12:08:28 UTC
  • mfrom: (1.1.26)
  • Revision ID: package-import@ubuntu.com-20140327120828-yu3vm5g1v1pkl93w
Tags: 1:0.7.1-ubuntu1
https://launchpad.net/bugs/1298453
New upstream release. (LP: #1298453)

Show diffs side-by-side

added added

removed removed

Lines of Context:
keystoneclient/v2_0/client.py
15
15
 
16
16
import logging
17
17
 
 
18
from keystoneclient.auth.identity import v2 as v2_auth
18
19
from keystoneclient import exceptions
19
20
from keystoneclient import httpclient
20
21
from keystoneclient.v2_0 import ec2
56
57
    :param string key: Path to the Privacy Enhanced Mail (PEM) file which
57
58
                       contains the unencrypted client private key needed
58
59
                       to established two-way SSL connection with the
59
 
                      identity service. (optional)
 
60
                       identity service. (optional)
60
61
    :param string cacert: Path to the Privacy Enhanced Mail (PEM) file which
61
62
                          contains the trusted authority X.509 certificates
62
63
                          needed to established SSL connection with the
72
73
 
73
74
    .. warning::
74
75
 
75
 
    If debug is enabled, it may show passwords in plain text as a part of its
76
 
    output.
 
76
        If debug is enabled, it may show passwords in plain text as a part of
 
77
        its output.
77
78
 
78
79
 
79
80
    The client can be created and used like a user or in a strictly
137
138
        # extensions
138
139
        self.ec2 = ec2.CredentialsManager(self)
139
140
 
140
 
        if self.management_url is None:
 
141
        # DEPRECATED: if session is passed then we go to the new behaviour of
 
142
        # authenticating on the first required call.
 
143
        if not kwargs.get('session') and self.management_url is None:
141
144
            self.authenticate()
142
145
 
143
146
    def get_raw_token_from_identity_service(self, auth_url, username=None,
148
151
                                            **kwargs):
149
152
        """Authenticate against the v2 Identity API.
150
153
 
151
 
        :returns: (``resp``, ``body``) if authentication was successful.
 
154
        :returns: access.AccessInfo if authentication was successful.
152
155
        :raises: AuthorizationFailure if unable to authenticate or validate
153
156
                 the existing authorization token
154
 
        :raises: ValueError if insufficient parameters are used.
155
 
 
156
157
        """
157
158
        try:
158
 
            return self._base_authN(auth_url,
159
 
                                    username=username,
160
 
                                    tenant_id=project_id or tenant_id,
161
 
                                    tenant_name=project_name or tenant_name,
162
 
                                    password=password,
163
 
                                    trust_id=trust_id,
164
 
                                    token=token)
 
159
            if auth_url is None:
 
160
                raise ValueError("Cannot authenticate without an auth_url")
 
161
 
 
162
            a = v2_auth.Auth._factory(auth_url,
 
163
                                      username=username,
 
164
                                      password=password,
 
165
                                      token=token,
 
166
                                      trust_id=trust_id,
 
167
                                      tenant_id=project_id or tenant_id,
 
168
                                      tenant_name=project_name or tenant_name)
 
169
 
 
170
            return a.get_auth_ref(self.session)
165
171
        except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
166
172
            _logger.debug("Authorization Failed.")
167
173
            raise
 
174
        except exceptions.EndpointNotFound:
 
175
            msg = 'There was no suitable authentication url for this request'
 
176
            raise exceptions.AuthorizationFailure(msg)
168
177
        except Exception as e:
169
178
            raise exceptions.AuthorizationFailure("Authorization Failed: "
170
179
                                                  "%s" % e)
171
 
 
172
 
    def _base_authN(self, auth_url, username=None, password=None,
173
 
                    tenant_name=None, tenant_id=None, trust_id=None,
174
 
                    token=None):
175
 
        """Takes a username, password, and optionally a tenant_id or
176
 
        tenant_name to get an authentication token from keystone.
177
 
        May also take a token and a tenant_id to re-scope a token
178
 
        to a tenant, or a token, tenant_id and trust_id and re-scope
179
 
        the token to the trust
180
 
        """
181
 
        headers = {}
182
 
        if auth_url is None:
183
 
            raise ValueError("Cannot authenticate without a valid auth_url")
184
 
        url = auth_url + "/tokens"
185
 
        if token:
186
 
            headers['X-Auth-Token'] = token
187
 
            params = {"auth": {"token": {"id": token}}}
188
 
        elif username and password:
189
 
            params = {"auth": {"passwordCredentials": {"username": username,
190
 
                                                       "password": password}}}
191
 
        else:
192
 
            raise ValueError('A username and password or token is required.')
193
 
        if tenant_id:
194
 
            params['auth']['tenantId'] = tenant_id
195
 
        elif tenant_name:
196
 
            params['auth']['tenantName'] = tenant_name
197
 
        if trust_id:
198
 
            params['auth']['trust_id'] = trust_id
199
 
        resp, body = self.request(url, 'POST', body=params, headers=headers)
200
 
        return resp, body