2
# Copyright 2015 eNovance <licensing@enovance.com>
4
# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
# not use this file except in compliance with the License. You may obtain
6
# a copy of the License at
8
# http://www.apache.org/licenses/LICENSE-2.0
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
# License for the specific language governing permissions and limitations
17
from keystoneclient import discover as ks_discover
18
from keystoneclient import exceptions as ks_exception
19
from keystoneclient import session as ks_session
20
from keystoneclient.v2_0 import client as ks_client
21
from keystoneclient.v3 import client as ks_client_v3
25
return ks_client.Client(
26
username=conf.service_credentials.os_username,
27
password=conf.service_credentials.os_password,
28
tenant_id=conf.service_credentials.os_tenant_id,
29
tenant_name=conf.service_credentials.os_tenant_name,
30
cacert=conf.service_credentials.os_cacert,
31
auth_url=conf.service_credentials.os_auth_url,
32
region_name=conf.service_credentials.os_region_name,
33
insecure=conf.service_credentials.insecure,
34
timeout=conf.http_timeout,)
37
def get_v3_client(conf, trust_id=None):
38
"""Return a client for keystone v3 endpoint, optionally using a trust."""
39
auth_url = conf.service_credentials.os_auth_url
41
auth_url_noneversion = auth_url.replace('/v2.0', '/')
42
discover = ks_discover.Discover(auth_url=auth_url_noneversion)
43
v3_auth_url = discover.url_for('3.0')
45
auth_url = v3_auth_url
49
auth_url = auth_url.replace('/v2.0', '/v3')
50
return ks_client_v3.Client(
51
username=conf.service_credentials.os_username,
52
password=conf.service_credentials.os_password,
53
cacert=conf.service_credentials.os_cacert,
55
region_name=conf.service_credentials.os_region_name,
56
insecure=conf.service_credentials.insecure,
57
timeout=conf.http_timeout,
61
def create_trust_id(conf, trustor_user_id, trustor_project_id,
63
"""Create a new trust using the aodh service user."""
64
admin_client = get_v3_client(conf)
66
trustee_user_id = admin_client.auth_ref.user_id
68
session = ks_session.Session.construct({
69
'cacert': conf.service_credentials.os_cacert,
70
'insecure': conf.service_credentials.insecure})
72
client = ks_client_v3.Client(session=session, auth=auth_plugin)
74
trust = client.trusts.create(trustor_user=trustor_user_id,
75
trustee_user=trustee_user_id,
76
project=trustor_project_id,
82
def delete_trust_id(conf, trust_id, auth_plugin):
83
"""Delete a trust previously setup for the aodh user."""
84
session = ks_session.Session.construct({
85
'cacert': conf.service_credentials.os_cacert,
86
'insecure': conf.service_credentials.insecure})
88
client = ks_client_v3.Client(session=session, auth=auth_plugin)
90
client.trusts.delete(trust_id)
91
except ks_exception.NotFound:
added
removed
aodh/keystone_client.py
