How to use the keystoneauth1.session function in keystoneauth1
To help you get started, we’ve selected a few keystoneauth1 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
openstack / charm-percona-cluster / tests / charmhelpers / contrib / openstack / amulet / utils.py View on Github 
def get_keystone_session(self, keystone_ip, username, password,
api_version=False, admin_port=False,
user_domain_name=None, domain_name=None,
project_domain_name=None, project_name=None):
"""Return a keystone session object"""
ep = self.get_keystone_endpoint(keystone_ip,
api_version=api_version,
admin_port=admin_port)
if api_version == 2:
auth = v2.Password(
username=username,
password=password,
tenant_name=project_name,
auth_url=ep
)
sess = keystone_session.Session(auth=auth)
else:
auth = v3.Password(
user_domain_name=user_domain_name,
username=username,
password=password,
domain_name=domain_name,
project_domain_name=project_domain_name,
project_name=project_name,
auth_url=ep
)
sess = keystone_session.Session(auth=auth)
return (sess, auth)role_admin = keystone_v3.roles.find(name="admin")
logger.info("Setting role 'admin' to user {0}".format(user_name))
keystone_v3.roles.grant(role=role_admin, user=user, domain=domain)
role_assignments = keystone_v3.role_assignments.list(domain=domain)
domain_users_ids = [du.user["id"] for du in role_assignments]
assert user.id in domain_users_ids
controller_ip = env.get_primary_controller_ip()
auth_url = 'http://{0}:5000/v3'.format(controller_ip)
auth = v3.Password(auth_url=auth_url,
username=user_name,
password=user_pass,
domain_name=domain_name,
user_domain_name=domain_name)
sess = session.Session(auth=auth)
keystone_v3 = KeystoneClientV3(session=sess)
new_project_name = "project_1616778"
logger.info("Creating project {0} in domain {1}".
format(new_project_name, domain_name))
keystone_v3.projects.create(name=new_project_name, domain=domain,
description="New project")
projects = keystone_v3.projects.list(domain=domain)
projects_names = [p.name for p in projects]
assert new_project_name in projects_names, ("Project {0} is not created".
format(new_project_name)):raises KeyManagerError: if context is missing tenant or tenant is
None or error occurs while creating client
"""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
LOG.error(msg)
raise exception.Forbidden(msg)
if self._barbican_client and self._current_context == context:
return self._barbican_client
try:
auth = self._get_keystone_auth(context)
sess = session.Session(auth=auth,
verify=self.conf.barbican.verify_ssl)
self._barbican_endpoint = self._get_barbican_endpoint(auth, sess)
self._barbican_client = barbican_client_import.Client(
session=sess,
endpoint=self._barbican_endpoint)
self._current_context = context
# TODO(pbourke): more fine grained exception handling - we are eating
# tracebacks here
except Exception as e:
LOG.error("Error creating Barbican client: %s", e)
raise exception.KeyManagerError(reason=e)
self._base_url = self._create_base_url(auth,
sess,password=password,
tenant_name=project_name,
auth_url=ep
)
sess = keystone_session.Session(auth=auth)
else:
auth = v3.Password(
user_domain_name=user_domain_name,
username=username,
password=password,
domain_name=domain_name,
project_domain_name=project_domain_name,
project_name=project_name,
auth_url=ep
)
sess = keystone_session.Session(auth=auth)
return (sess, auth)def get_versions(auth_url):
from keystoneauth1 import discover
from keystoneauth1 import session
temp_session = session.Session(
verify=(self.credential.https_cacert or
not self.credential.https_insecure),
timeout=CONF.openstack_client_http_timeout)
data = discover.Discover(temp_session, auth_url).version_data()
return dict([(v["version"][0], v["url"]) for v in data])def session_constructor(*args, **kwargs):
# We need to pass our current keystone session to the Session
# Constructor, otherwise the new auth plugin doesn't get used.
return keystoneauth1.session.Session(
session=self.session,
discovery_cache=self.config._discovery_cache)def _get_client():
"""Returns a v2 cinder client object."""
auth_url = CONF.user.endpoint
if auth_url.endswith("/v3/"):
auth_url = auth_url[-1]
elif auth_url.endswith("/v3"):
pass
else:
auth_url = "{}/v3".format(auth_url)
auth = identity.v3.Password(auth_url=auth_url,
project_name=CONF.user.project_name,
project_domain_name=CONF.user.domain_name,
user_domain_name=CONF.user.domain_name,
username=CONF.user.username,
password=CONF.user.password)
return Client("2", session=session.Session(auth=auth)):rtype: :class:`keystoneauth1.session.Session`
:return: A Keystone session object.
"""
if self._cached_keystone_session:
return self._cached_keystone_session
if self._keystone_version == 3:
from keystoneauth1.identity import v3
auth = v3.Password(auth_url=self.auth_url,
username=self.username,
password=self.password,
user_domain_name=self.user_domain_name,
project_domain_name=self.project_domain_name,
project_name=self.project_name)
self._cached_keystone_session = session.Session(auth=auth)
else:
from keystoneauth1.identity import v2
auth = v2.Password(self.auth_url, username=self.username,
password=self.password,
tenant_name=self.project_name)
self._cached_keystone_session = session.Session(auth=auth)
return self._cached_keystone_session
try:
auth_url = authcfg.auth_url
except cfg.NoSuchOptError:
auth_url = authcfg.identity_uri
LOG.debug("authcfg[auth_url] fallback[identity_uri] = %s",
auth_url)
auth = v3.Password(user_domain_name=user_domain_name,
username=username,
password=password,
project_domain_name=project_domain_name,
project_name=project_name,
auth_url=re.sub(r'/v3/?$', '', auth_url) +
'/v3')
sess = session.Session(auth=auth)
keystone_client = KeystoneClient(session=sess)
LOG.debug("Keystone client = %r", keystone_client)
# Create syncers.
self.subnet_syncer = \
SubnetSyncer(self.db, self._txn_from_context)
self.policy_syncer = \
PolicySyncer(self.db, self._txn_from_context)
self.endpoint_syncer = \
WorkloadEndpointSyncer(self.db,
self._txn_from_context,
self.policy_syncer,
keystone_client)
# Admin context used by (only) the thread that updates Felix agent
# status.def create_keystone_session():
if int(os_identity_api_version) == 3:
from keystoneauth1.identity import v3
auth = v3.Password(
username=os_username, password=os_password, project_name=os_tenant,
user_domain_name=os_user_domain_name, project_domain_name=os_project_domain_name,
auth_url=os_auth_url)
else:
from keystoneauth1.identity import v2
auth = v2.Password(
username=os_username, password=os_password, tenant_name=os_tenant,
auth_url=os_auth_url)
return session.Session(auth=auth)keystoneauth1
Authentication Library for OpenStack Identity
Apache-2.0
Latest version published 3 months agoPackage Health Score
70 / 100Popular keystoneauth1 functions
- keystoneauth1._utils.get_logger
- keystoneauth1.exceptions
- keystoneauth1.exceptions.EndpointNotFound
- keystoneauth1.identity
- keystoneauth1.identity.Password
- keystoneauth1.identity.Token
- keystoneauth1.identity.v2.Password
- keystoneauth1.identity.v3
- keystoneauth1.identity.v3.Password
- keystoneauth1.loading
- keystoneauth1.loading.get_auth_common_conf_options
- keystoneauth1.loading.get_auth_plugin_conf_options
- keystoneauth1.loading.get_plugin_loader
- keystoneauth1.loading.load_auth_from_conf_options
- keystoneauth1.loading.load_session_from_conf_options
- keystoneauth1.loading.Opt
- keystoneauth1.loading.register_auth_conf_options
- keystoneauth1.loading.register_session_conf_options
- keystoneauth1.session
- keystoneauth1.session.Session