Ian Wienand bf9186a37e Fallback to upstream for Fedora image
OpenDev infra only keep around the latest two Fedora releases in their
mirrors.  Probe for the image from the local test mirror, but if not
found, fallback to upstream.  This will be much less reliable, but can
avoid gate breakage until new images can be used.

Also, use endpoint_type when creating keystoneclient

Keystone admin endpoint has been removed from devstack with[1].
This would use the public endpoint by default.

Change-Id: I96ab14871ee8c5d5b83cc0cd4abc840ef0218ca8
2021-11-12 15:32:19 +05:30

170 lines
5.9 KiB
Python

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
from heat.common.i18n import _
from heatclient import client as heat_client
from keystoneauth1.identity.generic import password
from keystoneauth1 import session
from keystoneclient.v3 import client as kc_v3
from novaclient import client as nova_client
from swiftclient import client as swift_client
class KeystoneWrapperClient(object):
"""Wrapper object for keystone client
This wraps keystone client, so we can encpasulate certain
added properties like auth_token, project_id etc.
"""
def __init__(self, auth_plugin, verify=True):
self.auth_plugin = auth_plugin
self.session = session.Session(
auth=auth_plugin,
verify=verify)
@property
def auth_token(self):
return self.auth_plugin.get_token(self.session)
@property
def auth_ref(self):
return self.auth_plugin.get_access(self.session)
@property
def project_id(self):
return self.auth_plugin.get_project_id(self.session)
def get_endpoint_url(self, service_type, region=None):
kwargs = {
'service_type': service_type,
'region_name': region}
return self.auth_ref.service_catalog.url_for(**kwargs)
class ClientManager(object):
"""Provides access to the official python clients for calling various APIs.
Manager that provides access to the official python clients for
calling various OpenStack APIs.
"""
HEATCLIENT_VERSION = '1'
NOVA_API_VERSION = '2.1'
def __init__(self, conf, admin_credentials=False):
self.conf = conf
self.admin_credentials = admin_credentials
self.auth_version = self.conf.auth_version
if not self.auth_version:
try:
self.auth_version = self.conf.auth_url.split('/v')[1]
except IndexError:
raise ValueError(_('Please specify version in auth_url or '
'auth_version in config.'))
self.insecure = self.conf.disable_ssl_certificate_validation
self.ca_file = self.conf.ca_file
self.identity_client = self._get_identity_client()
self.keystone_client = self._get_keystone_client()
self.orchestration_client = self._get_orchestration_client()
self.compute_client = self._get_compute_client()
self.object_client = self._get_object_client()
def _username(self):
if self.admin_credentials:
return self.conf.admin_username
return self.conf.username
def _password(self):
if self.admin_credentials:
return self.conf.admin_password
return self.conf.password
def _project_name(self):
if self.admin_credentials:
return self.conf.admin_project_name
return self.conf.project_name
def _get_orchestration_client(self):
endpoint = os.environ.get('HEAT_URL')
if os.environ.get('OS_NO_CLIENT_AUTH') == 'True':
session = None
else:
session = self.identity_client.session
return heat_client.Client(
self.HEATCLIENT_VERSION,
endpoint,
session=session,
endpoint_type='publicURL',
service_type='orchestration',
region_name=self.conf.region,
username=self._username(),
password=self._password())
def _get_identity_client(self):
user_domain_id = self.conf.user_domain_id
project_domain_id = self.conf.project_domain_id
user_domain_name = self.conf.user_domain_name
project_domain_name = self.conf.project_domain_name
kwargs = {
'username': self._username(),
'password': self._password(),
'project_name': self._project_name(),
'auth_url': self.conf.auth_url
}
# keystone v2 can't ignore domain details
if self.auth_version == '3':
kwargs.update({
'user_domain_id': user_domain_id,
'project_domain_id': project_domain_id,
'user_domain_name': user_domain_name,
'project_domain_name': project_domain_name})
auth = password.Password(**kwargs)
if self.insecure:
verify_cert = False
else:
verify_cert = self.ca_file or True
return KeystoneWrapperClient(auth, verify_cert)
def _get_keystone_client(self):
# Create our default Keystone client to use in testing
return kc_v3.Client(
session=self.identity_client.session,
interface='publicURL',
region_name=self.conf.region)
def _get_compute_client(self):
# Create our default Nova client to use in testing
return nova_client.Client(
self.NOVA_API_VERSION,
session=self.identity_client.session,
service_type='compute',
endpoint_type='publicURL',
region_name=self.conf.region,
os_cache=False,
http_log_debug=True)
def _get_object_client(self):
args = {
'auth_version': self.auth_version,
'session': self.identity_client.session,
'os_options': {'endpoint_type': 'publicURL',
'region_name': self.conf.region,
'service_type': 'object-store'},
}
return swift_client.Connection(**args)