70b3246a19
* Make the Identity client in identity.client.make_client() * Auth via ClientManager.identity * Skip extra auth roundtrip in compute client Change-Id: I0190639e38f83997c233195f6cc27ff3afdfba10
106 lines
3.5 KiB
Python
106 lines
3.5 KiB
Python
"""Manage access to the clients, including authenticating when needed.
|
|
"""
|
|
|
|
import logging
|
|
|
|
from openstackclient.common import exceptions as exc
|
|
from openstackclient.compute import client as compute_client
|
|
from openstackclient.identity import client as identity_client
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class ClientCache(object):
|
|
"""Descriptor class for caching created client handles.
|
|
"""
|
|
|
|
def __init__(self, factory):
|
|
self.factory = factory
|
|
self._handle = None
|
|
|
|
def __get__(self, instance, owner):
|
|
# Tell the ClientManager to login to keystone
|
|
if self._handle is None:
|
|
instance.init_token()
|
|
self._handle = self.factory(instance)
|
|
return self._handle
|
|
|
|
|
|
class ClientManager(object):
|
|
"""Manages access to API clients, including authentication.
|
|
"""
|
|
|
|
# Identity client is instantiated in init_token()
|
|
# otherwise we have a recursion problem
|
|
identity = None
|
|
compute = ClientCache(compute_client.make_client)
|
|
|
|
def __init__(self, token=None, url=None,
|
|
auth_url=None,
|
|
tenant_name=None, tenant_id=None,
|
|
username=None, password=None,
|
|
region_name=None,
|
|
identity_api_version=None,
|
|
compute_api_version=None,
|
|
image_api_version=None,
|
|
):
|
|
self._token = token
|
|
self._url = url
|
|
self._auth_url = auth_url
|
|
self._tenant_name = tenant_name
|
|
self._tenant_id = tenant_id
|
|
self._username = username
|
|
self._password = password
|
|
self._region_name = region_name
|
|
self._identity_api_version = identity_api_version
|
|
self._compute_api_version = compute_api_version
|
|
self._image_api_version = image_api_version
|
|
|
|
def init_token(self):
|
|
"""Return the auth token and endpoint.
|
|
"""
|
|
if self._token:
|
|
LOG.debug('using existing auth token')
|
|
return
|
|
|
|
LOG.debug('validating authentication options')
|
|
if not self._username:
|
|
raise exc.CommandError(
|
|
"You must provide a username via"
|
|
" either --os-username or env[OS_USERNAME]")
|
|
|
|
if not self._password:
|
|
raise exc.CommandError(
|
|
"You must provide a password via"
|
|
" either --os-password or env[OS_PASSWORD]")
|
|
|
|
if not (self._tenant_id or self._tenant_name):
|
|
raise exc.CommandError(
|
|
"You must provide a tenant_id via"
|
|
" either --os-tenant-id or via env[OS_TENANT_ID]")
|
|
|
|
if not self._auth_url:
|
|
raise exc.CommandError(
|
|
"You must provide an auth url via"
|
|
" either --os-auth-url or via env[OS_AUTH_URL]")
|
|
|
|
# Get an Identity client and keep a token and catalog
|
|
if not self.identity:
|
|
self.identity = identity_client.make_client(self)
|
|
self._token = self.identity.auth_token
|
|
self._service_catalog = self.identity.service_catalog
|
|
return
|
|
|
|
def get_endpoint_for_service_type(self, service_type):
|
|
"""Return the endpoint URL for the service type.
|
|
"""
|
|
# See if we are using password flow auth, i.e. we have a
|
|
# service catalog to select endpoints from
|
|
if self._service_catalog:
|
|
endpoint = self._service_catalog.url_for(
|
|
service_type=service_type)
|
|
else:
|
|
# Hope we were given the correct URL.
|
|
endpoint = self._url
|
|
return endpoint
|