Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
6.0.5 ▾
|
# Copyright (c) 2014 TrilioData, Inc.
# All Rights Reserved.
"""
OpenStack Client interface. Handles the REST calls and responses.
"""
from __future__ import print_function
import logging
import os
import requests
try:
import urlparse
except ImportError:
import urllib.parse as urlparse
try:
from eventlet import sleep
except ImportError:
from time import sleep
try:
import json
except ImportError:
import simplejson as json
# Python 2.5 compat fix
if not hasattr(urlparse, "parse_qsl"):
import cgi
urlparse.parse_qsl = cgi.parse_qsl
from keystoneauth1 import identity
from keystoneauth1 import session
from keystoneclient import client
from workloadmgrclient import exceptions
from workloadmgrclient import service_catalog
from workloadmgrclient import utils
class HTTPClient(object):
USER_AGENT = "python-workloadmgrclient"
def __init__(
self,
user=None,
password=None,
projectid=None,
auth_url=None,
auth_type=None,
token=None,
projectname=None,
domain_name="default",
os_user_domain_id=None,
os_project_domain_id=None,
insecure=False,
timeout=None,
proxy_tenant_id=None,
proxy_token=None,
region_name=None,
endpoint_type="publicURL",
service_type=None,
service_name=None,
retries=None,
http_log_debug=False,
cacert=None,
project_domain_name=None,
user_domain_name=None,
management_url = None,
auth_token = None,
client_secret = None,
client_id = None,
discovery_endpoint = None,
identity_provider = None,
protocol = None
):
self.user = user
self.password = password
self.projectid = projectid
self.projectname=projectname
self.token=token
self.auth_version = 2
self.auth_type = auth_type
self.auth_url = auth_url.rstrip("/")
self.version = "v3"
self.domain_name = domain_name
self.os_user_domain_id = os_user_domain_id or domain_name
self.os_project_domain_id = os_project_domain_id or domain_name
self.project_domain_name = project_domain_name
self.user_domain_name = user_domain_name
self.region_name = region_name
self.endpoint_type = endpoint_type
self.service_type = service_type
self.service_name = service_name
self.retries = int(retries or 0)
self.http_log_debug = http_log_debug
self.management_url = None
self.auth_token = None
self.proxy_token = proxy_token
self.proxy_tenant_id = proxy_tenant_id
self.client_secret = client_secret
self.client_id = client_id
self.discovery_endpoint = discovery_endpoint
self.identity_provider = identity_provider
self.protocol = protocol
if insecure:
self.verify_cert = False
else:
if cacert:
self.verify_cert = cacert
else:
self.verify_cert = True
self._logger = logging.getLogger(__name__)
if self.http_log_debug and not self._logger.handlers:
ch = logging.StreamHandler()
self._logger.setLevel(logging.DEBUG)
self._logger.addHandler(ch)
if hasattr(requests, "logging"):
requests.logging.getLogger(requests.__name__).addHandler(ch)
def http_log_req(self, args, kwargs):
if not self.http_log_debug:
return
string_parts = ["curl -i"]
for element in args:
if element in ("GET", "POST", "DELETE", "PUT"):
string_parts.append(" -X %s" % element)
else:
string_parts.append(" %s" % element)
for element in kwargs["headers"]:
header = ' -H "%s: %s"' % (element, kwargs["headers"][element])
string_parts.append(header)
if "data" in kwargs:
string_parts.append(" -d '%s'" % (kwargs["data"]))
self._logger.debug("\nREQ: %s\n" % "".join(string_parts))
def http_log_resp(self, resp):
if not self.http_log_debug:
return
self._logger.debug(
"RESP: [%s] %s\nRESP BODY: %s\n", resp.status_code, resp.headers, resp.text
)
def request(self, url, method, **kwargs):
kwargs.setdefault("headers", kwargs.get("headers", {}))
kwargs["headers"]["User-Agent"] = self.USER_AGENT
kwargs["headers"]["Accept"] = "application/json"
if "body" in kwargs:
kwargs["headers"]["Content-Type"] = "application/json"
kwargs["data"] = json.dumps(kwargs["body"])
del kwargs["body"]
self.http_log_req((url, method,), kwargs)
resp = requests.request(method, url, verify=self.verify_cert, **kwargs)
self.http_log_resp(resp)
if resp.text:
try:
body = json.loads(resp.text)
except ValueError:
pass
body = None
else:
body = None
if resp.status_code >= 400:
raise exceptions.from_response(resp, body)
return resp, body
def _cs_request(self, url, method, **kwargs):
auth_attempts = 0
attempts = 0
backoff = 1
while True:
attempts += 1
if not self.management_url or not self.auth_token:
self.authenticate()
kwargs.setdefault("headers", {})["X-Auth-Token"] = self.auth_token
if self.projectid:
kwargs["headers"]["X-Auth-Project-Id"] = self.projectid
try:
resp, body = self.request(self.management_url + url, method, **kwargs)
return resp, body
except exceptions.BadRequest as e:
if attempts > self.retries:
raise
except exceptions.Unauthorized:
if auth_attempts > 0:
raise
self._logger.debug("Unauthorized, reauthenticating.")
self.management_url = self.auth_token = None
# First reauth. Discount this attempt.
attempts -= 1
auth_attempts += 1
continue
except exceptions.ClientException as e:
if attempts > self.retries:
raise exceptions.CustomClientException(
code=e.code,
message=e.message,
details=e.details,
request_id=e.request_id,
)
if 500 <= e.code <= 599:
pass
else:
raise
except requests.exceptions.ConnectionError as e:
# Catch a connection refused from requests.request
self._logger.debug("Connection refused: %s" % e)
raise
self._logger.debug(
"Failed attempt(%s of %s), retrying in %s seconds"
% (attempts, self.retries, backoff)
)
sleep(backoff)
backoff *= 2
def get(self, url, **kwargs):
return self._cs_request(url, "GET", **kwargs)
def post(self, url, **kwargs):
return self._cs_request(url, "POST", **kwargs)
def put(self, url, **kwargs):
return self._cs_request(url, "PUT", **kwargs)
def delete(self, url, **kwargs):
return self._cs_request(url, "DELETE", **kwargs)
def _extract_service_catalog(self, url, resp, body, extract_token=True):
"""See what the auth service told us and process the response.
We may get redirected to another site, fail or actually get
back a service catalog with a token and our endpoints.
"""
if self.auth_version == 3:
if resp.status_code == 200 or resp.status_code == 201:
try:
self.auth_url = url
self.service_catalog = service_catalog.ServiceCatalog(body)
if extract_token:
self.auth_token = resp.headers["x-subject-token"]
if self.region_name:
management_url = self.service_catalog.url_for_v3(
attr="region",
filter_value=self.region_name,
endpoint_type=self.endpoint_type,
service_type=self.service_type,
service_name=self.service_name,
)
else:
management_url = self.service_catalog.url_for_v3(
endpoint_type=self.endpoint_type,
service_type=self.service_type,
service_name=self.service_name,
)
self.management_url = management_url.rstrip("/")
return None
except exceptions.AmbiguousEndpoints:
print(
"Found more than one valid endpoint. Use a more restrictive filter"
)
raise
except KeyError:
raise exceptions.AuthorizationFailure()
except exceptions.EndpointNotFound:
print("Could not find any suitable endpoint. Correct region?")
raise
elif resp.status_code == 200: # content must always present
try:
self.auth_url = url
self.service_catalog = service_catalog.ServiceCatalog(body)
if extract_token:
self.auth_token = self.service_catalog.get_token()
management_url = self.service_catalog.url_for(
attr="region",
filter_value=self.region_name,
endpoint_type=self.endpoint_type,
service_type=self.service_type,
service_name=self.service_name,
)
self.management_url = management_url.rstrip("/")
return None
except exceptions.AmbiguousEndpoints:
print(
"Found more than one valid endpoint. Use a more "
"restrictive filter"
)
raise
except KeyError:
raise exceptions.AuthorizationFailure()
except exceptions.EndpointNotFound:
print("Could not find any suitable endpoint. Correct region?")
raise
elif resp.status_code == 305:
return resp["location"]
else:
raise exceptions.from_response(resp, body)
def _extract_service_catalog_for_v3oidcpassword(self, body):
try:
self.service_catalog = service_catalog.ServiceCatalog(body)
if self.region_name:
management_url = self.service_catalog.url_for_v3oidcpassword(
attr="region",
filter_value=self.region_name,
endpoint_type=self.endpoint_type,
service_type=self.service_type,
service_name=self.service_name,
)
else:
management_url = self.service_catalog.url_for_v3oidcpassword(
endpoint_type=self.endpoint_type,
service_type=self.service_type,
service_name=self.service_name,
)
self.management_url = management_url.rstrip("/")
except exceptions.AmbiguousEndpoints:
self._logger.error(
"Found more than one valid endpoint. Use a more restrictive filter"
)
raise
except exceptions.EndpointNotFound:
self._logger.error("Could not find any suitable endpoint. Correct region?")
raise
def _fetch_endpoints_from_auth(self, url):
"""We have a token, but don't know the final endpoint for
the region. We have to go back to the auth service and
ask again. This request requires an admin-level token
to work. The proxy token supplied could be from a low-level enduser.
We can't get this from the keystone service endpoint, we have to use
the admin endpoint.
This will overwrite our admin token with the user token.
"""
# GET ...:5001/v2.0/tokens/#####/endpoints
url = "/".join(
[
url,
"tokens",
"%s?belongsTo=%s" % (self.proxy_token, self.proxy_tenant_id),
]
)
self._logger.debug("Using Endpoint URL: %s" % url)
resp, body = self.request(url, "GET", headers={"X-Auth-Token": self.auth_token})
return self._extract_service_catalog(url, resp, body, extract_token=False)
def authenticate(self):
magic_tuple = urlparse.urlsplit(self.auth_url)
scheme, netloc, path, query, frag = magic_tuple
port = magic_tuple.port
if port is None:
port = 80
path_parts = path.split("/")
for part in path_parts:
if len(part) > 0 and part[0] == "v":
self.version = part
break
# TODO(sandy): Assume admin endpoint is 35357 for now.
# Ideally this is going to have to be provided by the service catalog.
new_netloc = netloc.replace(":%d" % port, ":%d" % (35357,))
admin_url = urlparse.urlunsplit((scheme, new_netloc, path, query, frag))
auth_url = self.auth_url
if self.version == "v2.0":
while auth_url:
if "WORKLOADMGR_RAX_AUTH" in os.environ:
auth_url = self._rax_auth(auth_url)
else:
auth_url = self._v2_auth(auth_url)
# Are we acting on behalf of another user via an
# existing token? If so, our actual endpoints may
# be different than that of the admin token.
if self.proxy_token:
self._fetch_endpoints_from_auth(admin_url)
# Since keystone no longer returns the user token
# with the endpoints any more, we need to replace
# our service account token with the user token.
self.auth_token = self.proxy_token
else:
if "v3" not in auth_url.split("/"):
auth_url = "/".join([auth_url, "v3"])
self._v3_auth(auth_url)
def _v2_auth(self, url):
"""Authenticate against a v2.0 auth service."""
body = {
"auth": {
"passwordCredentials": {
"username": self.user,
"password": self.password,
}
}
}
if self.projectname:
body["auth"]["tenantName"] = self.projectname
elif self.projectid:
body["auth"]["tenantId"] = self.projectid
self._authenticate(url, body)
def _v3_auth(self, url):
"""Authenticate against a v3 auth service."""
self.auth_version = 3
if self.auth_type == "token":
body = {
"auth": {
"identity": {
"methods": ["token"],
"token": {
"id": {}
},
},
}
}
body["auth"]["identity"]["token"]["id"] = self.token
self.auth_token=self.token
else:
body = {
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {}
},
},
}
}
if self.user_domain_name:
user_data = {
"name": self.user,
"password": self.password,
"domain": {"name": self.user_domain_name},
}
else:
user_data = {
"name": self.user,
"password": self.password,
"domain": {"id": self.os_user_domain_id},
}
body["auth"]["identity"]["password"]["user"] = user_data
if self.project_domain_name:
scope = {"project": {"domain": {"name": self.project_domain_name}}}
else:
scope = {"project": {"domain": {"id": self.os_project_domain_id}}}
if self.projectid:
scope['project']['id'] = self.projectid
else:
scope['project']['name'] = self.projectname
body["auth"]["scope"] = scope
self._authenticate(url, body, v3=True)
def _rax_auth(self, url):
"""Authenticate against the Rackspace auth service."""
body = {
"auth": {
"RAX-KSKEY:apiKeyCredentials": {
"username": self.user,
"apiKey": self.password,
"tenantName": self.projectid,
}
}
}
self._authenticate(url, body)
def _authenticate(self, url, body, v3=False):
"""Authenticate and extract the service catalog."""
if v3:
if self.auth_type == 'v3oidcpassword' and self.auth_token is None:
try:
auth_params = {
'auth_url': self.auth_url,
'username': self.user,
'password': self.password,
'project_name': self.projectname,
'project_domain_name': self.project_domain_name,
'project_domain_id': self.os_project_domain_id,
'identity_provider': self.identity_provider,
'protocol': self.protocol,
'client_id': self.client_id,
'client_secret': self.client_secret,
'discovery_endpoint': self.discovery_endpoint,
'access_token_type': 'access_token'
}
auth = identity.V3OidcPassword(**auth_params)
sess = session.Session(auth=auth, verify=self.verify_cert)
self.auth_token = sess.get_token()
catalog = auth.get_access(sess).service_catalog
body = catalog.catalog
except Exception as e:
print(e)
raise
return self._extract_service_catalog_for_v3oidcpassword(body)
else:
token_url = "/".join([url, "auth", "tokens"])
else:
token_url = "/".join([url, "tokens"])
# Make sure we follow redirects when trying to reach Keystone
resp, body = self.request(token_url, "POST", body=body, allow_redirects=True)
return self._extract_service_catalog(url, resp, body)
def get_client_class(version):
version_map = {
"1": "workloadmgrclient.v1.client.Client",
}
try:
client_path = version_map[str(version)]
except (KeyError, ValueError):
msg = "Invalid client version '%s'. must be one of: %s" % (
(version, ", ".join(list(version_map.keys())))
)
raise exceptions.UnsupportedVersion(msg)
return utils.import_class(client_path)
def Client(version, *args, **kwargs):
client_class = get_client_class(version)
return client_class(*args, **kwargs)