diff options
Diffstat (limited to 'snaps/openstack/utils/keystone_utils.py')
-rw-r--r-- | snaps/openstack/utils/keystone_utils.py | 70 |
1 files changed, 49 insertions, 21 deletions
diff --git a/snaps/openstack/utils/keystone_utils.py b/snaps/openstack/utils/keystone_utils.py index 46f6fb8..4d3c0d3 100644 --- a/snaps/openstack/utils/keystone_utils.py +++ b/snaps/openstack/utils/keystone_utils.py @@ -14,10 +14,12 @@ # limitations under the License. import logging +import keystoneauth1 from keystoneclient.client import Client from keystoneauth1.identity import v3, v2 from keystoneauth1 import session import requests +from keystoneclient.exceptions import NotFound from snaps.domain.project import Project, Domain from snaps.domain.role import Role @@ -26,6 +28,7 @@ from snaps.domain.user import User logger = logging.getLogger('keystone_utils') V2_VERSION_NUM = 2.0 +V3_VERSION_NUM = 3 V2_VERSION_STR = 'v' + str(V2_VERSION_NUM) @@ -77,15 +80,29 @@ def keystone_session(os_creds): verify=os_creds.cacert) -def keystone_client(os_creds): +def close_session(session): + """ + Closes a keystone session + :param session: a session.Session object + """ + if isinstance(session, keystoneauth1.session.Session): + session.session.close() + + +def keystone_client(os_creds, session=None): """ Returns the keystone client :param os_creds: the OpenStack credentials (OSCreds) object + :param session: the keystone session object (optional) :return: the client """ + + if not session: + session = keystone_session(os_creds) + return Client( version=os_creds.identity_api_version, - session=keystone_session(os_creds), + session=session, interface=os_creds.interface, region_name=os_creds.region_name) @@ -105,26 +122,16 @@ def get_endpoint(os_creds, service_type, interface='public'): interface=interface) -def get_project(keystone=None, os_creds=None, project_settings=None, - project_name=None): +def get_project(keystone=None, project_settings=None, project_name=None): """ Returns the first project where the project_settings is used for the query if not None, else the project_name parameter is used for the query. If both parameters are None, None is returned :param keystone: the Keystone client - :param os_creds: the OpenStack credentials used to obtain the Keystone - client if the keystone parameter is None - :param project_settings: a ProjectSettings object + :param project_settings: a ProjectConfig object :param project_name: the name to query :return: the SNAPS-OO Project domain object or None """ - if not keystone: - if os_creds: - keystone = keystone_client(os_creds) - else: - raise KeystoneException( - 'Cannot lookup project without the proper credentials') - proj_filter = dict() if project_name: @@ -152,6 +159,26 @@ def get_project(keystone=None, os_creds=None, project_settings=None, domain_id=domain_id) +def get_project_by_id(keystone, proj_id): + """ + Returns the first project where the project_settings is used for the query + if not None, else the project_name parameter is used for the query. If both + parameters are None, None is returned + :param keystone: the Keystone client + :param proj_id: the project ID + """ + if proj_id and len(proj_id) > 0: + try: + os_proj = keystone.projects.get(proj_id) + if os_proj: + return Project(name=os_proj.name, project_id=os_proj.id, + domain_id=os_proj) + except NotFound: + pass + except KeyError: + pass + + def create_project(keystone, project_settings): """ Creates a project @@ -184,7 +211,7 @@ def create_project(keystone, project_settings): def delete_project(keystone, project): """ Deletes a project - :param keystone: the Keystone clien + :param keystone: the Keystone client :param project: the SNAPS-OO Project domain object """ logger.info('Deleting project with name - %s', project.name) @@ -237,8 +264,8 @@ def create_user(keystone, user_settings): """ project = None if user_settings.project_name: - project = get_project(keystone=keystone, - project_name=user_settings.project_name) + project = get_project( + keystone=keystone, project_name=user_settings.project_name) if keystone.version == V2_VERSION_STR: project_id = None @@ -367,7 +394,7 @@ def grant_user_role_to_project(keystone, role, user, project): """ os_role = get_role_by_id(keystone, role.id) - logger.info('Granting role %s to project %s', role.name, project) + logger.info('Granting role %s to project %s', role.name, project.name) if keystone.version == V2_VERSION_STR: keystone.roles.add_user_role(user, os_role, tenant=project) else: @@ -381,9 +408,10 @@ def get_domain_by_id(keystone, domain_id): :param domain_id: the domain ID to retrieve :return: the SNAPS-OO Domain domain object """ - domain = keystone.domains.get(domain_id) - if domain: - return Domain(name=domain.name, domain_id=domain.id) + if keystone.version != V2_VERSION_STR: + domain = keystone.domains.get(domain_id) + if domain: + return Domain(name=domain.name, domain_id=domain.id) def __get_os_domain_by_name(keystone, domain_name): |