snaps/openstack/utils/keystone_utils.py

   1 # Copyright (c) 2016 Cable Television Laboratories, Inc. ("CableLabs")
   2 #                    and others.  All rights reserved.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at:
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15 import requests
  16 from keystoneclient.client import Client
  17 from keystoneauth1.identity import v3, v2
  18 from keystoneauth1 import session
  19 import logging
  20
  21
  22 logger = logging.getLogger('keystone_utils')
  23
  24 V2_VERSION = 'v2.0'
  25
  26
  27 def keystone_session(os_creds):
  28     """
  29     Creates a keystone session used for authenticating OpenStack clients
  30     :param os_creds: The connection credentials to the OpenStack API
  31     :return: the client object
  32     """
  33     logger.debug('Retrieving Keystone Session')
  34
  35     if os_creds.identity_api_version == 3:
  36         auth = v3.Password(auth_url=os_creds.auth_url, username=os_creds.username, password=os_creds.password,
  37                            project_name=os_creds.project_name, user_domain_id=os_creds.user_domain_id,
  38                            project_domain_id=os_creds.project_domain_id)
  39     else:
  40         auth = v2.Password(auth_url=os_creds.auth_url, username=os_creds.username, password=os_creds.password,
  41                            tenant_name=os_creds.project_name)
  42
  43     req_session = None
  44     if os_creds.proxy_settings:
  45         req_session = requests.Session()
  46         req_session.proxies = {'http': os_creds.proxy_settings.host + ':' + os_creds.proxy_settings.port}
  47     return session.Session(auth=auth, session=req_session)
  48
  49
  50 def keystone_client(os_creds):
  51     """
  52     Returns the keystone client
  53     :param os_creds: the OpenStack credentials (OSCreds) object
  54     :return: the client
  55     """
  56     return Client(version=os_creds.identity_api_version, session=keystone_session(os_creds))
  57
  58
  59 def get_project(keystone=None, os_creds=None, project_name=None):
  60     """
  61     Returns the first project object or None if not found
  62     :param keystone: the Keystone client
  63     :param os_creds: the OpenStack credentials used to obtain the Keystone client if the keystone parameter is None
  64     :param project_name: the name to query
  65     :return: the ID or None
  66     """
  67     if not project_name:
  68         return None
  69
  70     if not keystone:
  71         if os_creds:
  72             keystone = keystone_client(os_creds)
  73         else:
  74             raise Exception('Cannot lookup project without the proper credentials')
  75
  76     if keystone.version == V2_VERSION:
  77         projects = keystone.tenants.list()
  78     else:
  79         projects = keystone.projects.list(**{'name': project_name})
  80
  81     for project in projects:
  82         if project.name == project_name:
  83             return project
  84
  85     return None
  86
  87
  88 def create_project(keystone, project_settings):
  89     """
  90     Creates a project
  91     :param keystone: the Keystone client
  92     :param project_settings: the project configuration
  93     :return:
  94     """
  95     if keystone.version == V2_VERSION:
  96         return keystone.tenants.create(project_settings.name, project_settings.description, project_settings.enabled)
  97
  98     return keystone.projects.create(project_settings.name, project_settings.domain,
  99                                     description=project_settings.description,
 100                                     enabled=project_settings.enabled)
 101
 102
 103 def delete_project(keystone, project):
 104     """
 105     Deletes a project
 106     :param keystone: the Keystone clien
 107     :param project: the OpenStack project object
 108     """
 109     if keystone.version == V2_VERSION:
 110         keystone.tenants.delete(project)
 111     else:
 112         keystone.projects.delete(project)
 113
 114
 115 def get_user(keystone, username, project_name=None):
 116     """
 117     Returns a user for a given name and optionally project
 118     :param keystone: the keystone client
 119     :param username: the username to lookup
 120     :param project_name: the associated project (optional)
 121     :return:
 122     """
 123     project = get_project(keystone=keystone, project_name=project_name)
 124
 125     if project:
 126         users = keystone.users.list(tenant_id=project.id)
 127     else:
 128         users = keystone.users.list()
 129
 130     for user in users:
 131         if user.name == username:
 132             return user
 133
 134     return None
 135
 136
 137 def create_user(keystone, user_settings):
 138     """
 139     Creates a user
 140     :param keystone: the Keystone client
 141     :param user_settings: the user configuration
 142     :return:
 143     """
 144     project = None
 145     if user_settings.project_name:
 146         project = get_project(keystone=keystone, project_name=user_settings.project_name)
 147
 148     if keystone.version == V2_VERSION:
 149         project_id = None
 150         if project:
 151             project_id = project.id
 152         return keystone.users.create(name=user_settings.name, password=user_settings.password,
 153                                      email=user_settings.email, tenant_id=project_id, enabled=user_settings.enabled)
 154     else:
 155         # TODO - need to support groups
 156         return keystone.users.create(name=user_settings.name, password=user_settings.password,
 157                                      email=user_settings.email, project=project,
 158                                      # email=user_settings.email, project=project, group='default',
 159                                      domain=user_settings.domain_name,
 160                                      enabled=user_settings.enabled)
 161
 162
 163 def delete_user(keystone, user):
 164     """
 165     Deletes a user
 166     :param keystone: the Keystone client
 167     :param user: the OpenStack user object
 168     """
 169     keystone.users.delete(user)
 170
 171
 172 def create_role(keystone, name):
 173     """
 174     Creates an OpenStack role
 175     :param keystone: the keystone client
 176     :param name: the role name
 177     :return:
 178     """
 179     return keystone.roles.create(name)
 180
 181
 182 def delete_role(keystone, role):
 183     """
 184     Deletes an OpenStack role
 185     :param keystone: the keystone client
 186     :param role: the role to delete
 187     :return:
 188     """
 189     keystone.roles.delete(role)
 190
 191
 192 def assoc_user_to_project(keystone, role, user, project):
 193     """
 194     Adds a user to a project
 195     :param keystone: the Keystone client
 196     :param role: the role used to join a project/user
 197     :param user: the user to add to the project
 198     :param project: the project to which to add a user
 199     :return:
 200     """
 201     if keystone.version == V2_VERSION:
 202         keystone.roles.add_user_role(user, role, tenant=project)
 203     else:
 204         keystone.roles.grant(role, user=user, project=project)