You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by an...@apache.org on 2016/12/27 08:35:15 UTC
[1/7] libcloud git commit: Add OpenStackIdentity_2_0_Connection_VOMS
class
Repository: libcloud
Updated Branches:
refs/heads/trunk 77b127f3e -> 5e153d03c
Add OpenStackIdentity_2_0_Connection_VOMS class
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/ec125bff
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/ec125bff
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/ec125bff
Branch: refs/heads/trunk
Commit: ec125bffd07f925083dce81fb1b1768f862e8723
Parents: b2662d5
Author: micafer <mi...@upv.es>
Authored: Wed Dec 14 12:38:35 2016 +0100
Committer: micafer <mi...@upv.es>
Committed: Wed Dec 14 12:38:35 2016 +0100
----------------------------------------------------------------------
libcloud/common/openstack_identity.py | 87 +++++++++++++++++++-
libcloud/test/common/test_openstack_identity.py | 41 +++++++++
2 files changed, 127 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/ec125bff/libcloud/common/openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/common/openstack_identity.py b/libcloud/common/openstack_identity.py
index 3a81219..efd8ce8 100644
--- a/libcloud/common/openstack_identity.py
+++ b/libcloud/common/openstack_identity.py
@@ -24,7 +24,8 @@ import datetime
from libcloud.utils.py3 import httplib
from libcloud.utils.iso8601 import parse_date
-from libcloud.common.base import ConnectionUserAndKey, Response
+from libcloud.common.base import (ConnectionUserAndKey, Response,
+ CertificateConnection)
from libcloud.compute.types import (LibcloudError, InvalidCredsError,
MalformedResponseError)
@@ -41,6 +42,7 @@ AUTH_VERSIONS_WITH_EXPIRES = [
'2.0',
'2.0_apikey',
'2.0_password',
+ '2.0_voms',
'3.0',
'3.x_password',
'3.x_oidc_access_token'
@@ -69,6 +71,7 @@ __all__ = [
'OpenStackIdentity_1_0_Connection',
'OpenStackIdentity_1_1_Connection',
'OpenStackIdentity_2_0_Connection',
+ 'OpenStackIdentity_2_0_Connection_VOMS',
'OpenStackIdentity_3_0_Connection',
'OpenStackIdentity_3_0_Connection_OIDC_access_token',
@@ -1536,6 +1539,86 @@ class OpenStackIdentity_3_0_Connection_OIDC_access_token(
driver=self.driver)
+class OpenStackIdentity_2_0_Connection_VOMS(OpenStackIdentityConnection,
+ CertificateConnection):
+ """
+ Connection class for Keystone API v2.0. with VOMS proxy support
+ In this case the key parameter will be the path of the VOMS proxy file.
+ """
+
+ responseCls = OpenStackAuthResponse
+ name = 'OpenStack Identity API v2.0 VOMS support'
+ auth_version = '2.0'
+
+ def __init__(self, auth_url, user_id, key, tenant_name=None,
+ domain_name='Default',
+ token_scope=OpenStackIdentityTokenScope.PROJECT,
+ timeout=None, parent_conn=None):
+ CertificateConnection.__init__(self, cert_file=key,
+ url=auth_url,
+ timeout=timeout)
+
+ self.parent_conn = parent_conn
+
+ # enable tests to use the same mock connection classes.
+ if parent_conn:
+ self.conn_classes = parent_conn.conn_classes
+ self.driver = parent_conn.driver
+ else:
+ self.driver = None
+
+ self.auth_url = auth_url
+ self.tenant_name = tenant_name
+ self.domain_name = domain_name
+ self.token_scope = token_scope
+ self.timeout = timeout
+
+ self.urls = {}
+ self.auth_token = None
+ self.auth_token_expires = None
+ self.auth_user_info = None
+
+ def authenticate(self, force=False):
+ if not self._is_authentication_needed(force=force):
+ return self
+
+ data = {'auth': {"voms": True}}
+ if self.tenant_name:
+ data['auth']['tenantName'] = self.tenant_name
+ reqbody = json.dumps(data)
+ return self._authenticate_2_0_with_body(reqbody)
+
+ def _authenticate_2_0_with_body(self, reqbody):
+ resp = self.request('/v2.0/tokens', data=reqbody,
+ headers={'Content-Type': 'application/json'},
+ method='POST')
+
+ if resp.status == httplib.UNAUTHORIZED:
+ raise InvalidCredsError()
+ elif resp.status not in [httplib.OK,
+ httplib.NON_AUTHORITATIVE_INFORMATION]:
+ body = 'code: %s body: %s' % (resp.status, resp.body)
+ raise MalformedResponseError('Malformed response', body=body,
+ driver=self.driver)
+ else:
+ body = resp.object
+
+ try:
+ access = body['access']
+ expires = access['token']['expires']
+
+ self.auth_token = access['token']['id']
+ self.auth_token_expires = parse_date(expires)
+ self.urls = access['serviceCatalog']
+ self.auth_user_info = access.get('user', {})
+ except KeyError:
+ e = sys.exc_info()[1]
+ raise MalformedResponseError('Auth JSON response is \
+ missing required elements', e)
+
+ return self
+
+
def get_class_for_auth_version(auth_version):
"""
Retrieve class for the provided auth version.
@@ -1548,6 +1631,8 @@ def get_class_for_auth_version(auth_version):
cls = OpenStackIdentity_2_0_Connection
elif auth_version == '2.0_password':
cls = OpenStackIdentity_2_0_Connection
+ elif auth_version == '2.0_voms':
+ cls = OpenStackIdentity_2_0_Connection_VOMS
elif auth_version == '3.x_password':
cls = OpenStackIdentity_3_0_Connection
elif auth_version == '3.x_oidc_access_token':
http://git-wip-us.apache.org/repos/asf/libcloud/blob/ec125bff/libcloud/test/common/test_openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/test/common/test_openstack_identity.py b/libcloud/test/common/test_openstack_identity.py
index 0829094..143a22b 100644
--- a/libcloud/test/common/test_openstack_identity.py
+++ b/libcloud/test/common/test_openstack_identity.py
@@ -33,6 +33,7 @@ from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection_OIDC_access_token
from libcloud.common.openstack_identity import OpenStackIdentityUser
from libcloud.compute.drivers.openstack import OpenStack_1_0_NodeDriver
+from libcloud.common.openstack_identity import OpenStackIdentity_2_0_Connection_VOMS
from libcloud.test import unittest
from libcloud.test import MockHttp
@@ -449,6 +450,27 @@ class OpenStackIdentity_3_0_Connection_OIDC_access_tokenTests(
auth.authenticate()
+class OpenStackIdentity_2_0_Connection_VOMSTests(unittest.TestCase):
+ def setUp(self):
+ mock_cls = OpenStackIdentity_2_0_Connection_VOMSMockHttp
+ mock_cls.type = None
+ OpenStackIdentity_2_0_Connection_VOMS.conn_classes = (mock_cls, mock_cls)
+
+ self.auth_instance = OpenStackIdentity_2_0_Connection_VOMS(auth_url='http://none',
+ user_id=None,
+ key='/tmp/proxy.pem',
+ tenant_name='VO')
+ self.auth_instance.auth_token = 'mock'
+
+ def test_authenticate(self):
+ auth = OpenStackIdentity_2_0_Connection_VOMS(auth_url='http://none',
+ user_id=None,
+ key='/tmp/proxy.pem',
+ token_scope='test',
+ tenant_name="VO")
+ auth.authenticate()
+
+
class OpenStackServiceCatalogTestCase(unittest.TestCase):
fixtures = ComputeFileFixtures('openstack')
@@ -709,5 +731,24 @@ class OpenStackIdentity_3_0_MockHttp(MockHttp):
return (httplib.OK, body, self.json_content_headers, httplib.responses[httplib.OK])
raise NotImplementedError()
+
+class OpenStackIdentity_2_0_Connection_VOMSMockHttp(MockHttp):
+ fixtures = ComputeFileFixtures('openstack_identity/v2')
+ json_content_headers = {'content-type': 'application/json; charset=UTF-8'}
+
+ def _v2_0_tokens(self, method, url, body, headers):
+ if method == 'POST':
+ status = httplib.UNAUTHORIZED
+ data = json.loads(body)
+ if 'voms' in data['auth'] and data['auth']['voms'] is True:
+ if 'tenantName' in data['auth'] and data['auth']['tenantName'] == 'VO':
+ status = httplib.OK
+
+ body = ComputeFileFixtures('openstack').load('_v2_0__auth.json')
+ headers = self.json_content_headers.copy()
+ headers['x-subject-token'] = '00000000000000000000000000000000'
+ return (status, body, headers, httplib.responses[httplib.OK])
+ raise NotImplementedError()
+
if __name__ == '__main__':
sys.exit(unittest.main())
[3/7] libcloud git commit: Enable to search for the tenant name if
not specified
Posted by an...@apache.org.
Enable to search for the tenant name if not specified
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/d5513693
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/d5513693
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/d5513693
Branch: refs/heads/trunk
Commit: d551369367890477e37ec88a307cf1634b4be024
Parents: 80b54cb
Author: micafer <mi...@upv.es>
Authored: Fri Dec 16 09:04:26 2016 +0100
Committer: micafer <mi...@upv.es>
Committed: Fri Dec 16 09:04:26 2016 +0100
----------------------------------------------------------------------
libcloud/common/openstack_identity.py | 59 +++++++++++++++++++-
libcloud/test/common/test_openstack_identity.py | 10 +++-
2 files changed, 64 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/d5513693/libcloud/common/openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/common/openstack_identity.py b/libcloud/common/openstack_identity.py
index efd8ce8..da90f0b 100644
--- a/libcloud/common/openstack_identity.py
+++ b/libcloud/common/openstack_identity.py
@@ -1582,12 +1582,65 @@ class OpenStackIdentity_2_0_Connection_VOMS(OpenStackIdentityConnection,
if not self._is_authentication_needed(force=force):
return self
- data = {'auth': {"voms": True}}
- if self.tenant_name:
- data['auth']['tenantName'] = self.tenant_name
+ tenant = self.tenant_name
+ if not tenant:
+ # if the tenant name is not specified look for it
+ token = self._get_unscoped_token()
+ tenant = self._get_tenant_name(token)
+
+ data = {'auth': {'voms': True, 'tenantName': tenant}}
+
reqbody = json.dumps(data)
return self._authenticate_2_0_with_body(reqbody)
+ def _get_unscoped_token(self):
+ """
+ Get unscoped token from VOMS proxy
+ """
+ data = {'auth': {'voms': True}}
+ reqbody = json.dumps(data)
+
+ response = self.request('/v2.0/tokens', data=reqbody,
+ headers={'Content-Type': 'application/json'},
+ method='POST')
+
+ if response.status == httplib.UNAUTHORIZED:
+ # Invalid credentials
+ raise InvalidCredsError()
+ elif response.status in [httplib.OK, httplib.CREATED]:
+ try:
+ body = json.loads(response.body)
+ return body['access']['token']['id']
+ except Exception:
+ e = sys.exc_info()[1]
+ raise MalformedResponseError('Failed to parse JSON', e)
+ else:
+ raise MalformedResponseError('Malformed response',
+ driver=self.driver)
+
+ def _get_tenant_name(self, token):
+ """
+ Get the first available tenant name (usually there are only one)
+ """
+ headers = {'Accept': 'application/json',
+ 'Content-Type': 'application/json',
+ 'X-Auth-Token': token}
+ response = self.request('/v2.0/tenants', headers=headers, method='GET')
+
+ if response.status == httplib.UNAUTHORIZED:
+ # Invalid credentials
+ raise InvalidCredsError()
+ elif response.status in [httplib.OK, httplib.CREATED]:
+ try:
+ body = json.loads(response.body)
+ return body["tenants"][0]["name"]
+ except Exception:
+ e = sys.exc_info()[1]
+ raise MalformedResponseError('Failed to parse JSON', e)
+ else:
+ raise MalformedResponseError('Malformed response',
+ driver=self.driver)
+
def _authenticate_2_0_with_body(self, reqbody):
resp = self.request('/v2.0/tokens', data=reqbody,
headers={'Content-Type': 'application/json'},
http://git-wip-us.apache.org/repos/asf/libcloud/blob/d5513693/libcloud/test/common/test_openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/test/common/test_openstack_identity.py b/libcloud/test/common/test_openstack_identity.py
index 186d21c..902cde2 100644
--- a/libcloud/test/common/test_openstack_identity.py
+++ b/libcloud/test/common/test_openstack_identity.py
@@ -741,8 +741,7 @@ class OpenStackIdentity_2_0_Connection_VOMSMockHttp(MockHttp):
status = httplib.UNAUTHORIZED
data = json.loads(body)
if 'voms' in data['auth'] and data['auth']['voms'] is True:
- if 'tenantName' in data['auth'] and data['auth']['tenantName'] == 'VO':
- status = httplib.OK
+ status = httplib.OK
body = ComputeFileFixtures('openstack').load('_v2_0__auth.json')
headers = self.json_content_headers.copy()
@@ -750,5 +749,12 @@ class OpenStackIdentity_2_0_Connection_VOMSMockHttp(MockHttp):
return (status, body, headers, httplib.responses[httplib.OK])
raise NotImplementedError()
+ def _v2_0_tenants(self, method, url, body, headers):
+ if method == 'GET':
+ # get user projects
+ body = json.dumps({"tenant": [{"name": "tenant_name"}]})
+ return (httplib.OK, body, self.json_content_headers, httplib.responses[httplib.OK])
+ raise NotImplementedError()
+
if __name__ == '__main__':
sys.exit(unittest.main())
[5/7] libcloud git commit: Fix problem with libvirt package in tests
Posted by an...@apache.org.
Fix problem with libvirt package in tests
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/b55d9c69
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/b55d9c69
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/b55d9c69
Branch: refs/heads/trunk
Commit: b55d9c6915d66e1d2f3c0012ab11d7142af86bc0
Parents: 31caddd
Author: micafer <mi...@upv.es>
Authored: Fri Dec 16 09:53:43 2016 +0100
Committer: micafer <mi...@upv.es>
Committed: Fri Dec 16 09:53:43 2016 +0100
----------------------------------------------------------------------
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/b55d9c69/.travis.yml
----------------------------------------------------------------------
diff --git a/.travis.yml b/.travis.yml
index e755c7d..6c8511b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -62,7 +62,7 @@ matrix:
packages:
- graphviz
- gcc
- - libvirt
+ - libvirt-bin
# For now allow failures of all the builds which use lxml
allow_failures:
- env: ENV=2.6-lxml
[4/7] libcloud git commit: Fix problem with libvirt package in tests
Posted by an...@apache.org.
Fix problem with libvirt package in tests
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/31caddd7
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/31caddd7
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/31caddd7
Branch: refs/heads/trunk
Commit: 31caddd780701dddd10cf5c6a7f5e86318e9dce2
Parents: d551369
Author: micafer <mi...@upv.es>
Authored: Fri Dec 16 09:52:52 2016 +0100
Committer: micafer <mi...@upv.es>
Committed: Fri Dec 16 09:52:52 2016 +0100
----------------------------------------------------------------------
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/31caddd7/.travis.yml
----------------------------------------------------------------------
diff --git a/.travis.yml b/.travis.yml
index 88c38dc..e755c7d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,7 @@ addons:
apt:
packages:
- graphviz
- - libvirt
+ - libvirt-bin
matrix:
fast_finish: true
[2/7] libcloud git commit: Style changes
Posted by an...@apache.org.
Style changes
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/80b54cbe
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/80b54cbe
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/80b54cbe
Branch: refs/heads/trunk
Commit: 80b54cbe225feb81e07ff09f7ae324a07a09ebe2
Parents: ec125bf
Author: micafer <mi...@upv.es>
Authored: Wed Dec 14 13:35:24 2016 +0100
Committer: micafer <mi...@upv.es>
Committed: Wed Dec 14 13:35:24 2016 +0100
----------------------------------------------------------------------
libcloud/test/common/test_openstack_identity.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/80b54cbe/libcloud/test/common/test_openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/test/common/test_openstack_identity.py b/libcloud/test/common/test_openstack_identity.py
index 143a22b..186d21c 100644
--- a/libcloud/test/common/test_openstack_identity.py
+++ b/libcloud/test/common/test_openstack_identity.py
@@ -457,17 +457,17 @@ class OpenStackIdentity_2_0_Connection_VOMSTests(unittest.TestCase):
OpenStackIdentity_2_0_Connection_VOMS.conn_classes = (mock_cls, mock_cls)
self.auth_instance = OpenStackIdentity_2_0_Connection_VOMS(auth_url='http://none',
- user_id=None,
- key='/tmp/proxy.pem',
- tenant_name='VO')
+ user_id=None,
+ key='/tmp/proxy.pem',
+ tenant_name='VO')
self.auth_instance.auth_token = 'mock'
def test_authenticate(self):
auth = OpenStackIdentity_2_0_Connection_VOMS(auth_url='http://none',
- user_id=None,
- key='/tmp/proxy.pem',
- token_scope='test',
- tenant_name="VO")
+ user_id=None,
+ key='/tmp/proxy.pem',
+ token_scope='test',
+ tenant_name="VO")
auth.authenticate()
[7/7] libcloud git commit: change for #959
Posted by an...@apache.org.
change for #959
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/5e153d03
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/5e153d03
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/5e153d03
Branch: refs/heads/trunk
Commit: 5e153d03c50976534bbe9133df997abb9148ef77
Parents: 5c155e1
Author: Anthony Shaw <an...@apache.org>
Authored: Tue Dec 27 19:35:08 2016 +1100
Committer: Anthony Shaw <an...@apache.org>
Committed: Tue Dec 27 19:35:08 2016 +1100
----------------------------------------------------------------------
CHANGES.rst | 4 ++++
1 file changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/libcloud/blob/5e153d03/CHANGES.rst
----------------------------------------------------------------------
diff --git a/CHANGES.rst b/CHANGES.rst
index 4a916c0..2652848 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -15,6 +15,10 @@ Common
Compute
~~~~~~~
+- [openstack] Add new Connection class to support VOMS proxys to keystone servers
+ [GITHUB-959]
+ (micafer)
+
- [outscale] Added support for changed API for describing quotas
[GITHUB-960]
(Javier M. Mellid)
[6/7] libcloud git commit: Merge branch 'github-959' into trunk
Closes #959
Posted by an...@apache.org.
Merge branch 'github-959' into trunk
Closes #959
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/5c155e18
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/5c155e18
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/5c155e18
Branch: refs/heads/trunk
Commit: 5c155e1853c7417d841e8d43a4e9b21d1e811709
Parents: 77b127f b55d9c6
Author: Anthony Shaw <an...@apache.org>
Authored: Tue Dec 27 19:33:38 2016 +1100
Committer: Anthony Shaw <an...@apache.org>
Committed: Tue Dec 27 19:33:38 2016 +1100
----------------------------------------------------------------------
libcloud/common/openstack_identity.py | 140 ++++++++++++++++++-
libcloud/test/common/test_openstack_identity.py | 47 +++++++
2 files changed, 186 insertions(+), 1 deletion(-)
----------------------------------------------------------------------