from six.moves.urllib import parse
import keystoneclient
from keystoneclient import client
from rally import osclients
def _get_session(auth_url=None, version=None):
from keystoneauth1 import discover
from keystoneauth1 import session
from keystoneclient.auth import identity
password_args = {
"auth_url": "http://keystone:35357/v3",
"username": "admin",
"password": "foobar",
"tenant_name": "admin"
}
credential = {
"auth_url": "http://keystone:35357/v3",
"username": "admin",
"password": "foobar",
"tenant_name": "admin",
"permission": "user",
"region_name": None, "endpoint_type": None,
"domain_name": "admin", "endpoint": None,
"user_domain_name": None, "admin_domain_name": "Default",
"project_domain_name": None,
"https_insecure": False, "https_cacert": None,
}
version = osclients.OSClient.get("keystone")(
credential, {}, {}).choose_version(version)
if version is None:
# NOTE(rvasilets): If version not specified than we discover
# available version with the smallest number. To be able to
# discover versions we need session
temp_session = session.Session(
verify=True, timeout=10.0)
version = str(discover.Discover(
temp_session,
"http://keystone:35357/v3").version_data()[0]["version"][0])
if "v2.0" not in password_args["auth_url"] and (
version != "2"):
password_args.update({
"user_domain_name": None,
"domain_name": "admin",
"project_domain_name": None,
})
identity_plugin = identity.Password(**password_args)
sess = session.Session(
auth=identity_plugin, verify=True, timeout=10.0)
return sess, identity_plugin
def _remove_url_version():
"""Remove any version from the auth_url.
The keystone Client code requires that auth_url be the root url
if a version override is used.
"""
url = parse.urlparse("http://keystone:35357/v3")
# NOTE(bigjools): This assumes that non-versioned URLs have no
# path component at all.
parts = (url.scheme, url.netloc, "/", url.params, url.query,
url.fragment)
return parse.urlunparse(parts)
version = 3
auth_url = "http://keystone:35357/v3"
if version is not None:
auth_url = _remove_url_version()
sess, plugin = _get_session(auth_url=auth_url)
# NOTE(bigjools): When using sessions, keystoneclient no longer
# does any pre-auth and calling client.authenticate() with
# sessions is deprecated (it's still possible to call it but if
# endpoint is defined it'll crash). We're forcing that pre-auth
# here because the use of the service_catalog depends on doing
# this. Also note that while the API has got the
# endpoints.list() equivalent, there is no service_type in that
# list which is why we need to ensure service_catalog is still
# present.
auth_ref = plugin.get_access(sess)
print auth_ref
ZnJvbSBzaXgubW92ZXMudXJsbGliIGltcG9ydCBwYXJzZQppbXBvcnQga2V5c3RvbmVjbGllbnQKZnJvbSBrZXlzdG9uZWNsaWVudCBpbXBvcnQgY2xpZW50CmZyb20gcmFsbHkgaW1wb3J0IG9zY2xpZW50cwoKZGVmIF9nZXRfc2Vzc2lvbihhdXRoX3VybD1Ob25lLCB2ZXJzaW9uPU5vbmUpOgogICAgZnJvbSBrZXlzdG9uZWF1dGgxIGltcG9ydCBkaXNjb3ZlcgogICAgZnJvbSBrZXlzdG9uZWF1dGgxIGltcG9ydCBzZXNzaW9uCiAgICBmcm9tIGtleXN0b25lY2xpZW50LmF1dGggaW1wb3J0IGlkZW50aXR5CgogICAgcGFzc3dvcmRfYXJncyA9IHsKICAgICAgICAiYXV0aF91cmwiOiAiaHR0cDovL2tleXN0b25lOjM1MzU3L3YzIiwKICAgICAgICAidXNlcm5hbWUiOiAiYWRtaW4iLAogICAgICAgICJwYXNzd29yZCI6ICJmb29iYXIiLAogICAgICAgICJ0ZW5hbnRfbmFtZSI6ICJhZG1pbiIKICAgIH0KCiAgICBjcmVkZW50aWFsID0gewogICAgICAgICJhdXRoX3VybCI6ICJodHRwOi8va2V5c3RvbmU6MzUzNTcvdjMiLAogICAgICAgICJ1c2VybmFtZSI6ICJhZG1pbiIsCiAgICAgICAgInBhc3N3b3JkIjogImZvb2JhciIsCiAgICAgICAgInRlbmFudF9uYW1lIjogImFkbWluIiwKICAgICAgICAicGVybWlzc2lvbiI6ICJ1c2VyIiwKICAgICAgICAicmVnaW9uX25hbWUiOiBOb25lLCAiZW5kcG9pbnRfdHlwZSI6IE5vbmUsCiAgICAgICAgImRvbWFpbl9uYW1lIjogImFkbWluIiwgImVuZHBvaW50IjogTm9uZSwKICAgICAgICAidXNlcl9kb21haW5fbmFtZSI6IE5vbmUsICJhZG1pbl9kb21haW5fbmFtZSI6ICJEZWZhdWx0IiwKICAgICAgICAicHJvamVjdF9kb21haW5fbmFtZSI6IE5vbmUsCiAgICAgICAgImh0dHBzX2luc2VjdXJlIjogRmFsc2UsICJodHRwc19jYWNlcnQiOiBOb25lLAogICAgfQoKICAgIHZlcnNpb24gPSBvc2NsaWVudHMuT1NDbGllbnQuZ2V0KCJrZXlzdG9uZSIpKAogICAgICAgIGNyZWRlbnRpYWwsIHt9LCB7fSkuY2hvb3NlX3ZlcnNpb24odmVyc2lvbikKICAgIGlmIHZlcnNpb24gaXMgTm9uZToKICAgICAgICAjIE5PVEUocnZhc2lsZXRzKTogSWYgdmVyc2lvbiBub3Qgc3BlY2lmaWVkIHRoYW4gd2UgZGlzY292ZXIKICAgICAgICAjIGF2YWlsYWJsZSB2ZXJzaW9uIHdpdGggdGhlIHNtYWxsZXN0IG51bWJlci4gVG8gYmUgYWJsZSB0bwogICAgICAgICMgZGlzY292ZXIgdmVyc2lvbnMgd2UgbmVlZCBzZXNzaW9uCiAgICAgICAgdGVtcF9zZXNzaW9uID0gc2Vzc2lvbi5TZXNzaW9uKAogICAgICAgICAgICB2ZXJpZnk9VHJ1ZSwgdGltZW91dD0xMC4wKQogICAgICAgIHZlcnNpb24gPSBzdHIoZGlzY292ZXIuRGlzY292ZXIoCiAgICAgICAgICAgIHRlbXBfc2Vzc2lvbiwKICAgICAgICAgICAgImh0dHA6Ly9rZXlzdG9uZTozNTM1Ny92MyIpLnZlcnNpb25fZGF0YSgpWzBdWyJ2ZXJzaW9uIl1bMF0pCgogICAgaWYgInYyLjAiIG5vdCBpbiBwYXNzd29yZF9hcmdzWyJhdXRoX3VybCJdIGFuZCAoCiAgICAgICAgICAgIHZlcnNpb24gIT0gIjIiKToKICAgICAgICBwYXNzd29yZF9hcmdzLnVwZGF0ZSh7CiAgICAgICAgICAgICJ1c2VyX2RvbWFpbl9uYW1lIjogTm9uZSwKICAgICAgICAgICAgImRvbWFpbl9uYW1lIjogImFkbWluIiwKICAgICAgICAgICAgInByb2plY3RfZG9tYWluX25hbWUiOiBOb25lLAogICAgICAgIH0pCiAgICBpZGVudGl0eV9wbHVnaW4gPSBpZGVudGl0eS5QYXNzd29yZCgqKnBhc3N3b3JkX2FyZ3MpCiAgICBzZXNzID0gc2Vzc2lvbi5TZXNzaW9uKAogICAgICAgIGF1dGg9aWRlbnRpdHlfcGx1Z2luLCB2ZXJpZnk9VHJ1ZSwgdGltZW91dD0xMC4wKQoKICAgIHJldHVybiBzZXNzLCBpZGVudGl0eV9wbHVnaW4KCmRlZiBfcmVtb3ZlX3VybF92ZXJzaW9uKCk6CiAgICAiIiJSZW1vdmUgYW55IHZlcnNpb24gZnJvbSB0aGUgYXV0aF91cmwuCiAgICBUaGUga2V5c3RvbmUgQ2xpZW50IGNvZGUgcmVxdWlyZXMgdGhhdCBhdXRoX3VybCBiZSB0aGUgcm9vdCB1cmwKICAgIGlmIGEgdmVyc2lvbiBvdmVycmlkZSBpcyB1c2VkLgogICAgIiIiCiAgICB1cmwgPSBwYXJzZS51cmxwYXJzZSgiaHR0cDovL2tleXN0b25lOjM1MzU3L3YzIikKICAgICMgTk9URShiaWdqb29scyk6IFRoaXMgYXNzdW1lcyB0aGF0IG5vbi12ZXJzaW9uZWQgVVJMcyBoYXZlIG5vCiAgICAjIHBhdGggY29tcG9uZW50IGF0IGFsbC4KICAgIHBhcnRzID0gKHVybC5zY2hlbWUsIHVybC5uZXRsb2MsICIvIiwgdXJsLnBhcmFtcywgdXJsLnF1ZXJ5LAogICAgICAgICAgICAgdXJsLmZyYWdtZW50KQogICAgcmV0dXJuIHBhcnNlLnVybHVucGFyc2UocGFydHMpCgp2ZXJzaW9uID0gMwoKYXV0aF91cmwgPSAiaHR0cDovL2tleXN0b25lOjM1MzU3L3YzIgppZiB2ZXJzaW9uIGlzIG5vdCBOb25lOgogICAgYXV0aF91cmwgPSBfcmVtb3ZlX3VybF92ZXJzaW9uKCkKc2VzcywgcGx1Z2luID0gX2dldF9zZXNzaW9uKGF1dGhfdXJsPWF1dGhfdXJsKQojIE5PVEUoYmlnam9vbHMpOiBXaGVuIHVzaW5nIHNlc3Npb25zLCBrZXlzdG9uZWNsaWVudCBubyBsb25nZXIKIyBkb2VzIGFueSBwcmUtYXV0aCBhbmQgY2FsbGluZyBjbGllbnQuYXV0aGVudGljYXRlKCkgd2l0aAojIHNlc3Npb25zIGlzIGRlcHJlY2F0ZWQgKGl0J3Mgc3RpbGwgcG9zc2libGUgdG8gY2FsbCBpdCBidXQgaWYKIyBlbmRwb2ludCBpcyBkZWZpbmVkIGl0J2xsIGNyYXNoKS4gV2UncmUgZm9yY2luZyB0aGF0IHByZS1hdXRoCiMgaGVyZSBiZWNhdXNlIHRoZSB1c2Ugb2YgdGhlIHNlcnZpY2VfY2F0YWxvZyBkZXBlbmRzIG9uIGRvaW5nCiMgdGhpcy4gQWxzbyBub3RlIHRoYXQgd2hpbGUgdGhlIEFQSSBoYXMgZ290IHRoZQojIGVuZHBvaW50cy5saXN0KCkgZXF1aXZhbGVudCwgdGhlcmUgaXMgbm8gc2VydmljZV90eXBlIGluIHRoYXQKIyBsaXN0IHdoaWNoIGlzIHdoeSB3ZSBuZWVkIHRvIGVuc3VyZSBzZXJ2aWNlX2NhdGFsb2cgaXMgc3RpbGwKIyBwcmVzZW50LgphdXRoX3JlZiA9IHBsdWdpbi5nZXRfYWNjZXNzKHNlc3MpCnByaW50IGF1dGhfcmVm