# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from debtcollector import removals from keystoneauth1 import adapter from keystoneauth1 import identity from keystoneauth1 import session import manilaclient from manilaclient.common import constants from manilaclient.common import httpclient from manilaclient import exceptions from manilaclient.v2 import limits from manilaclient.v2 import quota_classes from manilaclient.v2 import quotas from manilaclient.v2 import scheduler_stats from manilaclient.v2 import security_services from manilaclient.v2 import services from manilaclient.v2 import share_networks from manilaclient.v2 import share_servers from manilaclient.v2 import share_snapshots from manilaclient.v2 import share_type_access from manilaclient.v2 import share_types from manilaclient.v2 import shares @removals.removed_class( "Client", message="Please use 'v2.Client' instead", removal_version='2.0.0' ) class Client: """Top-level object to access the OpenStack Manila API. Create an instance with your creds:: >>> client = Client(username=USERNAME, password=PASSWORD, project_name=PROJECT_NAME, auth_url=AUTH_URL) Or, alternatively, you can create a client instance using the keystoneauth1.session API:: >>> from keystoneauth1.identity import v3 >>> from keystoneauth1 import session >>> from manilaclient import client >>> auth = v3.Password(auth_url=AUTH_URL, username=USERNAME, user_domain_name=USER_DOMAIN_NAME, password=PASSWORD, project_name=PROJECT_ID, project_domain_name=PROJECT_DOMAIN_NAME) >>> sess = session.Session(auth=auth) >>> manila = client.Client(VERSION, session=sess) Then call methods on its managers:: >>> client.shares.list() ... """ @removals.removed_kwarg( 'use_keyring', message='This parameter is no longer supported and has no effect.', version='5.8.0', removal_version='6.0.0', ) @removals.removed_kwarg( 'force_new_token', message='This parameter is no longer supported and has no effect.', version='5.8.0', removal_version='6.0.0', ) @removals.removed_kwarg( 'cached_token_lifetime', message='This parameter is no longer supported and has no effect.', version='5.8.0', removal_version='6.0.0', ) def __init__( self, username=None, project_id=None, auth_url=None, insecure=False, timeout=None, tenant_id=None, project_name=None, region_name=None, endpoint_type='publicURL', extensions=None, service_type=constants.V1_SERVICE_TYPE, service_name=None, retries=None, http_log_debug=False, input_auth_token=None, session=None, auth=None, cacert=None, service_catalog_url=None, user_agent='python-manilaclient', use_keyring=False, force_new_token=False, cached_token_lifetime=300, api_version=manilaclient.API_DEPRECATED_VERSION, user_id=None, user_domain_id=None, user_domain_name=None, project_domain_id=None, project_domain_name=None, cert=None, password=None, **kwargs, ): self.username = username self.password = password self.tenant_id = tenant_id or project_id self.tenant_name = project_name self.user_id = user_id self.project_id = project_id or tenant_id self.project_name = project_name self.user_domain_id = user_domain_id self.user_domain_name = user_domain_name self.project_domain_id = project_domain_id self.project_domain_name = project_domain_name self.endpoint_type = endpoint_type self.auth_url = auth_url self.region_name = region_name self.cacert = cacert self.cert = cert self.insecure = insecure if input_auth_token and not service_catalog_url: msg = ( "For token-based authentication you should " "provide 'input_auth_token' and 'service_catalog_url'." ) raise exceptions.ClientException(msg) self.project_id = tenant_id if tenant_id is not None else project_id self.keystone_client = None self.session = session # NOTE(u_glide): token authorization has highest priority. # That's why session and/or password will be ignored # if token is provided. if not input_auth_token: if session: # Modern path - session provided by caller (e.g., OSC plugin) self.keystone_client = adapter.LegacyJsonAdapter( session=session, auth=auth, interface=endpoint_type, service_type=service_type, service_name=service_name, region_name=region_name, ) input_auth_token = self.keystone_client.session.get_token(auth) else: # Legacy path - create auth plugin and session ourselves auth, ks_session = self._get_keystone_auth_and_session() self.keystone_client = adapter.LegacyJsonAdapter( session=ks_session, auth=auth, interface=endpoint_type, service_type=service_type, service_name=service_name, region_name=region_name, ) input_auth_token = self.keystone_client.session.get_token(auth) if not input_auth_token: raise RuntimeError("Not Authorized") if not service_catalog_url: # Use keystoneauth1 session endpoint discovery service_catalog_url = self.keystone_client.session.get_endpoint( self.keystone_client.auth, interface=endpoint_type, service_type=service_type, region_name=region_name, ) if not service_catalog_url: raise RuntimeError("Could not find Manila endpoint in catalog") self.api_version = api_version self.client = httpclient.HTTPClient( service_catalog_url, input_auth_token, user_agent, insecure=insecure, cacert=cacert, cert=cert, timeout=timeout, retries=retries, http_log_debug=http_log_debug, api_version=self.api_version, ) self.limits = limits.LimitsManager(self) self.services = services.ServiceManager(self) self.security_services = security_services.SecurityServiceManager(self) self.share_networks = share_networks.ShareNetworkManager(self) self.quota_classes = quota_classes.QuotaClassSetManager(self) self.quotas = quotas.QuotaSetManager(self) self.shares = shares.ShareManager(self) self.share_snapshots = share_snapshots.ShareSnapshotManager(self) self.share_types = share_types.ShareTypeManager(self) self.share_type_access = share_type_access.ShareTypeAccessManager(self) self.share_servers = share_servers.ShareServerManager(self) self.pools = scheduler_stats.PoolManager(self) self._load_extensions(extensions) def _load_extensions(self, extensions): if not extensions: return for extension in extensions: if extension.manager_class: setattr(self, extension.name, extension.manager_class(self)) def _get_keystone_auth_and_session(self): """Create keystoneauth1 auth plugin and session for authentication. Returns: tuple: (auth_plugin, session) for use with keystoneauth1 """ # Create session with SSL settings if self.insecure: verify = False else: verify = self.cacert or True ks_session = session.Session(verify=verify, cert=self.cert) # Discover Keystone v3 endpoint ks_discover = session.discover.Discover(ks_session, self.auth_url) auth_url = ks_discover.url_for('v3.0') if not auth_url: raise exceptions.CommandError( 'Unable to determine the Keystone version to authenticate ' 'with using the given auth_url.' ) # Create v3 Password auth plugin auth = identity.v3.Password( auth_url=auth_url, username=self.username, password=self.password, user_id=self.user_id, user_domain_name=self.user_domain_name, user_domain_id=self.user_domain_id, project_id=self.project_id or self.tenant_id, project_name=self.project_name, project_domain_name=self.project_domain_name, project_domain_id=self.project_domain_id, ) return auth, ks_session