Example 1 with KeystoneApiClient
use of com.emc.storageos.keystone.restapi.KeystoneApiClient in project coprhd-controller by CoprHD.
the class KeystoneService method listOpenstackTenants.
/**
* Get a list of OpenStack Tenants.
* Uses data from Keystone Authentication Provider to connect Keystone and retrieve Tenants information.
*
* @brief Show OpenStack Tenants.
* @return OpenStack Tenants details.
* @see TenantListRestResp
*/
@GET
@Path("/tenants")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN })
public TenantListRestResp listOpenstackTenants() {
_log.debug("Keystone Service - listOpenstackTenants");
StorageOSUser user = getUserFromContext();
if (!_permissionsHelper.userHasGivenRoleInAnyTenant(user, Role.SECURITY_ADMIN, Role.TENANT_ADMIN)) {
throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
}
AuthnProvider keystoneProvider = _keystoneUtils.getKeystoneProvider();
// Get OpenStack Tenants only when Keystone Provider exists.
if (keystoneProvider != null) {
KeystoneApiClient keystoneApiClient = _keystoneUtils.getKeystoneApi(keystoneProvider.getManagerDN(), keystoneProvider.getServerUrls(), keystoneProvider.getManagerPassword());
List<KeystoneTenant> OSTenantList = new ArrayList<>(Arrays.asList(keystoneApiClient.getKeystoneTenants().getTenants()));
TenantListRestResp response = new TenantListRestResp();
response.setOpenstackTenants(OSTenantList);
return response;
}
throw APIException.internalServerErrors.targetIsNullOrEmpty("Keystone Authentication Provider");
}
Also used :
KeystoneTenant(com.emc.storageos.keystone.restapi.model.response.KeystoneTenant)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
ArrayList(java.util.ArrayList)
KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient)
TenantListRestResp(com.emc.storageos.keystone.restapi.model.response.TenantListRestResp)
CheckPermission(com.emc.storageos.security.authorization.CheckPermission)
Example 2 with KeystoneApiClient
use of com.emc.storageos.keystone.restapi.KeystoneApiClient in project coprhd-controller by CoprHD.
the class ImmutableAuthenticationProviders method checkKeystoneProviderConnectivity.
/**
* Checks the keystone provider status
*
* @param authConfig
*/
private static void checkKeystoneProviderConnectivity(AuthnProvider authConfig, KeystoneRestClientFactory keystoneFactory) {
String managerDn = authConfig.getManagerDN();
String password = authConfig.getManagerPassword();
StringSet uris = authConfig.getServerUrls();
String userName = "";
String tenantName = "";
try {
String[] managerdnArray = managerDn.split(",");
String firstEle = managerdnArray[0];
String secondEle = managerdnArray[1];
userName = firstEle.split("=")[1];
tenantName = secondEle.split("=")[1];
} catch (Exception ex) {
throw APIException.badRequests.managerDNInvalid();
}
URI authUri = null;
for (String uri : uris) {
authUri = URI.create(uri);
// There will be single URL only
break;
}
KeystoneApiClient keystoneApi = (KeystoneApiClient) keystoneFactory.getRESTClient(authUri, userName, password);
keystoneApi.setTenantName(tenantName);
keystoneApi.authenticate_keystone();
}
Also used :
StringSet(com.emc.storageos.db.client.model.StringSet)
KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient)
URI(java.net.URI)
AuthenticationException(org.springframework.ldap.AuthenticationException)
APIException(com.emc.storageos.svcs.errorhandling.resources.APIException)
CommunicationException(org.springframework.ldap.CommunicationException)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
PartialResultException(org.springframework.ldap.PartialResultException)
NameNotFoundException(org.springframework.ldap.NameNotFoundException)
Example 3 with KeystoneApiClient
use of com.emc.storageos.keystone.restapi.KeystoneApiClient in project coprhd-controller by CoprHD.
the class AbstractRequestWrapperFilter method createStorageOSUserUsingKeystone.
private StorageOSUser createStorageOSUserUsingKeystone(String keystoneUserAuthToken) {
_log.debug("START - createStorageOSUserUsingKeystone ");
StorageOSUser osUser = null;
// Get the required AuthenticationProvider
List<URI> authProvidersUri = _dbClient.queryByType(AuthnProvider.class, true);
List<AuthnProvider> allProviders = _dbClient.queryObject(AuthnProvider.class, authProvidersUri);
AuthnProvider keystoneAuthProvider = null;
for (AuthnProvider provider : allProviders) {
if (AuthnProvider.ProvidersType.keystone.toString().equalsIgnoreCase(provider.getMode())) {
keystoneAuthProvider = provider;
// We are interested in keystone provider only
break;
}
}
if (null != keystoneAuthProvider) {
// From the AuthProvider, get the, managedDn, password, server URL and the admin token
Set<String> serverUris = keystoneAuthProvider.getServerUrls();
URI baseUri = null;
for (String uri : serverUris) {
baseUri = URI.create(uri);
// Single URI will be present
break;
}
String managerDn = keystoneAuthProvider.getManagerDN();
String password = keystoneAuthProvider.getManagerPassword();
Set<String> domains = keystoneAuthProvider.getDomains();
String adminToken = keystoneAuthProvider.getKeys().get(KeystoneConstants.AUTH_TOKEN);
String userName = managerDn.split(",")[0].split("=")[1];
String tenantName = managerDn.split(",")[1].split("=")[1];
// Invoke keystone API to validate the token
KeystoneApiClient apiClient = (KeystoneApiClient) _keystoneFactory.getRESTClient(baseUri, userName, password);
apiClient.setTenantName(tenantName);
apiClient.setAuthToken(adminToken);
// From the validation result, read the user role and tenantId
AuthTokenResponse validToken = apiClient.validateUserToken(keystoneUserAuthToken);
String openstackTenantId = validToken.getAccess().getToken().getTenant().getId();
String tempDomain = "";
for (String domain : domains) {
tempDomain = domain;
userName = userName + "@" + domain;
// There will be a single domain
break;
}
// convert the openstack tenant id to vipr tenant id
String viprTenantId = getViPRTenantId(openstackTenantId, tempDomain);
if (null == viprTenantId) {
_log.warn("There is no mapping for the OpenStack Tenant in ViPR");
throw APIException.notFound.openstackTenantNotFound(openstackTenantId);
}
_log.debug("Creating OSuser with userName:" + userName + " tenantId:" + viprTenantId);
osUser = new StorageOSUser(userName, viprTenantId);
// TODO - remove this once the keystone api is fixed to is_admin=1|0 based on the roles in OpenStack
osUser.addRole(Role.TENANT_ADMIN.toString());
// Map the role to ViPR role
int role_num = validToken.getAccess().getMetadata().getIs_admin();
if (role_num == 1) {
osUser.addRole(Role.TENANT_ADMIN.toString());
}
}
_log.debug("END - createStorageOSUserUsingKeystone ");
return osUser;
}
Also used :
AuthTokenResponse(com.emc.storageos.keystone.restapi.model.response.AuthTokenResponse)
KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient)
URI(java.net.URI)
Example 4 with KeystoneApiClient
use of com.emc.storageos.keystone.restapi.KeystoneApiClient in project coprhd-controller by CoprHD.
the class KeystoneUtils method getOpenStackTenants.
/**
* Retrieves OpenStack Tenants from Keystone.
*
* @return List of OpenStack Tenants.
*/
public List<KeystoneTenant> getOpenStackTenants() {
AuthnProvider keystoneProvider = getKeystoneProvider();
if (keystoneProvider == null) {
throw APIException.internalServerErrors.targetIsNullOrEmpty("Keystone provider");
}
// Get Keystone API client.
KeystoneApiClient keystoneApiClient = getKeystoneApi(keystoneProvider.getManagerDN(), keystoneProvider.getServerUrls(), keystoneProvider.getManagerPassword());
// You cannot remove or add elements dynamically to Arrays (Arrays.asList) that is why this needs to be wrapped in a new list.
return new ArrayList<>(Arrays.asList(keystoneApiClient.getKeystoneTenants().getTenants()));
}
Also used :
KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient)
Example 5 with KeystoneApiClient
use of com.emc.storageos.keystone.restapi.KeystoneApiClient in project coprhd-controller by CoprHD.
the class KeystoneUtils method registerCoprhdInKeystone.
/**
* Register CoprHD in Keystone.
* Creates an endpoint pointing to CoprHd instead to Cinder.
*
* @param managerDN of an Authentication Provider.
* @param serverUrls of an Authentication Provider
* @param managerPassword of an Authentication Provider
*/
public void registerCoprhdInKeystone(String managerDN, StringSet serverUrls, String managerPassword) {
_log.debug("START - register CoprHD in Keystone");
// Create a new KeystoneAPI.
KeystoneApiClient keystoneApi = getKeystoneApi(managerDN, serverUrls, managerPassword);
// Find Id of cinderv2 service.
String cinderv2ServiceId = findServiceId(keystoneApi, KeystoneUtils.OPENSTACK_CINDER_V2_NAME);
// Find Id of cinderv1 service.
String cinderServiceId = findServiceId(keystoneApi, KeystoneUtils.OPENSTACK_CINDER_V1_NAME);
// Create service when cinderv2 service is missing.
if (cinderv2ServiceId == null) {
ServiceV2 service = prepareNewCinderService(true);
CreateServiceResponse response = keystoneApi.createKeystoneService(service);
cinderv2ServiceId = response.getService().getId();
} else {
// Delete old endpoint for cinderv2 service.
deleteKeystoneEndpoint(keystoneApi, cinderv2ServiceId);
}
// Create service when cinder service is missing.
if (cinderServiceId == null) {
ServiceV2 service = prepareNewCinderService(false);
CreateServiceResponse response = keystoneApi.createKeystoneService(service);
cinderServiceId = response.getService().getId();
} else {
// Delete old endpoint for cinderv1 service.
deleteKeystoneEndpoint(keystoneApi, cinderServiceId);
}
// Get region name for a cinderv2 service.
String region = getRegionForService(keystoneApi, cinderv2ServiceId);
// Set default region in case when endpoint is not present.
if (region == null) {
region = KeystoneUtils.OPENSTACK_DEFAULT_REGION;
}
// Prepare new endpoint for cinderv2 service.
EndpointV2 newEndpointV2 = prepareNewCinderEndpoint(region, cinderv2ServiceId, true);
// Prepare new endpoint for cinderv1 service.
EndpointV2 newEndpointV1 = prepareNewCinderEndpoint(region, cinderServiceId, false);
// Create a new endpoint pointing to CoprHD for cinderv2 using Keystone API.
keystoneApi.createKeystoneEndpoint(newEndpointV2);
// Create a new endpoint pointing to CoprHD for cinderv1 using Keystone API.
keystoneApi.createKeystoneEndpoint(newEndpointV1);
_log.debug("END - register CoprHD in Keystone");
}
Also used :
KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient)
Aggregations
KeystoneApiClient (com.emc.storageos.keystone.restapi.KeystoneApiClient)9
URI (java.net.URI)3
StringSet (com.emc.storageos.db.client.model.StringSet)1
AuthTokenResponse (com.emc.storageos.keystone.restapi.model.response.AuthTokenResponse)1
KeystoneTenant (com.emc.storageos.keystone.restapi.model.response.KeystoneTenant)1
TenantListRestResp (com.emc.storageos.keystone.restapi.model.response.TenantListRestResp)1
StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)1
CheckPermission (com.emc.storageos.security.authorization.CheckPermission)1
SecurityException (com.emc.storageos.security.exceptions.SecurityException)1
APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)1
ArrayList (java.util.ArrayList)1
AuthenticationException (org.springframework.ldap.AuthenticationException)1
CommunicationException (org.springframework.ldap.CommunicationException)1
NameNotFoundException (org.springframework.ldap.NameNotFoundException)1
PartialResultException (org.springframework.ldap.PartialResultException)1
