Merge "Support keystone auth in software-client"

2024-01-16 16:47:38 +00:00 · 2024-01-16 16:47:38 +00:00 · dfd78be7ff
parent 3faf0f3301 37bded2e7b
commit dfd78be7ff
1 changed files with 21 additions and 15 deletions
--- a/software-client/software_client/software_client.py
+++ b/software-client/software_client/software_client.py
@ -1126,17 +1126,14 @@ def patch_query_app_dependencies_req():
        return 1


-def check_env(env, var):
-    if env not in os.environ:
-        print("You must provide a %s via env[%s]" % (var, env))
-        exit(-1)
-
-
-def get_auth_token_and_endpoint(region_name):
+def get_auth_token_and_endpoint(region_name, interface):
    from keystoneauth1 import exceptions
    from keystoneauth1 import identity
    from keystoneauth1 import session

+    if not region_name:
+        return None, None 
+
    user_env_map = {'OS_USERNAME': 'username',
                    'OS_PASSWORD': 'password',
                    'OS_PROJECT_NAME': 'project_name',
@ -1145,7 +1142,8 @@ def get_auth_token_and_endpoint(region_name):
                    'OS_PROJECT_DOMAIN_NAME': 'project_domain_name'}

    for k, v in user_env_map.items():
-        check_env(k, v)
+        if k not in os.environ:
+            return None, None

    user = dict()
    for k, v in user_env_map.items():
@ -1156,11 +1154,11 @@ def get_auth_token_and_endpoint(region_name):
    try:
        token = auth.get_token(sess)
        endpoint = auth.get_endpoint(sess, service_type='usm',
-                                     interface='internal',
+                                     interface=interface,
                                     region_name=region_name)
    except (exceptions.http.Unauthorized, exceptions.EndpointNotFound) as e:
        print(str(e))
-        exit(-1)
+        return None, None

    return token, endpoint

@ -1191,20 +1189,18 @@ def check_for_os_region_name(args):

    global VIRTUAL_REGION
    if region != VIRTUAL_REGION:
-        print("Unsupported region name: %s" % region)
-        exit(1)
+        return False

    # check it is running on the active controller
    # not able to use sm-query due to it requires sudo
    try:
        subprocess.check_output("pgrep -f dcorch-api-proxy", shell=True)
    except subprocess.CalledProcessError:
-        print("Command must be run from the active controller.")
-        exit(1)
+        return False

    # get a token and fetch the internal endpoint in SystemController
    global auth_token
-    auth_token, endpoint = get_auth_token_and_endpoint(region)
+    auth_token, endpoint = get_auth_token_and_endpoint(region, 'internal')
    if endpoint is not None:
        global api_addr
        url = urlparse(endpoint)
@ -1529,6 +1525,16 @@ def main():
        rc = 1
        exit(rc)

+    global auth_token
+    if not auth_token:
+        region = os.environ.get("OS_REGION_NAME", None)
+        auth_token, endpoint = get_auth_token_and_endpoint(region, 'public')
+        if endpoint is not None:
+            global api_addr
+            url = urlparse(endpoint)
+            address = format_url_address(url.hostname)
+            api_addr = '{}:{}'.format(address, url.port)
+
    if auth_token is None and os.geteuid() != 0:
        if args.restricted:
            print("Error: Command must be run as sudo or root", file=sys.stderr)