0

I'm trying to set up a nova client and ensure that there are no authentication errors on client creation. My attempt is below:

from novaclient import client
from keystoneauth1 import session
from keystoneauth1.identity import v3

def setup_nova(creds):
    """
    Creates a nova instance with which we can leverage the OpenStack virtualization
    platform.

    :param creds: A dictionary containing the authorization url, username,
                  password, version, and project ID associated with the OpenStack
                  cluster.
    :type creds: dict
    """
    password = v3.PasswordMethod(username=creds['USERNAME'],
                                 password=creds['PASSWORD'],
                                 user_domain_name='default')

    auth = v3.Auth(auth_url=creds['AUTH_URL'],
                   auth_methods=[password],
                   project_id=creds['PROJECT_ID'])

    sess = session.Session(auth=auth)
    nova = client.Client(creds['VERSION'], session=sess)
    nova.authenticate()
    return nova

However, the nova.authenticate() call throws a novaclient.exceptions.InvalidUsage which tells me to authenticate the Session object. The Session object doesn't seem to have a way to authenticate, though.

While OpenStack will attempt to authenticate on the first request and cache the authentication, I'd prefer to know immediately if the user is authorized to make requests based on the credentials provided.

How can I authenticate the session object on-demand?

erip
  • 16,374
  • 11
  • 66
  • 121

1 Answers1

0

Maybe you can try to use keystoneclient document example shown below to authenticate a nova session:

>>> from keystoneauth1.identity import v3
>>> from keystoneauth1 import session
>>> from keystoneclient.v3 import client

>>> auth = v3.Password(auth_url='https://my.keystone.com:5000/v3',
...                    username='myuser',
...                    password='mypassword',
...                    project_id='proj',
...                    user_domain_id='domain')
>>> sess = session.Session(auth=auth,
...                        verify='/path/to/ca.cert')
>>> ks = client.Client(session=sess)
>>> users = ks.users.list()

I refer to above example to modify your code :

from novaclient import client
from keystoneauth1 import session
from keystoneauth1.identity import v3

def setup_nova(creds):
    """
    Creates a nova instance with which we can leverage the OpenStack     virtualization
    platform.

    :param creds: A dictionary containing the authorization url, username,
                  password, version, and project ID associated with the     OpenStack
                  cluster.
    :type creds: dict
    """
    auth = v3.PasswordMethod(auth_url=creds['AUTH_URL'],
                                 username=creds['USERNAME'],
                                 password=creds['PASSWORD'],
                                 project_id=creds['PROJECT_ID'],
                                 user_domain_name='default')
    sess = session.Session(auth=auth, verify=False)
    nova = client.Client(creds['VERSION'], session=sess)
    return nova
Curtis Su
  • 50
  • 4
  • 1
    IIRC, this will **not** throw an exception if the password is incorrect _until_ an OpenStack method is attempted. – erip Jan 06 '17 at 12:30