This repository has been archived by the owner on Apr 13, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
get-projects.py
executable file
·89 lines (69 loc) · 2.79 KB
/
get-projects.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/env python
# in case someone is trying this with python 2
from __future__ import print_function
import os
import requests
# URL Parse
try:
# Python 2.x
from urlparse import urlparse, urlunparse
except ImportError:
# Python 3.x
from urllib.parse import urlparse, urlunparse
def get_access_token(client_id, client_secret, refresh_token):
refresh_data = {
'client_id': client_id,
'client_secret': client_secret,
'grant_type': 'refresh_token',
'refresh_token': refresh_token,
'scope': 'openid email profile',
}
r = requests.post("https://aai.egi.eu/oidc/token",
auth=(client_id, client_secret), data=refresh_data)
r.raise_for_status()
return r.json()['access_token']
def get_keystone_url(os_auth_url, path):
url = urlparse(os_auth_url)
prefix = url.path.rstrip('/')
if prefix.endswith('v2.0') or prefix.endswith('v3'):
prefix = os.path.dirname(prefix)
path = os.path.join(prefix, path)
return urlunparse((url[0], url[1], path, url[3], url[4], url[5]))
def get_unscoped_token(os_auth_url, access_token):
"""Get an unscopped token, trying various protocol names if needed"""
try:
unscoped_token = retrieve_unscoped_token(os_auth_url, access_token)
except RuntimeError:
unscoped_token = retrieve_unscoped_token(os_auth_url, access_token,
'openid')
return unscoped_token
def retrieve_unscoped_token(os_auth_url, access_token, method='oidc'):
"""Request an unscopped token"""
url = get_keystone_url(
os_auth_url,
"/v3/OS-FEDERATION/identity_providers/egi.eu/protocols/%s/auth" %
method)
r = requests.post(url,
headers={'Authorization': 'Bearer %s' % access_token})
if r.status_code != requests.codes.created:
raise RuntimeError('Unable to get an unscoped token')
else:
return r.headers['X-Subject-Token']
def get_projects(os_auth_url, unscoped_token):
url = get_keystone_url(os_auth_url, "/v3/auth/projects")
r = requests.get(url, headers={'X-Auth-Token': unscoped_token})
r.raise_for_status()
return r.json()['projects']
def main():
# read from environment
client_id = os.environ.get('CHECKIN_CLIENT_ID', '')
client_secret = os.environ.get('CHECKIN_CLIENT_SECRET', '')
refresh_token = os.environ.get('CHECKIN_REFRESH_TOKEN', '')
os_auth_url = os.environ.get('OS_AUTH_URL', '')
access_token = get_access_token(client_id, client_secret, refresh_token)
unscoped_token = get_unscoped_token(os_auth_url, access_token)
projects = get_projects(os_auth_url, unscoped_token)
for p in projects:
print('ID: %(id)s - Name: %(name)s - Enabled: %(enabled)s' % p)
if __name__ == '__main__':
main()