refactor(keystone): reduce keystoneauth usage complexity

This patch set refactors and fixes the use of the keystoneauth to load the session from cfg.CONF. This removes the unnecessary wrapping of utility function into a class, but also allows the code to use other accepted plugins to form the keystoneauth object. The need to read environment variables should be handled only in the CLI and should be accounted for by the CLI framework, not in a server utility function. Change-Id: Ib086f103bbb1e27fe8228ccf5f0d40526796e1e5 Signed-off-by: Tin Lam <tin@irrational.io>
2018-05-26 01:01:42 -05:00 · 2018-05-26 01:01:42 -05:00 · 26fa3181fe
commit 26fa3181fe
parent 6f025d1d27
2 changed files with 7 additions and 50 deletions
--- a/armada/handlers/document.py
+++ b/armada/handlers/document.py
@ -20,7 +20,7 @@ import requests
 from oslo_log import log as logging

 from armada.exceptions.source_exceptions import InvalidPathException
-from armada.utils.keystone import KeystoneUtils
+from armada.utils import keystone as ks_utils

 LOG = logging.getLogger(__name__)

@ -119,7 +119,7 @@ class ReferenceResolver(object):
        :param design_uri: Tuple as returned by urllib.parse for the design
                           reference
        """
-        ks_sess = KeystoneUtils.get_session()
+        ks_sess = ks_utils.get_keystone_session()
        (new_scheme, foo) = re.subn('^[^+]+\+', '', design_uri.scheme)
        url = urllib.parse.urlunparse(
            (new_scheme, design_uri.netloc, design_uri.path, design_uri.params,
--- a/armada/utils/keystone.py
+++ b/armada/utils/keystone.py
@ -1,4 +1,4 @@
-# Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -11,54 +11,11 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""Utility functions for accessing Openstack Keystone."""

-import os
-
-from keystoneauth1.identity import v3
-from keystoneauth1 import session
+from keystoneauth1 import loading
 from oslo_config import cfg


-CONF = cfg.CONF
-
-
-class KeystoneUtils(object):
-    """Utility methods for using Keystone."""
-
-    @staticmethod
-    def get_session():
-        """Get an initialized keystone session.
-
-        Authentication is based on the keystone_authtoken
-        section of the config file primarily. If that fails
-        then attempt to create a session from environmental
-        variables. This is for cases of the CLI needing
-        a token.
-        """
-        auth_info = dict()
-        auth_fields = ['auth_url', 'username', 'password', 'project_id',
-                       'user_domain_name']
-        try:
-            for f in auth_fields:
-                auth_info[f] = getattr(CONF.keystone_authtoken, f)
-            auth = v3.Password(**auth_info)
-            ks_session = session.Session(auth=auth)
-            # Test the session
-            ks_session.get_auth_headers()
-        except Exception:  # nosec this isn't a security issue
-            pass
-        else:
-            return ks_session
-
-        try:
-            for f in auth_fields:
-                auth_info[f] = os.environ.get('os_{}'.format(f).upper())
-            auth = v3.Password(**auth_info)
-            ks_session = session.Session(auth=auth)
-            # Test the session
-            ks_session.get_auth_headers()
-        except Exception:
-            raise Exception('Missing credential information for Keystone.')
-
-        return ks_session
+def get_keystone_session():
+    return loading.load_session_from_conf_options(
+        cfg.CONF, group="keystone_authtoken")