diff --git a/cinder/api/contrib/quotas.py b/cinder/api/contrib/quotas.py index 004f101b97c..e513f410b78 100644 --- a/cinder/api/contrib/quotas.py +++ b/cinder/api/contrib/quotas.py @@ -15,8 +15,10 @@ import webob +from keystoneclient.auth.identity.generic import token +from keystoneclient import client from keystoneclient import exceptions -from keystoneclient.v3 import client +from keystoneclient import session from cinder.api import extensions from cinder.api.openstack import wsgi @@ -180,9 +182,13 @@ class QuotaSetsController(wsgi.Controller): order to do quota operations properly. """ try: - keystone = client.Client(auth_url=CONF.keymgr.encryption_auth_url, - token=context.auth_token, - project_id=context.project_id) + auth_plugin = token.Token( + auth_url=CONF.keystone_authtoken.auth_uri, + token=context.auth_token, + project_id=context.project_id) + client_session = session.Session(auth=auth_plugin) + keystone = client.Client(auth_url=CONF.keystone_authtoken.auth_uri, + session=client_session) project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids) except exceptions.NotFound: msg = (_("Tenant ID: %s does not exist.") % id) diff --git a/cinder/tests/unit/api/contrib/test_quotas.py b/cinder/tests/unit/api/contrib/test_quotas.py index e4f4335bc4a..398f096d961 100644 --- a/cinder/tests/unit/api/contrib/test_quotas.py +++ b/cinder/tests/unit/api/contrib/test_quotas.py @@ -32,7 +32,9 @@ from cinder import db from cinder import test from cinder.tests.unit import test_db_api +from keystonemiddleware import auth_token from oslo_config import cfg +from oslo_config import fixture as config_fixture CONF = cfg.CONF @@ -92,7 +94,10 @@ class QuotaSetsControllerTest(test.TestCase): self.req.environ['cinder.context'].project_id = 'foo' self._create_project_hierarchy() - self.auth_url = CONF.keymgr.encryption_auth_url + + self.auth_url = 'http://localhost:5000' + self.fixture = self.useFixture(config_fixture.Config(auth_token.CONF)) + self.fixture.config(auth_uri=self.auth_url, group='keystone_authtoken') def _create_project_hierarchy(self): """Sets an environment used for nested quotas tests. @@ -123,15 +128,16 @@ class QuotaSetsControllerTest(test.TestCase): def _get_project(self, context, id, subtree_as_ids=False): return self.project_by_id.get(id, self.FakeProject()) - @mock.patch('keystoneclient.v3.client.Client') - def test_keystone_client_instantiation(self, ksclient_class): + @mock.patch('keystoneclient.client.Client') + @mock.patch('keystoneclient.session.Session') + def test_keystone_client_instantiation(self, ksclient_session, + ksclient_class): context = self.req.environ['cinder.context'] self.controller._get_project(context, context.project_id) ksclient_class.assert_called_once_with(auth_url=self.auth_url, - token=context.auth_token, - project_id=context.project_id) + session=ksclient_session()) - @mock.patch('keystoneclient.v3.client.Client') + @mock.patch('keystoneclient.client.Client') def test_get_project(self, ksclient_class): context = self.req.environ['cinder.context'] keystoneclient = ksclient_class.return_value diff --git a/releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml b/releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml new file mode 100644 index 00000000000..93e66628f94 --- /dev/null +++ b/releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml @@ -0,0 +1,3 @@ +--- +fixes: + - Cinder will now correctly read Keystone's endpoint for quota calls from keystone_authtoken.auth_uri instead of keymgr.encryption_auth_url config option. diff --git a/requirements.txt b/requirements.txt index 8f8a77874f8..35b2da6847e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -33,6 +33,7 @@ pycrypto>=2.6 pyparsing>=2.0.1 python-barbicanclient>=3.3.0 python-glanceclient>=0.18.0 +python-keystoneclient>=1.6.0,!=1.8.0 python-novaclient!=2.33.0,>=2.29.0 python-swiftclient>=2.2.0 requests>=2.8.1