Use proper config option to connect to keystone

Earlier, quotas used to authenticate to endpoint from not required
option located in keymgr.encryption_auth_url. Now, the required
auth_uri option from config file is used to authenticate to
keystone.

Co-Authored-By: Michal Dulko <michal.dulko@intel.com>
Change-Id: I1076527704f8def2c6755c060df49232e5ebe805
Closes-Bug: 1516085
This commit is contained in:
Szymon Borkowski 2015-12-01 14:12:03 +01:00 committed by Michał Dulko
parent 4d235771cf
commit 109353dedb
4 changed files with 26 additions and 10 deletions

View File

@ -15,8 +15,10 @@
import webob
from keystoneclient.auth.identity.generic import token
from keystoneclient import client
from keystoneclient import exceptions
from keystoneclient.v3 import client
from keystoneclient import session
from cinder.api import extensions
from cinder.api.openstack import wsgi
@ -180,9 +182,13 @@ class QuotaSetsController(wsgi.Controller):
order to do quota operations properly.
"""
try:
keystone = client.Client(auth_url=CONF.keymgr.encryption_auth_url,
auth_plugin = token.Token(
auth_url=CONF.keystone_authtoken.auth_uri,
token=context.auth_token,
project_id=context.project_id)
client_session = session.Session(auth=auth_plugin)
keystone = client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
session=client_session)
project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids)
except exceptions.NotFound:
msg = (_("Tenant ID: %s does not exist.") % id)

View File

@ -32,7 +32,9 @@ from cinder import db
from cinder import test
from cinder.tests.unit import test_db_api
from keystonemiddleware import auth_token
from oslo_config import cfg
from oslo_config import fixture as config_fixture
CONF = cfg.CONF
@ -92,7 +94,10 @@ class QuotaSetsControllerTest(test.TestCase):
self.req.environ['cinder.context'].project_id = 'foo'
self._create_project_hierarchy()
self.auth_url = CONF.keymgr.encryption_auth_url
self.auth_url = 'http://localhost:5000'
self.fixture = self.useFixture(config_fixture.Config(auth_token.CONF))
self.fixture.config(auth_uri=self.auth_url, group='keystone_authtoken')
def _create_project_hierarchy(self):
"""Sets an environment used for nested quotas tests.
@ -123,15 +128,16 @@ class QuotaSetsControllerTest(test.TestCase):
def _get_project(self, context, id, subtree_as_ids=False):
return self.project_by_id.get(id, self.FakeProject())
@mock.patch('keystoneclient.v3.client.Client')
def test_keystone_client_instantiation(self, ksclient_class):
@mock.patch('keystoneclient.client.Client')
@mock.patch('keystoneclient.session.Session')
def test_keystone_client_instantiation(self, ksclient_session,
ksclient_class):
context = self.req.environ['cinder.context']
self.controller._get_project(context, context.project_id)
ksclient_class.assert_called_once_with(auth_url=self.auth_url,
token=context.auth_token,
project_id=context.project_id)
session=ksclient_session())
@mock.patch('keystoneclient.v3.client.Client')
@mock.patch('keystoneclient.client.Client')
def test_get_project(self, ksclient_class):
context = self.req.environ['cinder.context']
keystoneclient = ksclient_class.return_value

View File

@ -0,0 +1,3 @@
---
fixes:
- Cinder will now correctly read Keystone's endpoint for quota calls from keystone_authtoken.auth_uri instead of keymgr.encryption_auth_url config option.

View File

@ -33,6 +33,7 @@ pycrypto>=2.6
pyparsing>=2.0.1
python-barbicanclient>=3.3.0
python-glanceclient>=0.18.0
python-keystoneclient>=1.6.0,!=1.8.0
python-novaclient!=2.33.0,>=2.29.0
python-swiftclient>=2.2.0
requests>=2.8.1