Use proper config option to connect to keystone
Earlier, quotas used to authenticate to endpoint from not required option located in keymgr.encryption_auth_url. Now, the required auth_uri option from config file is used to authenticate to keystone. Co-Authored-By: Michal Dulko <michal.dulko@intel.com> Change-Id: I1076527704f8def2c6755c060df49232e5ebe805 Closes-Bug: 1516085
This commit is contained in:
parent
4d235771cf
commit
109353dedb
@ -15,8 +15,10 @@
|
||||
|
||||
import webob
|
||||
|
||||
from keystoneclient.auth.identity.generic import token
|
||||
from keystoneclient import client
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient.v3 import client
|
||||
from keystoneclient import session
|
||||
|
||||
from cinder.api import extensions
|
||||
from cinder.api.openstack import wsgi
|
||||
@ -180,9 +182,13 @@ class QuotaSetsController(wsgi.Controller):
|
||||
order to do quota operations properly.
|
||||
"""
|
||||
try:
|
||||
keystone = client.Client(auth_url=CONF.keymgr.encryption_auth_url,
|
||||
auth_plugin = token.Token(
|
||||
auth_url=CONF.keystone_authtoken.auth_uri,
|
||||
token=context.auth_token,
|
||||
project_id=context.project_id)
|
||||
client_session = session.Session(auth=auth_plugin)
|
||||
keystone = client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
|
||||
session=client_session)
|
||||
project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids)
|
||||
except exceptions.NotFound:
|
||||
msg = (_("Tenant ID: %s does not exist.") % id)
|
||||
|
@ -32,7 +32,9 @@ from cinder import db
|
||||
from cinder import test
|
||||
from cinder.tests.unit import test_db_api
|
||||
|
||||
from keystonemiddleware import auth_token
|
||||
from oslo_config import cfg
|
||||
from oslo_config import fixture as config_fixture
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -92,7 +94,10 @@ class QuotaSetsControllerTest(test.TestCase):
|
||||
self.req.environ['cinder.context'].project_id = 'foo'
|
||||
|
||||
self._create_project_hierarchy()
|
||||
self.auth_url = CONF.keymgr.encryption_auth_url
|
||||
|
||||
self.auth_url = 'http://localhost:5000'
|
||||
self.fixture = self.useFixture(config_fixture.Config(auth_token.CONF))
|
||||
self.fixture.config(auth_uri=self.auth_url, group='keystone_authtoken')
|
||||
|
||||
def _create_project_hierarchy(self):
|
||||
"""Sets an environment used for nested quotas tests.
|
||||
@ -123,15 +128,16 @@ class QuotaSetsControllerTest(test.TestCase):
|
||||
def _get_project(self, context, id, subtree_as_ids=False):
|
||||
return self.project_by_id.get(id, self.FakeProject())
|
||||
|
||||
@mock.patch('keystoneclient.v3.client.Client')
|
||||
def test_keystone_client_instantiation(self, ksclient_class):
|
||||
@mock.patch('keystoneclient.client.Client')
|
||||
@mock.patch('keystoneclient.session.Session')
|
||||
def test_keystone_client_instantiation(self, ksclient_session,
|
||||
ksclient_class):
|
||||
context = self.req.environ['cinder.context']
|
||||
self.controller._get_project(context, context.project_id)
|
||||
ksclient_class.assert_called_once_with(auth_url=self.auth_url,
|
||||
token=context.auth_token,
|
||||
project_id=context.project_id)
|
||||
session=ksclient_session())
|
||||
|
||||
@mock.patch('keystoneclient.v3.client.Client')
|
||||
@mock.patch('keystoneclient.client.Client')
|
||||
def test_get_project(self, ksclient_class):
|
||||
context = self.req.environ['cinder.context']
|
||||
keystoneclient = ksclient_class.return_value
|
||||
|
3
releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml
Normal file
3
releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
fixes:
|
||||
- Cinder will now correctly read Keystone's endpoint for quota calls from keystone_authtoken.auth_uri instead of keymgr.encryption_auth_url config option.
|
@ -33,6 +33,7 @@ pycrypto>=2.6
|
||||
pyparsing>=2.0.1
|
||||
python-barbicanclient>=3.3.0
|
||||
python-glanceclient>=0.18.0
|
||||
python-keystoneclient>=1.6.0,!=1.8.0
|
||||
python-novaclient!=2.33.0,>=2.29.0
|
||||
python-swiftclient>=2.2.0
|
||||
requests>=2.8.1
|
||||
|
Loading…
Reference in New Issue
Block a user