Use keystoneauth1 for creating the keystone session

Switch to the keystoneauth1 lib for creating the keystone session. Now the keystone client in the quota code will honor the client cert settings, too, thanks to the session loader in the new lib. Change-Id: I0c25e33f104a3302b93363b91cbd2a7df6b20ba4
2016-03-30 13:38:11 +02:00 · 2016-03-30 13:38:11 +02:00 · 5194460234
parent 4e2e29d1e5
commit 5194460234
2 changed files with 11 additions and 8 deletions
--- a/cinder/quota_utils.py
+++ b/cinder/quota_utils.py
@ -15,10 +15,10 @@
 from oslo_config import cfg
 from oslo_log import log as logging

-from keystoneclient.auth.identity.generic import token
+from keystoneauth1 import identity
+from keystoneauth1 import loading as ka_loading
 from keystoneclient import client
 from keystoneclient import exceptions
-from keystoneclient import session

 from cinder import db
 from cinder import exception
@ -221,14 +221,17 @@ def _keystone_client(context, version=(3, 0)):
    :param version: version of Keystone to request
    :return: keystoneclient.client.Client object
    """
-    auth_plugin = token.Token(
+    auth_plugin = identity.Token(
        auth_url=CONF.keystone_authtoken.auth_uri,
        token=context.auth_token,
        project_id=context.project_id)
-    client_session = session.Session(auth=auth_plugin,
-                                     verify=False if
-                                     CONF.keystone_authtoken.insecure else
-                                     (CONF.keystone_authtoken.cafile or True))
+
+    client_session = ka_loading.session.Session().load_from_options(
+        auth=auth_plugin,
+        insecure=CONF.keystone_authtoken.insecure,
+        cacert=CONF.keystone_authtoken.cafile,
+        key=CONF.keystone_authtoken.keyfile,
+        cert=CONF.keystone_authtoken.certfile)
    return client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
                         session=client_session, version=version)

--- a/cinder/tests/unit/test_quota_utils.py
+++ b/cinder/tests/unit/test_quota_utils.py
@ -46,7 +46,7 @@ class QuotaUtilsTest(test.TestCase):
        self.fixture.config(auth_uri=self.auth_url, group='keystone_authtoken')

    @mock.patch('keystoneclient.client.Client')
-    @mock.patch('keystoneclient.session.Session')
+    @mock.patch('keystoneauth1.session.Session')
    def test_keystone_client_instantiation(self, ksclient_session,
                                           ksclient_class):
        quota_utils._keystone_client(self.context)