From 2453c6f43e6054d61fcfa193f97fcbb12034ef1f Mon Sep 17 00:00:00 2001
From: Anusha Ramineni <anusha.ramineni@nectechnologies.in>
Date: Wed, 30 Mar 2016 10:09:13 +0530
Subject: [PATCH] Use keystone sessions to authenticate

Tried out keystone session based authentication to solve our current
issue with token expiry. Just an alternate solution to

https://review.openstack.org/#/c/298960/1
https://review.openstack.org/#/c/298394/

Partial-Bug:#1563677
Partial-Bug:#1564115
Partial-Bug:#1563495
Closes-Bug:#1559362
Change-Id: I8a8a4fe5547b4aaa8a4735efd79857750e555578
---
 congress/datasources/glancev2_driver.py | 24 ++++++++++--------------
 congress/datasources/heatv1_driver.py   | 10 ++++++++--
 requirements.txt                        |  2 ++
 setup.cfg                               |  2 +-
 4 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/congress/datasources/glancev2_driver.py b/congress/datasources/glancev2_driver.py
index a0e9ec431..e3e6ed25e 100644
--- a/congress/datasources/glancev2_driver.py
+++ b/congress/datasources/glancev2_driver.py
@@ -12,8 +12,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 #
-import glanceclient.v2.client as glclient
-import keystoneclient.v2_0.client as ksclient
+import glanceclient.v2.client as glclient  # require python-glanceclient>=1.0.0
+from keystoneauth1.identity import v2
+from keystoneauth1 import session
 from oslo_log import log as logging
 
 from congress.datasources import datasource_driver
@@ -71,11 +72,12 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
         super(GlanceV2Driver, self).__init__(name, keys, inbox, datapath, args)
         datasource_driver.ExecutionDriver.__init__(self)
         self.creds = args
-        keystone = ksclient.Client(**self.creds)
-        glance_endpoint = keystone.service_catalog.url_for(
-            service_type='image', endpoint_type='publicURL')
-        self.glance = glclient.Client(glance_endpoint,
-                                      token=keystone.auth_token)
+        auth = v2.Password(auth_url=self.creds['auth_url'],
+                           username=self.creds['username'],
+                           password=self.creds['password'],
+                           tenant_name=self.creds['tenant_name'])
+        sess = session.Session(auth=auth)
+        self.glance = glclient.Client(session=sess)
         self.inspect_builtin_methods(self.glance, 'glanceclient.v2.')
         self._init_end_start_poll()
 
@@ -96,13 +98,7 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
             images = {'images': self.glance.images.list()}
             self._translate_images(images)
         except Exception as e:
-            # TODO(zhenzanz): this is a workaround. The glance client should
-            # handle 401 error.
-            if e.code == 401:
-                keystone = ksclient.Client(**self.creds)
-                self.glance.http_client.auth_token = keystone.auth_token
-            else:
-                raise e
+            raise e
 
     @ds_utils.update_state_on_changed(IMAGES)
     def _translate_images(self, obj):
diff --git a/congress/datasources/heatv1_driver.py b/congress/datasources/heatv1_driver.py
index 009fbe6e1..adbb40488 100644
--- a/congress/datasources/heatv1_driver.py
+++ b/congress/datasources/heatv1_driver.py
@@ -11,6 +11,8 @@
 #    under the License.
 
 import heatclient.v1.client as heatclient
+from keystoneauth1.identity import v2
+from keystoneauth1 import session
 import keystoneclient.v2_0.client as ksclient
 from oslo_log import log as logging
 
@@ -92,11 +94,15 @@ class HeatV1Driver(datasource_driver.DataSourceDriver,
         super(HeatV1Driver, self).__init__(name, keys, inbox, datapath, args)
         datasource_driver.ExecutionDriver.__init__(self)
         self.creds = args
-
+        auth = v2.Password(auth_url=self.creds['auth_url'],
+                           username=self.creds['username'],
+                           password=self.creds['password'],
+                           tenant_name=self.creds['tenant_name'])
+        sess = session.Session(auth=auth)
         keystone = ksclient.Client(**self.creds)
         endpoint = keystone.service_catalog.url_for(
             service_type='orchestration', endpoint_type='publicURL')
-        self.heat = heatclient.Client(endpoint, token=keystone.auth_token)
+        self.heat = heatclient.Client(session=sess, endpoint=endpoint)
         self._init_end_start_poll()
 
     @staticmethod
diff --git a/requirements.txt b/requirements.txt
index 2e70fca54..6be8bfd82 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,6 +5,7 @@ argparse
 Babel>=1.3
 eventlet>=0.17.4
 PuLP>=1.0.4
+keystoneauth1>=1.0.0
 keystonemiddleware!=2.4.0,>=2.0.0
 mox>=0.5.3
 Paste
@@ -20,6 +21,7 @@ python-cinderclient>=1.3.1
 python-swiftclient>=2.2.0
 python-ironicclient>=0.8.0
 alembic>=0.8.0
+# Congress requires python-glanceclient>=1.0.0
 python-glanceclient>=0.18.0
 Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7'
 Routes!=2.0,>=1.12.3;python_version!='2.7'
diff --git a/setup.cfg b/setup.cfg
index 904a0afb1..899b13ad9 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = congress
-version = 2.0.1
+version = 2.0.2
 summary = Congress: The open policy framework for the cloud.
 description-file =
     README.rst