Use keystone sessions to authenticate
Tried out keystone session based authentication to solve our current issue with token expiry. Just an alternate solution to https://review.openstack.org/#/c/298960/1 https://review.openstack.org/#/c/298394/ Partial-Bug:#1563677 Partial-Bug:#1564115 Partial-Bug:#1563495 Closes-Bug:#1559362 Change-Id: I8a8a4fe5547b4aaa8a4735efd79857750e555578
This commit is contained in:
parent
cd8b6fd07f
commit
2453c6f43e
@ -12,8 +12,9 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
#
|
#
|
||||||
import glanceclient.v2.client as glclient
|
import glanceclient.v2.client as glclient # require python-glanceclient>=1.0.0
|
||||||
import keystoneclient.v2_0.client as ksclient
|
from keystoneauth1.identity import v2
|
||||||
|
from keystoneauth1 import session
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
from congress.datasources import datasource_driver
|
from congress.datasources import datasource_driver
|
||||||
@ -71,11 +72,12 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
|
|||||||
super(GlanceV2Driver, self).__init__(name, keys, inbox, datapath, args)
|
super(GlanceV2Driver, self).__init__(name, keys, inbox, datapath, args)
|
||||||
datasource_driver.ExecutionDriver.__init__(self)
|
datasource_driver.ExecutionDriver.__init__(self)
|
||||||
self.creds = args
|
self.creds = args
|
||||||
keystone = ksclient.Client(**self.creds)
|
auth = v2.Password(auth_url=self.creds['auth_url'],
|
||||||
glance_endpoint = keystone.service_catalog.url_for(
|
username=self.creds['username'],
|
||||||
service_type='image', endpoint_type='publicURL')
|
password=self.creds['password'],
|
||||||
self.glance = glclient.Client(glance_endpoint,
|
tenant_name=self.creds['tenant_name'])
|
||||||
token=keystone.auth_token)
|
sess = session.Session(auth=auth)
|
||||||
|
self.glance = glclient.Client(session=sess)
|
||||||
self.inspect_builtin_methods(self.glance, 'glanceclient.v2.')
|
self.inspect_builtin_methods(self.glance, 'glanceclient.v2.')
|
||||||
self._init_end_start_poll()
|
self._init_end_start_poll()
|
||||||
|
|
||||||
@ -96,13 +98,7 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
|
|||||||
images = {'images': self.glance.images.list()}
|
images = {'images': self.glance.images.list()}
|
||||||
self._translate_images(images)
|
self._translate_images(images)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
# TODO(zhenzanz): this is a workaround. The glance client should
|
raise e
|
||||||
# handle 401 error.
|
|
||||||
if e.code == 401:
|
|
||||||
keystone = ksclient.Client(**self.creds)
|
|
||||||
self.glance.http_client.auth_token = keystone.auth_token
|
|
||||||
else:
|
|
||||||
raise e
|
|
||||||
|
|
||||||
@ds_utils.update_state_on_changed(IMAGES)
|
@ds_utils.update_state_on_changed(IMAGES)
|
||||||
def _translate_images(self, obj):
|
def _translate_images(self, obj):
|
||||||
|
@ -11,6 +11,8 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import heatclient.v1.client as heatclient
|
import heatclient.v1.client as heatclient
|
||||||
|
from keystoneauth1.identity import v2
|
||||||
|
from keystoneauth1 import session
|
||||||
import keystoneclient.v2_0.client as ksclient
|
import keystoneclient.v2_0.client as ksclient
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
@ -92,11 +94,15 @@ class HeatV1Driver(datasource_driver.DataSourceDriver,
|
|||||||
super(HeatV1Driver, self).__init__(name, keys, inbox, datapath, args)
|
super(HeatV1Driver, self).__init__(name, keys, inbox, datapath, args)
|
||||||
datasource_driver.ExecutionDriver.__init__(self)
|
datasource_driver.ExecutionDriver.__init__(self)
|
||||||
self.creds = args
|
self.creds = args
|
||||||
|
auth = v2.Password(auth_url=self.creds['auth_url'],
|
||||||
|
username=self.creds['username'],
|
||||||
|
password=self.creds['password'],
|
||||||
|
tenant_name=self.creds['tenant_name'])
|
||||||
|
sess = session.Session(auth=auth)
|
||||||
keystone = ksclient.Client(**self.creds)
|
keystone = ksclient.Client(**self.creds)
|
||||||
endpoint = keystone.service_catalog.url_for(
|
endpoint = keystone.service_catalog.url_for(
|
||||||
service_type='orchestration', endpoint_type='publicURL')
|
service_type='orchestration', endpoint_type='publicURL')
|
||||||
self.heat = heatclient.Client(endpoint, token=keystone.auth_token)
|
self.heat = heatclient.Client(session=sess, endpoint=endpoint)
|
||||||
self._init_end_start_poll()
|
self._init_end_start_poll()
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -5,6 +5,7 @@ argparse
|
|||||||
Babel>=1.3
|
Babel>=1.3
|
||||||
eventlet>=0.17.4
|
eventlet>=0.17.4
|
||||||
PuLP>=1.0.4
|
PuLP>=1.0.4
|
||||||
|
keystoneauth1>=1.0.0
|
||||||
keystonemiddleware!=2.4.0,>=2.0.0
|
keystonemiddleware!=2.4.0,>=2.0.0
|
||||||
mox>=0.5.3
|
mox>=0.5.3
|
||||||
Paste
|
Paste
|
||||||
@ -20,6 +21,7 @@ python-cinderclient>=1.3.1
|
|||||||
python-swiftclient>=2.2.0
|
python-swiftclient>=2.2.0
|
||||||
python-ironicclient>=0.8.0
|
python-ironicclient>=0.8.0
|
||||||
alembic>=0.8.0
|
alembic>=0.8.0
|
||||||
|
# Congress requires python-glanceclient>=1.0.0
|
||||||
python-glanceclient>=0.18.0
|
python-glanceclient>=0.18.0
|
||||||
Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7'
|
Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7'
|
||||||
Routes!=2.0,>=1.12.3;python_version!='2.7'
|
Routes!=2.0,>=1.12.3;python_version!='2.7'
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
[metadata]
|
[metadata]
|
||||||
name = congress
|
name = congress
|
||||||
version = 2.0.1
|
version = 2.0.2
|
||||||
summary = Congress: The open policy framework for the cloud.
|
summary = Congress: The open policy framework for the cloud.
|
||||||
description-file =
|
description-file =
|
||||||
README.rst
|
README.rst
|
||||||
|
Loading…
Reference in New Issue
Block a user