Use keystone sessions to authenticate
Tried out keystone session based authentication to solve our current issue with token expiry. Just an alternate solution to https://review.openstack.org/#/c/298960/1 https://review.openstack.org/#/c/298394/ Partial-Bug:#1563677 Partial-Bug:#1564115 Partial-Bug:#1563495 Closes-Bug:#1559362 Change-Id: I8a8a4fe5547b4aaa8a4735efd79857750e555578
This commit is contained in:
parent
cd8b6fd07f
commit
2453c6f43e
|
@ -12,8 +12,9 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
import glanceclient.v2.client as glclient
|
||||
import keystoneclient.v2_0.client as ksclient
|
||||
import glanceclient.v2.client as glclient # require python-glanceclient>=1.0.0
|
||||
from keystoneauth1.identity import v2
|
||||
from keystoneauth1 import session
|
||||
from oslo_log import log as logging
|
||||
|
||||
from congress.datasources import datasource_driver
|
||||
|
@ -71,11 +72,12 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
|
|||
super(GlanceV2Driver, self).__init__(name, keys, inbox, datapath, args)
|
||||
datasource_driver.ExecutionDriver.__init__(self)
|
||||
self.creds = args
|
||||
keystone = ksclient.Client(**self.creds)
|
||||
glance_endpoint = keystone.service_catalog.url_for(
|
||||
service_type='image', endpoint_type='publicURL')
|
||||
self.glance = glclient.Client(glance_endpoint,
|
||||
token=keystone.auth_token)
|
||||
auth = v2.Password(auth_url=self.creds['auth_url'],
|
||||
username=self.creds['username'],
|
||||
password=self.creds['password'],
|
||||
tenant_name=self.creds['tenant_name'])
|
||||
sess = session.Session(auth=auth)
|
||||
self.glance = glclient.Client(session=sess)
|
||||
self.inspect_builtin_methods(self.glance, 'glanceclient.v2.')
|
||||
self._init_end_start_poll()
|
||||
|
||||
|
@ -96,12 +98,6 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
|
|||
images = {'images': self.glance.images.list()}
|
||||
self._translate_images(images)
|
||||
except Exception as e:
|
||||
# TODO(zhenzanz): this is a workaround. The glance client should
|
||||
# handle 401 error.
|
||||
if e.code == 401:
|
||||
keystone = ksclient.Client(**self.creds)
|
||||
self.glance.http_client.auth_token = keystone.auth_token
|
||||
else:
|
||||
raise e
|
||||
|
||||
@ds_utils.update_state_on_changed(IMAGES)
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
# under the License.
|
||||
|
||||
import heatclient.v1.client as heatclient
|
||||
from keystoneauth1.identity import v2
|
||||
from keystoneauth1 import session
|
||||
import keystoneclient.v2_0.client as ksclient
|
||||
from oslo_log import log as logging
|
||||
|
||||
|
@ -92,11 +94,15 @@ class HeatV1Driver(datasource_driver.DataSourceDriver,
|
|||
super(HeatV1Driver, self).__init__(name, keys, inbox, datapath, args)
|
||||
datasource_driver.ExecutionDriver.__init__(self)
|
||||
self.creds = args
|
||||
|
||||
auth = v2.Password(auth_url=self.creds['auth_url'],
|
||||
username=self.creds['username'],
|
||||
password=self.creds['password'],
|
||||
tenant_name=self.creds['tenant_name'])
|
||||
sess = session.Session(auth=auth)
|
||||
keystone = ksclient.Client(**self.creds)
|
||||
endpoint = keystone.service_catalog.url_for(
|
||||
service_type='orchestration', endpoint_type='publicURL')
|
||||
self.heat = heatclient.Client(endpoint, token=keystone.auth_token)
|
||||
self.heat = heatclient.Client(session=sess, endpoint=endpoint)
|
||||
self._init_end_start_poll()
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -5,6 +5,7 @@ argparse
|
|||
Babel>=1.3
|
||||
eventlet>=0.17.4
|
||||
PuLP>=1.0.4
|
||||
keystoneauth1>=1.0.0
|
||||
keystonemiddleware!=2.4.0,>=2.0.0
|
||||
mox>=0.5.3
|
||||
Paste
|
||||
|
@ -20,6 +21,7 @@ python-cinderclient>=1.3.1
|
|||
python-swiftclient>=2.2.0
|
||||
python-ironicclient>=0.8.0
|
||||
alembic>=0.8.0
|
||||
# Congress requires python-glanceclient>=1.0.0
|
||||
python-glanceclient>=0.18.0
|
||||
Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7'
|
||||
Routes!=2.0,>=1.12.3;python_version!='2.7'
|
||||
|
|
Loading…
Reference in New Issue