Keystone v3 support
- modified clients to authenticate using keystone.session - supports both v2 and v3 auth version Change-Id: I73b281c3076dd8a5a2686bdc39d57263dc2fc2b8
This commit is contained in:
parent
4bc0e45249
commit
1622f2269d
|
@ -105,10 +105,13 @@ function configure_cue {
|
||||||
# Set flow create cluster node vm active retry count
|
# Set flow create cluster node vm active retry count
|
||||||
iniset $CUE_CONF flow_options create_cluster_node_vm_active_retry_count $CUE_TF_CREATE_CLUSTER_NODE_VM_ACTIVE_RETRY_COUNT
|
iniset $CUE_CONF flow_options create_cluster_node_vm_active_retry_count $CUE_TF_CREATE_CLUSTER_NODE_VM_ACTIVE_RETRY_COUNT
|
||||||
|
|
||||||
iniset $CUE_CONF openstack os_auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
iniset $CUE_CONF openstack os_auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v3
|
||||||
iniset $CUE_CONF openstack os_tenant_name admin
|
iniset $CUE_CONF openstack os_project_name admin
|
||||||
iniset $CUE_CONF openstack os_username admin
|
iniset $CUE_CONF openstack os_username admin
|
||||||
iniset $CUE_CONF openstack os_password $ADMIN_PASSWORD
|
iniset $CUE_CONF openstack os_password $ADMIN_PASSWORD
|
||||||
|
iniset $CUE_CONF openstack os_project_domain_name default
|
||||||
|
iniset $CUE_CONF openstack os_user_domain_name default
|
||||||
|
iniset $CUE_CONF openstack os_auth_version 3
|
||||||
|
|
||||||
if [ "$SYSLOG" != "False" ]; then
|
if [ "$SYSLOG" != "False" ]; then
|
||||||
iniset $CUE_CONF DEFAULT use_syslog True
|
iniset $CUE_CONF DEFAULT use_syslog True
|
||||||
|
|
|
@ -13,12 +13,16 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import cinderclient.client as CinderClient
|
from keystoneclient.auth.identity import v2 as keystone_v2_auth
|
||||||
|
from keystoneclient.auth.identity import v3 as keystone_v3_auth
|
||||||
|
from keystoneclient import session as keystone_session
|
||||||
import neutronclient.neutron.client as NeutronClient
|
import neutronclient.neutron.client as NeutronClient
|
||||||
import novaclient.client as NovaClient
|
import novaclient.client as NovaClient
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
|
||||||
|
|
||||||
|
@ -26,18 +30,16 @@ OS_OPTS = [
|
||||||
cfg.StrOpt('os_region_name',
|
cfg.StrOpt('os_region_name',
|
||||||
help='Region name',
|
help='Region name',
|
||||||
default=None),
|
default=None),
|
||||||
cfg.StrOpt('os_tenant_id',
|
|
||||||
help='Openstack Tenant ID',
|
|
||||||
default=None),
|
|
||||||
cfg.StrOpt('os_tenant_name',
|
|
||||||
help='Openstack Tenant Name',
|
|
||||||
default=None),
|
|
||||||
cfg.StrOpt('os_username',
|
cfg.StrOpt('os_username',
|
||||||
help='Openstack Username',
|
help='Openstack Username',
|
||||||
default=None),
|
default=None),
|
||||||
cfg.StrOpt('os_password',
|
cfg.StrOpt('os_password',
|
||||||
help='Openstack Password',
|
help='Openstack Password',
|
||||||
default=None),
|
default=None),
|
||||||
|
cfg.StrOpt('os_auth_version',
|
||||||
|
help='Openstack authentication version',
|
||||||
|
choices=('2.0', '3'),
|
||||||
|
default='3'),
|
||||||
cfg.StrOpt('os_auth_url',
|
cfg.StrOpt('os_auth_url',
|
||||||
help='Openstack Authentication (Identity) URL',
|
help='Openstack Authentication (Identity) URL',
|
||||||
default=None),
|
default=None),
|
||||||
|
@ -53,6 +55,15 @@ OS_OPTS = [
|
||||||
cfg.StrOpt('os_cacert',
|
cfg.StrOpt('os_cacert',
|
||||||
help='Openstack cacert',
|
help='Openstack cacert',
|
||||||
default=None),
|
default=None),
|
||||||
|
cfg.StrOpt('os_project_name',
|
||||||
|
help='Openstack project name',
|
||||||
|
default=None),
|
||||||
|
cfg.StrOpt('os_project_domain_name',
|
||||||
|
help='Openstack project domain name',
|
||||||
|
default=None),
|
||||||
|
cfg.StrOpt('os_user_domain_name',
|
||||||
|
help='Openstack user domain name',
|
||||||
|
default=None),
|
||||||
]
|
]
|
||||||
|
|
||||||
opt_group = cfg.OptGroup(
|
opt_group = cfg.OptGroup(
|
||||||
|
@ -65,11 +76,9 @@ CONF.register_opts(OS_OPTS, group=opt_group)
|
||||||
|
|
||||||
|
|
||||||
def nova_client():
|
def nova_client():
|
||||||
|
keystoneSession = get_keystone_session()
|
||||||
return NovaClient.Client(2,
|
return NovaClient.Client(2,
|
||||||
username=CONF.openstack.os_username,
|
session=keystoneSession,
|
||||||
api_key=CONF.openstack.os_password,
|
|
||||||
project_id=CONF.openstack.os_tenant_name,
|
|
||||||
tenant_id=CONF.openstack.os_tenant_id,
|
|
||||||
auth_url=CONF.openstack.os_auth_url,
|
auth_url=CONF.openstack.os_auth_url,
|
||||||
region_name=CONF.openstack.os_region_name,
|
region_name=CONF.openstack.os_region_name,
|
||||||
insecure=CONF.openstack.os_insecure,
|
insecure=CONF.openstack.os_insecure,
|
||||||
|
@ -77,24 +86,55 @@ def nova_client():
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def cinder_client():
|
|
||||||
return CinderClient.Client('1',
|
|
||||||
CONF.openstack.os_username,
|
|
||||||
CONF.openstack.os_password,
|
|
||||||
CONF.openstack.os_tenant_name,
|
|
||||||
CONF.openstack.os_auth_url,
|
|
||||||
CONF.openstack.os_insecure,
|
|
||||||
cacert=CONF.openstack.os_cacert,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def neutron_client():
|
def neutron_client():
|
||||||
|
keystoneSession = get_keystone_session()
|
||||||
return NeutronClient.Client('2.0',
|
return NeutronClient.Client('2.0',
|
||||||
username=CONF.openstack.os_username,
|
session=keystoneSession,
|
||||||
password=CONF.openstack.os_password,
|
|
||||||
tenant_name=CONF.openstack.os_tenant_name,
|
|
||||||
auth_url=CONF.openstack.os_auth_url,
|
auth_url=CONF.openstack.os_auth_url,
|
||||||
region_name=CONF.openstack.os_region_name,
|
region_name=CONF.openstack.os_region_name,
|
||||||
insecure=CONF.openstack.os_insecure,
|
insecure=CONF.openstack.os_insecure,
|
||||||
ca_cert=CONF.openstack.os_cacert,
|
ca_cert=CONF.openstack.os_cacert,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def get_auth_v2():
|
||||||
|
auth_url = CONF.openstack.os_auth_url
|
||||||
|
username = CONF.openstack.os_username
|
||||||
|
password = CONF.openstack.os_password
|
||||||
|
tenant_name = CONF.openstack.os_project_name
|
||||||
|
return keystone_v2_auth.Password(auth_url=auth_url,
|
||||||
|
username=username,
|
||||||
|
password=password,
|
||||||
|
tenant_name=tenant_name,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def get_auth_v3():
|
||||||
|
auth_url = CONF.openstack.os_auth_url
|
||||||
|
username = CONF.openstack.os_username
|
||||||
|
password = CONF.openstack.os_password
|
||||||
|
project_name = CONF.openstack.os_project_name
|
||||||
|
project_domain_name = CONF.openstack.os_project_domain_name
|
||||||
|
user_domain_name = CONF.openstack.os_user_domain_name
|
||||||
|
return keystone_v3_auth.Password(auth_url=auth_url,
|
||||||
|
username=username,
|
||||||
|
password=password,
|
||||||
|
project_name=project_name,
|
||||||
|
project_domain_name=project_domain_name,
|
||||||
|
user_domain_name=user_domain_name,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def get_keystone_session():
|
||||||
|
insecure = CONF.openstack.os_insecure
|
||||||
|
if insecure:
|
||||||
|
verify = False
|
||||||
|
else:
|
||||||
|
verify = CONF.openstack.os_cacert
|
||||||
|
|
||||||
|
if CONF.openstack.os_auth_version == '2.0':
|
||||||
|
return keystone_session.Session(auth=get_auth_v2(),
|
||||||
|
verify=verify)
|
||||||
|
else:
|
||||||
|
return keystone_session.Session(auth=get_auth_v3(),
|
||||||
|
verify=verify)
|
||||||
|
|
|
@ -39,7 +39,7 @@ class APITest(base.FunctionalTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(APITest, self).setUp()
|
super(APITest, self).setUp()
|
||||||
self.CONF.config(auth_version="v2.0",
|
self.CONF.config(auth_version="v3",
|
||||||
group=OPT_GROUP_NAME)
|
group=OPT_GROUP_NAME)
|
||||||
self.app = self._make_app()
|
self.app = self._make_app()
|
||||||
self.auth_headers = {'X-User-Id': str(self.context.user_id),
|
self.auth_headers = {'X-User-Id': str(self.context.user_id),
|
||||||
|
|
|
@ -0,0 +1,125 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2015 Hewlett-Packard Development Company, L.P.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import mock
|
||||||
|
from oslo_config import fixture as config_fixture
|
||||||
|
|
||||||
|
from cue import client
|
||||||
|
from cue.tests.unit import base
|
||||||
|
|
||||||
|
|
||||||
|
class TestClient(base.UnitTestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
|
||||||
|
super(TestClient, self).setUp()
|
||||||
|
|
||||||
|
# setup config fixture
|
||||||
|
self.CONF = config_fixture.Config()
|
||||||
|
self.useFixture(self.CONF)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
|
||||||
|
super(TestClient, self).tearDown()
|
||||||
|
self.CONF.reset()
|
||||||
|
|
||||||
|
@mock.patch('keystoneclient.auth.identity.v2.Password')
|
||||||
|
def test_get_auth_v2(self, mock_auth_v2):
|
||||||
|
"""Test cue.client get_auth_v2.
|
||||||
|
|
||||||
|
Asserts that the keystone auth password is called.
|
||||||
|
"""
|
||||||
|
|
||||||
|
os_auth_url = "http://localhost:5000/v2.0"
|
||||||
|
os_username = "test_user"
|
||||||
|
os_password = "test_password"
|
||||||
|
os_project_name = "test_tenant"
|
||||||
|
self.CONF.config(os_auth_url=os_auth_url,
|
||||||
|
os_username=os_username,
|
||||||
|
os_password=os_password,
|
||||||
|
os_project_name=os_project_name,
|
||||||
|
group="openstack")
|
||||||
|
client.get_auth_v2()
|
||||||
|
mock_auth_v2.assert_called_once_with(auth_url=os_auth_url,
|
||||||
|
password=os_password,
|
||||||
|
tenant_name=os_project_name,
|
||||||
|
username=os_username)
|
||||||
|
|
||||||
|
@mock.patch('keystoneclient.auth.identity.v3.Password')
|
||||||
|
def test_get_auth_v3(self, mock_auth_v3):
|
||||||
|
"""Test cue.client get_auth_v3.
|
||||||
|
|
||||||
|
Asserts that the keystone auth password is called.
|
||||||
|
"""
|
||||||
|
|
||||||
|
os_auth_url = "http://localhost:5000/v3"
|
||||||
|
os_username = "test_user"
|
||||||
|
os_password = "test_password"
|
||||||
|
os_project_name = "test_project"
|
||||||
|
os_project_domain_name = "test_domain"
|
||||||
|
os_user_domain_name = "test_domain"
|
||||||
|
self.CONF.config(os_auth_url=os_auth_url,
|
||||||
|
os_username=os_username,
|
||||||
|
os_password=os_password,
|
||||||
|
os_project_name=os_project_name,
|
||||||
|
os_project_domain_name=os_project_domain_name,
|
||||||
|
os_user_domain_name=os_user_domain_name,
|
||||||
|
group="openstack")
|
||||||
|
client.get_auth_v3()
|
||||||
|
mock_auth_v3.assert_called_once_with(
|
||||||
|
auth_url=os_auth_url,
|
||||||
|
password=os_password,
|
||||||
|
project_domain_name=os_project_domain_name,
|
||||||
|
project_name=os_project_name,
|
||||||
|
user_domain_name=os_user_domain_name,
|
||||||
|
username=os_username)
|
||||||
|
|
||||||
|
@mock.patch('keystoneclient.session.Session')
|
||||||
|
@mock.patch('cue.client.get_auth_v2')
|
||||||
|
def test_get_keystone_session_v2(self, mock_auth_v2, mock_ks_session):
|
||||||
|
"""Test cue.client get_keystone_session.
|
||||||
|
|
||||||
|
Asserts that the keystone session and client get_auth_v2 is called.
|
||||||
|
"""
|
||||||
|
|
||||||
|
os_auth_version = "2.0"
|
||||||
|
os_insecure = True
|
||||||
|
self.CONF.config(os_auth_version=os_auth_version,
|
||||||
|
os_insecure=os_insecure,
|
||||||
|
group="openstack")
|
||||||
|
client.get_keystone_session()
|
||||||
|
mock_auth_v2.assert_called_once_with()
|
||||||
|
mock_ks_session.assert_called_once_with(auth=mock_auth_v2(),
|
||||||
|
verify=False)
|
||||||
|
|
||||||
|
@mock.patch('keystoneclient.session.Session')
|
||||||
|
@mock.patch('cue.client.get_auth_v3')
|
||||||
|
def test_get_keystone_session_v3(self, mock_auth_v3, mock_ks_session):
|
||||||
|
"""Test cue.client get_keystone_session.
|
||||||
|
|
||||||
|
Asserts that the keystone session and client get_auth_v3 is called.
|
||||||
|
"""
|
||||||
|
|
||||||
|
os_auth_version = "3"
|
||||||
|
os_insecure = False
|
||||||
|
os_cacert = None
|
||||||
|
self.CONF.config(os_auth_version=os_auth_version,
|
||||||
|
os_insecure=os_insecure,
|
||||||
|
os_cacert=os_cacert,
|
||||||
|
group="openstack")
|
||||||
|
client.get_keystone_session()
|
||||||
|
mock_auth_v3.assert_called_once_with()
|
||||||
|
mock_ks_session.assert_called_once_with(auth=mock_auth_v3(),
|
||||||
|
verify=os_cacert)
|
|
@ -721,13 +721,13 @@ os_image_id=
|
||||||
#os_tenant_id=
|
#os_tenant_id=
|
||||||
|
|
||||||
#
|
#
|
||||||
# Openstack Tenant Name
|
# Openstack Project Name
|
||||||
#
|
#
|
||||||
# Openstack Tenant ID and Tenant Name are not both required,
|
# Openstack Project ID and Project Name are not both required,
|
||||||
# but at least one must be supplied. If both are supplied,
|
# but at least one must be supplied. If both are supplied,
|
||||||
# Tenant ID will be preferred over the Tenant Name
|
# Project ID will be preferred over the Tenant Name
|
||||||
#
|
#
|
||||||
#os_tenant_name=
|
#os_project_name=
|
||||||
|
|
||||||
#
|
#
|
||||||
# Openstack Username
|
# Openstack Username
|
||||||
|
@ -753,3 +753,24 @@ os_image_id=
|
||||||
# Openstack Availability zone
|
# Openstack Availability zone
|
||||||
#
|
#
|
||||||
#os_availability_zone=
|
#os_availability_zone=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Openstack Auth version
|
||||||
|
#
|
||||||
|
# Openstack Auth version which must be supplied to authenticate
|
||||||
|
# against specific Keystone version '2.0'/'3'.
|
||||||
|
#
|
||||||
|
#os_auth_version=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Openstack Project Domain Name
|
||||||
|
# If using a project name specify either it’s owning
|
||||||
|
# domain name or ID. This is required only for keystone v3.
|
||||||
|
#os_project_domain_name=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Openstack User Domain Name
|
||||||
|
# If using a username specify either it’s owning
|
||||||
|
# domain name or ID. This is required only for keystone v3.
|
||||||
|
#
|
||||||
|
#os_user_domain_name=
|
Loading…
Reference in New Issue