Add ability to override OpenStack privileged user auth url

Introduce os_privileged_user_auth_url config to give the ability to override the auth_url used when authenticating the OpenStack privileged user and bypass use of catalog found in token. DocImpact: New os_privileged_user_auth_url config Closes-bug: #1473206 Change-Id: I4ffca8df0eb38fe41264439ae5bb93e025c808ff
2015-07-09 12:13:19 -04:00 · 2015-07-09 12:13:19 -04:00 · c228066002
commit c228066002
parent 5669075b28
3 changed files with 25 additions and 5 deletions
--- a/cinder/common/config.py
+++ b/cinder/common/config.py
@ -202,6 +202,10 @@ global_opts = [
               default=None,
               help='Tenant name associated with the OpenStack privileged '
                    'account.'),
+    cfg.StrOpt('os_privileged_user_auth_url',
+               default=None,
+               help='Auth URL associated with the OpenStack privileged '
+                    'account.'),
 ]

 CONF.register_opts(global_opts)
--- a/cinder/compute/nova.py
+++ b/cinder/compute/nova.py
@ -113,11 +113,16 @@ def novaclient(context, admin_endpoint=False, privileged_user=False,

        # When privileged_user is used, it needs to authenticate to Keystone
        # before querying Nova, so we set auth_url to the identity service
-        # endpoint. We then pass region_name, endpoint_type, etc. to the
-        # Client() constructor so that the final endpoint is chosen correctly.
-        url = sc.url_for(service_type='identity',
-                         endpoint_type=endpoint_type,
-                         **region_filter)
+        # endpoint.
+        if CONF.os_privileged_user_auth_url:
+            url = CONF.os_privileged_user_auth_url
+        else:
+            # We then pass region_name, endpoint_type, etc. to the
+            # Client() constructor so that the final endpoint is
+            # chosen correctly.
+            url = sc.url_for(service_type='identity',
+                             endpoint_type=endpoint_type,
+                             **region_filter)

        LOG.debug('Creating a Nova client using "%s" user',
                  CONF.os_privileged_user_name)
--- a/cinder/tests/unit/compute/test_nova.py
+++ b/cinder/tests/unit/compute/test_nova.py
@ -65,6 +65,17 @@ class NovaClientTestCase(test.TestCase):
            insecure=False, endpoint_type='publicURL', cacert=None,
            timeout=None, extensions=nova.nova_extensions)

+    @mock.patch('novaclient.v1_1.client.Client')
+    def test_nova_client_privileged_user_custom_auth_url(self, p_client):
+        self.override_config('os_privileged_user_auth_url',
+                             'http://privatekeystonehost:5000/v2.0')
+        nova.novaclient(self.ctx, privileged_user=True)
+        p_client.assert_called_once_with(
+            'adminuser', 'strongpassword', None, region_name=None,
+            auth_url='http://privatekeystonehost:5000/v2.0',
+            insecure=False, endpoint_type='publicURL', cacert=None,
+            timeout=None, extensions=nova.nova_extensions)
+
    @mock.patch('novaclient.v1_1.client.Client')
    def test_nova_client_custom_region(self, p_client):
        self.override_config('os_region_name', 'farfaraway')