Create zaqar queues with the proper token
Zaqar queues were accessed and created with the user provided token, but we need them to be in the stack project for instances to access them. This changes to provide a stack user token instead. Change-Id: If30ad4ad63b845b8dabe0b3ac0e4209057c3753c Closes-Bug: #1532235
This commit is contained in:
Thomas Herve
parent
c5549259ba
commit
6b07d55181
@ -34,16 +34,16 @@ class ZaqarClientPlugin(client_plugin.ClientPlugin):
|
||||
DEFAULT_TTL = 3600
|
||||
|
||||
def _create(self):
|
||||
return self.create_for_tenant(self.context.tenant_id)
|
||||
return self.create_for_tenant(self.context.tenant_id, self.auth_token)
|
||||
|
||||
def create_for_tenant(self, tenant_id):
|
||||
def create_for_tenant(self, tenant_id, token):
|
||||
con = self.context
|
||||
if self.auth_token is None:
|
||||
if token is None:
|
||||
LOG.error(_LE("Zaqar connection failed, no auth_token!"))
|
||||
return None
|
||||
|
||||
opts = {
|
||||
'os_auth_token': self.auth_token,
|
||||
'os_auth_token': token,
|
||||
'os_auth_url': con.auth_url,
|
||||
'os_project_id': tenant_id,
|
||||
'os_service_type': self.MESSAGING,
|
||||
|
||||
@ -588,7 +588,7 @@ class Server(stack_user.StackUser, sh.SchedulerHintsMixin,
|
||||
self.data_set('metadata_queue_id', queue_id)
|
||||
zaqar_plugin = self.client_plugin('zaqar')
|
||||
zaqar = zaqar_plugin.create_for_tenant(
|
||||
self.stack.stack_user_project_id)
|
||||
self.stack.stack_user_project_id, self._user_token())
|
||||
queue = zaqar.queue(queue_id)
|
||||
queue.post({'body': meta, 'ttl': zaqar_plugin.DEFAULT_TTL})
|
||||
occ.update({'zaqar': {
|
||||
@ -1309,16 +1309,16 @@ class Server(stack_user.StackUser, sh.SchedulerHintsMixin,
|
||||
return
|
||||
client_plugin = self.client_plugin('zaqar')
|
||||
zaqar = client_plugin.create_for_tenant(
|
||||
self.stack.stack_user_project_id)
|
||||
self.stack.stack_user_project_id, self._user_token())
|
||||
with client_plugin.ignore_not_found:
|
||||
zaqar.queue(queue_id).delete()
|
||||
self.data_delete('metadata_queue_id')
|
||||
|
||||
def _delete(self):
|
||||
if self.user_data_software_config():
|
||||
self._delete_queue()
|
||||
self._delete_user()
|
||||
self._delete_temp_url()
|
||||
self._delete_queue()
|
||||
|
||||
# remove internal and external ports
|
||||
self._delete_internal_ports()
|
||||
|
||||
@ -21,6 +21,7 @@ import requests
|
||||
import six
|
||||
from six.moves.urllib import parse as urlparse
|
||||
|
||||
from heat.common import crypt
|
||||
from heat.common import exception
|
||||
from heat.common.i18n import _
|
||||
from heat.common.i18n import _LI
|
||||
@ -109,8 +110,10 @@ class SoftwareConfigService(service.Service):
|
||||
json_md = jsonutils.dumps(md)
|
||||
requests.put(metadata_put_url, json_md)
|
||||
if metadata_queue_id:
|
||||
project = sd.stack_user_project_id
|
||||
token = self._get_user_token(cnxt, rs, project)
|
||||
zaqar_plugin = cnxt.clients.client_plugin('zaqar')
|
||||
zaqar = zaqar_plugin.create_for_tenant(sd.stack_user_project_id)
|
||||
zaqar = zaqar_plugin.create_for_tenant(project, token)
|
||||
queue = zaqar.queue(metadata_queue_id)
|
||||
queue.post({'body': md, 'ttl': zaqar_plugin.DEFAULT_TTL})
|
||||
|
||||
@ -160,9 +163,23 @@ class SoftwareConfigService(service.Service):
|
||||
return software_deployment_object.SoftwareDeployment.get_by_id(
|
||||
cnxt, sd.id)
|
||||
|
||||
def _get_user_token(self, cnxt, rs, project):
|
||||
user = password = None
|
||||
for rd in rs.data:
|
||||
if rd.key == 'password':
|
||||
password = crypt.decrypt(rd.decrypt_method, rd.value)
|
||||
if rd.key == 'user_id':
|
||||
user = rd.value
|
||||
keystone = cnxt.clients.client('keystone')
|
||||
return keystone.stack_domain_user_token(
|
||||
user_id=user, project_id=project, password=password)
|
||||
|
||||
def _refresh_zaqar_software_deployment(self, cnxt, sd, deploy_queue_id):
|
||||
rs = db_api.resource_get_by_physical_resource_id(cnxt, sd.server_id)
|
||||
project = sd.stack_user_project_id
|
||||
token = self._get_user_token(cnxt, rs, project)
|
||||
zaqar_plugin = cnxt.clients.client_plugin('zaqar')
|
||||
zaqar = zaqar_plugin.create_for_tenant(sd.stack_user_project_id)
|
||||
zaqar = zaqar_plugin.create_for_tenant(project, token)
|
||||
queue = zaqar.queue(deploy_queue_id)
|
||||
|
||||
messages = list(queue.pop())
|
||||
|
||||
@ -33,9 +33,11 @@ class ZaqarClientPluginTests(common.HeatTestCase):
|
||||
def test_create_for_tenant(self):
|
||||
context = utils.dummy_context()
|
||||
plugin = context.clients.client_plugin('zaqar')
|
||||
client = plugin.create_for_tenant('other_tenant')
|
||||
client = plugin.create_for_tenant('other_tenant', 'token')
|
||||
self.assertEqual('other_tenant',
|
||||
client.conf['auth_opts']['options']['os_project_id'])
|
||||
self.assertEqual('token',
|
||||
client.conf['auth_opts']['options']['os_auth_token'])
|
||||
|
||||
def test_event_sink(self):
|
||||
context = utils.dummy_context()
|
||||
|
||||
@ -20,6 +20,7 @@ from oslo_serialization import jsonutils as json
|
||||
from oslo_utils import timeutils
|
||||
import six
|
||||
|
||||
from heat.common import crypt
|
||||
from heat.common import exception
|
||||
from heat.common import template_format
|
||||
from heat.db import api as db_api
|
||||
@ -692,7 +693,7 @@ class SoftwareConfigServiceTest(common.HeatTestCase):
|
||||
res_upd.assert_called_once_with(
|
||||
self.ctx, '1234', {'rsrc_metadata': result_metadata}, 1)
|
||||
|
||||
plugin.assert_called_once_with('project1')
|
||||
plugin.assert_called_once_with('project1', mock.ANY)
|
||||
zaqar_client.queue.assert_called_once_with('6789')
|
||||
queue.post.assert_called_once_with(
|
||||
{'body': result_metadata, 'ttl': 3600})
|
||||
@ -815,8 +816,29 @@ class SoftwareConfigServiceTest(common.HeatTestCase):
|
||||
|
||||
@mock.patch.object(service_software_config.SoftwareConfigService,
|
||||
'signal_software_deployment')
|
||||
@mock.patch.object(service_software_config.SoftwareConfigService,
|
||||
'metadata_software_deployments')
|
||||
@mock.patch.object(db_api, 'resource_update')
|
||||
@mock.patch.object(db_api, 'resource_get_by_physical_resource_id')
|
||||
@mock.patch.object(zaqar.ZaqarClientPlugin, 'create_for_tenant')
|
||||
def test_refresh_zaqar_software_deployment(self, plugin, ssd):
|
||||
def test_refresh_zaqar_software_deployment(self, plugin, res_get, res_upd,
|
||||
md_sd, ssd):
|
||||
rs = mock.Mock()
|
||||
rs.rsrc_metadata = {}
|
||||
rs.id = '1234'
|
||||
rs.atomic_key = 1
|
||||
rd1 = mock.Mock()
|
||||
rd1.key = 'user'
|
||||
rd1.value = 'user1'
|
||||
rd2 = mock.Mock()
|
||||
rd2.key = 'password'
|
||||
rd2.decrypt_method, rd2.value = crypt.encrypt('pass1')
|
||||
rs.data = [rd1, rd2]
|
||||
res_get.return_value = rs
|
||||
|
||||
res_upd.return_value = 1
|
||||
deployments = {'deploy': 'this'}
|
||||
md_sd.return_value = deployments
|
||||
config = self._create_software_config(inputs=[
|
||||
{
|
||||
'name': 'deploy_signal_transport',
|
||||
|
||||
Loading…
Reference in New Issue
Block a user