openstack/deb-ironic
Code Issues Proposed changes

Merge "Do not use user token in neutron client"

Browse Source
This commit is contained in:
Jenkins 2017-01-24 19:21:29 +00:00 committed by Gerrit Code Review
commit 375adedce3
10 changed files with 42 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ironic/common/neutron.py
View File

@ -69,20 +69,19 @@ def get_client(token=None):
return clientv20.Client(**params) return clientv20.Client(**params)
def unbind_neutron_port(port_id, client=None, token=None): def unbind_neutron_port(port_id, client=None):
"""Unbind a neutron port """Unbind a neutron port
Remove a neutron port's binding profile and host ID so that it returns to Remove a neutron port's binding profile and host ID so that it returns to
an unbound state. an unbound state.
:param port_id: Neutron port ID. :param port_id: Neutron port ID.
:param token: Optional auth token.
:param client: Optional a Neutron client object. :param client: Optional a Neutron client object.
:raises: NetworkError :raises: NetworkError
""" """
if not client: if not client:
client = get_client(token) client = get_client()
body = {'port': {'binding:host_id': '', body = {'port': {'binding:host_id': '',
'binding:profile': {}}} 'binding:profile': {}}}
@ -97,15 +96,14 @@ def unbind_neutron_port(port_id, client=None, token=None):
raise exception.NetworkError(msg) raise exception.NetworkError(msg)
def update_port_address(port_id, address, token=None): def update_port_address(port_id, address):
"""Update a port's mac address. """Update a port's mac address.
:param port_id: Neutron port id. :param port_id: Neutron port id.
:param address: new MAC address. :param address: new MAC address.
:param token: optional auth token.
:raises: FailedToUpdateMacOnPort :raises: FailedToUpdateMacOnPort
""" """
client = get_client(token) client = get_client()
port_req_body = {'port': {'mac_address': address}} port_req_body = {'port': {'mac_address': address}}
try: try:
@ -178,7 +176,7 @@ def add_ports_to_network(task, network_uuid, is_flat=False,
:raises: NetworkError :raises: NetworkError
:returns: a dictionary in the form {port.uuid: neutron_port['id']} :returns: a dictionary in the form {port.uuid: neutron_port['id']}
""" """
client = get_client(task.context.auth_token) client = get_client()
node = task.node node = task.node
# If Security Groups are specified, verify that they exist # If Security Groups are specified, verify that they exist
@ -283,7 +281,7 @@ def remove_neutron_ports(task, params):
:param params: Dict of params to filter ports. :param params: Dict of params to filter ports.
:raises: NetworkError :raises: NetworkError
""" """
client = get_client(task.context.auth_token) client = get_client()
node_uuid = task.node.uuid node_uuid = task.node.uuid
try: try:

5
ironic/dhcp/neutron.py
View File

@ -125,8 +125,7 @@ class NeutronDHCPApi(base.BaseDHCP):
vif_list = [vif for pdict in vifs.values() for vif in pdict.values()] vif_list = [vif for pdict in vifs.values() for vif in pdict.values()]
for vif in vif_list: for vif in vif_list:
try: try:
self.update_port_dhcp_opts(vif, options, self.update_port_dhcp_opts(vif, options)
token=task.context.auth_token)
except exception.FailedToUpdateDHCPOptOnPort: except exception.FailedToUpdateDHCPOptOnPort:
failures.append(vif) failures.append(vif)
@ -263,7 +262,7 @@ class NeutronDHCPApi(base.BaseDHCP):
:returns: List of IP addresses associated with :returns: List of IP addresses associated with
task's ports/portgroups. task's ports/portgroups.
""" """
client = neutron.get_client(task.context.auth_token) client = neutron.get_client()
port_ip_addresses = self._get_ip_addresses(task, task.ports, client) port_ip_addresses = self._get_ip_addresses(task, task.ports, client)
portgroup_ip_addresses = self._get_ip_addresses( portgroup_ip_addresses = self._get_ip_addresses(

12
ironic/drivers/modules/network/common.py
View File

@ -155,9 +155,7 @@ class VIFPortIDMixin(object):
port_obj.extra.get('vif_port_id')) port_obj.extra.get('vif_port_id'))
if 'address' in port_obj.obj_what_changed(): if 'address' in port_obj.obj_what_changed():
if vif: if vif:
neutron.update_port_address(vif, neutron.update_port_address(vif, port_obj.address)
port_obj.address,
token=context.auth_token)
if 'extra' in port_obj.obj_what_changed(): if 'extra' in port_obj.obj_what_changed():
original_port = objects.Port.get_by_id(context, port_obj.id) original_port = objects.Port.get_by_id(context, port_obj.id)
@ -176,7 +174,7 @@ class VIFPortIDMixin(object):
'opt_value': updated_client_id} 'opt_value': updated_client_id}
api.provider.update_port_dhcp_opts( api.provider.update_port_dhcp_opts(
vif, [client_id_opt], token=context.auth_token) vif, [client_id_opt])
# Log warning if there is no VIF and an instance # Log warning if there is no VIF and an instance
# is associated with the node. # is associated with the node.
elif node.instance_uuid: elif node.instance_uuid:
@ -223,9 +221,7 @@ class VIFPortIDMixin(object):
pg_vif = (portgroup_obj.internal_info.get(TENANT_VIF_KEY) or pg_vif = (portgroup_obj.internal_info.get(TENANT_VIF_KEY) or
portgroup_obj.extra.get('vif_port_id')) portgroup_obj.extra.get('vif_port_id'))
if pg_vif: if pg_vif:
neutron.update_port_address(pg_vif, neutron.update_port_address(pg_vif, portgroup_obj.address)
portgroup_obj.address,
token=context.auth_token)
if 'extra' in portgroup_obj.obj_what_changed(): if 'extra' in portgroup_obj.obj_what_changed():
original_portgroup = objects.Portgroup.get_by_id(context, original_portgroup = objects.Portgroup.get_by_id(context,
@ -294,7 +290,7 @@ class VIFPortIDMixin(object):
# Check if the requested vif_id is a neutron port. If it is # Check if the requested vif_id is a neutron port. If it is
# then attempt to update the port's MAC address. # then attempt to update the port's MAC address.
try: try:
client = neutron.get_client(task.context.auth_token) client = neutron.get_client()
client.show_port(vif_id) client.show_port(vif_id)
except neutron_exceptions.NeutronClientException: except neutron_exceptions.NeutronClientException:
# NOTE(sambetts): If a client error occurs this is because # NOTE(sambetts): If a client error occurs this is because

2
ironic/drivers/modules/network/flat.py
View File

@ -69,7 +69,7 @@ class FlatNetwork(common.VIFPortIDMixin, neutron.NeutronNetworkInterfaceMixin,
if not host_id: if not host_id:
return return
client = neutron.get_client(task.context.auth_token) client = neutron.get_client()
for port_like_obj in task.ports + task.portgroups: for port_like_obj in task.ports + task.portgroups:
vif_port_id = ( vif_port_id = (
port_like_obj.internal_info.get(common.TENANT_VIF_KEY) or port_like_obj.internal_info.get(common.TENANT_VIF_KEY) or

5
ironic/drivers/modules/network/neutron.py
View File

@ -162,7 +162,7 @@ class NeutronNetwork(common.VIFPortIDMixin,
portmap = neutron.get_node_portmap(task) portmap = neutron.get_node_portmap(task)
client = neutron.get_client(task.context.auth_token) client = neutron.get_client()
pobj_without_vif = 0 pobj_without_vif = 0
for port_like_obj in ports + portgroups: for port_like_obj in ports + portgroups:
vif_port_id = ( vif_port_id = (
@ -244,5 +244,4 @@ class NeutronNetwork(common.VIFPortIDMixin,
port_like_obj.extra.get('vif_port_id')) port_like_obj.extra.get('vif_port_id'))
if not vif_port_id: if not vif_port_id:
continue continue
neutron.unbind_neutron_port(vif_port_id, neutron.unbind_neutron_port(vif_port_id)
token=task.context.auth_token)

24
ironic/tests/unit/common/test_neutron.py
View File

@ -609,20 +609,6 @@ class TestUnbindPort(base.TestCase):
mock_client.return_value.update_port.assert_called_once_with(port_id, mock_client.return_value.update_port.assert_called_once_with(port_id,
body) body)
def test_unbind_neutron_port_token_passed(self, mock_client):
port_id = 'fake-port-id'
token = 'token'
body = {
'port': {
'binding:host_id': '',
'binding:profile': {}
}
}
neutron.unbind_neutron_port(port_id, token=token)
mock_client.assert_called_once_with(token)
mock_client.return_value.update_port.assert_called_once_with(port_id,
body)
@mock.patch.object(neutron, 'LOG') @mock.patch.object(neutron, 'LOG')
def test_unbind_neutron_port_failure(self, mock_log, mock_client): def test_unbind_neutron_port_failure(self, mock_log, mock_client):
mock_client.return_value.update_port.side_effect = ( mock_client.return_value.update_port.side_effect = (
@ -634,24 +620,22 @@ class TestUnbindPort(base.TestCase):
} }
} }
port_id = 'fake-port-id' port_id = 'fake-port-id'
token = 'token'
self.assertRaises(exception.NetworkError, neutron.unbind_neutron_port, self.assertRaises(exception.NetworkError, neutron.unbind_neutron_port,
port_id, token=token) port_id)
mock_client.assert_called_once_with(token) mock_client.assert_called_once_with()
mock_client.return_value.update_port.assert_called_once_with(port_id, mock_client.return_value.update_port.assert_called_once_with(port_id,
body) body)
mock_log.exception.assert_called_once() mock_log.exception.assert_called_once()
def test_unbind_neutron_port(self, mock_client): def test_unbind_neutron_port(self, mock_client):
port_id = 'fake-port-id' port_id = 'fake-port-id'
token = 'token'
body = { body = {
'port': { 'port': {
'binding:host_id': '', 'binding:host_id': '',
'binding:profile': {} 'binding:profile': {}
} }
} }
neutron.unbind_neutron_port(port_id, token=token) neutron.unbind_neutron_port(port_id)
mock_client.assert_called_once_with(token) mock_client.assert_called_once_with()
mock_client.return_value.update_port.assert_called_once_with(port_id, mock_client.return_value.update_port.assert_called_once_with(port_id,
body) body)

15
ironic/tests/unit/dhcp/test_neutron.py
View File

@ -117,8 +117,7 @@ class TestNeutron(db_base.DbTestCase):
opts = pxe_utils.dhcp_options_for_instance(task) opts = pxe_utils.dhcp_options_for_instance(task)
api = dhcp_factory.DHCPFactory() api = dhcp_factory.DHCPFactory()
api.update_dhcp(task, opts) api.update_dhcp(task, opts)
mock_updo.assert_called_once_with('vif-uuid', opts, mock_updo.assert_called_once_with('vif-uuid', opts)
token=self.context.auth_token)
@mock.patch('ironic.dhcp.neutron.NeutronDHCPApi.update_port_dhcp_opts') @mock.patch('ironic.dhcp.neutron.NeutronDHCPApi.update_port_dhcp_opts')
@mock.patch('ironic.common.network.get_node_vif_ids') @mock.patch('ironic.common.network.get_node_vif_ids')
@ -179,8 +178,7 @@ class TestNeutron(db_base.DbTestCase):
api = dhcp_factory.DHCPFactory() api = dhcp_factory.DHCPFactory()
api.update_dhcp(task, opts) api.update_dhcp(task, opts)
mock_ts.assert_called_with(30) mock_ts.assert_called_with(30)
mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts, mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts)
token=self.context.auth_token)
@mock.patch.object(neutron, 'LOG', autospec=True) @mock.patch.object(neutron, 'LOG', autospec=True)
@mock.patch('time.sleep', autospec=True) @mock.patch('time.sleep', autospec=True)
@ -201,8 +199,7 @@ class TestNeutron(db_base.DbTestCase):
self.assertIn('Setting the port delay to 15 for SSH', self.assertIn('Setting the port delay to 15 for SSH',
mock_log.warning.call_args[0][0]) mock_log.warning.call_args[0][0])
mock_ts.assert_called_with(15) mock_ts.assert_called_with(15)
mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts, mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts)
token=self.context.auth_token)
@mock.patch.object(neutron, 'LOG', autospec=True) @mock.patch.object(neutron, 'LOG', autospec=True)
@mock.patch('time.sleep', autospec=True) @mock.patch('time.sleep', autospec=True)
@ -223,8 +220,7 @@ class TestNeutron(db_base.DbTestCase):
"Waiting %d seconds for Neutron.", 30) "Waiting %d seconds for Neutron.", 30)
mock_log.warning.assert_not_called() mock_log.warning.assert_not_called()
mock_ts.assert_called_with(30) mock_ts.assert_called_with(30)
mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts, mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts)
token=self.context.auth_token)
@mock.patch.object(neutron, 'LOG', autospec=True) @mock.patch.object(neutron, 'LOG', autospec=True)
@mock.patch.object(neutron.NeutronDHCPApi, 'update_port_dhcp_opts', @mock.patch.object(neutron.NeutronDHCPApi, 'update_port_dhcp_opts',
@ -241,8 +237,7 @@ class TestNeutron(db_base.DbTestCase):
api.update_dhcp(task, opts) api.update_dhcp(task, opts)
mock_log.debug.assert_not_called() mock_log.debug.assert_not_called()
mock_log.warning.assert_not_called() mock_log.warning.assert_not_called()
mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts, mock_updo.assert_called_once_with(mock.ANY, 'vif-uuid', opts)
token=self.context.auth_token)
def test__get_fixed_ip_address(self): def test__get_fixed_ip_address(self):
port_id = 'fake-port-id' port_id = 'fake-port-id'

18
ironic/tests/unit/drivers/modules/network/test_common.py
View File

@ -257,7 +257,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
self.port.refresh() self.port.refresh()
self.assertEqual("fake_vif_id", self.port.internal_info.get( self.assertEqual("fake_vif_id", self.port.internal_info.get(
common.TENANT_VIF_KEY)) common.TENANT_VIF_KEY))
mock_client.assert_called_once_with(None) mock_client.assert_called_once_with()
mock_upa.assert_called_once_with("fake_vif_id", self.port.address) mock_upa.assert_called_once_with("fake_vif_id", self.port.address)
@mock.patch.object(common, 'get_free_port_like_object', autospec=True) @mock.patch.object(common, 'get_free_port_like_object', autospec=True)
@ -292,7 +292,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
self.assertRaisesRegexp( self.assertRaisesRegexp(
exception.NetworkError, "can not update Neutron port", exception.NetworkError, "can not update Neutron port",
self.interface.vif_attach, task, vif) self.interface.vif_attach, task, vif)
mock_client.assert_called_once_with(None) mock_client.assert_called_once_with()
def test_vif_detach_in_extra(self): def test_vif_detach_in_extra(self):
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
@ -402,8 +402,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.port_changed(task, self.port) self.interface.port_changed(task, self.port)
mac_update_mock.assert_called_once_with( mac_update_mock.assert_called_once_with(
self.port.extra['vif_port_id'], self.port.extra['vif_port_id'], new_address)
new_address, token=task.context.auth_token)
self.assertFalse(mock_warn.called) self.assertFalse(mock_warn.called)
@mock.patch.object(neutron_common, 'update_port_address', autospec=True) @mock.patch.object(neutron_common, 'update_port_address', autospec=True)
@ -417,8 +416,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
self.interface.port_changed, self.interface.port_changed,
task, self.port) task, self.port)
mac_update_mock.assert_called_once_with( mac_update_mock.assert_called_once_with(
self.port.extra['vif_port_id'], self.port.extra['vif_port_id'], new_address)
new_address, token=task.context.auth_token)
@mock.patch.object(neutron_common, 'update_port_address', autospec=True) @mock.patch.object(neutron_common, 'update_port_address', autospec=True)
def test_port_changed_address_no_vif_id(self, mac_update_mock): def test_port_changed_address_no_vif_id(self, mac_update_mock):
@ -437,7 +435,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.port_changed(task, self.port) self.interface.port_changed(task, self.port)
dhcp_update_mock.assert_called_once_with( dhcp_update_mock.assert_called_once_with(
'fake-id', expected_dhcp_opts, token=self.context.auth_token) 'fake-id', expected_dhcp_opts)
@mock.patch.object(common_utils, 'warn_about_deprecated_extra_vif_port_id', @mock.patch.object(common_utils, 'warn_about_deprecated_extra_vif_port_id',
autospec=True) autospec=True)
@ -656,8 +654,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
pg.address = new_address pg.address = new_address
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.portgroup_changed(task, pg) self.interface.portgroup_changed(task, pg)
mac_update_mock.assert_called_once_with('fake-id', new_address, mac_update_mock.assert_called_once_with('fake-id', new_address)
token=self.context.auth_token)
@mock.patch.object(neutron_common, 'update_port_address', autospec=True) @mock.patch.object(neutron_common, 'update_port_address', autospec=True)
def test_update_portgroup_remove_address(self, mac_update_mock): def test_update_portgroup_remove_address(self, mac_update_mock):
@ -724,8 +721,7 @@ class TestVifPortIDMixin(db_base.DbTestCase):
self.assertRaises(exception.FailedToUpdateMacOnPort, self.assertRaises(exception.FailedToUpdateMacOnPort,
self.interface.portgroup_changed, self.interface.portgroup_changed,
task, pg) task, pg)
mac_update_mock.assert_called_once_with('fake-id', new_address, mac_update_mock.assert_called_once_with('fake-id', new_address)
token=self.context.auth_token)
@mock.patch.object(common_utils, 'warn_about_deprecated_extra_vif_port_id', @mock.patch.object(common_utils, 'warn_about_deprecated_extra_vif_port_id',
autospec=True) autospec=True)

12
ironic/tests/unit/drivers/modules/network/test_neutron.py
View File

@ -220,7 +220,7 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.unconfigure_tenant_networks(task) self.interface.unconfigure_tenant_networks(task)
mock_unbind_port.assert_called_once_with( mock_unbind_port.assert_called_once_with(
self.port.extra['vif_port_id'], token=None) self.port.extra['vif_port_id'])
def test_configure_tenant_networks_no_ports_for_node(self): def test_configure_tenant_networks_no_ports_for_node(self):
n = utils.create_test_node(self.context, network_interface='neutron', n = utils.create_test_node(self.context, network_interface='neutron',
@ -243,7 +243,7 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
'associated with node', 'associated with node',
self.interface.configure_tenant_networks, self.interface.configure_tenant_networks,
task) task)
client_mock.assert_called_once_with(task.context.auth_token) client_mock.assert_called_once_with()
upd_mock.assert_not_called() upd_mock.assert_not_called()
self.assertIn('No neutron ports or portgroups are associated with', self.assertIn('No neutron ports or portgroups are associated with',
log_mock.error.call_args[0][0]) log_mock.error.call_args[0][0])
@ -270,7 +270,7 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
client_mock.return_value.update_port = upd_mock client_mock.return_value.update_port = upd_mock
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.configure_tenant_networks(task) self.interface.configure_tenant_networks(task)
client_mock.assert_called_once_with(task.context.auth_token) client_mock.assert_called_once_with()
upd_mock.assert_called_once_with(self.port.extra['vif_port_id'], upd_mock.assert_called_once_with(self.port.extra['vif_port_id'],
expected_body) expected_body)
@ -283,7 +283,7 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
self.assertRaisesRegexp( self.assertRaisesRegexp(
exception.NetworkError, 'Could not add', exception.NetworkError, 'Could not add',
self.interface.configure_tenant_networks, task) self.interface.configure_tenant_networks, task)
client_mock.assert_called_once_with(task.context.auth_token) client_mock.assert_called_once_with()
@mock.patch.object(neutron_common, 'get_client') @mock.patch.object(neutron_common, 'get_client')
def _test_configure_tenant_networks(self, client_mock, is_client_id=False, def _test_configure_tenant_networks(self, client_mock, is_client_id=False,
@ -339,7 +339,7 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
[{'opt_name': 'client-id', 'opt_value': client_ids[1]}]) [{'opt_name': 'client-id', 'opt_value': client_ids[1]}])
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.configure_tenant_networks(task) self.interface.configure_tenant_networks(task)
client_mock.assert_called_once_with(task.context.auth_token) client_mock.assert_called_once_with()
if vif_int_info: if vif_int_info:
portid1 = self.port.internal_info['tenant_vif_port_id'] portid1 = self.port.internal_info['tenant_vif_port_id']
portid2 = second_port.internal_info['tenant_vif_port_id'] portid2 = second_port.internal_info['tenant_vif_port_id']
@ -413,7 +413,7 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
} }
with task_manager.acquire(self.context, self.node.id) as task: with task_manager.acquire(self.context, self.node.id) as task:
self.interface.configure_tenant_networks(task) self.interface.configure_tenant_networks(task)
client_mock.assert_called_once_with(task.context.auth_token) client_mock.assert_called_once_with()
upd_mock.assert_has_calls( upd_mock.assert_has_calls(
[mock.call(self.port.extra['vif_port_id'], call1_body), [mock.call(self.port.extra['vif_port_id'], call1_body),
mock.call(pg.extra['vif_port_id'], call2_body)] mock.call(pg.extra['vif_port_id'], call2_body)]

5
releasenotes/notes/fix-baremetal-admin-user-not-neutron-admin-f163df90ab520dad.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- An issue when baremetal admin user doesn't have enough rights (admin)
in Neutron by always picking neutron user from ironic config
and avoiding passing client token.