Merge "Add ability to get auth token from auth plugin"
This commit is contained in:
commit
7bfc529185
@ -27,6 +27,7 @@ from oslo_log import log as logging
|
||||
from sahara import exceptions as ex
|
||||
from sahara.i18n import _
|
||||
from sahara.i18n import _LW
|
||||
from sahara.service import sessions
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -314,3 +315,13 @@ class SetCurrentInstanceId(object):
|
||||
|
||||
def set_current_instance_id(instance_id):
|
||||
return SetCurrentInstanceId(instance_id)
|
||||
|
||||
|
||||
def get_auth_token():
|
||||
cur = current()
|
||||
if cur.auth_plugin:
|
||||
try:
|
||||
cur.auth_token = sessions.cache().token_for_auth(cur.auth_plugin)
|
||||
except Exception as e:
|
||||
LOG.warning(_LW("Cannot update token, reason: {reason}"), e)
|
||||
return cur.auth_token
|
||||
|
@ -18,7 +18,6 @@ from oslo_config import cfg
|
||||
import six
|
||||
import swiftclient
|
||||
|
||||
import sahara.context as context
|
||||
import sahara.exceptions as ex
|
||||
from sahara.i18n import _
|
||||
from sahara.swift import utils as su
|
||||
@ -94,5 +93,5 @@ def get_raw_data(job_binary, proxy_configs=None):
|
||||
|
||||
@_validate_job_binary_url
|
||||
def get_raw_data_with_context(job_binary):
|
||||
conn = sw.client_from_token(context.ctx().auth_token)
|
||||
conn = sw.client_from_token()
|
||||
return _get_raw_data(job_binary, conn)
|
||||
|
@ -151,3 +151,7 @@ class SessionCache(object):
|
||||
session = self.get_generic_session()
|
||||
self._set_session(SESSION_TYPE_NOVA, session)
|
||||
return session
|
||||
|
||||
def token_for_auth(self, auth):
|
||||
return self.get_generic_session().get_auth_headers(auth).get(
|
||||
'X-Auth-Token')
|
||||
|
@ -165,6 +165,6 @@ def use_os_admin_auth_token(cluster):
|
||||
ctx.tenant_id = cluster.tenant_id
|
||||
ctx.auth_plugin = keystone.auth_for_admin(
|
||||
trust_id=cluster.trust_id)
|
||||
ctx.auth_token = keystone.token_from_auth(ctx.auth_plugin)
|
||||
ctx.auth_token = context.get_auth_token()
|
||||
ctx.service_catalog = json.dumps(
|
||||
keystone.service_catalog_from_auth(ctx.auth_plugin))
|
||||
|
@ -98,21 +98,31 @@ class TestInternalSwift(base.SaharaTestCase):
|
||||
trust_id='proxytrust')
|
||||
_get_raw_data.assert_called_with(job_binary, client_instance)
|
||||
|
||||
@mock.patch('sahara.utils.openstack.base.url_for')
|
||||
@mock.patch('sahara.context.ctx')
|
||||
@mock.patch(
|
||||
'sahara.service.edp.binary_retrievers.internal_swift._get_raw_data')
|
||||
@mock.patch('sahara.utils.openstack.swift.client_from_token')
|
||||
def test_get_raw_data_with_context(self, swift_client, _get_raw_data, ctx):
|
||||
@mock.patch('swiftclient.Connection')
|
||||
def test_get_raw_data_with_context(self, swift_client, _get_raw_data, ctx,
|
||||
url_for):
|
||||
client_instance = mock.Mock()
|
||||
swift_client.return_value = client_instance
|
||||
test_context = mock.Mock()
|
||||
test_context.auth_token = 'testtoken'
|
||||
test_context.auth_plugin = None
|
||||
ctx.return_value = test_context
|
||||
|
||||
url_for.return_value = 'url_for'
|
||||
job_binary = mock.Mock()
|
||||
job_binary.url = 'swift://container/object'
|
||||
|
||||
job_binary.extra = dict(user='test', password='secret')
|
||||
i_s.get_raw_data_with_context(job_binary)
|
||||
swift_client.assert_called_with('testtoken')
|
||||
self.assertEqual([mock.call(
|
||||
auth_version='2.0',
|
||||
cacert=None, insecure=False,
|
||||
max_backoff=10,
|
||||
preauthtoken='testtoken',
|
||||
preauthurl='url_for', retries=5,
|
||||
retry_on_ratelimit=True, starting_backoff=10)],
|
||||
swift_client.call_args_list)
|
||||
_get_raw_data.assert_called_with(job_binary, client_instance)
|
||||
|
@ -57,9 +57,8 @@ def url_for(service_catalog=None, service_type='identity',
|
||||
service_type=service_type, endpoint_type=endpoint_type,
|
||||
region_name=CONF.os_region_name)
|
||||
except keystone_ex.EndpointNotFound:
|
||||
ctx = context.current()
|
||||
return keystone_service_catalog.ServiceCatalogV3(
|
||||
ctx.auth_token,
|
||||
context.get_auth_token(),
|
||||
{'catalog': json.loads(service_catalog)}).url_for(
|
||||
service_type=service_type, endpoint_type=endpoint_type,
|
||||
region_name=CONF.os_region_name)
|
||||
|
@ -46,7 +46,7 @@ def client():
|
||||
ctx = context.current()
|
||||
heat_url = base.url_for(ctx.service_catalog, 'orchestration',
|
||||
endpoint_type=CONF.heat.endpoint_type)
|
||||
return heat_client.Client('1', heat_url, token=ctx.auth_token,
|
||||
return heat_client.Client('1', heat_url, token=context.get_auth_token(),
|
||||
cert_file=CONF.heat.ca_file,
|
||||
insecure=CONF.heat.api_insecure,
|
||||
username=ctx.username,
|
||||
|
@ -80,7 +80,7 @@ CONF.register_opts(ssl_opts, group=keystone_group)
|
||||
def auth():
|
||||
'''Return a token auth plugin for the current context.'''
|
||||
ctx = context.current()
|
||||
return ctx.auth_plugin or token_auth(token=ctx.auth_token,
|
||||
return ctx.auth_plugin or token_auth(token=context.get_auth_token(),
|
||||
project_id=ctx.tenant_id)
|
||||
|
||||
|
||||
@ -229,7 +229,8 @@ def token_from_auth(auth):
|
||||
|
||||
:returns: an auth token in string format.
|
||||
'''
|
||||
return keystone_session.Session(auth=auth).get_token()
|
||||
return keystone_session.Session(
|
||||
auth=auth, verify=CONF.generic_session_verify).get_token()
|
||||
|
||||
|
||||
def user_id_from_auth(auth):
|
||||
|
@ -50,7 +50,7 @@ def client():
|
||||
'username': ctx.username,
|
||||
'project_name': ctx.tenant_name,
|
||||
'project_id': ctx.tenant_id,
|
||||
'input_auth_token': ctx.auth_token,
|
||||
'input_auth_token': context.get_auth_token(),
|
||||
'auth_url': base.retrieve_auth_url(),
|
||||
'service_catalog_url': base.url_for(ctx.service_catalog, 'share'),
|
||||
'ca_cert': CONF.manila.ca_file,
|
||||
|
@ -16,6 +16,7 @@
|
||||
from oslo_config import cfg
|
||||
import swiftclient
|
||||
|
||||
from sahara import context
|
||||
from sahara.swift import swift_helper as sh
|
||||
from sahara.swift import utils as su
|
||||
from sahara.utils.openstack import base
|
||||
@ -75,7 +76,9 @@ def client(username, password, trust_id=None):
|
||||
max_backoff=CONF.retries.retry_after)
|
||||
|
||||
|
||||
def client_from_token(token):
|
||||
def client_from_token(token=None):
|
||||
if not token:
|
||||
token = context.get_auth_token()
|
||||
'''return a Swift client authenticated from a token.'''
|
||||
return swiftclient.Connection(auth_version='2.0',
|
||||
cacert=CONF.swift.ca_file,
|
||||
|
@ -572,7 +572,7 @@ class InstanceInteropHelper(remote.Remote):
|
||||
neutron_info = dict()
|
||||
neutron_info['network'] = instance.cluster.neutron_management_network
|
||||
ctx = context.current()
|
||||
neutron_info['token'] = ctx.auth_token
|
||||
neutron_info['token'] = context.get_auth_token()
|
||||
neutron_info['tenant'] = ctx.tenant_name
|
||||
neutron_info['host'] = instance.management_ip
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user