Merge "Add ability to get auth token from auth plugin"

2015-12-11 14:03:34 +00:00 · 2015-12-11 14:03:34 +00:00 · 7bfc529185
commit 7bfc529185
parent c9c553fd4d dd85b5d78d
11 changed files with 42 additions and 15 deletions
--- a/sahara/context.py
+++ b/sahara/context.py
@ -27,6 +27,7 @@ from oslo_log import log as logging
 from sahara import exceptions as ex
 from sahara.i18n import _
 from sahara.i18n import _LW
+from sahara.service import sessions


 CONF = cfg.CONF
@ -314,3 +315,13 @@ class SetCurrentInstanceId(object):

 def set_current_instance_id(instance_id):
    return SetCurrentInstanceId(instance_id)
+
+
+def get_auth_token():
+    cur = current()
+    if cur.auth_plugin:
+        try:
+            cur.auth_token = sessions.cache().token_for_auth(cur.auth_plugin)
+        except Exception as e:
+            LOG.warning(_LW("Cannot update token, reason: {reason}"), e)
+    return cur.auth_token
--- a/sahara/service/edp/binary_retrievers/internal_swift.py
+++ b/sahara/service/edp/binary_retrievers/internal_swift.py
@ -18,7 +18,6 @@ from oslo_config import cfg
 import six
 import swiftclient

-import sahara.context as context
 import sahara.exceptions as ex
 from sahara.i18n import _
 from sahara.swift import utils as su
@ -94,5 +93,5 @@ def get_raw_data(job_binary, proxy_configs=None):

@_validate_job_binary_url
 def get_raw_data_with_context(job_binary):
-    conn = sw.client_from_token(context.ctx().auth_token)
+    conn = sw.client_from_token()
    return _get_raw_data(job_binary, conn)
--- a/sahara/service/sessions.py
+++ b/sahara/service/sessions.py
@ -151,3 +151,7 @@ class SessionCache(object):
                session = self.get_generic_session()
            self._set_session(SESSION_TYPE_NOVA, session)
        return session
+
+    def token_for_auth(self, auth):
+        return self.get_generic_session().get_auth_headers(auth).get(
+            'X-Auth-Token')
--- a/sahara/service/trusts.py
+++ b/sahara/service/trusts.py
@ -165,6 +165,6 @@ def use_os_admin_auth_token(cluster):
        ctx.tenant_id = cluster.tenant_id
        ctx.auth_plugin = keystone.auth_for_admin(
            trust_id=cluster.trust_id)
-        ctx.auth_token = keystone.token_from_auth(ctx.auth_plugin)
+        ctx.auth_token = context.get_auth_token()
        ctx.service_catalog = json.dumps(
            keystone.service_catalog_from_auth(ctx.auth_plugin))
--- a/sahara/tests/unit/service/edp/binary_retrievers/test_internal_swift.py
+++ b/sahara/tests/unit/service/edp/binary_retrievers/test_internal_swift.py
@ -98,21 +98,31 @@ class TestInternalSwift(base.SaharaTestCase):
                                        trust_id='proxytrust')
        _get_raw_data.assert_called_with(job_binary, client_instance)

+    @mock.patch('sahara.utils.openstack.base.url_for')
    @mock.patch('sahara.context.ctx')
    @mock.patch(
        'sahara.service.edp.binary_retrievers.internal_swift._get_raw_data')
-    @mock.patch('sahara.utils.openstack.swift.client_from_token')
-    def test_get_raw_data_with_context(self, swift_client, _get_raw_data, ctx):
+    @mock.patch('swiftclient.Connection')
+    def test_get_raw_data_with_context(self, swift_client, _get_raw_data, ctx,
+                                       url_for):
        client_instance = mock.Mock()
        swift_client.return_value = client_instance
        test_context = mock.Mock()
        test_context.auth_token = 'testtoken'
+        test_context.auth_plugin = None
        ctx.return_value = test_context
-
+        url_for.return_value = 'url_for'
        job_binary = mock.Mock()
        job_binary.url = 'swift://container/object'

        job_binary.extra = dict(user='test', password='secret')
        i_s.get_raw_data_with_context(job_binary)
-        swift_client.assert_called_with('testtoken')
+        self.assertEqual([mock.call(
+            auth_version='2.0',
+            cacert=None, insecure=False,
+            max_backoff=10,
+            preauthtoken='testtoken',
+            preauthurl='url_for', retries=5,
+            retry_on_ratelimit=True, starting_backoff=10)],
+            swift_client.call_args_list)
        _get_raw_data.assert_called_with(job_binary, client_instance)
--- a/sahara/utils/openstack/base.py
+++ b/sahara/utils/openstack/base.py
@ -57,9 +57,8 @@ def url_for(service_catalog=None, service_type='identity',
                service_type=service_type, endpoint_type=endpoint_type,
                region_name=CONF.os_region_name)
    except keystone_ex.EndpointNotFound:
-        ctx = context.current()
        return keystone_service_catalog.ServiceCatalogV3(
-            ctx.auth_token,
+            context.get_auth_token(),
            {'catalog': json.loads(service_catalog)}).url_for(
                service_type=service_type, endpoint_type=endpoint_type,
                region_name=CONF.os_region_name)
--- a/sahara/utils/openstack/heat.py
+++ b/sahara/utils/openstack/heat.py
@ -46,7 +46,7 @@ def client():
    ctx = context.current()
    heat_url = base.url_for(ctx.service_catalog, 'orchestration',
                            endpoint_type=CONF.heat.endpoint_type)
-    return heat_client.Client('1', heat_url, token=ctx.auth_token,
+    return heat_client.Client('1', heat_url, token=context.get_auth_token(),
                              cert_file=CONF.heat.ca_file,
                              insecure=CONF.heat.api_insecure,
                              username=ctx.username,
--- a/sahara/utils/openstack/keystone.py
+++ b/sahara/utils/openstack/keystone.py
@ -80,7 +80,7 @@ CONF.register_opts(ssl_opts, group=keystone_group)
 def auth():
    '''Return a token auth plugin for the current context.'''
    ctx = context.current()
-    return ctx.auth_plugin or token_auth(token=ctx.auth_token,
+    return ctx.auth_plugin or token_auth(token=context.get_auth_token(),
                                         project_id=ctx.tenant_id)


@ -229,7 +229,8 @@ def token_from_auth(auth):

    :returns: an auth token in string format.
    '''
-    return keystone_session.Session(auth=auth).get_token()
+    return keystone_session.Session(
+        auth=auth, verify=CONF.generic_session_verify).get_token()


 def user_id_from_auth(auth):
--- a/sahara/utils/openstack/manila.py
+++ b/sahara/utils/openstack/manila.py
@ -50,7 +50,7 @@ def client():
        'username': ctx.username,
        'project_name': ctx.tenant_name,
        'project_id': ctx.tenant_id,
-        'input_auth_token': ctx.auth_token,
+        'input_auth_token': context.get_auth_token(),
        'auth_url': base.retrieve_auth_url(),
        'service_catalog_url': base.url_for(ctx.service_catalog, 'share'),
        'ca_cert': CONF.manila.ca_file,
--- a/sahara/utils/openstack/swift.py
+++ b/sahara/utils/openstack/swift.py
@ -16,6 +16,7 @@
 from oslo_config import cfg
 import swiftclient

+from sahara import context
 from sahara.swift import swift_helper as sh
 from sahara.swift import utils as su
 from sahara.utils.openstack import base
@ -75,7 +76,9 @@ def client(username, password, trust_id=None):
            max_backoff=CONF.retries.retry_after)


-def client_from_token(token):
+def client_from_token(token=None):
+    if not token:
+        token = context.get_auth_token()
    '''return a Swift client authenticated from a token.'''
    return swiftclient.Connection(auth_version='2.0',
                                  cacert=CONF.swift.ca_file,
--- a/sahara/utils/ssh_remote.py
+++ b/sahara/utils/ssh_remote.py
@ -572,7 +572,7 @@ class InstanceInteropHelper(remote.Remote):
        neutron_info = dict()
        neutron_info['network'] = instance.cluster.neutron_management_network
        ctx = context.current()
-        neutron_info['token'] = ctx.auth_token
+        neutron_info['token'] = context.get_auth_token()
        neutron_info['tenant'] = ctx.tenant_name
        neutron_info['host'] = instance.management_ip