Merge "Add ability to get auth token from auth plugin"

sahara/context.py

@@ -27,6 +27,7 @@ from oslo_log import log as logging
 from sahara import exceptions as ex
 from sahara.i18n import _
 from sahara.i18n import _LW
+from sahara.service import sessions
 
 
 CONF = cfg.CONF
@@ -314,3 +315,13 @@ class SetCurrentInstanceId(object):
 
 def set_current_instance_id(instance_id):
     return SetCurrentInstanceId(instance_id)
+
+
+def get_auth_token():
+    cur = current()
+    if cur.auth_plugin:
+        try:
+            cur.auth_token = sessions.cache().token_for_auth(cur.auth_plugin)
+        except Exception as e:
+            LOG.warning(_LW("Cannot update token, reason: {reason}"), e)
+    return cur.auth_token

sahara/service/edp/binary_retrievers/internal_swift.py

@@ -18,7 +18,6 @@ from oslo_config import cfg
 import six
 import swiftclient
 
-import sahara.context as context
 import sahara.exceptions as ex
 from sahara.i18n import _
 from sahara.swift import utils as su
@@ -94,5 +93,5 @@ def get_raw_data(job_binary, proxy_configs=None):
 
 @_validate_job_binary_url
 def get_raw_data_with_context(job_binary):
-    conn = sw.client_from_token(context.ctx().auth_token)
+    conn = sw.client_from_token()
     return _get_raw_data(job_binary, conn)

sahara/service/sessions.py

@@ -151,3 +151,7 @@ class SessionCache(object):
                 session = self.get_generic_session()
             self._set_session(SESSION_TYPE_NOVA, session)
         return session
+
+    def token_for_auth(self, auth):
+        return self.get_generic_session().get_auth_headers(auth).get(
+            'X-Auth-Token')

sahara/service/trusts.py

@@ -165,6 +165,6 @@ def use_os_admin_auth_token(cluster):
         ctx.tenant_id = cluster.tenant_id
         ctx.auth_plugin = keystone.auth_for_admin(
             trust_id=cluster.trust_id)
-        ctx.auth_token = keystone.token_from_auth(ctx.auth_plugin)
+        ctx.auth_token = context.get_auth_token()
         ctx.service_catalog = json.dumps(
             keystone.service_catalog_from_auth(ctx.auth_plugin))

sahara/tests/unit/service/edp/binary_retrievers/test_internal_swift.py

@@ -98,21 +98,31 @@ class TestInternalSwift(base.SaharaTestCase):
                                         trust_id='proxytrust')
         _get_raw_data.assert_called_with(job_binary, client_instance)
 
+    @mock.patch('sahara.utils.openstack.base.url_for')
     @mock.patch('sahara.context.ctx')
     @mock.patch(
         'sahara.service.edp.binary_retrievers.internal_swift._get_raw_data')
-    @mock.patch('sahara.utils.openstack.swift.client_from_token')
+    @mock.patch('swiftclient.Connection')
-    def test_get_raw_data_with_context(self, swift_client, _get_raw_data, ctx):
+    def test_get_raw_data_with_context(self, swift_client, _get_raw_data, ctx,
+                                       url_for):
         client_instance = mock.Mock()
         swift_client.return_value = client_instance
         test_context = mock.Mock()
         test_context.auth_token = 'testtoken'
+        test_context.auth_plugin = None
         ctx.return_value = test_context
-
+        url_for.return_value = 'url_for'
         job_binary = mock.Mock()
         job_binary.url = 'swift://container/object'
 
         job_binary.extra = dict(user='test', password='secret')
         i_s.get_raw_data_with_context(job_binary)
-        swift_client.assert_called_with('testtoken')
+        self.assertEqual([mock.call(
+            auth_version='2.0',
+            cacert=None, insecure=False,
+            max_backoff=10,
+            preauthtoken='testtoken',
+            preauthurl='url_for', retries=5,
+            retry_on_ratelimit=True, starting_backoff=10)],
+            swift_client.call_args_list)
         _get_raw_data.assert_called_with(job_binary, client_instance)

sahara/utils/openstack/base.py

@@ -57,9 +57,8 @@ def url_for(service_catalog=None, service_type='identity',
                 service_type=service_type, endpoint_type=endpoint_type,
                 region_name=CONF.os_region_name)
     except keystone_ex.EndpointNotFound:
-        ctx = context.current()
         return keystone_service_catalog.ServiceCatalogV3(
-            ctx.auth_token,
+            context.get_auth_token(),
             {'catalog': json.loads(service_catalog)}).url_for(
                 service_type=service_type, endpoint_type=endpoint_type,
                 region_name=CONF.os_region_name)

sahara/utils/openstack/heat.py

@@ -46,7 +46,7 @@ def client():
     ctx = context.current()
     heat_url = base.url_for(ctx.service_catalog, 'orchestration',
                             endpoint_type=CONF.heat.endpoint_type)
-    return heat_client.Client('1', heat_url, token=ctx.auth_token,
+    return heat_client.Client('1', heat_url, token=context.get_auth_token(),
                               cert_file=CONF.heat.ca_file,
                               insecure=CONF.heat.api_insecure,
                               username=ctx.username,

sahara/utils/openstack/keystone.py

@@ -80,7 +80,7 @@ CONF.register_opts(ssl_opts, group=keystone_group)
 def auth():
     '''Return a token auth plugin for the current context.'''
     ctx = context.current()
-    return ctx.auth_plugin or token_auth(token=ctx.auth_token,
+    return ctx.auth_plugin or token_auth(token=context.get_auth_token(),
                                          project_id=ctx.tenant_id)
 
 
@@ -229,7 +229,8 @@ def token_from_auth(auth):
 
     :returns: an auth token in string format.
     '''
-    return keystone_session.Session(auth=auth).get_token()
+    return keystone_session.Session(
+        auth=auth, verify=CONF.generic_session_verify).get_token()
 
 
 def user_id_from_auth(auth):

sahara/utils/openstack/manila.py

@@ -50,7 +50,7 @@ def client():
         'username': ctx.username,
         'project_name': ctx.tenant_name,
         'project_id': ctx.tenant_id,
-        'input_auth_token': ctx.auth_token,
+        'input_auth_token': context.get_auth_token(),
         'auth_url': base.retrieve_auth_url(),
         'service_catalog_url': base.url_for(ctx.service_catalog, 'share'),
         'ca_cert': CONF.manila.ca_file,

sahara/utils/openstack/swift.py

@@ -16,6 +16,7 @@
 from oslo_config import cfg
 import swiftclient
 
+from sahara import context
 from sahara.swift import swift_helper as sh
 from sahara.swift import utils as su
 from sahara.utils.openstack import base
@@ -75,7 +76,9 @@ def client(username, password, trust_id=None):
             max_backoff=CONF.retries.retry_after)
 
 
-def client_from_token(token):
+def client_from_token(token=None):
+    if not token:
+        token = context.get_auth_token()
     '''return a Swift client authenticated from a token.'''
     return swiftclient.Connection(auth_version='2.0',
                                   cacert=CONF.swift.ca_file,

sahara/utils/ssh_remote.py

@@ -572,7 +572,7 @@ class InstanceInteropHelper(remote.Remote):
         neutron_info = dict()
         neutron_info['network'] = instance.cluster.neutron_management_network
         ctx = context.current()
-        neutron_info['token'] = ctx.auth_token
+        neutron_info['token'] = context.get_auth_token()
         neutron_info['tenant'] = ctx.tenant_name
         neutron_info['host'] = instance.management_ip