From f24cfa97f78ccbba4e953ca05fb68941071764ac Mon Sep 17 00:00:00 2001 From: Michael Ionkin Date: Thu, 14 Apr 2016 15:38:43 +0300 Subject: [PATCH] keystoneclient to keystoneauth migration Keystoneauth was extracted from keystoneclient so we need to migrate to keystoneauth. But keystoneclient shouldn't be removed completely because we are using its HTTPClient. Change-Id: Ifca0e7423a884ac56389fa88e285516688197f9e bp: keystoneclient-to-keystoneauth --- doc/source/devref/development.guidelines.rst | 2 +- ...-keystonauth-migration-c75988975ad1a506.yaml | 4 ++++ requirements.txt | 1 + sahara/service/sessions.py | 2 +- sahara/tests/unit/service/test_sessions.py | 12 ++++++------ sahara/tests/unit/utils/openstack/test_base.py | 2 +- sahara/utils/cluster.py | 2 +- sahara/utils/openstack/base.py | 13 ++++++------- sahara/utils/openstack/keystone.py | 17 ++++++++--------- 9 files changed, 29 insertions(+), 26 deletions(-) create mode 100644 releasenotes/notes/keystoneclient-to-keystonauth-migration-c75988975ad1a506.yaml diff --git a/doc/source/devref/development.guidelines.rst b/doc/source/devref/development.guidelines.rst index d63c2919..04d54d5e 100644 --- a/doc/source/devref/development.guidelines.rst +++ b/doc/source/devref/development.guidelines.rst @@ -180,7 +180,7 @@ keystone ``Session`` and auth plugin objects(for example, ``Token`` or ``Password``). Sahara is migrating all clients to use this authentication methodology, where available. For more information on using sessions with keystone, please see -http://docs.openstack.org/developer/python-keystoneclient/using-sessions.html +http://docs.openstack.org/developer/keystoneauth/using-sessions.html Storing sensitive information ----------------------------- diff --git a/releasenotes/notes/keystoneclient-to-keystonauth-migration-c75988975ad1a506.yaml b/releasenotes/notes/keystoneclient-to-keystonauth-migration-c75988975ad1a506.yaml new file mode 100644 index 00000000..aaa310e4 --- /dev/null +++ b/releasenotes/notes/keystoneclient-to-keystonauth-migration-c75988975ad1a506.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - migration from keystoneclient to keystoneauth is done for + using auth features of keystone. diff --git a/requirements.txt b/requirements.txt index 3ae5dfa1..2f148753 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,6 +12,7 @@ Flask<1.0,>=0.10 # BSD iso8601>=0.1.9 # MIT Jinja2>=2.8 # BSD License (3 clause) jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT +keystoneauth1>=2.1.0 # Apache-2.0 keystonemiddleware!=4.1.0,>=4.0.0 # Apache-2.0 oslo.config>=3.9.0 # Apache-2.0 oslo.concurrency>=3.5.0 # Apache-2.0 diff --git a/sahara/service/sessions.py b/sahara/service/sessions.py index 7ba10807..c2ee3d9e 100644 --- a/sahara/service/sessions.py +++ b/sahara/service/sessions.py @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from keystoneclient import session as keystone +from keystoneauth1 import session as keystone from oslo_config import cfg from oslo_log import log as logging diff --git a/sahara/tests/unit/service/test_sessions.py b/sahara/tests/unit/service/test_sessions.py index e71a6b15..5f26dd9c 100644 --- a/sahara/tests/unit/service/test_sessions.py +++ b/sahara/tests/unit/service/test_sessions.py @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from keystoneclient import session as keystone +from keystoneauth1 import session as keystone import mock from sahara import exceptions as ex @@ -32,7 +32,7 @@ class TestSessionCache(base.SaharaTestCase): sc.get_session, session_type='bad service') - @mock.patch('keystoneclient.session.Session') + @mock.patch('keystoneauth1.session.Session') def test_get_keystone_session(self, keystone_session): sc = sessions.SessionCache() self.override_config('ca_file', '/some/cacert', group='keystone') @@ -52,7 +52,7 @@ class TestSessionCache(base.SaharaTestCase): sc.get_session(sessions.SESSION_TYPE_KEYSTONE) self.assertFalse(keystone_session.called) - @mock.patch('keystoneclient.session.Session') + @mock.patch('keystoneauth1.session.Session') def test_get_nova_session(self, keystone_session): sc = sessions.SessionCache() self.override_config('ca_file', '/some/cacert', group='nova') @@ -72,7 +72,7 @@ class TestSessionCache(base.SaharaTestCase): sc.get_session(sessions.SESSION_TYPE_NOVA) self.assertFalse(keystone_session.called) - @mock.patch('keystoneclient.session.Session') + @mock.patch('keystoneauth1.session.Session') def test_get_cinder_session(self, keystone_session): sc = sessions.SessionCache() self.override_config('ca_file', '/some/cacert', group='cinder') @@ -92,7 +92,7 @@ class TestSessionCache(base.SaharaTestCase): sc.get_session(sessions.SESSION_TYPE_CINDER) self.assertFalse(keystone_session.called) - @mock.patch('keystoneclient.session.Session') + @mock.patch('keystoneauth1.session.Session') def test_get_neutron_session(self, keystone_session): sc = sessions.SessionCache() self.override_config('ca_file', '/some/cacert', group='neutron') @@ -112,7 +112,7 @@ class TestSessionCache(base.SaharaTestCase): sc.get_session(sessions.SESSION_TYPE_NEUTRON) self.assertFalse(keystone_session.called) - @mock.patch('keystoneclient.session.Session') + @mock.patch('keystoneauth1.session.Session') def test_insecure_session(self, session): sc = sessions.SessionCache() sc.get_session(sessions.SESSION_TYPE_INSECURE) diff --git a/sahara/tests/unit/utils/openstack/test_base.py b/sahara/tests/unit/utils/openstack/test_base.py index 34dac670..d65b181d 100644 --- a/sahara/tests/unit/utils/openstack/test_base.py +++ b/sahara/tests/unit/utils/openstack/test_base.py @@ -16,7 +16,7 @@ from cinderclient import exceptions as cinder_exc from heatclient import exc as heat_exc -from keystoneclient import exceptions as keystone_exc +from keystoneauth1 import exceptions as keystone_exc import mock from neutronclient.common import exceptions as neutron_exc from novaclient import exceptions as nova_exc diff --git a/sahara/utils/cluster.py b/sahara/utils/cluster.py index 9875229b..898991a0 100644 --- a/sahara/utils/cluster.py +++ b/sahara/utils/cluster.py @@ -15,7 +15,7 @@ import socket -from keystoneclient import exceptions as keystone_ex +from keystoneauth1 import exceptions as keystone_ex from oslo_log import log as logging from six.moves.urllib import parse diff --git a/sahara/utils/openstack/base.py b/sahara/utils/openstack/base.py index 3ec3bba8..8ecdd08e 100644 --- a/sahara/utils/openstack/base.py +++ b/sahara/utils/openstack/base.py @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -from keystoneclient import exceptions as keystone_ex -from keystoneclient import service_catalog as keystone_service_catalog +from keystoneauth1.access import service_catalog as keystone_service_catalog +from keystoneauth1 import exceptions as keystone_ex from oslo_config import cfg from oslo_log import log as logging from oslo_serialization import jsonutils as json @@ -53,14 +53,13 @@ def url_for(service_catalog=None, service_type='identity', service_catalog = context.current().service_catalog try: return keystone_service_catalog.ServiceCatalogV2( - {'serviceCatalog': json.loads(service_catalog)}).url_for( - service_type=service_type, endpoint_type=endpoint_type, + json.loads(service_catalog)).url_for( + service_type=service_type, interface=endpoint_type, region_name=CONF.os_region_name) except keystone_ex.EndpointNotFound: return keystone_service_catalog.ServiceCatalogV3( - context.get_auth_token(), - {'catalog': json.loads(service_catalog)}).url_for( - service_type=service_type, endpoint_type=endpoint_type, + json.loads(service_catalog)).url_for( + service_type=service_type, interface=endpoint_type, region_name=CONF.os_region_name) diff --git a/sahara/utils/openstack/keystone.py b/sahara/utils/openstack/keystone.py index 25150d50..40131268 100644 --- a/sahara/utils/openstack/keystone.py +++ b/sahara/utils/openstack/keystone.py @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -from keystoneclient.auth import identity as keystone_identity -from keystoneclient import session as keystone_session +from keystoneauth1 import identity as keystone_identity +from keystoneauth1 import session as keystone_session from keystoneclient.v2_0 import client as keystone_client from keystoneclient.v3 import client as keystone_client_v3 from oslo_config import cfg @@ -160,12 +160,12 @@ def service_catalog_from_auth(auth): :returns: a list containing the service catalog. ''' - if CONF.use_identity_api_v3: - return auth.get_access( - sessions.cache().get_session()).get('catalog', []) + access_info = auth.get_access( + sessions.cache().get_session(sessions.SESSION_TYPE_KEYSTONE)) + if access_info.has_service_catalog(): + return access_info.service_catalog.catalog else: - return auth.get_access( - sessions.cache().get_session()).get('serviceCatalog', []) + return [] # TODO(elmiko) factor this out when redoing the barbicanclient @@ -217,8 +217,7 @@ def token_from_auth(auth): :returns: an auth token in string format. ''' - return keystone_session.Session( - auth=auth, verify=CONF.generic_session_verify).get_token() + return sessions.cache().token_for_auth(auth) def user_id_from_auth(auth):