openstack
/
designate
Code Issues Proposed changes

Use SDK instead of neutronclient 

TODO:
* Document somehwere if users need to be more careful with
config.
* Check with somebody the devstack plugin.sh and cfg part
* I see some warnings in the logs like:
"The token used to make the request was project scoped
but the policy requires ['system'] scope", I suppose I
have to update my environment for the new RBAC things, but
better to check it in detail.

Change-Id: I0198f38afe3d5c32ea06d9e674ab0ff849f360e6
Related-Bug: #1999774
This commit is contained in:
elajkat 2023-02-22 14:20:28 +01:00
parent 5703810a40
commit e2fabfff96
3 changed files with 44 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
designate/network_api/neutron.py
View File

@ -16,8 +16,8 @@
# Copied partially from nova
import concurrent.futures
import futurist
from neutronclient.common import exceptions as neutron_exceptions
from neutronclient.v2_0 import client as clientv20
import openstack
from openstack import exceptions as sdk_exceptions
from oslo_config import cfg
from oslo_log import log as logging
@ -28,24 +28,31 @@ CONF = cfg.CONF
LOG = logging.getLogger(__name__)
def get_client(context, endpoint):
def get_client(context, endpoint, region):
params = {
'endpoint_url': endpoint,
'auth_url': CONF['network_api:neutron'].auth_url,
'timeout': CONF['network_api:neutron'].timeout,
'insecure': CONF['network_api:neutron'].insecure,
'ca_cert': CONF['network_api:neutron'].ca_certificates_file,
'region_name': region,
# TODO(lajoskatona): Add this to network_api cfg section
'project_domain_name': 'default',
}
if context.auth_token:
params['token'] = context.auth_token
params['auth_strategy'] = None
params['auth_type'] = 'token'
params['project_name'] = CONF['network_api:neutron'].admin_tenant_name
elif CONF['network_api:neutron'].admin_username is not None:
params['username'] = CONF['network_api:neutron'].admin_username
params['project_name'] = CONF['network_api:neutron'].admin_tenant_name
params['password'] = CONF['network_api:neutron'].admin_password
params['auth_url'] = CONF['network_api:neutron'].auth_url
params['auth_strategy'] = CONF['network_api:neutron'].auth_strategy
return clientv20.Client(**params)
return openstack.connect(**params)
class NeutronNetworkAPI(base.NetworkAPI):
@ -89,20 +96,22 @@ class NeutronNetworkAPI(base.NetworkAPI):
def _get_floating_ips(context, endpoint, region, project_id):
LOG.debug('Fetching floating ips from %(region)s @ %(endpoint)s',
{'region': region, 'endpoint': endpoint})
client = get_client(context, endpoint=endpoint)
client = get_client(context, endpoint=endpoint, region=region)
try:
fips = client.list_floatingips(project_id=project_id)
for fip in fips['floatingips']:
fips = client.network.ips(project_id=project_id)
for fip in fips:
yield {
'id': fip['id'],
'address': fip['floating_ip_address'],
'region': region
}
except neutron_exceptions.Unauthorized:
except sdk_exceptions.HttpException as http_ex:
LOG.warning(
'Failed fetching floating ips from %(region)s @ %(endpoint)s'
'due to an Unauthorized error',
{'region': region, 'endpoint': endpoint}
'due to a %(cause)s error',
{'region': region,
'endpoint': endpoint,
'cause': http_ex.message}
)
except Exception:
LOG.error(

34
designate/tests/unit/network_api/test_neutron.py
View File

@ -15,8 +15,7 @@
# under the License.
from unittest import mock
from neutronclient.common import exceptions as neutron_exceptions
from neutronclient.v2_0 import client as clientv20
from openstack import exceptions as sdk_exceptions
from oslo_config import cfg
from oslo_config import fixture as cfg_fixture
import oslotest.base
@ -38,15 +37,18 @@ class NeutronNetworkAPITest(oslotest.base.BaseTestCase):
'endpoints', ['RegionOne|http://localhost:9696'],
'network_api:neutron'
)
CONF.set_override(
'auth_url', 'http://localhost/identity', 'network_api:neutron'
)
self.api = get_network_api('neutron')
self.context = context.DesignateContext(
user_id='12345', project_id='54321',
)
@mock.patch.object(clientv20, 'Client')
@mock.patch('openstack.connect')
def test_get_client(self, mock_client):
neutron.get_client(self.context, 'http://localhost:9696')
neutron.get_client(self.context, 'http://localhost:9696', 'RegionOne')
_, kwargs = mock_client.call_args
@ -60,13 +62,13 @@ class NeutronNetworkAPITest(oslotest.base.BaseTestCase):
self.assertEqual('http://localhost:9696', kwargs['endpoint_url'])
@mock.patch.object(clientv20, 'Client')
@mock.patch('openstack.connect')
def test_get_client_using_token(self, mock_client):
self.context = context.DesignateContext(
user_id='12345', project_id='54321', auth_token='token',
)
neutron.get_client(self.context, 'http://localhost:9696')
neutron.get_client(self.context, 'http://localhost:9696', 'RegionOne')
_, kwargs = mock_client.call_args
@ -77,14 +79,14 @@ class NeutronNetworkAPITest(oslotest.base.BaseTestCase):
self.assertEqual('http://localhost:9696', kwargs['endpoint_url'])
self.assertEqual(self.context.auth_token, kwargs['token'])
@mock.patch.object(clientv20, 'Client')
@mock.patch('openstack.connect')
def test_get_client_using_admin(self, mock_client):
CONF.set_override(
'admin_username', 'test',
'network_api:neutron'
)
neutron.get_client(self.context, 'http://localhost:9696')
neutron.get_client(self.context, 'http://localhost:9696', 'RegionOne')
_, kwargs = mock_client.call_args
@ -100,10 +102,10 @@ class NeutronNetworkAPITest(oslotest.base.BaseTestCase):
kwargs['username'], CONF['network_api:neutron'].admin_username
)
@mock.patch.object(neutron, 'get_client')
@mock.patch('openstack.connect')
def test_list_floatingips(self, get_client):
driver = mock.Mock()
driver.list_floatingips.return_value = {'floatingips': [
driver.network.ips.return_value = [
{
'id': '123',
'floating_ip_address': '192.168.0.100',
@ -114,24 +116,24 @@ class NeutronNetworkAPITest(oslotest.base.BaseTestCase):
'floating_ip_address': '192.168.0.200',
'region': 'RegionOne'
},
]}
]
get_client.return_value = driver
self.assertEqual(2, len(self.api.list_floatingips(self.context)))
@mock.patch.object(neutron, 'get_client')
@mock.patch('openstack.connect')
def test_list_floatingips_unauthorized(self, get_client):
driver = mock.Mock()
driver.list_floatingips.side_effect = neutron_exceptions.Unauthorized
driver.network.ips.side_effect = sdk_exceptions.HttpException
get_client.return_value = driver
self.assertEqual(0, len(self.api.list_floatingips(self.context)))
@mock.patch.object(neutron, 'get_client')
@mock.patch('openstack.connect')
def test_list_floatingips_communication_failure(self, get_client):
driver = mock.Mock()
driver.list_floatingips.side_effect = (
neutron_exceptions.NeutronException
driver.network.ips.side_effect = (
Exception
)
get_client.return_value = driver

7
devstack/plugin.sh
View File

@ -91,6 +91,13 @@ function configure_designate {
iniset $DESIGNATE_CONF oslo_messaging_notifications driver "$DESIGNATE_NOTIFICATION_DRIVER"
iniset $DESIGNATE_CONF oslo_messaging_notifications topics "$DESIGNATE_NOTIFICATION_TOPICS"
# Set Neutron API/SDK config options
ADMIN_TENANT_NAME=${ADMIN_TENANT_NAME:-"admin"}
iniset $DESIGNATE_CONF network_api:neutron admin_tenant_name "$ADMIN_TENANT_NAME"
iniset $DESIGNATE_CONF network_api:neutron admin_user_name "designate"
iniset $DESIGNATE_CONF network_api:neutron admin_password "$SERVICE_PASSWORD"
iniset $DESIGNATE_CONF network_api:neutron auth_url "$KEYSTONE_AUTH_URI"
# Root Wrap
sudo cp $DESIGNATE_DIR/etc/designate/rootwrap.conf.sample $DESIGNATE_ROOTWRAP_CONF
iniset $DESIGNATE_ROOTWRAP_CONF DEFAULT filters_path $DESIGNATE_DIR/etc/designate/rootwrap.d root-helper