diff --git a/glance/common/auth.py b/glance/common/auth.py index 3a5e94a011..2f9734754f 100644 --- a/glance/common/auth.py +++ b/glance/common/auth.py @@ -29,7 +29,7 @@ Keystone (an identity management system). http://service_endpoint/ """ import httplib2 -from keystoneclient import service_catalog as ks_service_catalog +from keystoneauth1.access import service_catalog as ks_service_catalog from oslo_serialization import jsonutils from six.moves import http_client as http # NOTE(jokke): simplified transition to py3, behaves like py2 xrange @@ -267,11 +267,10 @@ def get_endpoint(service_catalog, service_type='image', endpoint_region=None, otherwise we will raise an exception. """ endpoints = ks_service_catalog.ServiceCatalogV2( - {'serviceCatalog': service_catalog} - ).get_urls(service_type=service_type, - region_name=endpoint_region, - endpoint_type=endpoint_type) - if endpoints is None: + service_catalog).get_urls(interface=endpoint_type, + service_type=service_type, + region_name=endpoint_region) + if len(endpoints) == 0: raise exception.NoServiceEndpoint() elif len(endpoints) == 1: return endpoints[0] diff --git a/glance/common/trust_auth.py b/glance/common/trust_auth.py index 9590e2c63f..3667981957 100644 --- a/glance/common/trust_auth.py +++ b/glance/common/trust_auth.py @@ -14,7 +14,6 @@ from keystoneauth1 import exceptions as ka_exceptions from keystoneauth1 import loading as ka_loading -from keystoneclient.v3 import client as ks_client from oslo_config import cfg from oslo_log import log as logging @@ -32,17 +31,17 @@ class TokenRefresher(object): # step 1: create trust to ensure that we can always update token # trustor = user who made the request - trustor_client = self._load_client(user_plugin) - trustor_id = trustor_client.session.get_user_id() + trustor_client = self._load_session(user_plugin) + trustor_id = trustor_client.get_user_id() # get trustee user client that impersonates main user trustee_user_auth = ka_loading.load_auth_from_conf_options( CONF, 'keystone_authtoken') # save service user client because we need new service token # to refresh trust-scoped client later - self.trustee_user_client = self._load_client(trustee_user_auth) + self.trustee_user_client = self._load_session(trustee_user_auth) - trustee_id = self.trustee_user_client.session.get_user_id() + trustee_id = self.trustee_user_client.get_user_id() self.trust_id = trustor_client.trusts.create(trustor_user=trustor_id, trustee_user=trustee_id, @@ -64,12 +63,12 @@ class TokenRefresher(object): if self.trustee_client is None: self.trustee_client = self._refresh_trustee_client() try: - return self.trustee_client.session.get_token() + return self.trustee_client.get_token() except ka_exceptions.Unauthorized: # in case of Unauthorized exceptions try to refresh client because # service user token may expired self.trustee_client = self._refresh_trustee_client() - return self.trustee_client.session.get_token() + return self.trustee_client.get_token() def release_resources(self): """Release keystone resources required for refreshing""" @@ -99,11 +98,11 @@ class TokenRefresher(object): trustee_auth = ka_loading.load_auth_from_conf_options( CONF, 'keystone_authtoken', **kwargs) - return self._load_client(trustee_auth) + return self._load_session(trustee_auth) @staticmethod - def _load_client(plugin): - # load client from auth settings and user plugin + def _load_session(plugin): + # load ksa session from auth settings and user plugin sess = ka_loading.load_session_from_conf_options( CONF, 'keystone_authtoken', auth=plugin) - return ks_client.Client(session=sess) + return sess diff --git a/requirements.txt b/requirements.txt index 6eb063ac2e..51327ca1d0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,7 +31,6 @@ PrettyTable<0.8,>=0.7.1 # BSD Paste>=2.0.2 # MIT jsonschema<3.0.0,>=2.6.0 # MIT -python-keystoneclient>=3.8.0 # Apache-2.0 pyOpenSSL>=17.1.0 # Apache-2.0 # Required by openstack.common libraries six>=1.10.0 # MIT