diff --git a/glance/common/auth.py b/glance/common/auth.py index 554e0bf1f2..8b19526733 100644 --- a/glance/common/auth.py +++ b/glance/common/auth.py @@ -32,7 +32,7 @@ Keystone (an identity management system). """ import httplib2 -from keystoneauth1.access import service_catalog as ks_service_catalog +from keystoneclient import service_catalog as ks_service_catalog from oslo_serialization import jsonutils from six.moves import http_client as http # NOTE(jokke): simplified transition to py3, behaves like py2 xrange @@ -326,10 +326,11 @@ def get_endpoint(service_catalog, service_type='image', endpoint_region=None, otherwise we will raise an exception. """ endpoints = ks_service_catalog.ServiceCatalogV2( - service_catalog).get_urls(interface=endpoint_type, - service_type=service_type, - region_name=endpoint_region) - if len(endpoints) == 0: + {'serviceCatalog': service_catalog} + ).get_urls(service_type=service_type, + region_name=endpoint_region, + endpoint_type=endpoint_type) + if endpoints is None: raise exception.NoServiceEndpoint() elif len(endpoints) == 1: return endpoints[0] diff --git a/glance/common/trust_auth.py b/glance/common/trust_auth.py index 3667981957..9590e2c63f 100644 --- a/glance/common/trust_auth.py +++ b/glance/common/trust_auth.py @@ -14,6 +14,7 @@ from keystoneauth1 import exceptions as ka_exceptions from keystoneauth1 import loading as ka_loading +from keystoneclient.v3 import client as ks_client from oslo_config import cfg from oslo_log import log as logging @@ -31,17 +32,17 @@ class TokenRefresher(object): # step 1: create trust to ensure that we can always update token # trustor = user who made the request - trustor_client = self._load_session(user_plugin) - trustor_id = trustor_client.get_user_id() + trustor_client = self._load_client(user_plugin) + trustor_id = trustor_client.session.get_user_id() # get trustee user client that impersonates main user trustee_user_auth = ka_loading.load_auth_from_conf_options( CONF, 'keystone_authtoken') # save service user client because we need new service token # to refresh trust-scoped client later - self.trustee_user_client = self._load_session(trustee_user_auth) + self.trustee_user_client = self._load_client(trustee_user_auth) - trustee_id = self.trustee_user_client.get_user_id() + trustee_id = self.trustee_user_client.session.get_user_id() self.trust_id = trustor_client.trusts.create(trustor_user=trustor_id, trustee_user=trustee_id, @@ -63,12 +64,12 @@ class TokenRefresher(object): if self.trustee_client is None: self.trustee_client = self._refresh_trustee_client() try: - return self.trustee_client.get_token() + return self.trustee_client.session.get_token() except ka_exceptions.Unauthorized: # in case of Unauthorized exceptions try to refresh client because # service user token may expired self.trustee_client = self._refresh_trustee_client() - return self.trustee_client.get_token() + return self.trustee_client.session.get_token() def release_resources(self): """Release keystone resources required for refreshing""" @@ -98,11 +99,11 @@ class TokenRefresher(object): trustee_auth = ka_loading.load_auth_from_conf_options( CONF, 'keystone_authtoken', **kwargs) - return self._load_session(trustee_auth) + return self._load_client(trustee_auth) @staticmethod - def _load_session(plugin): - # load ksa session from auth settings and user plugin + def _load_client(plugin): + # load client from auth settings and user plugin sess = ka_loading.load_session_from_conf_options( CONF, 'keystone_authtoken', auth=plugin) - return sess + return ks_client.Client(session=sess) diff --git a/requirements.txt b/requirements.txt index 0e43a7fb44..c2cc84071f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32,6 +32,7 @@ PrettyTable>=0.7.1 # BSD Paste>=2.0.2 # MIT jsonschema>=3.2.0 # MIT +python-keystoneclient>=3.8.0 # Apache-2.0 pyOpenSSL>=17.1.0 # Apache-2.0 # Required by openstack.common libraries six>=1.11.0 # MIT