Merge "Use normal credentials for legacy image update"
This commit is contained in:
Zuul
Gerrit Code Review
commit
09ec6c27e2
@ -555,10 +555,29 @@ class Store(glance_store.driver.Store):
|
|||||||
If above both conditions doesn't meet, it returns false.
|
If above both conditions doesn't meet, it returns false.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
cinder_client = self.get_cinderclient(context=context,
|
# We will use either the service credentials defined in
|
||||||
legacy_update=True)
|
# config file or the user context credentials
|
||||||
|
cinder_client = self.get_cinderclient(context=context)
|
||||||
cinder_volume_type = self.store_conf.cinder_volume_type
|
cinder_volume_type = self.store_conf.cinder_volume_type
|
||||||
volume = cinder_client.volumes.get(volume_id)
|
# Here we are assuming that the volume is stored in the
|
||||||
|
# service project or context user's project else this
|
||||||
|
# will return NotFound exception.
|
||||||
|
# Ideally we should be using service user's credentials
|
||||||
|
# defined in the config and the volume should be stored
|
||||||
|
# in the service (internal) project else we are opening the
|
||||||
|
# image-volume to modification by users which might lead
|
||||||
|
# to corruption of image.
|
||||||
|
try:
|
||||||
|
volume = cinder_client.volumes.get(volume_id)
|
||||||
|
except cinder_exception.NotFound:
|
||||||
|
reason = (_LW("Image-Volume %s not found. If you have "
|
||||||
|
"upgraded your environment from single store "
|
||||||
|
"to multi store, transfer all your "
|
||||||
|
"Image-Volumes from user projects to service "
|
||||||
|
"project."
|
||||||
|
% volume_id))
|
||||||
|
LOG.warning(reason)
|
||||||
|
return False
|
||||||
if cinder_volume_type and volume.volume_type == cinder_volume_type:
|
if cinder_volume_type and volume.volume_type == cinder_volume_type:
|
||||||
return True
|
return True
|
||||||
elif not cinder_volume_type:
|
elif not cinder_volume_type:
|
||||||
@ -584,17 +603,8 @@ class Store(glance_store.driver.Store):
|
|||||||
for key in ['user_name', 'password',
|
for key in ['user_name', 'password',
|
||||||
'project_name', 'auth_address']])
|
'project_name', 'auth_address']])
|
||||||
|
|
||||||
def get_cinderclient(self, context=None, legacy_update=False,
|
def get_cinderclient(self, context=None, version='3.0'):
|
||||||
version='3.0'):
|
user_overriden = self.is_user_overriden()
|
||||||
# NOTE: For legacy image update from single store to multiple
|
|
||||||
# stores we need to use admin context rather than user provided
|
|
||||||
# credentials
|
|
||||||
if legacy_update:
|
|
||||||
user_overriden = False
|
|
||||||
context = context.elevated()
|
|
||||||
else:
|
|
||||||
user_overriden = self.is_user_overriden()
|
|
||||||
|
|
||||||
session = get_cinder_session(self.store_conf)
|
session = get_cinder_session(self.store_conf)
|
||||||
|
|
||||||
if user_overriden:
|
if user_overriden:
|
||||||
|
|||||||
@ -112,10 +112,12 @@ class TestMultiCinderStore(base.MultiStoreBaseTest,
|
|||||||
self._test_get_cinderclient_with_ca_certificates(group='cinder1')
|
self._test_get_cinderclient_with_ca_certificates(group='cinder1')
|
||||||
|
|
||||||
def test_get_cinderclient_legacy_update(self):
|
def test_get_cinderclient_legacy_update(self):
|
||||||
cc = self.store.get_cinderclient(self.fake_admin_context,
|
fake_endpoint = 'http://cinder.openstack.example.com/v2/fake_project'
|
||||||
legacy_update=True)
|
self.config(cinder_endpoint_template=fake_endpoint, group='cinder1')
|
||||||
self.assertEqual('admin_token', cc.client.auth.token)
|
cc = self.store.get_cinderclient(self.context)
|
||||||
self.assertEqual('http://foo/public_url', cc.client.auth.endpoint)
|
self.assertEqual(self.context.auth_token,
|
||||||
|
cc.client.auth.token)
|
||||||
|
self.assertEqual(fake_endpoint, cc.client.auth.endpoint)
|
||||||
|
|
||||||
def test_open_cinder_volume_multipath_enabled(self):
|
def test_open_cinder_volume_multipath_enabled(self):
|
||||||
self.config(cinder_use_multipath=True, group='cinder1')
|
self.config(cinder_use_multipath=True, group='cinder1')
|
||||||
@ -221,6 +223,19 @@ class TestMultiCinderStore(base.MultiStoreBaseTest,
|
|||||||
type_match = self.store.is_image_associated_with_store(
|
type_match = self.store.is_image_associated_with_store(
|
||||||
self.context, fake_vol_id)
|
self.context, fake_vol_id)
|
||||||
self.assertFalse(type_match)
|
self.assertFalse(type_match)
|
||||||
|
# When the Image-Volume is not found
|
||||||
|
mocked_cc.return_value.volumes.get = mock.MagicMock(
|
||||||
|
side_effect=cinder.cinder_exception.NotFound(code=404))
|
||||||
|
with mock.patch.object(cinder, 'LOG') as mock_log:
|
||||||
|
type_match = self.store.is_image_associated_with_store(
|
||||||
|
self.context, fake_vol_id)
|
||||||
|
mock_log.warning.assert_called_with(
|
||||||
|
"Image-Volume %s not found. If you have "
|
||||||
|
"upgraded your environment from single store "
|
||||||
|
"to multi store, transfer all your "
|
||||||
|
"Image-Volumes from user projects to service "
|
||||||
|
"project." % fake_vol_id)
|
||||||
|
self.assertFalse(type_match)
|
||||||
|
|
||||||
def test_cinder_get(self):
|
def test_cinder_get(self):
|
||||||
self._test_cinder_get(is_multi_store=True)
|
self._test_cinder_get(is_multi_store=True)
|
||||||
|
|||||||
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
`Bug #2056179 <https://bugs.launchpad.net/glance-store/+bug/2056179>`_:
|
||||||
|
Cinder Store: Fix issue when updating legacy image location.
|
||||||
|
Previously we only used the user context's credentials to make request
|
||||||
|
to cinder which we have now updated to use the service credentials
|
||||||
|
configured in the config file else use the user context's credentials.
|
||||||
Loading…
Reference in New Issue
Block a user