Convert to keystoneauth
A direct conversion of keystoneclient usage to the newer supported keystoneauth library. The libraries are largely compatible and there should be no issues swapping between them. This doesn't fix any problems of the way auth is used, it just changes out the library. Change-Id: Ibe212e17150a3c750e9c2536a4c869d87e9d4e13
This commit is contained in:
Jamie Lennox
parent
9ba10d8e25
commit
4d7703b934
|
|
@ -21,6 +21,8 @@ import os
|
|||
import socket
|
||||
import time
|
||||
|
||||
from keystoneauth1.access import service_catalog as keystone_sc
|
||||
from keystoneauth1 import exceptions as keystone_exc
|
||||
from oslo_concurrency import processutils
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import units
|
||||
|
|
@ -31,8 +33,6 @@ import glance_store.driver
|
|||
from glance_store import exceptions
|
||||
from glance_store.i18n import _, _LE, _LW, _LI
|
||||
import glance_store.location
|
||||
from keystoneclient import exceptions as keystone_exc
|
||||
from keystoneclient import service_catalog as keystone_sc
|
||||
|
||||
try:
|
||||
from cinderclient import exceptions as cinder_exception
|
||||
|
|
@ -64,8 +64,8 @@ The service catalog can be listed by the ``openstack catalog list`` command.
|
|||
|
||||
Possible values:
|
||||
* A string of of the following form:
|
||||
``<service_type>:<service_name>:<endpoint_type>``
|
||||
At least ``service_type`` and ``endpoint_type`` should be specified.
|
||||
``<service_type>:<service_name>:<interface>``
|
||||
At least ``service_type`` and ``interface`` should be specified.
|
||||
``service_name`` can be omitted.
|
||||
|
||||
Related options:
|
||||
|
|
@ -332,14 +332,14 @@ def get_cinderclient(conf, context=None):
|
|||
url = glance_store.cinder_endpoint_template % context.to_dict()
|
||||
else:
|
||||
info = glance_store.cinder_catalog_info
|
||||
service_type, service_name, endpoint_type = info.split(':')
|
||||
sc = {'serviceCatalog': context.service_catalog}
|
||||
service_type, service_name, interface = info.split(':')
|
||||
try:
|
||||
url = keystone_sc.ServiceCatalogV2(sc).url_for(
|
||||
catalog = keystone_sc.ServiceCatalogV2(context.service_catalog)
|
||||
url = catalog.url_for(
|
||||
region_name=glance_store.cinder_os_region_name,
|
||||
service_type=service_type,
|
||||
service_name=service_name,
|
||||
endpoint_type=endpoint_type)
|
||||
interface=interface)
|
||||
except keystone_exc.EndpointNotFound:
|
||||
reason = _("Failed to find Cinder from a service catalog.")
|
||||
raise exceptions.BadStoreConfiguration(store_name="cinder",
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ connection with valid credentials and updated token"""
|
|||
|
||||
import logging
|
||||
|
||||
from keystoneclient import exceptions as ks_exceptions
|
||||
from keystoneauth1 import exceptions as ks_exceptions
|
||||
from oslo_utils import encodeutils
|
||||
|
||||
from glance_store import exceptions
|
||||
|
|
|
|||
|
|
@ -19,8 +19,11 @@ import hashlib
|
|||
import logging
|
||||
import math
|
||||
|
||||
from keystoneclient import exceptions as keystone_exc
|
||||
from keystoneclient import service_catalog as keystone_sc
|
||||
from keystoneauth1.access import service_catalog as keystone_sc
|
||||
from keystoneauth1 import exceptions as keystone_exc
|
||||
from keystoneauth1 import identity as ks_identity
|
||||
from keystoneauth1 import session as ks_session
|
||||
from keystoneclient.v3 import client as ks_client
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import encodeutils
|
||||
from oslo_utils import excutils
|
||||
|
|
@ -33,9 +36,6 @@ try:
|
|||
except ImportError:
|
||||
swiftclient = None
|
||||
|
||||
from keystoneclient.auth.identity import v3 as ks_v3
|
||||
from keystoneclient import session as ks_session
|
||||
from keystoneclient.v3 import client as ks_client
|
||||
|
||||
import glance_store
|
||||
from glance_store._drivers.swift import connection_manager
|
||||
|
|
@ -1268,16 +1268,17 @@ class SingleTenantStore(BaseStore):
|
|||
raise exceptions.BadStoreUri(message=reason)
|
||||
|
||||
# initialize a keystone plugin for swift admin with creds
|
||||
password = ks_v3.Password(auth_url=auth_url,
|
||||
username=user,
|
||||
password=location.key,
|
||||
project_name=tenant_name,
|
||||
user_domain_id=self.user_domain_id,
|
||||
user_domain_name=self.user_domain_name,
|
||||
project_domain_id=self.project_domain_id,
|
||||
project_domain_name=self.project_domain_name)
|
||||
sess = ks_session.Session(auth=password)
|
||||
password = ks_identity.V3Password(
|
||||
auth_url=auth_url,
|
||||
username=user,
|
||||
password=location.key,
|
||||
project_name=tenant_name,
|
||||
user_domain_id=self.user_domain_id,
|
||||
user_domain_name=self.user_domain_name,
|
||||
project_domain_id=self.project_domain_id,
|
||||
project_domain_name=self.project_domain_name)
|
||||
|
||||
sess = ks_session.Session(auth=password)
|
||||
return ks_client.Client(session=sess)
|
||||
|
||||
def get_manager(self, store_location, context=None, allow_reauth=False):
|
||||
|
|
@ -1303,10 +1304,10 @@ class MultiTenantStore(BaseStore):
|
|||
reason=reason)
|
||||
self.storage_url = self.conf_endpoint
|
||||
if not self.storage_url:
|
||||
sc = {'serviceCatalog': context.service_catalog}
|
||||
self.storage_url = keystone_sc.ServiceCatalogV2(sc).url_for(
|
||||
service_type=self.service_type, region_name=self.region,
|
||||
endpoint_type=self.endpoint_type)
|
||||
catalog = keystone_sc.ServiceCatalogV2(context.service_catalog)
|
||||
self.storage_url = catalog.url_for(service_type=self.service_type,
|
||||
region_name=self.region,
|
||||
interface=self.endpoint_type)
|
||||
|
||||
if self.storage_url.startswith('http://'):
|
||||
self.scheme = 'swift+http'
|
||||
|
|
@ -1402,9 +1403,9 @@ class MultiTenantStore(BaseStore):
|
|||
'project_domain_name')
|
||||
|
||||
# create client for multitenant user(trustor)
|
||||
trustor_auth = ks_v3.Token(auth_url=auth_address,
|
||||
token=context.auth_token,
|
||||
project_id=context.tenant)
|
||||
trustor_auth = ks_identity.V3Token(auth_url=auth_address,
|
||||
token=context.auth_token,
|
||||
project_id=context.tenant)
|
||||
trustor_sess = ks_session.Session(auth=trustor_auth)
|
||||
trustor_client = ks_client.Client(session=trustor_sess)
|
||||
auth_ref = trustor_client.session.auth.get_auth_ref(trustor_sess)
|
||||
|
|
@ -1412,14 +1413,15 @@ class MultiTenantStore(BaseStore):
|
|||
|
||||
# create client for trustee - glance user specified in swift config
|
||||
tenant_name, user = user.split(':')
|
||||
password = ks_v3.Password(auth_url=auth_address,
|
||||
username=user,
|
||||
password=key,
|
||||
project_name=tenant_name,
|
||||
user_domain_id=user_domain_id,
|
||||
user_domain_name=user_domain_name,
|
||||
project_domain_id=project_domain_id,
|
||||
project_domain_name=project_domain_name)
|
||||
password = ks_identity.V3Password(
|
||||
auth_url=auth_address,
|
||||
username=user,
|
||||
password=key,
|
||||
project_name=tenant_name,
|
||||
user_domain_id=user_domain_id,
|
||||
user_domain_name=user_domain_name,
|
||||
project_domain_id=project_domain_id,
|
||||
project_domain_name=project_domain_name)
|
||||
trustee_sess = ks_session.Session(auth=password)
|
||||
trustee_client = ks_client.Client(session=trustee_sess)
|
||||
|
||||
|
|
@ -1434,7 +1436,7 @@ class MultiTenantStore(BaseStore):
|
|||
).id
|
||||
# initialize a new client with trust and trustee credentials
|
||||
# create client for glance trustee user
|
||||
client_password = ks_v3.Password(
|
||||
client_password = ks_identity.V3Password(
|
||||
auth_url=auth_address,
|
||||
username=user,
|
||||
password=key,
|
||||
|
|
|
|||
|
|
@ -1124,11 +1124,13 @@ class SwiftTests(object):
|
|||
loc = mock.MagicMock()
|
||||
self.assertRaises(NotImplementedError, store.get_manager, loc)
|
||||
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_v3")
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_identity")
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_session")
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_client")
|
||||
def test_init_client_multi_tenant(self,
|
||||
mock_client, mock_session, mock_v3):
|
||||
mock_client,
|
||||
mock_session,
|
||||
mock_identity):
|
||||
"""Test that keystone client was initialized correctly"""
|
||||
# initialize store and connection parameters
|
||||
self.config(swift_store_multi_tenant=True)
|
||||
|
|
@ -1158,16 +1160,16 @@ class SwiftTests(object):
|
|||
ctxt = mock.MagicMock()
|
||||
client = store.init_client(location=mock.MagicMock(), context=ctxt)
|
||||
# test trustor usage
|
||||
mock_v3.Token.assert_called_once_with(
|
||||
mock_identity.V3Token.assert_called_once_with(
|
||||
auth_url=default_swift_reference.get('auth_address'),
|
||||
token=ctxt.auth_token,
|
||||
project_id=ctxt.tenant
|
||||
)
|
||||
mock_session.Session.assert_any_call(auth=mock_v3.Token())
|
||||
mock_session.Session.assert_any_call(auth=mock_identity.V3Token())
|
||||
mock_client.Client.assert_any_call(session=trustor_session)
|
||||
# test trustee usage and trust creation
|
||||
tenant_name, user = default_swift_reference.get('user').split(':')
|
||||
mock_v3.Password.assert_any_call(
|
||||
mock_identity.V3Password.assert_any_call(
|
||||
auth_url=default_swift_reference.get('auth_address'),
|
||||
username=user,
|
||||
password=default_swift_reference.get('key'),
|
||||
|
|
@ -1178,14 +1180,14 @@ class SwiftTests(object):
|
|||
project_domain_name=default_swift_reference.get(
|
||||
'project_domain_name')
|
||||
)
|
||||
mock_session.Session.assert_any_call(auth=mock_v3.Password())
|
||||
mock_session.Session.assert_any_call(auth=mock_identity.V3Password())
|
||||
mock_client.Client.assert_any_call(session=trustee_session)
|
||||
trustor_client.trusts.create.assert_called_once_with(
|
||||
trustee_user='fake_user', trustor_user=ctxt.user,
|
||||
project=ctxt.tenant, impersonation=True,
|
||||
role_names=['fake_role']
|
||||
)
|
||||
mock_v3.Password.assert_any_call(
|
||||
mock_identity.V3Password.assert_any_call(
|
||||
auth_url=default_swift_reference.get('auth_address'),
|
||||
username=user,
|
||||
password=default_swift_reference.get('key'),
|
||||
|
|
@ -1262,11 +1264,13 @@ class TestStoreAuthV3(TestStoreAuthV1):
|
|||
conf['swift_store_user'] = 'tenant:user1'
|
||||
return conf
|
||||
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_v3")
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_identity")
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_session")
|
||||
@mock.patch("glance_store._drivers.swift.store.ks_client")
|
||||
def test_init_client_single_tenant(self,
|
||||
mock_client, mock_session, mock_v3):
|
||||
mock_client,
|
||||
mock_session,
|
||||
mock_identity):
|
||||
"""Test that keystone client was initialized correctly"""
|
||||
# initialize client
|
||||
store = Store(self.conf)
|
||||
|
|
@ -1279,13 +1283,14 @@ class TestStoreAuthV3(TestStoreAuthV1):
|
|||
# check that keystone was initialized correctly
|
||||
tenant = None if store.auth_version == '1' else "tenant"
|
||||
username = "tenant:user1" if store.auth_version == '1' else "user1"
|
||||
mock_v3.Password.assert_called_once_with(
|
||||
mock_identity.V3Password.assert_called_once_with(
|
||||
auth_url=loc.store_location.swift_url + '/',
|
||||
username=username, password="key",
|
||||
project_name=tenant,
|
||||
project_domain_id='default', project_domain_name=None,
|
||||
user_domain_id='default', user_domain_name=None,)
|
||||
mock_session.Session.assert_called_once_with(auth=mock_v3.Password())
|
||||
mock_session.Session.assert_called_once_with(
|
||||
auth=mock_identity.V3Password())
|
||||
mock_client.Client.assert_called_once_with(
|
||||
session=mock_session.Session())
|
||||
|
||||
|
|
|
|||
|
|
@ -14,5 +14,6 @@ six>=1.9.0 # MIT
|
|||
debtcollector>=1.2.0 # Apache-2.0
|
||||
|
||||
jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
|
||||
keystoneauth1>=2.14.0 # Apache-2.0
|
||||
python-keystoneclient>=3.6.0 # Apache-2.0
|
||||
requests>=2.10.0 # Apache-2.0
|
||||
|
|
|
|||
Loading…
Reference in New Issue