openstack/glance_store
Code Issues Proposed changes

swift: Drop support for v1/v2 auth

Browse Source 
Identity v2 API was removed multiple cycles ago and no deployment can
use it now. Also support for v1 API was deprecated multiple cycles ago,
and swauth is no longer maintained so we don't expect any user may use
it nowadays.

Remove these deprecated old auth API versions and use the current
identity API version (v3) instead. Also deprecate the option to select
API version because now only the single version is supported.

Closes-Bug: #1947926
Related-Bug: #1323646
Related-Bug: #1480330
Change-Id: I0f502b29fd46dbb7cea2d677d94bcffa0cdcc52b
This commit is contained in:
Takashi Kajinami
2024-10-13 00:39:13 +09:00
parent aeb3fe04a4
commit d71ba189b9
7 changed files with 177 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
glance_store/_drivers/swift/connection_manager.py
View File

@@ -78,8 +78,8 @@ class SwiftConnectionManager(object):
# we are refreshing token only and if only connection manager
# re-authentication is allowed. Token refreshing is setup by
# connection manager users. Also we disable re-authentication
# if there is not way to execute it (cannot initialize trusts for
# multi-tenant or auth_version is not 3)
# if there is no way to execute it (cannot initialize trusts for
# multi-tenant)
auth_ref = self.client.session.auth.auth_ref
# if connection token is going to expire soon (keystone checks
# is token is going to expire or expired already)
@@ -153,29 +153,18 @@ class SingleTenantConnectionManager(SwiftConnectionManager):
if self.store.conf_endpoint:
return self.store.conf_endpoint
if self.store.auth_version == '3':
try:
return self.client.session.get_endpoint(
service_type=self.store.service_type,
interface=self.store.endpoint_type,
region_name=self.store.region
)
except Exception as e:
# do the same that swift driver does
# when catching ClientException
msg = _("Cannot find swift service endpoint : "
"%s") % encodeutils.exception_to_unicode(e)
raise exceptions.BackendException(msg)
def _init_connection(self):
if self.store.auth_version == '3':
return super(SingleTenantConnectionManager,
self)._init_connection()
else:
# no re-authentication for v1 and v2
self.allow_reauth = False
# use good old connection initialization
return self.store.get_connection(self.location, self.context)
try:
return self.client.session.get_endpoint(
service_type=self.store.service_type,
interface=self.store.endpoint_type,
region_name=self.store.region
)
except Exception as e:
# do the same that swift driver does
# when catching ClientException
msg = _("Cannot find swift service endpoint : "
"%s") % encodeutils.exception_to_unicode(e)
raise exceptions.BackendException(msg)
class MultiTenantConnectionManager(SwiftConnectionManager):

25
glance_store/_drivers/swift/store.py
View File

@@ -149,8 +149,6 @@ Endpoint Type of Swift service.
This string value indicates the endpoint type to use to fetch the
Swift endpoint. The endpoint type determines the actions the user will
be allowed to perform, for instance, reading and writing to the Store.
This setting is only used if swift_store_auth_version is greater than
1.
Possible values:
* publicURL
@@ -170,11 +168,6 @@ Provide a string value representing the service type to use for
storing images while using Swift backend storage. The default
service type is set to ``object-store``.
NOTE: If ``swift_store_auth_version`` is set to 2, the value for
this configuration option needs to be ``object-store``. If using
a higher version of Keystone or a different auth scheme, this
option may be modified.
Possible values:
* A string representing a valid service type for Swift storage.
@@ -1394,17 +1387,13 @@ class SingleTenantStore(BaseStore):
if not auth_url.endswith('/'):
auth_url += '/'
if self.auth_version in ('2', '3'):
try:
tenant_name, user = location.user.split(':')
except ValueError:
reason = (_("Badly formed tenant:user '%(user)s' in "
"Swift URI") % {'user': location.user})
LOG.info(reason)
raise exceptions.BadStoreUri(message=reason)
else:
tenant_name = None
user = location.user
try:
tenant_name, user = location.user.split(':')
except ValueError:
reason = (_("Badly formed tenant:user '%(user)s' in "
"Swift URI") % {'user': location.user})
LOG.info(reason)
raise exceptions.BadStoreUri(message=reason)
os_options = {}
if self.region:

21
glance_store/_drivers/swift/utils.py
View File

@@ -14,6 +14,7 @@
import configparser
import logging
import warnings
from oslo_config import cfg
@@ -40,14 +41,14 @@ Related options:
* None
"""),
cfg.StrOpt('swift_store_auth_version', default='2',
help='Version of the authentication service to use. '
'Valid versions are 2 and 3 for keystone and 1 '
'(deprecated) for swauth and rackspace.',
cfg.StrOpt('swift_store_auth_version', default='3',
choices=['3'],
help='The authentication version to be used. Currently '
'The only valid version is 3.',
deprecated_for_removal=True,
deprecated_reason="""
The option 'auth_version' in the Swift back-end configuration file is
used instead.
This option is kept for backword-compatibility reasons but is no longer
required, because only the single version (3) is supported now.
"""),
cfg.StrOpt('swift_store_auth_address',
help='The address where the Swift authentication '
@@ -209,6 +210,11 @@ class SwiftParams(object):
try:
reference['auth_version'] = CONFIG.get(ref, 'auth_version')
warnings.warn(
'The auth_version option is deprecated. It is kept '
'for backword-compatibility reasons but will be '
'removed in a future release.',
DeprecationWarning)
except configparser.NoOptionError:
if self.backend_group:
av = getattr(
@@ -218,6 +224,9 @@ class SwiftParams(object):
av = self.conf.glance_store.swift_store_auth_version
reference['auth_version'] = av
if reference['auth_version'] != '3':
raise ValueError('Unsupported auth_version')
account_params[ref] = reference
except (ValueError, SyntaxError, configparser.NoOptionError):
LOG.exception(_LE("Invalid format of swift store config cfg"))

3
glance_store/tests/unit/test_connection_manager.py
View File

@@ -42,8 +42,7 @@ class TestConnectionManager(base.StoreBaseTest):
service_type="swift",
endpoint_type="internal",
region=None,
conf=self.conf,
auth_version='3')
conf=self.conf)
store.backend_group = None
store.conf_endpoint = None

214
glance_store/tests/unit/test_swift_store.py
View File

@@ -70,9 +70,18 @@ class SwiftTests(object):
def mock_keystone_client(self):
# mock keystone client functions to avoid dependency errors
swift.ks_v3 = mock.MagicMock()
swift.ks_session = mock.MagicMock()
swift.ks_client = mock.MagicMock()
ks_identity_patcher = mock.patch(
'glance_store._drivers.swift.store.ks_identity')
self.mock_identity = ks_identity_patcher.start()
self.addCleanup(ks_identity_patcher.stop)
ks_session_patcher = mock.patch(
'glance_store._drivers.swift.store.ks_session')
self.mock_session = ks_session_patcher.start()
self.addCleanup(ks_session_patcher.stop)
ks_client_patcher = mock.patch(
'glance_store._drivers.swift.store.ks_client')
self.mock_client = ks_client_patcher.start()
self.addCleanup(ks_client_patcher.stop)
def stub_out_swiftclient(self, swift_store_auth_version):
fixture_containers = ['glance']
@@ -1309,11 +1318,7 @@ class SwiftTests(object):
swift_store_auth_insecure=True,
swift_store_config_file=None)
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def _init_client(self, mock_client, mock_session, mock_identity, verify,
**kwargs):
def _init_client(self, verify, **kwargs):
# initialize store and connection parameters
self.config(**kwargs)
store = Store(self.conf)
@@ -1334,25 +1339,27 @@ class SwiftTests(object):
trustor_client.trusts.create.return_value = mock.MagicMock(
id='fake_trust')
main_client = mock.MagicMock()
mock_session.Session.side_effect = [trustor_session, trustee_session,
main_session]
mock_client.Client.side_effect = [trustor_client, trustee_client,
main_client]
self.mock_session.Session.side_effect = [
trustor_session, trustee_session, main_session]
self.mock_client.Client.side_effect = [
trustor_client, trustee_client, main_client]
# initialize client
ctxt = mock.MagicMock()
client = store.init_client(location=mock.MagicMock(), context=ctxt)
# test trustor usage
mock_identity.V3Token.assert_called_once_with(
self.mock_identity.V3Token.assert_called_once_with(
auth_url=default_swift_reference.get('auth_address'),
token=ctxt.auth_token,
project_id=ctxt.project_id
)
mock_session.Session.assert_any_call(auth=mock_identity.V3Token(),
verify=verify)
mock_client.Client.assert_any_call(session=trustor_session)
self.mock_session.Session.assert_any_call(
auth=self.mock_identity.V3Token(),
verify=verify)
self.mock_client.Client.assert_any_call(session=trustor_session)
# test trustee usage and trust creation
tenant_name, user = default_swift_reference.get('user').split(':')
mock_identity.V3Password.assert_any_call(
self.mock_identity.V3Password.assert_any_call(
auth_url=default_swift_reference.get('auth_address'),
username=user,
password=default_swift_reference.get('key'),
@@ -1363,15 +1370,16 @@ class SwiftTests(object):
project_domain_name=default_swift_reference.get(
'project_domain_name')
)
mock_session.Session.assert_any_call(auth=mock_identity.V3Password(),
verify=verify)
mock_client.Client.assert_any_call(session=trustee_session)
self.mock_session.Session.assert_any_call(
auth=self.mock_identity.V3Password(),
verify=verify)
self.mock_client.Client.assert_any_call(session=trustee_session)
trustor_client.trusts.create.assert_called_once_with(
trustee_user='fake_user', trustor_user=ctxt.user_id,
project=ctxt.project_id, impersonation=True,
role_names=['fake_role']
)
mock_identity.V3Password.assert_any_call(
self.mock_identity.V3Password.assert_any_call(
auth_url=default_swift_reference.get('auth_address'),
username=user,
password=default_swift_reference.get('key'),
@@ -1382,31 +1390,30 @@ class SwiftTests(object):
project_domain_name=default_swift_reference.get(
'project_domain_name')
)
mock_client.Client.assert_any_call(session=main_session)
self.mock_client.Client.assert_any_call(session=main_session)
self.assertEqual(main_client, client)
class TestStoreAuthV1(base.StoreBaseTest, SwiftTests,
class TestStoreAuthV3(base.StoreBaseTest, SwiftTests,
test_store_capabilities.TestStoreCapabilitiesChecking):
_CONF = cfg.CONF
def getConfig(self):
conf = SWIFT_CONF.copy()
conf['swift_store_auth_version'] = '1'
conf['swift_store_user'] = 'tenant:user1'
return conf
def setUp(self):
"""Establish a clean test environment."""
super(TestStoreAuthV1, self).setUp()
super(TestStoreAuthV3, self).setUp()
conf = self.getConfig()
conf_file = 'glance-swift.conf'
self.swift_config_file = self.copy_data_file(conf_file, self.test_dir)
conf.update({'swift_store_config_file': self.swift_config_file})
self.stub_out_swiftclient(conf['swift_store_auth_version'])
self.stub_out_swiftclient('3')
self.mock_keystone_client()
self.store = Store(self.conf)
self.config(**conf)
@@ -1414,45 +1421,7 @@ class TestStoreAuthV1(base.StoreBaseTest, SwiftTests,
self.register_store_schemes(self.store, 'swift')
self.addCleanup(self.conf.reset)
class TestStoreAuthV2(TestStoreAuthV1):
def getConfig(self):
conf = super(TestStoreAuthV2, self).getConfig()
conf['swift_store_auth_version'] = '2'
conf['swift_store_user'] = 'tenant:user1'
return conf
def test_v2_with_no_tenant(self):
uri = "swift://failme:key@auth_address/glance/%s" % (FAKE_UUID)
loc = location.get_location_from_uri(uri, conf=self.conf)
self.assertRaises(exceptions.BadStoreUri,
self.store.get,
loc)
def test_v2_multi_tenant_location(self):
conf = self.getConfig()
conf['swift_store_multi_tenant'] = True
uri = "swift://auth_address/glance/%s" % (FAKE_UUID)
loc = location.get_location_from_uri(uri, conf=self.conf)
self.assertEqual('swift', loc.store_name)
class TestStoreAuthV3(TestStoreAuthV1):
def getConfig(self):
conf = super(TestStoreAuthV3, self).getConfig()
conf['swift_store_auth_version'] = '3'
conf['swift_store_user'] = 'tenant:user1'
return conf
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def test_init_client_single_tenant(self,
mock_client,
mock_session,
mock_identity):
def test_init_client_single_tenant(self):
"""Test that keystone client was initialized correctly"""
# initialize client
store = Store(self.conf)
@@ -1462,24 +1431,18 @@ class TestStoreAuthV3(TestStoreAuthV1):
loc = location.get_location_from_uri(uri, conf=self.conf)
ctxt = mock.MagicMock()
store.init_client(location=loc.store_location, context=ctxt)
mock_identity.V3Password.assert_called_once_with(
self.mock_identity.V3Password.assert_called_once_with(
auth_url=loc.store_location.swift_url + '/',
username="user1", password="key",
project_name="tenant",
project_domain_id='default', project_domain_name=None,
user_domain_id='default', user_domain_name=None,)
mock_session.Session.assert_called_once_with(
auth=mock_identity.V3Password(), verify=True)
mock_client.Client.assert_called_once_with(
session=mock_session.Session())
self.mock_session.Session.assert_called_once_with(
auth=self.mock_identity.V3Password(), verify=True)
self.mock_client.Client.assert_called_once_with(
session=self.mock_session.Session())
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def test_init_client_single_tenant_with_domain_ids(self,
mock_client,
mock_session,
mock_identity):
def test_init_client_single_tenant_with_domain_ids(self):
"""Test that keystone client was initialized correctly"""
# initialize client
conf = self.getConfig()
@@ -1492,24 +1455,18 @@ class TestStoreAuthV3(TestStoreAuthV1):
loc = location.get_location_from_uri(uri, conf=self.conf)
ctxt = mock.MagicMock()
store.init_client(location=loc.store_location, context=ctxt)
mock_identity.V3Password.assert_called_once_with(
self.mock_identity.V3Password.assert_called_once_with(
auth_url=loc.store_location.swift_url + '/',
username="user1", password="key",
project_name="tenant",
project_domain_id='projdomainid', project_domain_name=None,
user_domain_id='userdomainid', user_domain_name=None,)
mock_session.Session.assert_called_once_with(
auth=mock_identity.V3Password(), verify=True)
mock_client.Client.assert_called_once_with(
session=mock_session.Session())
self.mock_session.Session.assert_called_once_with(
auth=self.mock_identity.V3Password(), verify=True)
self.mock_client.Client.assert_called_once_with(
session=self.mock_session.Session())
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def test_init_client_single_tenant_with_domain_names(self,
mock_client,
mock_session,
mock_identity):
def test_init_client_single_tenant_with_domain_names(self):
"""Test that keystone client was initialized correctly"""
# initialize client
conf = self.getConfig()
@@ -1522,16 +1479,16 @@ class TestStoreAuthV3(TestStoreAuthV1):
loc = location.get_location_from_uri(uri, conf=self.conf)
ctxt = mock.MagicMock()
store.init_client(location=loc.store_location, context=ctxt)
mock_identity.V3Password.assert_called_once_with(
self.mock_identity.V3Password.assert_called_once_with(
auth_url=loc.store_location.swift_url + '/',
username="user1", password="key",
project_name="tenant",
project_domain_id=None, project_domain_name='projdomain',
user_domain_id=None, user_domain_name='userdomain',)
mock_session.Session.assert_called_once_with(
auth=mock_identity.V3Password(), verify=True)
mock_client.Client.assert_called_once_with(
session=mock_session.Session())
self.mock_session.Session.assert_called_once_with(
auth=self.mock_identity.V3Password(), verify=True)
self.mock_client.Client.assert_called_once_with(
session=self.mock_session.Session())
class FakeConnection(object):
@@ -1564,7 +1521,7 @@ class TestSingleTenantStoreConnections(base.StoreBaseTest):
self.store = swift.SingleTenantStore(self.conf)
self.store.configure()
specs = {'scheme': 'swift',
'auth_or_store_url': 'example.com/v2/',
'auth_or_store_url': 'example.com/v3/',
'user': 'tenant:user1',
'key': 'key1',
'container': 'cont',
@@ -1572,79 +1529,32 @@ class TestSingleTenantStoreConnections(base.StoreBaseTest):
self.location = swift.StoreLocation(specs, self.conf)
self.addCleanup(self.conf.reset)
def test_basic_connection(self):
connection = self.store.get_connection(self.location)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('2', connection.auth_version)
self.assertEqual('user1', connection.user)
self.assertEqual('tenant', connection.tenant_name)
self.assertEqual('key1', connection.key)
self.assertIsNone(connection.preauthurl)
self.assertFalse(connection.insecure)
self.assertEqual({'service_type': 'object-store',
'endpoint_type': 'publicURL'},
connection.os_options)
def test_connection_with_conf_endpoint(self):
ctx = mock.MagicMock(user='tenant:user1', tenant='tenant')
self.config(swift_store_endpoint='https://internal.com')
self.store.configure()
connection = self.store.get_connection(self.location, context=ctx)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('2', connection.auth_version)
self.assertEqual('user1', connection.user)
self.assertEqual('tenant', connection.tenant_name)
self.assertEqual('key1', connection.key)
self.assertEqual('https://internal.com', connection.preauthurl)
self.assertFalse(connection.insecure)
self.assertEqual({'service_type': 'object-store',
'endpoint_type': 'publicURL'},
connection.os_options)
def test_connection_with_conf_endpoint_no_context(self):
self.config(swift_store_endpoint='https://internal.com')
self.store.configure()
connection = self.store.get_connection(self.location)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('2', connection.auth_version)
self.assertEqual('user1', connection.user)
self.assertEqual('tenant', connection.tenant_name)
self.assertEqual('key1', connection.key)
self.assertEqual('https://internal.com', connection.preauthurl)
self.assertFalse(connection.insecure)
self.assertEqual({'service_type': 'object-store',
'endpoint_type': 'publicURL'},
connection.os_options)
@mock.patch("keystoneauth1.session.Session.get_endpoint")
@mock.patch("keystoneauth1.session.Session.get_auth_headers",
new=mock.Mock())
def _test_connection_manager_authv3_conf_endpoint(
self, mock_ep, expected_endpoint="https://from-catalog.com"):
self.config(swift_store_auth_version='3')
mock_ep.return_value = "https://from-catalog.com"
ctx = mock.MagicMock()
self.store.configure()
connection_manager = manager.SingleTenantConnectionManager(
store=self.store,
store_location=self.location,
context=ctx
)
conn = connection_manager._init_connection()
self.assertEqual(expected_endpoint, conn.preauthurl)
def test_connection_manager_authv3_without_conf_endpoint(self):
def test_connection_manager_without_conf_endpoint(self):
self._test_connection_manager_authv3_conf_endpoint()
def test_connection_manager_authv3_with_conf_endpoint(self):
def test_connection_manager_with_conf_endpoint(self):
self.config(swift_store_endpoint='http://localhost')
self._test_connection_manager_authv3_conf_endpoint(
expected_endpoint='http://localhost')
def test_connection_with_no_trailing_slash(self):
self.location.auth_or_store_url = 'example.com/v2'
self.location.auth_or_store_url = 'example.com/v3'
connection = self.store.get_connection(self.location)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('https://example.com/v3/', connection.authurl)
def test_connection_insecure(self):
self.config(swift_store_auth_insecure=True)
@@ -1652,15 +1562,6 @@ class TestSingleTenantStoreConnections(base.StoreBaseTest):
connection = self.store.get_connection(self.location)
self.assertTrue(connection.insecure)
def test_connection_with_auth_v1(self):
self.config(swift_store_auth_version='1')
self.store.configure()
self.location.user = 'auth_v1_user'
connection = self.store.get_connection(self.location)
self.assertEqual('1', connection.auth_version)
self.assertEqual('auth_v1_user', connection.user)
self.assertIsNone(connection.tenant_name)
def test_connection_invalid_user(self):
self.store.configure()
self.location.user = 'invalid:format:user'
@@ -1720,8 +1621,7 @@ class TestSingleTenantStoreConnections(base.StoreBaseTest):
self.location.uri)
def test_ref_overrides_defaults(self):
self.config(swift_store_auth_version='2',
swift_store_user='testuser',
self.config(swift_store_user='testuser',
swift_store_key='testpass',
swift_store_auth_address='testaddress',
swift_store_endpoint_type='internalURL',

225
glance_store/tests/unit/test_swift_store_multibackend.py
View File

@@ -66,9 +66,18 @@ class SwiftTests(object):
def mock_keystone_client(self):
# mock keystone client functions to avoid dependency errors
swift.ks_v3 = mock.MagicMock()
swift.ks_session = mock.MagicMock()
swift.ks_client = mock.MagicMock()
ks_identity_patcher = mock.patch(
'glance_store._drivers.swift.store.ks_identity')
self.mock_identity = ks_identity_patcher.start()
self.addCleanup(ks_identity_patcher.stop)
ks_session_patcher = mock.patch(
'glance_store._drivers.swift.store.ks_session')
self.mock_session = ks_session_patcher.start()
self.addCleanup(ks_session_patcher.stop)
ks_client_patcher = mock.patch(
'glance_store._drivers.swift.store.ks_client')
self.mock_client = ks_client_patcher.start()
self.addCleanup(ks_client_patcher.stop)
def stub_out_swiftclient(self, swift_store_auth_version):
fixture_containers = ['glance']
@@ -1279,11 +1288,7 @@ class SwiftTests(object):
swift_store_auth_insecure=True,
swift_store_config_file=None)
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def _init_client(self, mock_client, mock_session, mock_identity, verify,
**kwargs):
def _init_client(self, verify, **kwargs):
# initialize store and connection parameters
self.config(group="swift1", **kwargs)
store = Store(self.conf, backend="swift1")
@@ -1304,25 +1309,26 @@ class SwiftTests(object):
trustor_client.trusts.create.return_value = mock.MagicMock(
id='fake_trust')
main_client = mock.MagicMock()
mock_session.Session.side_effect = [trustor_session, trustee_session,
main_session]
mock_client.Client.side_effect = [trustor_client, trustee_client,
main_client]
self.mock_session.Session.side_effect = [
trustor_session, trustee_session, main_session]
self.mock_client.Client.side_effect = [
trustor_client, trustee_client, main_client]
# initialize client
ctxt = mock.MagicMock()
client = store.init_client(location=mock.MagicMock(), context=ctxt)
# test trustor usage
mock_identity.V3Token.assert_called_once_with(
self.mock_identity.V3Token.assert_called_once_with(
auth_url=default_swift_reference.get('auth_address'),
token=ctxt.auth_token,
project_id=ctxt.project_id
)
mock_session.Session.assert_any_call(auth=mock_identity.V3Token(),
verify=verify)
mock_client.Client.assert_any_call(session=trustor_session)
self.mock_session.Session.assert_any_call(
auth=self.mock_identity.V3Token(),
verify=verify)
self.mock_client.Client.assert_any_call(session=trustor_session)
# test trustee usage and trust creation
tenant_name, user = default_swift_reference.get('user').split(':')
mock_identity.V3Password.assert_any_call(
self.mock_identity.V3Password.assert_any_call(
auth_url=default_swift_reference.get('auth_address'),
username=user,
password=default_swift_reference.get('key'),
@@ -1333,15 +1339,16 @@ class SwiftTests(object):
project_domain_name=default_swift_reference.get(
'project_domain_name')
)
mock_session.Session.assert_any_call(auth=mock_identity.V3Password(),
verify=verify)
mock_client.Client.assert_any_call(session=trustee_session)
self.mock_session.Session.assert_any_call(
auth=self.mock_identity.V3Password(),
verify=verify)
self.mock_client.Client.assert_any_call(session=trustee_session)
trustor_client.trusts.create.assert_called_once_with(
trustee_user='fake_user', trustor_user=ctxt.user_id,
project=ctxt.project_id, impersonation=True,
role_names=['fake_role']
)
mock_identity.V3Password.assert_any_call(
self.mock_identity.V3Password.assert_any_call(
auth_url=default_swift_reference.get('auth_address'),
username=user,
password=default_swift_reference.get('key'),
@@ -1352,11 +1359,11 @@ class SwiftTests(object):
project_domain_name=default_swift_reference.get(
'project_domain_name')
)
mock_client.Client.assert_any_call(session=main_session)
self.mock_client.Client.assert_any_call(session=main_session)
self.assertEqual(main_client, client)
class TestStoreAuthV1(base.MultiStoreBaseTest, SwiftTests,
class TestStoreAuthV3(base.MultiStoreBaseTest, SwiftTests,
test_store_capabilities.TestStoreCapabilitiesChecking):
# NOTE(flaper87): temporary until we
@@ -1366,13 +1373,13 @@ class TestStoreAuthV1(base.MultiStoreBaseTest, SwiftTests,
def getConfig(self):
conf = SWIFT_CONF.copy()
conf['swift_store_auth_version'] = '1'
conf['swift_store_auth_version'] = '3'
conf['swift_store_user'] = 'tenant:user1'
return conf
def setUp(self):
"""Establish a clean test environment."""
super(TestStoreAuthV1, self).setUp()
super(TestStoreAuthV3, self).setUp()
enabled_backends = {
"swift1": "swift",
"swift2": "swift",
@@ -1407,48 +1414,7 @@ class TestStoreAuthV1(base.MultiStoreBaseTest, SwiftTests,
self.register_store_backend_schemes(self.store, 'swift', 'swift1')
self.addCleanup(self.conf.reset)
class TestStoreAuthV2(TestStoreAuthV1):
def getConfig(self):
config = super(TestStoreAuthV2, self).getConfig()
config['swift_store_auth_version'] = '2'
config['swift_store_user'] = 'tenant:user1'
return config
def test_v2_with_no_tenant(self):
uri = "swift://failme:key@auth_address/glance/%s" % (FAKE_UUID)
loc = location.get_location_from_uri_and_backend(
uri, "swift1", conf=self.conf)
self.assertRaises(exceptions.BadStoreUri,
self.store.get,
loc)
def test_v2_multi_tenant_location(self):
config = self.getConfig()
config['swift_store_multi_tenant'] = True
self.config(group="swift1", **config)
uri = "swift://auth_address/glance/%s" % (FAKE_UUID)
loc = location.get_location_from_uri_and_backend(
uri, "swift1", conf=self.conf)
self.assertEqual('swift', loc.store_name)
class TestStoreAuthV3(TestStoreAuthV1):
def getConfig(self):
config = super(TestStoreAuthV3, self).getConfig()
config['swift_store_auth_version'] = '3'
config['swift_store_user'] = 'tenant:user1'
return config
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def test_init_client_single_tenant(self,
mock_client,
mock_session,
mock_identity):
def test_init_client_single_tenant(self):
"""Test that keystone client was initialized correctly"""
# initialize client
store = Store(self.conf, backend="swift1")
@@ -1459,24 +1425,18 @@ class TestStoreAuthV3(TestStoreAuthV1):
uri, "swift1", conf=self.conf)
ctxt = mock.MagicMock()
store.init_client(location=loc.store_location, context=ctxt)
mock_identity.V3Password.assert_called_once_with(
self.mock_identity.V3Password.assert_called_once_with(
auth_url=loc.store_location.swift_url + '/',
username="user1", password="key",
project_name="tenant",
project_domain_id='default', project_domain_name=None,
user_domain_id='default', user_domain_name=None,)
mock_session.Session.assert_called_once_with(
auth=mock_identity.V3Password(), verify=True)
mock_client.Client.assert_called_once_with(
session=mock_session.Session())
self.mock_session.Session.assert_called_once_with(
auth=self.mock_identity.V3Password(), verify=True)
self.mock_client.Client.assert_called_once_with(
session=self.mock_session.Session())
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def test_init_client_single_tenant_with_domain_ids(self,
mock_client,
mock_session,
mock_identity):
def test_init_client_single_tenant_with_domain_ids(self):
"""Test that keystone client was initialized correctly"""
conf = self.getConfig()
conf['default_swift_reference'] = 'ref4'
@@ -1489,24 +1449,18 @@ class TestStoreAuthV3(TestStoreAuthV1):
uri, "swift1", conf=self.conf)
ctxt = mock.MagicMock()
store.init_client(location=loc.store_location, context=ctxt)
mock_identity.V3Password.assert_called_once_with(
self.mock_identity.V3Password.assert_called_once_with(
auth_url=loc.store_location.swift_url + '/',
username="user1", password="key",
project_name="tenant",
project_domain_id='projdomainid', project_domain_name=None,
user_domain_id='userdomainid', user_domain_name=None)
mock_session.Session.assert_called_once_with(
auth=mock_identity.V3Password(), verify=True)
mock_client.Client.assert_called_once_with(
session=mock_session.Session())
self.mock_session.Session.assert_called_once_with(
auth=self.mock_identity.V3Password(), verify=True)
self.mock_client.Client.assert_called_once_with(
session=self.mock_session.Session())
@mock.patch("glance_store._drivers.swift.store.ks_identity")
@mock.patch("glance_store._drivers.swift.store.ks_session")
@mock.patch("glance_store._drivers.swift.store.ks_client")
def test_init_client_single_tenant_with_domain_names(self,
mock_client,
mock_session,
mock_identity):
def test_init_client_single_tenant_with_domain_names(self):
"""Test that keystone client was initialized correctly"""
conf = self.getConfig()
conf['default_swift_reference'] = 'ref5'
@@ -1519,16 +1473,16 @@ class TestStoreAuthV3(TestStoreAuthV1):
uri, "swift1", conf=self.conf)
ctxt = mock.MagicMock()
store.init_client(location=loc.store_location, context=ctxt)
mock_identity.V3Password.assert_called_once_with(
self.mock_identity.V3Password.assert_called_once_with(
auth_url=loc.store_location.swift_url + '/',
username="user1", password="key",
project_name="tenant",
project_domain_id=None, project_domain_name='projdomain',
user_domain_id=None, user_domain_name='userdomain')
mock_session.Session.assert_called_once_with(
auth=mock_identity.V3Password(), verify=True)
mock_client.Client.assert_called_once_with(
session=mock_session.Session())
self.mock_session.Session.assert_called_once_with(
auth=self.mock_identity.V3Password(), verify=True)
self.mock_client.Client.assert_called_once_with(
session=self.mock_session.Session())
class FakeConnection(object):
@@ -1584,7 +1538,7 @@ class TestSingleTenantStoreConnections(base.MultiStoreBaseTest):
self.store = swift.SingleTenantStore(self.conf, backend="swift1")
self.store.configure()
specs = {'scheme': 'swift',
'auth_or_store_url': 'example.com/v2/',
'auth_or_store_url': 'example.com/v3/',
'user': 'tenant:user1',
'key': 'key1',
'container': 'cont',
@@ -1595,56 +1549,32 @@ class TestSingleTenantStoreConnections(base.MultiStoreBaseTest):
self.register_store_backend_schemes(self.store, 'swift', 'swift1')
self.addCleanup(self.conf.reset)
def test_basic_connection(self):
connection = self.store.get_connection(self.location)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('2', connection.auth_version)
self.assertEqual('user1', connection.user)
self.assertEqual('tenant', connection.tenant_name)
self.assertEqual('key1', connection.key)
self.assertIsNone(connection.preauthurl)
self.assertFalse(connection.insecure)
self.assertEqual({'service_type': 'object-store',
'endpoint_type': 'publicURL'},
connection.os_options)
def test_connection_with_conf_endpoint(self):
ctx = mock.MagicMock(user='tenant:user1', tenant='tenant')
self.config(group="swift1",
swift_store_endpoint='https://internal.com')
@mock.patch("keystoneauth1.session.Session.get_endpoint")
@mock.patch("keystoneauth1.session.Session.get_auth_headers",
new=mock.Mock())
def _test_connection_manager_authv3_conf_endpoint(
self, mock_ep, expected_endpoint="https://from-catalog.com"):
mock_ep.return_value = "https://from-catalog.com"
self.store.configure()
connection = self.store.get_connection(self.location, context=ctx)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('2', connection.auth_version)
self.assertEqual('user1', connection.user)
self.assertEqual('tenant', connection.tenant_name)
self.assertEqual('key1', connection.key)
self.assertEqual('https://internal.com', connection.preauthurl)
self.assertFalse(connection.insecure)
self.assertEqual({'service_type': 'object-store',
'endpoint_type': 'publicURL'},
connection.os_options)
connection_manager = manager.SingleTenantConnectionManager(
store=self.store,
store_location=self.location,
)
conn = connection_manager._init_connection()
self.assertEqual(expected_endpoint, conn.preauthurl)
def test_connection_with_conf_endpoint_no_context(self):
self.config(group="swift1",
swift_store_endpoint='https://internal.com')
self.store.configure()
connection = self.store.get_connection(self.location)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('2', connection.auth_version)
self.assertEqual('user1', connection.user)
self.assertEqual('tenant', connection.tenant_name)
self.assertEqual('key1', connection.key)
self.assertEqual('https://internal.com', connection.preauthurl)
self.assertFalse(connection.insecure)
self.assertEqual({'service_type': 'object-store',
'endpoint_type': 'publicURL'},
connection.os_options)
def test_connection_manager_without_conf_endpoint(self):
self._test_connection_manager_authv3_conf_endpoint()
def test_connection_manager_with_conf_endpoint(self):
self.config(group="swift1", swift_store_endpoint='http://localhost')
self._test_connection_manager_authv3_conf_endpoint(
expected_endpoint='http://localhost')
def test_connection_with_no_trailing_slash(self):
self.location.auth_or_store_url = 'example.com/v2'
self.location.auth_or_store_url = 'example.com/v3'
connection = self.store.get_connection(self.location)
self.assertEqual('https://example.com/v2/', connection.authurl)
self.assertEqual('https://example.com/v3/', connection.authurl)
def test_connection_insecure(self):
self.config(group="swift1", swift_store_auth_insecure=True)
@@ -1652,15 +1582,6 @@ class TestSingleTenantStoreConnections(base.MultiStoreBaseTest):
connection = self.store.get_connection(self.location)
self.assertTrue(connection.insecure)
def test_connection_with_auth_v1(self):
self.config(group="swift1", swift_store_auth_version='1')
self.store.configure()
self.location.user = 'auth_v1_user'
connection = self.store.get_connection(self.location)
self.assertEqual('1', connection.auth_version)
self.assertEqual('auth_v1_user', connection.user)
self.assertIsNone(connection.tenant_name)
def test_connection_invalid_user(self):
self.store.configure()
self.location.user = 'invalid:format:user'
@@ -1720,7 +1641,7 @@ class TestSingleTenantStoreConnections(base.MultiStoreBaseTest):
self.location.uri)
def test_ref_overrides_defaults(self):
self.config(group="swift1", swift_store_auth_version='2',
self.config(group="swift1",
swift_store_user='testuser',
swift_store_key='testpass',
swift_store_auth_address='testaddress',

10
releasenotes/notes/swift-remove-auth-version-v1-and-v2-d2372f9feea42f2c.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
upgrade:
- |
Swift store driver no longer supports auth_version less than 3. Now
the driver uses identity v3 API by default.
deprecations:
- |
The ``auth_version`` option of the swift back-end configrations file
has been deprecated and will be removed in a future release.