Don't invlidate auth/client plugins for token expiry
As we're using trusts_auth_plugin from the beginning when 'reauth_authentication method=trusts', keystone would take care of the token expiry and we don't need to take care of it explicitly. Change-Id: I781cb53e212b7bece8fc3759a5dfdd565e35221d
This commit is contained in:
parent
e7999a9c5d
commit
2f57206a57
|
@ -109,10 +109,6 @@ engine_opts = [
|
|||
help=_('Allow reauthentication on token expiry, such that'
|
||||
' long-running tasks may complete. Note this defeats'
|
||||
' the expiry of any provided user tokens.')),
|
||||
cfg.IntOpt('stale_token_duration',
|
||||
default=30,
|
||||
help=_('Gap, in seconds, to determine whether the given token '
|
||||
'is about to expire.'),),
|
||||
cfg.ListOpt('trusts_delegated_roles',
|
||||
default=[],
|
||||
help=_('Subset of trustor roles to be delegated to heat.'
|
||||
|
|
|
@ -145,10 +145,8 @@ class RequestContext(context.RequestContext):
|
|||
|
||||
@property
|
||||
def keystone_session(self):
|
||||
if self.auth_needs_refresh():
|
||||
self.reload_auth_plugin()
|
||||
self.clients.invalidate_plugins()
|
||||
self._keystone_session.auth = self.auth_plugin
|
||||
if not self._keystone_session.auth:
|
||||
self._keystone_session.auth = self.auth_plugin
|
||||
return self._keystone_session
|
||||
|
||||
@property
|
||||
|
@ -157,12 +155,6 @@ class RequestContext(context.RequestContext):
|
|||
self._clients = clients.Clients(self)
|
||||
return self._clients
|
||||
|
||||
def auth_needs_refresh(self):
|
||||
auth_ref = self.auth_plugin.get_auth_ref(self._keystone_session)
|
||||
return (cfg.CONF.reauthentication_auth_method == 'trusts'
|
||||
and auth_ref.will_expire_soon(
|
||||
cfg.CONF.stale_token_duration))
|
||||
|
||||
def to_dict(self):
|
||||
user_idt = '{user} {tenant}'.format(user=self.user_id or '-',
|
||||
tenant=self.tenant_id or '-')
|
||||
|
|
|
@ -51,11 +51,6 @@ class OpenStackClients(object):
|
|||
assert ctxt is not None, "Need a reference to the context"
|
||||
return ctxt
|
||||
|
||||
def invalidate_plugins(self):
|
||||
"""Used to force plugins to clear any cached client."""
|
||||
for name in self._client_plugins:
|
||||
self._client_plugins[name].invalidate()
|
||||
|
||||
def client_plugin(self, name):
|
||||
global _mgr
|
||||
if name in self._client_plugins:
|
||||
|
|
|
@ -48,7 +48,7 @@ class ClientPlugin(object):
|
|||
def __init__(self, context):
|
||||
self._context = weakref.ref(context)
|
||||
self._clients = weakref.ref(context.clients)
|
||||
self.invalidate()
|
||||
self._client_instances = {}
|
||||
|
||||
@property
|
||||
def context(self):
|
||||
|
@ -62,16 +62,11 @@ class ClientPlugin(object):
|
|||
|
||||
_get_client_option = staticmethod(config.get_client_option)
|
||||
|
||||
def invalidate(self):
|
||||
"""Invalidate/clear any cached client."""
|
||||
self._client_instances = {}
|
||||
|
||||
def client(self, version=None):
|
||||
if not version:
|
||||
version = self.default_version
|
||||
|
||||
if (version in self._client_instances
|
||||
and not self.context.auth_needs_refresh()):
|
||||
if version in self._client_instances:
|
||||
return self._client_instances[version]
|
||||
|
||||
# Back-ward compatibility
|
||||
|
|
|
@ -37,7 +37,6 @@ from heat.engine.clients import client_plugin
|
|||
from heat.tests import common
|
||||
from heat.tests import fakes
|
||||
from heat.tests.openstack.nova import fakes as fakes_nova
|
||||
from heat.tests import utils
|
||||
|
||||
|
||||
class ClientsTest(common.HeatTestCase):
|
||||
|
@ -296,42 +295,6 @@ class ClientPluginTest(common.HeatTestCase):
|
|||
|
||||
self.assertRaises(TypeError, client_plugin.ClientPlugin, c)
|
||||
|
||||
def test_create_client_on_token_expiration(self):
|
||||
cfg.CONF.set_override('reauthentication_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
con = utils.dummy_context()
|
||||
auth_ref = mock.Mock()
|
||||
self.patchobject(con.auth_plugin, 'get_auth_ref',
|
||||
return_value=auth_ref)
|
||||
auth_ref.will_expire_soon.return_value = False
|
||||
plugin = FooClientsPlugin(con)
|
||||
plugin._create = mock.Mock()
|
||||
plugin.client()
|
||||
self.assertEqual(1, plugin._create.call_count)
|
||||
plugin.client()
|
||||
self.assertEqual(1, plugin._create.call_count)
|
||||
auth_ref.will_expire_soon.return_value = True
|
||||
plugin.client()
|
||||
self.assertEqual(2, plugin._create.call_count)
|
||||
|
||||
def test_create_client_on_invalidate(self):
|
||||
cfg.CONF.set_override('reauthentication_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
con = utils.dummy_context()
|
||||
auth_ref = mock.Mock()
|
||||
self.patchobject(con.auth_plugin, 'get_auth_ref',
|
||||
return_value=auth_ref)
|
||||
auth_ref.will_expire_soon.return_value = False
|
||||
plugin = FooClientsPlugin(con)
|
||||
plugin._create = mock.Mock()
|
||||
plugin.client()
|
||||
self.assertEqual(1, plugin._create.call_count)
|
||||
plugin.client()
|
||||
self.assertEqual(1, plugin._create.call_count)
|
||||
plugin.invalidate()
|
||||
plugin.client()
|
||||
self.assertEqual(2, plugin._create.call_count)
|
||||
|
||||
|
||||
class TestClientPluginsInitialise(common.HeatTestCase):
|
||||
|
||||
|
@ -367,20 +330,6 @@ class TestClientPluginsInitialise(common.HeatTestCase):
|
|||
self.assertGreaterEqual(len(plugin.service_types), 1,
|
||||
'service_types is not defined for plugin')
|
||||
|
||||
@mock.patch.object(client_plugin.ClientPlugin, 'invalidate')
|
||||
def test_invalidate_all_clients(self, mock_invalidate):
|
||||
plugin_types = clients._mgr.names()
|
||||
con = mock.Mock()
|
||||
c = clients.Clients(con)
|
||||
con.clients = c
|
||||
for plugin_name in plugin_types:
|
||||
plugin = c.client_plugin(plugin_name)
|
||||
self.assertIsNotNone(plugin)
|
||||
c.invalidate_plugins()
|
||||
# while client plugin is initialized and while client is invoked
|
||||
# its being invalidated, so the count will be doubled
|
||||
self.assertEqual(len(plugin_types) * 2, mock_invalidate.call_count)
|
||||
|
||||
|
||||
class TestIsNotFound(common.HeatTestCase):
|
||||
|
||||
|
|
|
@ -107,7 +107,6 @@ class KeystoneClientTest(common.HeatTestCase):
|
|||
mock_auth_ref = self.m.CreateMockAnything()
|
||||
mock_ks_auth = self.m.CreateMockAnything()
|
||||
|
||||
self.patchobject(mock_ks_auth, 'get_auth_ref')
|
||||
if method == 'token':
|
||||
p = ks_token_endpoint.Token(token='abcd1234',
|
||||
endpoint='http://server.test:5000/v3')
|
||||
|
|
Loading…
Reference in New Issue