openstack
/
heat
Code Issues Proposed changes

Don't invlidate auth/client plugins for token expiry 

As we're using trusts_auth_plugin from the beginning when
'reauth_authentication method=trusts', keystone would
take care of the token expiry and we don't need to take
care of it explicitly.

Change-Id: I781cb53e212b7bece8fc3759a5dfdd565e35221d
This commit is contained in:
rabi 2017-02-15 11:15:16 +05:30 committed by Rabi Mishra
parent e7999a9c5d
commit 2f57206a57
6 changed files with 4 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
heat/common/config.py
View File

@ -109,10 +109,6 @@ engine_opts = [
help=_('Allow reauthentication on token expiry, such that'
' long-running tasks may complete. Note this defeats'
' the expiry of any provided user tokens.')),
cfg.IntOpt('stale_token_duration',
default=30,
help=_('Gap, in seconds, to determine whether the given token '
'is about to expire.'),),
cfg.ListOpt('trusts_delegated_roles',
default=[],
help=_('Subset of trustor roles to be delegated to heat.'

12
heat/common/context.py
View File

@ -145,10 +145,8 @@ class RequestContext(context.RequestContext):
@property
def keystone_session(self):
if self.auth_needs_refresh():
self.reload_auth_plugin()
self.clients.invalidate_plugins()
self._keystone_session.auth = self.auth_plugin
if not self._keystone_session.auth:
self._keystone_session.auth = self.auth_plugin
return self._keystone_session
@property
@ -157,12 +155,6 @@ class RequestContext(context.RequestContext):
self._clients = clients.Clients(self)
return self._clients
def auth_needs_refresh(self):
auth_ref = self.auth_plugin.get_auth_ref(self._keystone_session)
return (cfg.CONF.reauthentication_auth_method == 'trusts'
and auth_ref.will_expire_soon(
cfg.CONF.stale_token_duration))
def to_dict(self):
user_idt = '{user} {tenant}'.format(user=self.user_id or '-',
tenant=self.tenant_id or '-')

5
heat/engine/clients/__init__.py
View File

@ -51,11 +51,6 @@ class OpenStackClients(object):
assert ctxt is not None, "Need a reference to the context"
return ctxt
def invalidate_plugins(self):
"""Used to force plugins to clear any cached client."""
for name in self._client_plugins:
self._client_plugins[name].invalidate()
def client_plugin(self, name):
global _mgr
if name in self._client_plugins:

9
heat/engine/clients/client_plugin.py
View File

@ -48,7 +48,7 @@ class ClientPlugin(object):
def __init__(self, context):
self._context = weakref.ref(context)
self._clients = weakref.ref(context.clients)
self.invalidate()
self._client_instances = {}
@property
def context(self):
@ -62,16 +62,11 @@ class ClientPlugin(object):
_get_client_option = staticmethod(config.get_client_option)
def invalidate(self):
"""Invalidate/clear any cached client."""
self._client_instances = {}
def client(self, version=None):
if not version:
version = self.default_version
if (version in self._client_instances
and not self.context.auth_needs_refresh()):
if version in self._client_instances:
return self._client_instances[version]
# Back-ward compatibility

51
heat/tests/clients/test_clients.py
View File

@ -37,7 +37,6 @@ from heat.engine.clients import client_plugin
from heat.tests import common
from heat.tests import fakes
from heat.tests.openstack.nova import fakes as fakes_nova
from heat.tests import utils
class ClientsTest(common.HeatTestCase):
@ -296,42 +295,6 @@ class ClientPluginTest(common.HeatTestCase):
self.assertRaises(TypeError, client_plugin.ClientPlugin, c)
def test_create_client_on_token_expiration(self):
cfg.CONF.set_override('reauthentication_auth_method', 'trusts',
enforce_type=True)
con = utils.dummy_context()
auth_ref = mock.Mock()
self.patchobject(con.auth_plugin, 'get_auth_ref',
return_value=auth_ref)
auth_ref.will_expire_soon.return_value = False
plugin = FooClientsPlugin(con)
plugin._create = mock.Mock()
plugin.client()
self.assertEqual(1, plugin._create.call_count)
plugin.client()
self.assertEqual(1, plugin._create.call_count)
auth_ref.will_expire_soon.return_value = True
plugin.client()
self.assertEqual(2, plugin._create.call_count)
def test_create_client_on_invalidate(self):
cfg.CONF.set_override('reauthentication_auth_method', 'trusts',
enforce_type=True)
con = utils.dummy_context()
auth_ref = mock.Mock()
self.patchobject(con.auth_plugin, 'get_auth_ref',
return_value=auth_ref)
auth_ref.will_expire_soon.return_value = False
plugin = FooClientsPlugin(con)
plugin._create = mock.Mock()
plugin.client()
self.assertEqual(1, plugin._create.call_count)
plugin.client()
self.assertEqual(1, plugin._create.call_count)
plugin.invalidate()
plugin.client()
self.assertEqual(2, plugin._create.call_count)
class TestClientPluginsInitialise(common.HeatTestCase):
@ -367,20 +330,6 @@ class TestClientPluginsInitialise(common.HeatTestCase):
self.assertGreaterEqual(len(plugin.service_types), 1,
'service_types is not defined for plugin')
@mock.patch.object(client_plugin.ClientPlugin, 'invalidate')
def test_invalidate_all_clients(self, mock_invalidate):
plugin_types = clients._mgr.names()
con = mock.Mock()
c = clients.Clients(con)
con.clients = c
for plugin_name in plugin_types:
plugin = c.client_plugin(plugin_name)
self.assertIsNotNone(plugin)
c.invalidate_plugins()
# while client plugin is initialized and while client is invoked
# its being invalidated, so the count will be doubled
self.assertEqual(len(plugin_types) * 2, mock_invalidate.call_count)
class TestIsNotFound(common.HeatTestCase):

1
heat/tests/clients/test_heat_client.py
View File

@ -107,7 +107,6 @@ class KeystoneClientTest(common.HeatTestCase):
mock_auth_ref = self.m.CreateMockAnything()
mock_ks_auth = self.m.CreateMockAnything()
self.patchobject(mock_ks_auth, 'get_auth_ref')
if method == 'token':
p = ks_token_endpoint.Token(token='abcd1234',
endpoint='http://server.test:5000/v3')