Further fix standalone authentication

Whilst a previous patch fixed the main problem in using the keystone v2 client these references were missed. The v2 client has not been updated to use the session so it has no session attribute that can be relied upon. In this patch I've left a FIXME to make this session object more global. My hope is that when all these smaller issues have been eradicated we can come back and make a more consistent authentication workflow for all these clients. Change-Id: I50012daf8b8669f1910003f73296a6c16b6b4cf3 Related-Bug: #1416170
2015-02-02 09:08:42 +11:00 · 2015-02-02 09:08:42 +11:00 · 700feb1304
parent a3c0b19ef4
commit 700feb1304
1 changed files with 21 additions and 5 deletions
--- a/heat/engine/clients/client_plugin.py
+++ b/heat/engine/clients/client_plugin.py
@ -14,6 +14,7 @@
 import abc

 from keystoneclient import exceptions
+from keystoneclient import session
 from oslo.config import cfg
 import six

@ -29,6 +30,23 @@ class ClientPlugin(object):
        self.context = context
        self.clients = context.clients
        self._client = None
+        self._keystone_session_obj = None
+
+    @property
+    def _keystone_session(self):
+        # FIXME(jamielennox): This session object is essentially static as the
+        # options won't change. Further it is allowed to be shared by multiple
+        # authentication requests so there is no reason to construct it fresh
+        # for every client plugin. It should be global and shared amongst them.
+        if not self._keystone_session_obj:
+            o = {'cacert': self._get_client_option('keystone', 'ca_file'),
+                 'insecure': self._get_client_option('keystone', 'insecure'),
+                 'cert': self._get_client_option('keystone', 'cert_file'),
+                 'key': self._get_client_option('keystone', 'key_file')}
+
+            self._keystone_session_obj = session.Session.construct(o)
+
+        return self._keystone_session_obj

    def client(self):
        if not self._client:
@ -45,15 +63,12 @@ class ClientPlugin(object):
        # NOTE(jamielennox): use the session defined by the keystoneclient
        # options as traditionally the token was always retrieved from
        # keystoneclient.
-        session = self.clients.client('keystone').session
-        return self.context.auth_plugin.get_token(session)
+        return self.context.auth_plugin.get_token(self._keystone_session)

    def url_for(self, **kwargs):
        # NOTE(jamielennox): use the session defined by the keystoneclient
        # options as traditionally the token was always retrieved from
        # keystoneclient.
-        session = self.clients.client('keystone').session
-
        try:
            kwargs.setdefault('interface', kwargs.pop('endpoint_type'))
        except KeyError:
@ -62,7 +77,8 @@ class ClientPlugin(object):
        reg = self.context.region_name or cfg.CONF.region_name_for_services
        kwargs.setdefault('region_name', reg)

-        url = self.context.auth_plugin.get_endpoint(session, **kwargs)
+        url = self.context.auth_plugin.get_endpoint(self._keystone_session,
+                                                    **kwargs)

        # NOTE(jamielennox): raising exception maintains compatibility with
        # older keystoneclient service catalog searching.