Further fix standalone authentication
Whilst a previous patch fixed the main problem in using the keystone v2 client these references were missed. The v2 client has not been updated to use the session so it has no session attribute that can be relied upon. In this patch I've left a FIXME to make this session object more global. My hope is that when all these smaller issues have been eradicated we can come back and make a more consistent authentication workflow for all these clients. Change-Id: I50012daf8b8669f1910003f73296a6c16b6b4cf3 Related-Bug: #1416170
This commit is contained in:
parent
a3c0b19ef4
commit
700feb1304
|
@ -14,6 +14,7 @@
|
|||
import abc
|
||||
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import session
|
||||
from oslo.config import cfg
|
||||
import six
|
||||
|
||||
|
@ -29,6 +30,23 @@ class ClientPlugin(object):
|
|||
self.context = context
|
||||
self.clients = context.clients
|
||||
self._client = None
|
||||
self._keystone_session_obj = None
|
||||
|
||||
@property
|
||||
def _keystone_session(self):
|
||||
# FIXME(jamielennox): This session object is essentially static as the
|
||||
# options won't change. Further it is allowed to be shared by multiple
|
||||
# authentication requests so there is no reason to construct it fresh
|
||||
# for every client plugin. It should be global and shared amongst them.
|
||||
if not self._keystone_session_obj:
|
||||
o = {'cacert': self._get_client_option('keystone', 'ca_file'),
|
||||
'insecure': self._get_client_option('keystone', 'insecure'),
|
||||
'cert': self._get_client_option('keystone', 'cert_file'),
|
||||
'key': self._get_client_option('keystone', 'key_file')}
|
||||
|
||||
self._keystone_session_obj = session.Session.construct(o)
|
||||
|
||||
return self._keystone_session_obj
|
||||
|
||||
def client(self):
|
||||
if not self._client:
|
||||
|
@ -45,15 +63,12 @@ class ClientPlugin(object):
|
|||
# NOTE(jamielennox): use the session defined by the keystoneclient
|
||||
# options as traditionally the token was always retrieved from
|
||||
# keystoneclient.
|
||||
session = self.clients.client('keystone').session
|
||||
return self.context.auth_plugin.get_token(session)
|
||||
return self.context.auth_plugin.get_token(self._keystone_session)
|
||||
|
||||
def url_for(self, **kwargs):
|
||||
# NOTE(jamielennox): use the session defined by the keystoneclient
|
||||
# options as traditionally the token was always retrieved from
|
||||
# keystoneclient.
|
||||
session = self.clients.client('keystone').session
|
||||
|
||||
try:
|
||||
kwargs.setdefault('interface', kwargs.pop('endpoint_type'))
|
||||
except KeyError:
|
||||
|
@ -62,7 +77,8 @@ class ClientPlugin(object):
|
|||
reg = self.context.region_name or cfg.CONF.region_name_for_services
|
||||
kwargs.setdefault('region_name', reg)
|
||||
|
||||
url = self.context.auth_plugin.get_endpoint(session, **kwargs)
|
||||
url = self.context.auth_plugin.get_endpoint(self._keystone_session,
|
||||
**kwargs)
|
||||
|
||||
# NOTE(jamielennox): raising exception maintains compatibility with
|
||||
# older keystoneclient service catalog searching.
|
||||
|
|
Loading…
Reference in New Issue