Remove deprecated authentication options for accessing ironic

Depends-On: https://review.opendev.org/666250
Change-Id: I9326c8cf4c9732d9098a45cecdbee467f66d0449
This commit is contained in:
Dmitry Tantsur 2018-07-30 14:25:55 +02:00 committed by Dmitry Tantsur
parent 86cd1a6aee
commit 40450dc4b5
4 changed files with 26 additions and 76 deletions

View File

@ -112,42 +112,26 @@ def get_client(token=None,
"""Get Ironic client instance."""
global IRONIC_SESSION
# NOTE: To support standalone ironic without keystone
# TODO(pas-ha) remove handling of deprecated opts in Rocky
# TODO(pas-ha) rewrite when ironicclient natively supports 'none' auth
# via sessions https://review.openstack.org/#/c/359061/
if CONF.ironic.auth_strategy == 'noauth':
CONF.set_override('auth_type', 'none', group='ironic')
if not IRONIC_SESSION:
IRONIC_SESSION = keystone.get_session('ironic')
args = {
'session': IRONIC_SESSION,
'os_ironic_api_version': api_version,
'max_retries': CONF.ironic.max_retries,
'retry_interval': CONF.ironic.retry_interval}
'retry_interval': CONF.ironic.retry_interval
}
adapter_opts = dict()
if token is not None:
args['token'] = token
# TODO(pas-ha) use service auth with incoming token
if CONF.ironic.auth_type != 'none':
if token is None:
args['session'] = IRONIC_SESSION
else:
args['token'] = token
# TODO(pas-ha): remove handling of deprecated options in Rocky
if CONF.ironic.os_region and not CONF.ironic.region_name:
adapter_opts['region_name'] = CONF.ironic.os_region
if (CONF.ironic.auth_type == 'none' and
not CONF.ironic.endpoint_override and
CONF.ironic.ironic_url):
adapter_opts['endpoint_override'] = CONF.ironic.ironic_url
adapter = keystone.get_adapter('ironic', session=IRONIC_SESSION,
**adapter_opts)
endpoint = adapter.get_endpoint()
return client.Client(1, endpoint, **args)
endpoint = keystone.get_adapter('ironic',
session=IRONIC_SESSION).get_endpoint()
if not endpoint:
raise utils.Error(
_('Cannot find the bare metal endpoint either in Keystone or '
'in the configuration'), code=500)
return client.get_client(1, endpoint=endpoint, **args)
def check_provision_state(node):

View File

@ -22,41 +22,6 @@ SERVICE_TYPE = 'baremetal'
_OPTS = [
cfg.StrOpt('os_region',
help=_('Keystone region used to get Ironic endpoints.'),
deprecated_for_removal=True,
deprecated_reason=_("Use [ironic]/region_name option instead "
"to configure region.")),
cfg.StrOpt('auth_strategy',
default='keystone',
choices=('keystone', 'noauth'),
help=_('Method to use for authentication: noauth or '
'keystone.'),
deprecated_for_removal=True,
deprecated_reason=_("Use [ironic]/auth_type, for noauth case "
"set [ironic]/auth_type to `none` and "
"specify ironic API URL via "
"[ironic]/endpoint_override option.")),
cfg.StrOpt('ironic_url',
default='http://localhost:6385/',
help=_('Ironic API URL, used to set Ironic API URL when '
'auth_strategy option is noauth or auth_type is "none" '
'to work with standalone Ironic without keystone.'),
deprecated_for_removal=True,
deprecated_reason=_('Use [ironic]/endpoint_override option '
'to set a specific ironic API url.')),
cfg.StrOpt('os_service_type',
default='baremetal',
help=_('Ironic service type.'),
deprecated_for_removal=True,
deprecated_reason=_('Use [ironic]/service_type option '
'to set a specific type.')),
cfg.StrOpt('os_endpoint_type',
default='internalURL',
help=_('Ironic endpoint type.'),
deprecated_for_removal=True,
deprecated_reason=_('Use [ironic]/valid_interfaces option '
'to specify endpoint interfaces.')),
cfg.IntOpt('retry_interval',
default=2,
help=_('Interval between retries in case of conflict error '

View File

@ -32,24 +32,19 @@ class TestGetClientBase(object):
def test_get_client_with_auth_token(self, mock_client, mock_load,
mock_opts, mock_adapter):
fake_token = 'token'
fake_ironic_url = 'http://127.0.0.1:6385'
mock_sess = mock.Mock()
mock_adapter.return_value.get_endpoint.return_value = fake_ironic_url
mock_load.return_value = mock_sess
ir_utils.get_client(fake_token)
mock_adapter.assert_called_once_with(
'ironic', region_name='somewhere', session=mock_sess)
mock_adapter.return_value.get_endpoint.assert_called_once_with()
args = {'token': fake_token,
'session': mock_sess,
'os_ironic_api_version': ir_utils.DEFAULT_IRONIC_API_VERSION,
'max_retries': CONF.ironic.max_retries,
'retry_interval': CONF.ironic.retry_interval}
mock_client.assert_called_once_with(1, fake_ironic_url, **args)
endpoint = mock_adapter.return_value.get_endpoint.return_value
mock_client.assert_called_once_with(1, endpoint=endpoint, **args)
def test_get_client_without_auth_token(self, mock_client, mock_load,
mock_opts, mock_adapter):
fake_ironic_url = 'http://127.0.0.1:6385'
mock_adapter.return_value.get_endpoint.return_value = fake_ironic_url
mock_sess = mock.Mock()
mock_load.return_value = mock_sess
ir_utils.get_client(None)
@ -57,32 +52,31 @@ class TestGetClientBase(object):
'os_ironic_api_version': ir_utils.DEFAULT_IRONIC_API_VERSION,
'max_retries': CONF.ironic.max_retries,
'retry_interval': CONF.ironic.retry_interval}
mock_client.assert_called_once_with(1, fake_ironic_url, **args)
endpoint = mock_adapter.return_value.get_endpoint.return_value
mock_client.assert_called_once_with(1, endpoint=endpoint, **args)
@mock.patch.object(keystone, 'get_adapter')
@mock.patch.object(keystone, 'register_auth_opts')
@mock.patch.object(keystone, 'get_session')
@mock.patch.object(client, 'Client')
@mock.patch.object(client, 'get_client', autospec=True)
class TestGetClientAuth(TestGetClientBase, base.BaseTest):
def setUp(self):
super(TestGetClientAuth, self).setUp()
ir_utils.reset_ironic_session()
self.cfg.config(auth_strategy='keystone')
self.cfg.config(os_region='somewhere', group='ironic')
self.addCleanup(ir_utils.reset_ironic_session)
@mock.patch.object(keystone, 'get_adapter')
@mock.patch.object(keystone, 'register_auth_opts')
@mock.patch.object(keystone, 'get_session')
@mock.patch.object(client, 'Client')
@mock.patch.object(client, 'get_client', autospec=True)
class TestGetClientNoAuth(TestGetClientBase, base.BaseTest):
def setUp(self):
super(TestGetClientNoAuth, self).setUp()
ir_utils.reset_ironic_session()
self.cfg.config(auth_strategy='noauth')
self.cfg.config(os_region='somewhere', group='ironic')
self.addCleanup(ir_utils.reset_ironic_session)

View File

@ -0,0 +1,7 @@
---
upgrade:
- |
The deprecated options from the ``ironic`` section ``os_region``,
``auth_strategy``, ``ironic_url``, ``os_service_type`` and
``os_endpoint_type`` have been removed. Please use **keystoneauth**
options instead.