Merge "Support clients with privileged user in karbor" into stable/ocata

2017-02-14 07:45:08 +00:00 · 2017-02-14 07:45:08 +00:00 · 23812aec34
parent 3c59507c75 293025453a
commit 23812aec34
2 changed files with 35 additions and 23 deletions
--- a/karbor/services/protection/client_factory.py
+++ b/karbor/services/protection/client_factory.py
@ -43,12 +43,19 @@ class ClientFactory(object):
                yield '%s.clients.%s' % (__package__, name)

    @classmethod
-    def _generate_session(cls, context, service):
+    def _generate_session(cls, context, service, privileged_user=False):
+        LOG.debug("Generate an auth session. privileged_user: %s",
+                  privileged_user)
        plugin = cls._keystone_plugin
        try:
-            auth_plugin = service_token.ServiceTokenAuthWrapper(
-                plugin.create_user_auth_plugin(context),
-                plugin.service_auth_plugin)
+            if privileged_user is True:
+                auth_plugin = service_token.ServiceTokenAuthWrapper(
+                    plugin.service_auth_plugin,
+                    plugin.service_auth_plugin)
+            else:
+                auth_plugin = service_token.ServiceTokenAuthWrapper(
+                    plugin.create_user_auth_plugin(context),
+                    plugin.service_auth_plugin)
        except Exception:
            return None

@ -73,14 +80,17 @@ class ClientFactory(object):
            cls._factory[module.SERVICE] = module

    @classmethod
-    def create_client(cls, service, context, conf=cfg.CONF, **kwargs):
+    def create_client(cls, service, context, conf=cfg.CONF,
+                      privileged_user=False, **kwargs):
        module = cls._factory.get(service)
        if module is None:
            raise exception.KarborException(_('Unknown service(%s)') % service)

+        kwargs['privileged_user'] = privileged_user
        kwargs['keystone_plugin'] = cls._keystone_plugin
-        if context:
-            kwargs['session'] = cls._generate_session(context, service)
+        if context or privileged_user:
+            kwargs['session'] = cls._generate_session(context, service,
+                                                      privileged_user)
        return module.create(context, conf, **kwargs)


--- a/karbor/services/protection/clients/utils.py
+++ b/karbor/services/protection/clients/utils.py
@ -47,24 +47,26 @@ def get_url(service, context, client_config,
    '''Return the url of given service endpoint.'''

    url = ""
-
+    privileged_user = kwargs.get('privileged_user')
    # get url by endpoint
-    try:
-        url = _parse_service_endpoint(client_config['%s_endpoint' % service],
-                                      context, append_project_fmt)
-        if url:
-            return url
-    except Exception:
-        pass
+    if privileged_user is not True:
+        try:
+            url = _parse_service_endpoint(
+                client_config['%s_endpoint' % service],
+                context, append_project_fmt)
+            if url:
+                return url
+        except Exception:
+            pass

-    # get url by catalog
-    try:
-        url = _parse_service_catalog_info(
-            client_config['%s_catalog_info' % service], context)
-        if url:
-            return url
-    except Exception:
-        pass
+        # get url by catalog
+        try:
+            url = _parse_service_catalog_info(
+                client_config['%s_catalog_info' % service], context)
+            if url:
+                return url
+        except Exception:
+            pass

    # get url by accessing keystone
    try: