Merge "auth: use keystoneauth1 for neutron access"

2016-09-12 04:38:55 +00:00 · 2016-09-12 04:38:55 +00:00 · dbe2284ce6
parent 2fb9896680 632fda4c32
commit dbe2284ce6
8 changed files with 82 additions and 89 deletions
--- a/kuryr/lib/config.py
+++ b/kuryr/lib/config.py
@ -14,8 +14,7 @@
 Routines for configuring Kuryr
 """

-import os
-
+from keystoneauth1 import loading as ks_loading
 from oslo_config import cfg

 from kuryr.lib._i18n import _
@ -29,10 +28,13 @@ core_opts = [
               default='kuryrPool',
               help=_('Neutron subnetpool name will be prefixed by this.')),
 ]
+
+neutron_group = cfg.OptGroup(
+    'neutron',
+    title='Neutron Options',
+    help=_('Configuration options for OpenStack Neutron'))
+
 neutron_opts = [
-    cfg.StrOpt('neutron_uri',
-               default=os.environ.get('OS_URL', 'http://127.0.0.1:9696'),
-               help=_('Neutron URL for accessing the network service.')),
    cfg.StrOpt('enable_dhcp',
               default='True',
               help=_('Enable or Disable dhcp for neutron subnets.')),
@ -49,34 +51,24 @@ neutron_opts = [
    cfg.IntOpt('vif_plugging_timeout',
               default=0,
               help=_("Seconds to wait for port to become active")),
+    cfg.StrOpt('endpoint_type',
+               default='public',
+               choices=['public', 'admin', 'internal'],
+               help=_('Type of the neutron endpoint to use. This endpoint '
+                      'will be looked up in the keystone catalog and should '
+                      'be one of public, internal or admin.')),
 ]
-keystone_opts = [
-    cfg.StrOpt('auth_uri',
-               default=os.environ.get('IDENTITY_URL',
-                                      'http://127.0.0.1:35357/v2.0'),
-               help=_('The URL for accessing the identity service.')),
-    cfg.StrOpt('admin_user',
-               default=os.environ.get('SERVICE_USER'),
-               help=_('The username to auth with the identity service.')),
-    cfg.StrOpt('admin_tenant_name',
-               default=os.environ.get('SERVICE_TENANT_NAME'),
-               help=_('The tenant name to auth with the identity service.')),
-    cfg.StrOpt('admin_password',
-               default=os.environ.get('SERVICE_PASSWORD'),
-               help=_('The password to auth with the identity service.')),
-    cfg.StrOpt('admin_token',
-               default=os.environ.get('SERVICE_TOKEN'),
-               help=_('The admin token.')),
-    cfg.StrOpt('auth_ca_cert',
-               default=os.environ.get('SERVICE_CA_CERT'),
-               help=_('The CA certification file.')),
-    cfg.BoolOpt('auth_insecure',
-                default=False,
-                help=_("Turn off verification of the certificate for ssl")),
-]
+
 binding_opts = [
    cfg.StrOpt('veth_dst_prefix',
               default='eth',
               help=('The name prefix of the veth endpoint put inside the '
                     'container.'))
 ]
+
+
+def register_neutron_opts(conf):
+    conf.register_group(neutron_group)
+    conf.register_opts(neutron_opts, group=neutron_group)
+    ks_loading.register_session_conf_options(conf, neutron_group.name)
+    ks_loading.register_auth_conf_options(conf, neutron_group.name)
--- a/kuryr/lib/opts.py
+++ b/kuryr/lib/opts.py
@ -16,12 +16,17 @@ __all__ = [

 import copy
 import itertools
+import operator

+from keystoneauth1 import loading as ks_loading
 from oslo_log import _options

 from kuryr.lib import config


+ENABLED_AUTH_PLUGINS = ('password', 'v2password', 'v2token', 'v3password',
+                        'v3token')
+
 _core_opts_with_logging = config.core_opts
 _core_opts_with_logging += _options.common_cli_opts
 _core_opts_with_logging += _options.logging_cli_opts
@ -29,12 +34,23 @@ _core_opts_with_logging += _options.generic_log_opts

 _kuryr_opts = [
    (None, list(itertools.chain(_core_opts_with_logging))),
-    ('neutron_client', config.neutron_opts),
-    ('keystone_client', config.keystone_opts),
    ('binding', config.binding_opts),
 ]


+def list_neutron_opts():
+    opt_list = copy.deepcopy(config.neutron_opts)
+    opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
+    # NOTE(apuimedo): There are a lot of auth plugins, we just generate the
+    # config options for a few common ones
+    for name in ENABLED_AUTH_PLUGINS:
+        for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
+            if all(option.name != plugin_option.name for option in opt_list):
+                opt_list.append(plugin_option)
+    opt_list.sort(key=operator.attrgetter('name'))
+    return [(config.neutron_group, opt_list)]
+
+
 def list_kuryr_opts():
    """Return a list of oslo_config options available in Kuryr service.

@ -52,4 +68,5 @@ def list_kuryr_opts():
    :returns: a list of (group_name, opts) tuples
    """

-    return [(k, copy.deepcopy(o)) for k, o in _kuryr_opts]
+    return ([(k, copy.deepcopy(o)) for k, o in _kuryr_opts] +
+            list_neutron_opts())
--- a/kuryr/lib/utils.py
+++ b/kuryr/lib/utils.py
@ -14,29 +14,26 @@ import hashlib
 import random
 import socket

-from neutronclient.neutron import client
-from neutronclient.v2_0 import client as client_v2
+from keystoneauth1 import loading as ks_loading
+from neutronclient.v2_0 import client
 from oslo_config import cfg

+from kuryr.lib import config as kuryr_config
 from kuryr.lib import constants as const

 DOCKER_NETNS_BASE = '/var/run/docker/netns'
 PORT_POSTFIX = 'port'


-def get_neutron_client_simple(url, auth_url, token):
-    auths = auth_url.rsplit('/', 1)
-    version = auths[1][1:]
-    return client.Client(version, endpoint_url=url, token=token)
-
-
-def get_neutron_client(url, username, tenant_name, password,
-                       auth_url, ca_cert, insecure, timeout=30):
-
-    return client_v2.Client(endpoint_url=url, timeout=timeout,
-                            username=username, tenant_name=tenant_name,
-                            password=password, auth_url=auth_url,
-                            ca_cert=ca_cert, insecure=insecure)
+def get_neutron_client(*args, **kwargs):
+    auth_plugin = ks_loading.load_auth_from_conf_options(
+        cfg.CONF, kuryr_config.neutron_group.name)
+    session = ks_loading.load_session_from_conf_options(cfg.CONF,
+                                                        'neutron',
+                                                        auth=auth_plugin)
+    return client.Client(session=session,
+                         auth=auth_plugin,
+                         endpoint_type=cfg.CONF.neutron.endpoint_type)


 def get_hostname():
--- a/kuryr/tests/unit/base.py
+++ b/kuryr/tests/unit/base.py
@ -24,9 +24,8 @@ class TestCase(base.BaseTestCase):
        super(TestCase, self).setUp()
        CONF = cfg.CONF
        CONF.register_opts(config.core_opts)
-        CONF.register_opts(config.neutron_opts, group='neutron_client')
-        CONF.register_opts(config.keystone_opts, group='keystone_client')
        CONF.register_opts(config.binding_opts, 'binding')
+        config.register_neutron_opts(CONF)

    @staticmethod
    def _get_fake_networks(neutron_network_id):
--- a/kuryr/tests/unit/test_config.py
+++ b/kuryr/tests/unit/test_config.py
@ -18,15 +18,10 @@ from kuryr.tests.unit import base
 class ConfigurationTest(base.TestCase):

    def test_defaults(self):
-
-        self.assertEqual('http://127.0.0.1:9696',
-                         cfg.CONF.neutron_client.neutron_uri)
-
        self.assertEqual('kuryr',
-                         cfg.CONF.neutron_client.default_subnetpool_v4)
+                         cfg.CONF.neutron.default_subnetpool_v4)

        self.assertEqual('kuryr6',
-                         cfg.CONF.neutron_client.default_subnetpool_v6)
-
-        self.assertEqual('http://127.0.0.1:35357/v2.0',
-                         cfg.CONF.keystone_client.auth_uri)
+                         cfg.CONF.neutron.default_subnetpool_v6)
+        self.assertEqual('public',
+                         cfg.CONF.neutron.endpoint_type)
--- a/kuryr/tests/unit/test_opts.py
+++ b/kuryr/tests/unit/test_opts.py
@ -18,10 +18,13 @@ from kuryr.tests.unit import base

 class OptsTest(base.TestCase):

-    def test_list_kuryr_opts(self):
-        fake_kuryr_opts = [(None, 'fakevalue1'),
-                           ('Key1', 'fakevalue2')]
-        fake_kuryr_opts_mock = mock.PropertyMock(return_value=fake_kuryr_opts)
-        with mock.patch.object(kuryr_opts, '_kuryr_opts',
-                  new_callable=fake_kuryr_opts_mock):
-            self.assertEqual(fake_kuryr_opts, kuryr_opts.list_kuryr_opts())
+    _fake_kuryr_opts = [(None, 'fakevalue1'), ('Key1', 'fakevalue2')]
+    _fake_neutron_opts = [('poolv4', 'swimming4'), ('poolv6', 'swimming6')]
+
+    @mock.patch.multiple(kuryr_opts, _kuryr_opts=_fake_kuryr_opts,
+                         list_neutron_opts=mock.DEFAULT)
+    def test_list_kuryr_opts(self, list_neutron_opts):
+        list_neutron_opts.return_value = self._fake_neutron_opts
+
+        self.assertEqual(self._fake_kuryr_opts + self._fake_neutron_opts,
+                         kuryr_opts.list_kuryr_opts())
--- a/kuryr/tests/unit/test_utils.py
+++ b/kuryr/tests/unit/test_utils.py
@ -54,31 +54,20 @@ class TestKuryrUtils(base.TestCase):
        self.assertIn(name_prefix, generated_neutron_subnetpool_name)
        self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name)

-    @mock.patch('neutronclient.neutron.client.Client')
-    def test_get_neutron_client_simple(self, mock_client):
-        fake_token = str(uuid.uuid4())
-        utils.get_neutron_client_simple(url=self.fake_url,
-                             auth_url=self.fake_auth_url, token=fake_token)
-        mock_client.assert_called_once_with('2.0',
-                             endpoint_url=self.fake_url, token=fake_token)
-
    @mock.patch('neutronclient.v2_0.client.Client')
-    def test_get_neutron_client(self, mock_client):
-        fake_username = 'fake_user'
-        fake_tenant_name = 'fake_tenant_name'
-        fake_password = 'fake_password'
-        fake_ca_cert = None
-        fake_insecure = False
-        fake_timeout = 60
-        utils.get_neutron_client(url=self.fake_url, username=fake_username,
-                       tenant_name=fake_tenant_name, password=fake_password,
-                       auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
-                       insecure=fake_insecure, timeout=fake_timeout)
-        mock_client.assert_called_once_with(endpoint_url=self.fake_url,
-                       timeout=fake_timeout, username=fake_username,
-                       tenant_name=fake_tenant_name, password=fake_password,
-                       auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
-                       insecure=fake_insecure)
+    @mock.patch('keystoneauth1.loading.load_auth_from_conf_options')
+    @mock.patch('keystoneauth1.loading.load_session_from_conf_options')
+    def test_get_neutron_client(self, mock_session_loader, mock_auth_loader,
+                                mock_client):
+        fake_auth = 'Fake_auth_plugin'
+        fake_session = 'Fake_session_plugin'
+        mock_auth_loader.return_value = fake_auth
+        mock_session_loader.return_value = fake_session
+        utils.get_neutron_client()
+        mock_client.assert_called_once_with(
+            auth=fake_auth,
+            session=fake_session,
+            endpoint_type=cfg.CONF.neutron.endpoint_type)

    @mock.patch.object(socket, 'gethostname', return_value='fake_hostname')
    def test_get_hostname(self, mock_get_hostname):
--- a/requirements.txt
+++ b/requirements.txt
@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.

 Babel>=2.3.4 # BSD
+keystoneauth1 >= 2.10.0 # Apache-2.0
 netaddr!=0.7.16,>=0.7.12 # BSD
 neutron-lib>=0.3.0 # Apache-2.0
 oslo.concurrency>=3.8.0 # Apache-2.0