Merge "auth: use keystoneauth1 for neutron access"
This commit is contained in:
commit
dbe2284ce6
@ -14,8 +14,7 @@
|
|||||||
Routines for configuring Kuryr
|
Routines for configuring Kuryr
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import os
|
from keystoneauth1 import loading as ks_loading
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
from kuryr.lib._i18n import _
|
from kuryr.lib._i18n import _
|
||||||
@ -29,10 +28,13 @@ core_opts = [
|
|||||||
default='kuryrPool',
|
default='kuryrPool',
|
||||||
help=_('Neutron subnetpool name will be prefixed by this.')),
|
help=_('Neutron subnetpool name will be prefixed by this.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
neutron_group = cfg.OptGroup(
|
||||||
|
'neutron',
|
||||||
|
title='Neutron Options',
|
||||||
|
help=_('Configuration options for OpenStack Neutron'))
|
||||||
|
|
||||||
neutron_opts = [
|
neutron_opts = [
|
||||||
cfg.StrOpt('neutron_uri',
|
|
||||||
default=os.environ.get('OS_URL', 'http://127.0.0.1:9696'),
|
|
||||||
help=_('Neutron URL for accessing the network service.')),
|
|
||||||
cfg.StrOpt('enable_dhcp',
|
cfg.StrOpt('enable_dhcp',
|
||||||
default='True',
|
default='True',
|
||||||
help=_('Enable or Disable dhcp for neutron subnets.')),
|
help=_('Enable or Disable dhcp for neutron subnets.')),
|
||||||
@ -49,34 +51,24 @@ neutron_opts = [
|
|||||||
cfg.IntOpt('vif_plugging_timeout',
|
cfg.IntOpt('vif_plugging_timeout',
|
||||||
default=0,
|
default=0,
|
||||||
help=_("Seconds to wait for port to become active")),
|
help=_("Seconds to wait for port to become active")),
|
||||||
|
cfg.StrOpt('endpoint_type',
|
||||||
|
default='public',
|
||||||
|
choices=['public', 'admin', 'internal'],
|
||||||
|
help=_('Type of the neutron endpoint to use. This endpoint '
|
||||||
|
'will be looked up in the keystone catalog and should '
|
||||||
|
'be one of public, internal or admin.')),
|
||||||
]
|
]
|
||||||
keystone_opts = [
|
|
||||||
cfg.StrOpt('auth_uri',
|
|
||||||
default=os.environ.get('IDENTITY_URL',
|
|
||||||
'http://127.0.0.1:35357/v2.0'),
|
|
||||||
help=_('The URL for accessing the identity service.')),
|
|
||||||
cfg.StrOpt('admin_user',
|
|
||||||
default=os.environ.get('SERVICE_USER'),
|
|
||||||
help=_('The username to auth with the identity service.')),
|
|
||||||
cfg.StrOpt('admin_tenant_name',
|
|
||||||
default=os.environ.get('SERVICE_TENANT_NAME'),
|
|
||||||
help=_('The tenant name to auth with the identity service.')),
|
|
||||||
cfg.StrOpt('admin_password',
|
|
||||||
default=os.environ.get('SERVICE_PASSWORD'),
|
|
||||||
help=_('The password to auth with the identity service.')),
|
|
||||||
cfg.StrOpt('admin_token',
|
|
||||||
default=os.environ.get('SERVICE_TOKEN'),
|
|
||||||
help=_('The admin token.')),
|
|
||||||
cfg.StrOpt('auth_ca_cert',
|
|
||||||
default=os.environ.get('SERVICE_CA_CERT'),
|
|
||||||
help=_('The CA certification file.')),
|
|
||||||
cfg.BoolOpt('auth_insecure',
|
|
||||||
default=False,
|
|
||||||
help=_("Turn off verification of the certificate for ssl")),
|
|
||||||
]
|
|
||||||
binding_opts = [
|
binding_opts = [
|
||||||
cfg.StrOpt('veth_dst_prefix',
|
cfg.StrOpt('veth_dst_prefix',
|
||||||
default='eth',
|
default='eth',
|
||||||
help=('The name prefix of the veth endpoint put inside the '
|
help=('The name prefix of the veth endpoint put inside the '
|
||||||
'container.'))
|
'container.'))
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def register_neutron_opts(conf):
|
||||||
|
conf.register_group(neutron_group)
|
||||||
|
conf.register_opts(neutron_opts, group=neutron_group)
|
||||||
|
ks_loading.register_session_conf_options(conf, neutron_group.name)
|
||||||
|
ks_loading.register_auth_conf_options(conf, neutron_group.name)
|
||||||
|
@ -16,12 +16,17 @@ __all__ = [
|
|||||||
|
|
||||||
import copy
|
import copy
|
||||||
import itertools
|
import itertools
|
||||||
|
import operator
|
||||||
|
|
||||||
|
from keystoneauth1 import loading as ks_loading
|
||||||
from oslo_log import _options
|
from oslo_log import _options
|
||||||
|
|
||||||
from kuryr.lib import config
|
from kuryr.lib import config
|
||||||
|
|
||||||
|
|
||||||
|
ENABLED_AUTH_PLUGINS = ('password', 'v2password', 'v2token', 'v3password',
|
||||||
|
'v3token')
|
||||||
|
|
||||||
_core_opts_with_logging = config.core_opts
|
_core_opts_with_logging = config.core_opts
|
||||||
_core_opts_with_logging += _options.common_cli_opts
|
_core_opts_with_logging += _options.common_cli_opts
|
||||||
_core_opts_with_logging += _options.logging_cli_opts
|
_core_opts_with_logging += _options.logging_cli_opts
|
||||||
@ -29,12 +34,23 @@ _core_opts_with_logging += _options.generic_log_opts
|
|||||||
|
|
||||||
_kuryr_opts = [
|
_kuryr_opts = [
|
||||||
(None, list(itertools.chain(_core_opts_with_logging))),
|
(None, list(itertools.chain(_core_opts_with_logging))),
|
||||||
('neutron_client', config.neutron_opts),
|
|
||||||
('keystone_client', config.keystone_opts),
|
|
||||||
('binding', config.binding_opts),
|
('binding', config.binding_opts),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_neutron_opts():
|
||||||
|
opt_list = copy.deepcopy(config.neutron_opts)
|
||||||
|
opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
|
||||||
|
# NOTE(apuimedo): There are a lot of auth plugins, we just generate the
|
||||||
|
# config options for a few common ones
|
||||||
|
for name in ENABLED_AUTH_PLUGINS:
|
||||||
|
for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
|
||||||
|
if all(option.name != plugin_option.name for option in opt_list):
|
||||||
|
opt_list.append(plugin_option)
|
||||||
|
opt_list.sort(key=operator.attrgetter('name'))
|
||||||
|
return [(config.neutron_group, opt_list)]
|
||||||
|
|
||||||
|
|
||||||
def list_kuryr_opts():
|
def list_kuryr_opts():
|
||||||
"""Return a list of oslo_config options available in Kuryr service.
|
"""Return a list of oslo_config options available in Kuryr service.
|
||||||
|
|
||||||
@ -52,4 +68,5 @@ def list_kuryr_opts():
|
|||||||
:returns: a list of (group_name, opts) tuples
|
:returns: a list of (group_name, opts) tuples
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return [(k, copy.deepcopy(o)) for k, o in _kuryr_opts]
|
return ([(k, copy.deepcopy(o)) for k, o in _kuryr_opts] +
|
||||||
|
list_neutron_opts())
|
||||||
|
@ -14,29 +14,26 @@ import hashlib
|
|||||||
import random
|
import random
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
from neutronclient.neutron import client
|
from keystoneauth1 import loading as ks_loading
|
||||||
from neutronclient.v2_0 import client as client_v2
|
from neutronclient.v2_0 import client
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
from kuryr.lib import config as kuryr_config
|
||||||
from kuryr.lib import constants as const
|
from kuryr.lib import constants as const
|
||||||
|
|
||||||
DOCKER_NETNS_BASE = '/var/run/docker/netns'
|
DOCKER_NETNS_BASE = '/var/run/docker/netns'
|
||||||
PORT_POSTFIX = 'port'
|
PORT_POSTFIX = 'port'
|
||||||
|
|
||||||
|
|
||||||
def get_neutron_client_simple(url, auth_url, token):
|
def get_neutron_client(*args, **kwargs):
|
||||||
auths = auth_url.rsplit('/', 1)
|
auth_plugin = ks_loading.load_auth_from_conf_options(
|
||||||
version = auths[1][1:]
|
cfg.CONF, kuryr_config.neutron_group.name)
|
||||||
return client.Client(version, endpoint_url=url, token=token)
|
session = ks_loading.load_session_from_conf_options(cfg.CONF,
|
||||||
|
'neutron',
|
||||||
|
auth=auth_plugin)
|
||||||
def get_neutron_client(url, username, tenant_name, password,
|
return client.Client(session=session,
|
||||||
auth_url, ca_cert, insecure, timeout=30):
|
auth=auth_plugin,
|
||||||
|
endpoint_type=cfg.CONF.neutron.endpoint_type)
|
||||||
return client_v2.Client(endpoint_url=url, timeout=timeout,
|
|
||||||
username=username, tenant_name=tenant_name,
|
|
||||||
password=password, auth_url=auth_url,
|
|
||||||
ca_cert=ca_cert, insecure=insecure)
|
|
||||||
|
|
||||||
|
|
||||||
def get_hostname():
|
def get_hostname():
|
||||||
|
@ -24,9 +24,8 @@ class TestCase(base.BaseTestCase):
|
|||||||
super(TestCase, self).setUp()
|
super(TestCase, self).setUp()
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
CONF.register_opts(config.core_opts)
|
CONF.register_opts(config.core_opts)
|
||||||
CONF.register_opts(config.neutron_opts, group='neutron_client')
|
|
||||||
CONF.register_opts(config.keystone_opts, group='keystone_client')
|
|
||||||
CONF.register_opts(config.binding_opts, 'binding')
|
CONF.register_opts(config.binding_opts, 'binding')
|
||||||
|
config.register_neutron_opts(CONF)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _get_fake_networks(neutron_network_id):
|
def _get_fake_networks(neutron_network_id):
|
||||||
|
13
kuryr/tests/unit/test_config.py
Executable file → Normal file
13
kuryr/tests/unit/test_config.py
Executable file → Normal file
@ -18,15 +18,10 @@ from kuryr.tests.unit import base
|
|||||||
class ConfigurationTest(base.TestCase):
|
class ConfigurationTest(base.TestCase):
|
||||||
|
|
||||||
def test_defaults(self):
|
def test_defaults(self):
|
||||||
|
|
||||||
self.assertEqual('http://127.0.0.1:9696',
|
|
||||||
cfg.CONF.neutron_client.neutron_uri)
|
|
||||||
|
|
||||||
self.assertEqual('kuryr',
|
self.assertEqual('kuryr',
|
||||||
cfg.CONF.neutron_client.default_subnetpool_v4)
|
cfg.CONF.neutron.default_subnetpool_v4)
|
||||||
|
|
||||||
self.assertEqual('kuryr6',
|
self.assertEqual('kuryr6',
|
||||||
cfg.CONF.neutron_client.default_subnetpool_v6)
|
cfg.CONF.neutron.default_subnetpool_v6)
|
||||||
|
self.assertEqual('public',
|
||||||
self.assertEqual('http://127.0.0.1:35357/v2.0',
|
cfg.CONF.neutron.endpoint_type)
|
||||||
cfg.CONF.keystone_client.auth_uri)
|
|
||||||
|
@ -18,10 +18,13 @@ from kuryr.tests.unit import base
|
|||||||
|
|
||||||
class OptsTest(base.TestCase):
|
class OptsTest(base.TestCase):
|
||||||
|
|
||||||
def test_list_kuryr_opts(self):
|
_fake_kuryr_opts = [(None, 'fakevalue1'), ('Key1', 'fakevalue2')]
|
||||||
fake_kuryr_opts = [(None, 'fakevalue1'),
|
_fake_neutron_opts = [('poolv4', 'swimming4'), ('poolv6', 'swimming6')]
|
||||||
('Key1', 'fakevalue2')]
|
|
||||||
fake_kuryr_opts_mock = mock.PropertyMock(return_value=fake_kuryr_opts)
|
@mock.patch.multiple(kuryr_opts, _kuryr_opts=_fake_kuryr_opts,
|
||||||
with mock.patch.object(kuryr_opts, '_kuryr_opts',
|
list_neutron_opts=mock.DEFAULT)
|
||||||
new_callable=fake_kuryr_opts_mock):
|
def test_list_kuryr_opts(self, list_neutron_opts):
|
||||||
self.assertEqual(fake_kuryr_opts, kuryr_opts.list_kuryr_opts())
|
list_neutron_opts.return_value = self._fake_neutron_opts
|
||||||
|
|
||||||
|
self.assertEqual(self._fake_kuryr_opts + self._fake_neutron_opts,
|
||||||
|
kuryr_opts.list_kuryr_opts())
|
||||||
|
@ -54,31 +54,20 @@ class TestKuryrUtils(base.TestCase):
|
|||||||
self.assertIn(name_prefix, generated_neutron_subnetpool_name)
|
self.assertIn(name_prefix, generated_neutron_subnetpool_name)
|
||||||
self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name)
|
self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name)
|
||||||
|
|
||||||
@mock.patch('neutronclient.neutron.client.Client')
|
|
||||||
def test_get_neutron_client_simple(self, mock_client):
|
|
||||||
fake_token = str(uuid.uuid4())
|
|
||||||
utils.get_neutron_client_simple(url=self.fake_url,
|
|
||||||
auth_url=self.fake_auth_url, token=fake_token)
|
|
||||||
mock_client.assert_called_once_with('2.0',
|
|
||||||
endpoint_url=self.fake_url, token=fake_token)
|
|
||||||
|
|
||||||
@mock.patch('neutronclient.v2_0.client.Client')
|
@mock.patch('neutronclient.v2_0.client.Client')
|
||||||
def test_get_neutron_client(self, mock_client):
|
@mock.patch('keystoneauth1.loading.load_auth_from_conf_options')
|
||||||
fake_username = 'fake_user'
|
@mock.patch('keystoneauth1.loading.load_session_from_conf_options')
|
||||||
fake_tenant_name = 'fake_tenant_name'
|
def test_get_neutron_client(self, mock_session_loader, mock_auth_loader,
|
||||||
fake_password = 'fake_password'
|
mock_client):
|
||||||
fake_ca_cert = None
|
fake_auth = 'Fake_auth_plugin'
|
||||||
fake_insecure = False
|
fake_session = 'Fake_session_plugin'
|
||||||
fake_timeout = 60
|
mock_auth_loader.return_value = fake_auth
|
||||||
utils.get_neutron_client(url=self.fake_url, username=fake_username,
|
mock_session_loader.return_value = fake_session
|
||||||
tenant_name=fake_tenant_name, password=fake_password,
|
utils.get_neutron_client()
|
||||||
auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
|
mock_client.assert_called_once_with(
|
||||||
insecure=fake_insecure, timeout=fake_timeout)
|
auth=fake_auth,
|
||||||
mock_client.assert_called_once_with(endpoint_url=self.fake_url,
|
session=fake_session,
|
||||||
timeout=fake_timeout, username=fake_username,
|
endpoint_type=cfg.CONF.neutron.endpoint_type)
|
||||||
tenant_name=fake_tenant_name, password=fake_password,
|
|
||||||
auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
|
|
||||||
insecure=fake_insecure)
|
|
||||||
|
|
||||||
@mock.patch.object(socket, 'gethostname', return_value='fake_hostname')
|
@mock.patch.object(socket, 'gethostname', return_value='fake_hostname')
|
||||||
def test_get_hostname(self, mock_get_hostname):
|
def test_get_hostname(self, mock_get_hostname):
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
# process, which may cause wedges in the gate later.
|
# process, which may cause wedges in the gate later.
|
||||||
|
|
||||||
Babel>=2.3.4 # BSD
|
Babel>=2.3.4 # BSD
|
||||||
|
keystoneauth1 >= 2.10.0 # Apache-2.0
|
||||||
netaddr!=0.7.16,>=0.7.12 # BSD
|
netaddr!=0.7.16,>=0.7.12 # BSD
|
||||||
neutron-lib>=0.3.0 # Apache-2.0
|
neutron-lib>=0.3.0 # Apache-2.0
|
||||||
oslo.concurrency>=3.8.0 # Apache-2.0
|
oslo.concurrency>=3.8.0 # Apache-2.0
|
||||||
|
Loading…
Reference in New Issue
Block a user