Merge "auth: use keystoneauth1 for neutron access"

This commit is contained in:
Jenkins 2016-09-12 04:38:55 +00:00 committed by Gerrit Code Review
commit dbe2284ce6
8 changed files with 82 additions and 89 deletions

View File

@ -14,8 +14,7 @@
Routines for configuring Kuryr Routines for configuring Kuryr
""" """
import os from keystoneauth1 import loading as ks_loading
from oslo_config import cfg from oslo_config import cfg
from kuryr.lib._i18n import _ from kuryr.lib._i18n import _
@ -29,10 +28,13 @@ core_opts = [
default='kuryrPool', default='kuryrPool',
help=_('Neutron subnetpool name will be prefixed by this.')), help=_('Neutron subnetpool name will be prefixed by this.')),
] ]
neutron_group = cfg.OptGroup(
'neutron',
title='Neutron Options',
help=_('Configuration options for OpenStack Neutron'))
neutron_opts = [ neutron_opts = [
cfg.StrOpt('neutron_uri',
default=os.environ.get('OS_URL', 'http://127.0.0.1:9696'),
help=_('Neutron URL for accessing the network service.')),
cfg.StrOpt('enable_dhcp', cfg.StrOpt('enable_dhcp',
default='True', default='True',
help=_('Enable or Disable dhcp for neutron subnets.')), help=_('Enable or Disable dhcp for neutron subnets.')),
@ -49,34 +51,24 @@ neutron_opts = [
cfg.IntOpt('vif_plugging_timeout', cfg.IntOpt('vif_plugging_timeout',
default=0, default=0,
help=_("Seconds to wait for port to become active")), help=_("Seconds to wait for port to become active")),
cfg.StrOpt('endpoint_type',
default='public',
choices=['public', 'admin', 'internal'],
help=_('Type of the neutron endpoint to use. This endpoint '
'will be looked up in the keystone catalog and should '
'be one of public, internal or admin.')),
] ]
keystone_opts = [
cfg.StrOpt('auth_uri',
default=os.environ.get('IDENTITY_URL',
'http://127.0.0.1:35357/v2.0'),
help=_('The URL for accessing the identity service.')),
cfg.StrOpt('admin_user',
default=os.environ.get('SERVICE_USER'),
help=_('The username to auth with the identity service.')),
cfg.StrOpt('admin_tenant_name',
default=os.environ.get('SERVICE_TENANT_NAME'),
help=_('The tenant name to auth with the identity service.')),
cfg.StrOpt('admin_password',
default=os.environ.get('SERVICE_PASSWORD'),
help=_('The password to auth with the identity service.')),
cfg.StrOpt('admin_token',
default=os.environ.get('SERVICE_TOKEN'),
help=_('The admin token.')),
cfg.StrOpt('auth_ca_cert',
default=os.environ.get('SERVICE_CA_CERT'),
help=_('The CA certification file.')),
cfg.BoolOpt('auth_insecure',
default=False,
help=_("Turn off verification of the certificate for ssl")),
]
binding_opts = [ binding_opts = [
cfg.StrOpt('veth_dst_prefix', cfg.StrOpt('veth_dst_prefix',
default='eth', default='eth',
help=('The name prefix of the veth endpoint put inside the ' help=('The name prefix of the veth endpoint put inside the '
'container.')) 'container.'))
] ]
def register_neutron_opts(conf):
conf.register_group(neutron_group)
conf.register_opts(neutron_opts, group=neutron_group)
ks_loading.register_session_conf_options(conf, neutron_group.name)
ks_loading.register_auth_conf_options(conf, neutron_group.name)

View File

@ -16,12 +16,17 @@ __all__ = [
import copy import copy
import itertools import itertools
import operator
from keystoneauth1 import loading as ks_loading
from oslo_log import _options from oslo_log import _options
from kuryr.lib import config from kuryr.lib import config
ENABLED_AUTH_PLUGINS = ('password', 'v2password', 'v2token', 'v3password',
'v3token')
_core_opts_with_logging = config.core_opts _core_opts_with_logging = config.core_opts
_core_opts_with_logging += _options.common_cli_opts _core_opts_with_logging += _options.common_cli_opts
_core_opts_with_logging += _options.logging_cli_opts _core_opts_with_logging += _options.logging_cli_opts
@ -29,12 +34,23 @@ _core_opts_with_logging += _options.generic_log_opts
_kuryr_opts = [ _kuryr_opts = [
(None, list(itertools.chain(_core_opts_with_logging))), (None, list(itertools.chain(_core_opts_with_logging))),
('neutron_client', config.neutron_opts),
('keystone_client', config.keystone_opts),
('binding', config.binding_opts), ('binding', config.binding_opts),
] ]
def list_neutron_opts():
opt_list = copy.deepcopy(config.neutron_opts)
opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
# NOTE(apuimedo): There are a lot of auth plugins, we just generate the
# config options for a few common ones
for name in ENABLED_AUTH_PLUGINS:
for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
if all(option.name != plugin_option.name for option in opt_list):
opt_list.append(plugin_option)
opt_list.sort(key=operator.attrgetter('name'))
return [(config.neutron_group, opt_list)]
def list_kuryr_opts(): def list_kuryr_opts():
"""Return a list of oslo_config options available in Kuryr service. """Return a list of oslo_config options available in Kuryr service.
@ -52,4 +68,5 @@ def list_kuryr_opts():
:returns: a list of (group_name, opts) tuples :returns: a list of (group_name, opts) tuples
""" """
return [(k, copy.deepcopy(o)) for k, o in _kuryr_opts] return ([(k, copy.deepcopy(o)) for k, o in _kuryr_opts] +
list_neutron_opts())

View File

@ -14,29 +14,26 @@ import hashlib
import random import random
import socket import socket
from neutronclient.neutron import client from keystoneauth1 import loading as ks_loading
from neutronclient.v2_0 import client as client_v2 from neutronclient.v2_0 import client
from oslo_config import cfg from oslo_config import cfg
from kuryr.lib import config as kuryr_config
from kuryr.lib import constants as const from kuryr.lib import constants as const
DOCKER_NETNS_BASE = '/var/run/docker/netns' DOCKER_NETNS_BASE = '/var/run/docker/netns'
PORT_POSTFIX = 'port' PORT_POSTFIX = 'port'
def get_neutron_client_simple(url, auth_url, token): def get_neutron_client(*args, **kwargs):
auths = auth_url.rsplit('/', 1) auth_plugin = ks_loading.load_auth_from_conf_options(
version = auths[1][1:] cfg.CONF, kuryr_config.neutron_group.name)
return client.Client(version, endpoint_url=url, token=token) session = ks_loading.load_session_from_conf_options(cfg.CONF,
'neutron',
auth=auth_plugin)
def get_neutron_client(url, username, tenant_name, password, return client.Client(session=session,
auth_url, ca_cert, insecure, timeout=30): auth=auth_plugin,
endpoint_type=cfg.CONF.neutron.endpoint_type)
return client_v2.Client(endpoint_url=url, timeout=timeout,
username=username, tenant_name=tenant_name,
password=password, auth_url=auth_url,
ca_cert=ca_cert, insecure=insecure)
def get_hostname(): def get_hostname():

View File

@ -24,9 +24,8 @@ class TestCase(base.BaseTestCase):
super(TestCase, self).setUp() super(TestCase, self).setUp()
CONF = cfg.CONF CONF = cfg.CONF
CONF.register_opts(config.core_opts) CONF.register_opts(config.core_opts)
CONF.register_opts(config.neutron_opts, group='neutron_client')
CONF.register_opts(config.keystone_opts, group='keystone_client')
CONF.register_opts(config.binding_opts, 'binding') CONF.register_opts(config.binding_opts, 'binding')
config.register_neutron_opts(CONF)
@staticmethod @staticmethod
def _get_fake_networks(neutron_network_id): def _get_fake_networks(neutron_network_id):

13
kuryr/tests/unit/test_config.py Executable file → Normal file
View File

@ -18,15 +18,10 @@ from kuryr.tests.unit import base
class ConfigurationTest(base.TestCase): class ConfigurationTest(base.TestCase):
def test_defaults(self): def test_defaults(self):
self.assertEqual('http://127.0.0.1:9696',
cfg.CONF.neutron_client.neutron_uri)
self.assertEqual('kuryr', self.assertEqual('kuryr',
cfg.CONF.neutron_client.default_subnetpool_v4) cfg.CONF.neutron.default_subnetpool_v4)
self.assertEqual('kuryr6', self.assertEqual('kuryr6',
cfg.CONF.neutron_client.default_subnetpool_v6) cfg.CONF.neutron.default_subnetpool_v6)
self.assertEqual('public',
self.assertEqual('http://127.0.0.1:35357/v2.0', cfg.CONF.neutron.endpoint_type)
cfg.CONF.keystone_client.auth_uri)

View File

@ -18,10 +18,13 @@ from kuryr.tests.unit import base
class OptsTest(base.TestCase): class OptsTest(base.TestCase):
def test_list_kuryr_opts(self): _fake_kuryr_opts = [(None, 'fakevalue1'), ('Key1', 'fakevalue2')]
fake_kuryr_opts = [(None, 'fakevalue1'), _fake_neutron_opts = [('poolv4', 'swimming4'), ('poolv6', 'swimming6')]
('Key1', 'fakevalue2')]
fake_kuryr_opts_mock = mock.PropertyMock(return_value=fake_kuryr_opts) @mock.patch.multiple(kuryr_opts, _kuryr_opts=_fake_kuryr_opts,
with mock.patch.object(kuryr_opts, '_kuryr_opts', list_neutron_opts=mock.DEFAULT)
new_callable=fake_kuryr_opts_mock): def test_list_kuryr_opts(self, list_neutron_opts):
self.assertEqual(fake_kuryr_opts, kuryr_opts.list_kuryr_opts()) list_neutron_opts.return_value = self._fake_neutron_opts
self.assertEqual(self._fake_kuryr_opts + self._fake_neutron_opts,
kuryr_opts.list_kuryr_opts())

View File

@ -54,31 +54,20 @@ class TestKuryrUtils(base.TestCase):
self.assertIn(name_prefix, generated_neutron_subnetpool_name) self.assertIn(name_prefix, generated_neutron_subnetpool_name)
self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name) self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name)
@mock.patch('neutronclient.neutron.client.Client')
def test_get_neutron_client_simple(self, mock_client):
fake_token = str(uuid.uuid4())
utils.get_neutron_client_simple(url=self.fake_url,
auth_url=self.fake_auth_url, token=fake_token)
mock_client.assert_called_once_with('2.0',
endpoint_url=self.fake_url, token=fake_token)
@mock.patch('neutronclient.v2_0.client.Client') @mock.patch('neutronclient.v2_0.client.Client')
def test_get_neutron_client(self, mock_client): @mock.patch('keystoneauth1.loading.load_auth_from_conf_options')
fake_username = 'fake_user' @mock.patch('keystoneauth1.loading.load_session_from_conf_options')
fake_tenant_name = 'fake_tenant_name' def test_get_neutron_client(self, mock_session_loader, mock_auth_loader,
fake_password = 'fake_password' mock_client):
fake_ca_cert = None fake_auth = 'Fake_auth_plugin'
fake_insecure = False fake_session = 'Fake_session_plugin'
fake_timeout = 60 mock_auth_loader.return_value = fake_auth
utils.get_neutron_client(url=self.fake_url, username=fake_username, mock_session_loader.return_value = fake_session
tenant_name=fake_tenant_name, password=fake_password, utils.get_neutron_client()
auth_url=self.fake_auth_url, ca_cert=fake_ca_cert, mock_client.assert_called_once_with(
insecure=fake_insecure, timeout=fake_timeout) auth=fake_auth,
mock_client.assert_called_once_with(endpoint_url=self.fake_url, session=fake_session,
timeout=fake_timeout, username=fake_username, endpoint_type=cfg.CONF.neutron.endpoint_type)
tenant_name=fake_tenant_name, password=fake_password,
auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
insecure=fake_insecure)
@mock.patch.object(socket, 'gethostname', return_value='fake_hostname') @mock.patch.object(socket, 'gethostname', return_value='fake_hostname')
def test_get_hostname(self, mock_get_hostname): def test_get_hostname(self, mock_get_hostname):

View File

@ -3,6 +3,7 @@
# process, which may cause wedges in the gate later. # process, which may cause wedges in the gate later.
Babel>=2.3.4 # BSD Babel>=2.3.4 # BSD
keystoneauth1 >= 2.10.0 # Apache-2.0
netaddr!=0.7.16,>=0.7.12 # BSD netaddr!=0.7.16,>=0.7.12 # BSD
neutron-lib>=0.3.0 # Apache-2.0 neutron-lib>=0.3.0 # Apache-2.0
oslo.concurrency>=3.8.0 # Apache-2.0 oslo.concurrency>=3.8.0 # Apache-2.0