Merge "auth: use keystoneauth1 for neutron access"

2016-09-12 04:38:55 +00:00 · 2016-09-12 04:38:55 +00:00 · dbe2284ce6
parent 2fb9896680 632fda4c32
commit dbe2284ce6
8 changed files with 82 additions and 89 deletions
--- a/kuryr/lib/config.py
+++ b/kuryr/lib/config.py
@ -14,8 +14,7 @@
 Routines for configuring Kuryr
 """
-import os
+from keystoneauth1 import loading as ks_loading
 from oslo_config import cfg
 from kuryr.lib._i18n import _
@ -29,10 +28,13 @@ core_opts = [
               default='kuryrPool',
               help=_('Neutron subnetpool name will be prefixed by this.')),
 ]
 neutron_group = cfg.OptGroup(
    'neutron',
    title='Neutron Options',
    help=_('Configuration options for OpenStack Neutron'))
 neutron_opts = [
    cfg.StrOpt('neutron_uri',
               default=os.environ.get('OS_URL', 'http://127.0.0.1:9696'),
               help=_('Neutron URL for accessing the network service.')),
    cfg.StrOpt('enable_dhcp',
               default='True',
               help=_('Enable or Disable dhcp for neutron subnets.')),
@ -49,34 +51,24 @@ neutron_opts = [
    cfg.IntOpt('vif_plugging_timeout',
               default=0,
               help=_("Seconds to wait for port to become active")),
    cfg.StrOpt('endpoint_type',
               default='public',
               choices=['public', 'admin', 'internal'],
               help=_('Type of the neutron endpoint to use. This endpoint '
                      'will be looked up in the keystone catalog and should '
                      'be one of public, internal or admin.')),
 ]
-keystone_opts = [
+
    cfg.StrOpt('auth_uri',
               default=os.environ.get('IDENTITY_URL',
                                      'http://127.0.0.1:35357/v2.0'),
               help=_('The URL for accessing the identity service.')),
    cfg.StrOpt('admin_user',
               default=os.environ.get('SERVICE_USER'),
               help=_('The username to auth with the identity service.')),
    cfg.StrOpt('admin_tenant_name',
               default=os.environ.get('SERVICE_TENANT_NAME'),
               help=_('The tenant name to auth with the identity service.')),
    cfg.StrOpt('admin_password',
               default=os.environ.get('SERVICE_PASSWORD'),
               help=_('The password to auth with the identity service.')),
    cfg.StrOpt('admin_token',
               default=os.environ.get('SERVICE_TOKEN'),
               help=_('The admin token.')),
    cfg.StrOpt('auth_ca_cert',
               default=os.environ.get('SERVICE_CA_CERT'),
               help=_('The CA certification file.')),
    cfg.BoolOpt('auth_insecure',
                default=False,
                help=_("Turn off verification of the certificate for ssl")),
 ]
 binding_opts = [
    cfg.StrOpt('veth_dst_prefix',
               default='eth',
               help=('The name prefix of the veth endpoint put inside the '
                     'container.'))
 ]
 def register_neutron_opts(conf):
    conf.register_group(neutron_group)
    conf.register_opts(neutron_opts, group=neutron_group)
    ks_loading.register_session_conf_options(conf, neutron_group.name)
    ks_loading.register_auth_conf_options(conf, neutron_group.name)
--- a/kuryr/lib/opts.py
+++ b/kuryr/lib/opts.py
@ -16,12 +16,17 @@ __all__ = [
 import copy
 import itertools
 import operator
 from keystoneauth1 import loading as ks_loading
 from oslo_log import _options
 from kuryr.lib import config
 ENABLED_AUTH_PLUGINS = ('password', 'v2password', 'v2token', 'v3password',
                        'v3token')
 _core_opts_with_logging = config.core_opts
 _core_opts_with_logging += _options.common_cli_opts
 _core_opts_with_logging += _options.logging_cli_opts
@ -29,12 +34,23 @@ _core_opts_with_logging += _options.generic_log_opts
 _kuryr_opts = [
    (None, list(itertools.chain(_core_opts_with_logging))),
    ('neutron_client', config.neutron_opts),
    ('keystone_client', config.keystone_opts),
    ('binding', config.binding_opts),
 ]
 def list_neutron_opts():
    opt_list = copy.deepcopy(config.neutron_opts)
    opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
    # NOTE(apuimedo): There are a lot of auth plugins, we just generate the
    # config options for a few common ones
    for name in ENABLED_AUTH_PLUGINS:
        for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
            if all(option.name != plugin_option.name for option in opt_list):
                opt_list.append(plugin_option)
    opt_list.sort(key=operator.attrgetter('name'))
    return [(config.neutron_group, opt_list)]
 def list_kuryr_opts():
    """Return a list of oslo_config options available in Kuryr service.
@ -52,4 +68,5 @@ def list_kuryr_opts():
    :returns: a list of (group_name, opts) tuples
    """
-    return [(k, copy.deepcopy(o)) for k, o in _kuryr_opts]
+    return ([(k, copy.deepcopy(o)) for k, o in _kuryr_opts] +
            list_neutron_opts())
--- a/kuryr/lib/utils.py
+++ b/kuryr/lib/utils.py
@ -14,29 +14,26 @@ import hashlib
 import random
 import socket
-from neutronclient.neutron import client
+from keystoneauth1 import loading as ks_loading
-from neutronclient.v2_0 import client as client_v2
+from neutronclient.v2_0 import client
 from oslo_config import cfg
 from kuryr.lib import config as kuryr_config
 from kuryr.lib import constants as const
 DOCKER_NETNS_BASE = '/var/run/docker/netns'
 PORT_POSTFIX = 'port'
-def get_neutron_client_simple(url, auth_url, token):
+def get_neutron_client(*args, **kwargs):
-    auths = auth_url.rsplit('/', 1)
+    auth_plugin = ks_loading.load_auth_from_conf_options(
-    version = auths[1][1:]
+        cfg.CONF, kuryr_config.neutron_group.name)
-    return client.Client(version, endpoint_url=url, token=token)
+    session = ks_loading.load_session_from_conf_options(cfg.CONF,
-
+                                                        'neutron',
-
+                                                        auth=auth_plugin)
-def get_neutron_client(url, username, tenant_name, password,
+    return client.Client(session=session,
-                       auth_url, ca_cert, insecure, timeout=30):
+                         auth=auth_plugin,
-
+                         endpoint_type=cfg.CONF.neutron.endpoint_type)
    return client_v2.Client(endpoint_url=url, timeout=timeout,
                            username=username, tenant_name=tenant_name,
                            password=password, auth_url=auth_url,
                            ca_cert=ca_cert, insecure=insecure)
 def get_hostname():
--- a/kuryr/tests/unit/base.py
+++ b/kuryr/tests/unit/base.py
@ -24,9 +24,8 @@ class TestCase(base.BaseTestCase):
        super(TestCase, self).setUp()
        CONF = cfg.CONF
        CONF.register_opts(config.core_opts)
        CONF.register_opts(config.neutron_opts, group='neutron_client')
        CONF.register_opts(config.keystone_opts, group='keystone_client')
        CONF.register_opts(config.binding_opts, 'binding')
        config.register_neutron_opts(CONF)
    @staticmethod
    def _get_fake_networks(neutron_network_id):
--- a/kuryr/tests/unit/test_config.py
+++ b/kuryr/tests/unit/test_config.py
@ -18,15 +18,10 @@ from kuryr.tests.unit import base
 class ConfigurationTest(base.TestCase):
    def test_defaults(self):
        self.assertEqual('http://127.0.0.1:9696',
                         cfg.CONF.neutron_client.neutron_uri)
        self.assertEqual('kuryr',
-                         cfg.CONF.neutron_client.default_subnetpool_v4)
+                         cfg.CONF.neutron.default_subnetpool_v4)
        self.assertEqual('kuryr6',
-                         cfg.CONF.neutron_client.default_subnetpool_v6)
+                         cfg.CONF.neutron.default_subnetpool_v6)
-
+        self.assertEqual('public',
-        self.assertEqual('http://127.0.0.1:35357/v2.0',
+                         cfg.CONF.neutron.endpoint_type)
                         cfg.CONF.keystone_client.auth_uri)
--- a/kuryr/tests/unit/test_opts.py
+++ b/kuryr/tests/unit/test_opts.py
@ -18,10 +18,13 @@ from kuryr.tests.unit import base
 class OptsTest(base.TestCase):
-    def test_list_kuryr_opts(self):
+    _fake_kuryr_opts = [(None, 'fakevalue1'), ('Key1', 'fakevalue2')]
-        fake_kuryr_opts = [(None, 'fakevalue1'),
+    _fake_neutron_opts = [('poolv4', 'swimming4'), ('poolv6', 'swimming6')]
-                           ('Key1', 'fakevalue2')]
+
-        fake_kuryr_opts_mock = mock.PropertyMock(return_value=fake_kuryr_opts)
+    @mock.patch.multiple(kuryr_opts, _kuryr_opts=_fake_kuryr_opts,
-        with mock.patch.object(kuryr_opts, '_kuryr_opts',
+                         list_neutron_opts=mock.DEFAULT)
-                  new_callable=fake_kuryr_opts_mock):
+    def test_list_kuryr_opts(self, list_neutron_opts):
-            self.assertEqual(fake_kuryr_opts, kuryr_opts.list_kuryr_opts())
+        list_neutron_opts.return_value = self._fake_neutron_opts
        self.assertEqual(self._fake_kuryr_opts + self._fake_neutron_opts,
                         kuryr_opts.list_kuryr_opts())
--- a/kuryr/tests/unit/test_utils.py
+++ b/kuryr/tests/unit/test_utils.py
@ -54,31 +54,20 @@ class TestKuryrUtils(base.TestCase):
        self.assertIn(name_prefix, generated_neutron_subnetpool_name)
        self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name)
    @mock.patch('neutronclient.neutron.client.Client')
    def test_get_neutron_client_simple(self, mock_client):
        fake_token = str(uuid.uuid4())
        utils.get_neutron_client_simple(url=self.fake_url,
                             auth_url=self.fake_auth_url, token=fake_token)
        mock_client.assert_called_once_with('2.0',
                             endpoint_url=self.fake_url, token=fake_token)
    @mock.patch('neutronclient.v2_0.client.Client')
-    def test_get_neutron_client(self, mock_client):
+    @mock.patch('keystoneauth1.loading.load_auth_from_conf_options')
-        fake_username = 'fake_user'
+    @mock.patch('keystoneauth1.loading.load_session_from_conf_options')
-        fake_tenant_name = 'fake_tenant_name'
+    def test_get_neutron_client(self, mock_session_loader, mock_auth_loader,
-        fake_password = 'fake_password'
+                                mock_client):
-        fake_ca_cert = None
+        fake_auth = 'Fake_auth_plugin'
-        fake_insecure = False
+        fake_session = 'Fake_session_plugin'
-        fake_timeout = 60
+        mock_auth_loader.return_value = fake_auth
-        utils.get_neutron_client(url=self.fake_url, username=fake_username,
+        mock_session_loader.return_value = fake_session
-                       tenant_name=fake_tenant_name, password=fake_password,
+        utils.get_neutron_client()
-                       auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
+        mock_client.assert_called_once_with(
-                       insecure=fake_insecure, timeout=fake_timeout)
+            auth=fake_auth,
-        mock_client.assert_called_once_with(endpoint_url=self.fake_url,
+            session=fake_session,
-                       timeout=fake_timeout, username=fake_username,
+            endpoint_type=cfg.CONF.neutron.endpoint_type)
                       tenant_name=fake_tenant_name, password=fake_password,
                       auth_url=self.fake_auth_url, ca_cert=fake_ca_cert,
                       insecure=fake_insecure)
    @mock.patch.object(socket, 'gethostname', return_value='fake_hostname')
    def test_get_hostname(self, mock_get_hostname):
--- a/requirements.txt
+++ b/requirements.txt
@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 Babel>=2.3.4 # BSD
 keystoneauth1 >= 2.10.0 # Apache-2.0
 netaddr!=0.7.16,>=0.7.12 # BSD
 neutron-lib>=0.3.0 # Apache-2.0
 oslo.concurrency>=3.8.0 # Apache-2.0