Merge "Handle service client authorization errors" into stable/victoria
This commit is contained in:
commit
a206293da5
|
@ -34,9 +34,8 @@ needed to load all needed parameters dynamically.
|
||||||
|
|
||||||
|
|
||||||
class AuthClientLoader(object):
|
class AuthClientLoader(object):
|
||||||
def __init__(self, client_class, exception_module, cfg_group):
|
def __init__(self, client_class, cfg_group):
|
||||||
self.client_class = client_class
|
self.client_class = client_class
|
||||||
self.exception_module = exception_module
|
|
||||||
self.group = cfg_group
|
self.group = cfg_group
|
||||||
self.admin_auth = None
|
self.admin_auth = None
|
||||||
self.conf = CONF
|
self.conf = CONF
|
||||||
|
@ -75,7 +74,7 @@ class AuthClientLoader(object):
|
||||||
return self.auth_plugin
|
return self.auth_plugin
|
||||||
|
|
||||||
msg = _('Cannot load auth plugin for %s') % self.group
|
msg = _('Cannot load auth plugin for %s') % self.group
|
||||||
raise self.exception_module.Unauthorized(message=msg)
|
raise exception.BadConfigurationException(reason=msg)
|
||||||
|
|
||||||
def get_client(self, context, admin=False, **kwargs):
|
def get_client(self, context, admin=False, **kwargs):
|
||||||
"""Get's the client with the correct auth/session context
|
"""Get's the client with the correct auth/session context
|
||||||
|
|
|
@ -79,9 +79,7 @@ def novaclient(context):
|
||||||
global AUTH_OBJ
|
global AUTH_OBJ
|
||||||
if not AUTH_OBJ:
|
if not AUTH_OBJ:
|
||||||
AUTH_OBJ = client_auth.AuthClientLoader(
|
AUTH_OBJ = client_auth.AuthClientLoader(
|
||||||
client_class=nova_client.Client,
|
client_class=nova_client.Client, cfg_group=NOVA_GROUP)
|
||||||
exception_module=nova_exception,
|
|
||||||
cfg_group=NOVA_GROUP)
|
|
||||||
return AUTH_OBJ.get_client(context,
|
return AUTH_OBJ.get_client(context,
|
||||||
version=CONF[NOVA_GROUP].api_microversion,
|
version=CONF[NOVA_GROUP].api_microversion,
|
||||||
endpoint_type=CONF[NOVA_GROUP].endpoint_type,
|
endpoint_type=CONF[NOVA_GROUP].endpoint_type,
|
||||||
|
|
|
@ -17,7 +17,6 @@ Handles all requests to Glance.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from glanceclient import client as glance_client
|
from glanceclient import client as glance_client
|
||||||
from glanceclient import exc as glance_exception
|
|
||||||
from keystoneauth1 import loading as ks_loading
|
from keystoneauth1 import loading as ks_loading
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
@ -53,9 +52,7 @@ def glanceclient(context):
|
||||||
global AUTH_OBJ
|
global AUTH_OBJ
|
||||||
if not AUTH_OBJ:
|
if not AUTH_OBJ:
|
||||||
AUTH_OBJ = client_auth.AuthClientLoader(
|
AUTH_OBJ = client_auth.AuthClientLoader(
|
||||||
client_class=glance_client.Client,
|
client_class=glance_client.Client, cfg_group=GLANCE_GROUP)
|
||||||
exception_module=glance_exception,
|
|
||||||
cfg_group=GLANCE_GROUP)
|
|
||||||
return AUTH_OBJ.get_client(context,
|
return AUTH_OBJ.get_client(context,
|
||||||
version=CONF[GLANCE_GROUP].api_microversion,
|
version=CONF[GLANCE_GROUP].api_microversion,
|
||||||
region_name=CONF[GLANCE_GROUP].region_name)
|
region_name=CONF[GLANCE_GROUP].region_name)
|
||||||
|
|
|
@ -102,9 +102,7 @@ class API(object):
|
||||||
def get_client(self, context):
|
def get_client(self, context):
|
||||||
if not self.auth_obj:
|
if not self.auth_obj:
|
||||||
self.auth_obj = client_auth.AuthClientLoader(
|
self.auth_obj = client_auth.AuthClientLoader(
|
||||||
client_class=clientv20.Client,
|
client_class=clientv20.Client, cfg_group=NEUTRON_GROUP)
|
||||||
exception_module=neutron_client_exc,
|
|
||||||
cfg_group=NEUTRON_GROUP)
|
|
||||||
|
|
||||||
return self.auth_obj.get_client(
|
return self.auth_obj.get_client(
|
||||||
self,
|
self,
|
||||||
|
|
|
@ -30,8 +30,7 @@ class ClientAuthTestCase(test.TestCase):
|
||||||
self.context = mock.Mock()
|
self.context = mock.Mock()
|
||||||
self.fake_client = mock.Mock()
|
self.fake_client = mock.Mock()
|
||||||
self.exception_mod = fake_client_exception_class
|
self.exception_mod = fake_client_exception_class
|
||||||
self.auth = client_auth.AuthClientLoader(
|
self.auth = client_auth.AuthClientLoader(self.fake_client, 'foo_group')
|
||||||
self.fake_client, self.exception_mod, 'foo_group')
|
|
||||||
|
|
||||||
def test_get_client_admin_true(self):
|
def test_get_client_admin_true(self):
|
||||||
mock_load_session = self.mock_object(auth,
|
mock_load_session = self.mock_object(auth,
|
||||||
|
@ -61,7 +60,7 @@ class ClientAuthTestCase(test.TestCase):
|
||||||
def test_load_auth_plugin_no_auth(self):
|
def test_load_auth_plugin_no_auth(self):
|
||||||
auth.load_auth_from_conf_options.return_value = None
|
auth.load_auth_from_conf_options.return_value = None
|
||||||
|
|
||||||
self.assertRaises(fake_client_exception_class.Unauthorized,
|
self.assertRaises(exception.BadConfigurationException,
|
||||||
self.auth._load_auth_plugin)
|
self.auth._load_auth_plugin)
|
||||||
|
|
||||||
@mock.patch.object(auth, 'get_session_conf_options')
|
@mock.patch.object(auth, 'get_session_conf_options')
|
||||||
|
|
|
@ -146,7 +146,6 @@ class NovaclientTestCase(test.TestCase):
|
||||||
|
|
||||||
mock_client_loader.assert_called_once_with(
|
mock_client_loader.assert_called_once_with(
|
||||||
client_class=nova.nova_client.Client,
|
client_class=nova.nova_client.Client,
|
||||||
exception_module=nova.nova_exception,
|
|
||||||
cfg_group=nova.NOVA_GROUP
|
cfg_group=nova.NOVA_GROUP
|
||||||
)
|
)
|
||||||
mock_client_loader.return_value.get_client.assert_called_once_with(
|
mock_client_loader.return_value.get_client.assert_called_once_with(
|
||||||
|
|
|
@ -56,6 +56,10 @@ class GlanceClientTestCase(test.TestCase):
|
||||||
with test_utils.create_temp_config_with_opts(data):
|
with test_utils.create_temp_config_with_opts(data):
|
||||||
glance.glanceclient(fake_context)
|
glance.glanceclient(fake_context)
|
||||||
|
|
||||||
|
mock_client_loader.assert_called_once_with(
|
||||||
|
client_class=glance.glance_client.Client,
|
||||||
|
cfg_group=glance.GLANCE_GROUP
|
||||||
|
)
|
||||||
mock_client_loader.return_value.get_client.assert_called_once_with(
|
mock_client_loader.return_value.get_client.assert_called_once_with(
|
||||||
fake_context,
|
fake_context,
|
||||||
version=data['glance']['api_microversion'],
|
version=data['glance']['api_microversion'],
|
||||||
|
|
|
@ -102,7 +102,6 @@ class NeutronclientTestCase(test.TestCase):
|
||||||
|
|
||||||
mock_client_loader.assert_called_once_with(
|
mock_client_loader.assert_called_once_with(
|
||||||
client_class=neutron_api.clientv20.Client,
|
client_class=neutron_api.clientv20.Client,
|
||||||
exception_module=neutron_api.neutron_client_exc,
|
|
||||||
cfg_group=neutron_api.NEUTRON_GROUP
|
cfg_group=neutron_api.NEUTRON_GROUP
|
||||||
)
|
)
|
||||||
mock_client_loader.return_value.get_client.assert_called_once_with(
|
mock_client_loader.return_value.get_client.assert_called_once_with(
|
||||||
|
|
|
@ -67,7 +67,6 @@ class CinderclientTestCase(test.TestCase):
|
||||||
|
|
||||||
mock_client_loader.assert_called_once_with(
|
mock_client_loader.assert_called_once_with(
|
||||||
client_class=cinder.cinder_client.Client,
|
client_class=cinder.cinder_client.Client,
|
||||||
exception_module=cinder.cinder_exception,
|
|
||||||
cfg_group=cinder.CINDER_GROUP
|
cfg_group=cinder.CINDER_GROUP
|
||||||
)
|
)
|
||||||
mock_client_loader.return_value.get_client.assert_called_once_with(
|
mock_client_loader.return_value.get_client.assert_called_once_with(
|
||||||
|
|
|
@ -88,9 +88,7 @@ def cinderclient(context):
|
||||||
global AUTH_OBJ
|
global AUTH_OBJ
|
||||||
if not AUTH_OBJ:
|
if not AUTH_OBJ:
|
||||||
AUTH_OBJ = client_auth.AuthClientLoader(
|
AUTH_OBJ = client_auth.AuthClientLoader(
|
||||||
client_class=cinder_client.Client,
|
client_class=cinder_client.Client, cfg_group=CINDER_GROUP)
|
||||||
exception_module=cinder_exception,
|
|
||||||
cfg_group=CINDER_GROUP)
|
|
||||||
return AUTH_OBJ.get_client(context,
|
return AUTH_OBJ.get_client(context,
|
||||||
retries=CONF[CINDER_GROUP].http_retries,
|
retries=CONF[CINDER_GROUP].http_retries,
|
||||||
endpoint_type=CONF[CINDER_GROUP].endpoint_type,
|
endpoint_type=CONF[CINDER_GROUP].endpoint_type,
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Authentication errors when loading service clients of OpenStack Compute
|
||||||
|
(nova), OpenStack Image (glance), OpenStack Volume (cinder) and OpenStack
|
||||||
|
Networking (neutron) services are now handled in a better manner.
|
Loading…
Reference in New Issue