Merge "Handle service client authorization errors" into stable/ussuri

2021-09-27 13:58:56 +00:00 · 2021-09-27 13:58:56 +00:00 · b546dd7931
parent 10473b8139 ab230bf1c0
commit b546dd7931
9 changed files with 13 additions and 18 deletions
--- a/manila/common/client_auth.py
+++ b/manila/common/client_auth.py
@ -34,9 +34,8 @@ needed to load all needed parameters dynamically.


 class AuthClientLoader(object):
-    def __init__(self, client_class, exception_module, cfg_group):
+    def __init__(self, client_class, cfg_group):
        self.client_class = client_class
-        self.exception_module = exception_module
        self.group = cfg_group
        self.admin_auth = None
        self.conf = CONF
@ -75,7 +74,7 @@ class AuthClientLoader(object):
            return self.auth_plugin

        msg = _('Cannot load auth plugin for %s') % self.group
-        raise self.exception_module.Unauthorized(message=msg)
+        raise exception.BadConfigurationException(reason=msg)

    def get_client(self, context, admin=False, **kwargs):
        """Get's the client with the correct auth/session context
--- a/manila/compute/nova.py
+++ b/manila/compute/nova.py
@ -79,9 +79,7 @@ def novaclient(context):
    global AUTH_OBJ
    if not AUTH_OBJ:
        AUTH_OBJ = client_auth.AuthClientLoader(
-            client_class=nova_client.Client,
-            exception_module=nova_exception,
-            cfg_group=NOVA_GROUP)
+            client_class=nova_client.Client, cfg_group=NOVA_GROUP)
    return AUTH_OBJ.get_client(context,
                               version=CONF[NOVA_GROUP].api_microversion,
                               endpoint_type=CONF[NOVA_GROUP].endpoint_type,
--- a/manila/network/neutron/api.py
+++ b/manila/network/neutron/api.py
@ -102,9 +102,7 @@ class API(object):
    def get_client(self, context):
        if not self.auth_obj:
            self.auth_obj = client_auth.AuthClientLoader(
-                client_class=clientv20.Client,
-                exception_module=neutron_client_exc,
-                cfg_group=NEUTRON_GROUP)
+                client_class=clientv20.Client, cfg_group=NEUTRON_GROUP)

        return self.auth_obj.get_client(
            self,
--- a/manila/tests/common/test_client_auth.py
+++ b/manila/tests/common/test_client_auth.py
@ -30,8 +30,7 @@ class ClientAuthTestCase(test.TestCase):
        self.context = mock.Mock()
        self.fake_client = mock.Mock()
        self.exception_mod = fake_client_exception_class
-        self.auth = client_auth.AuthClientLoader(
-            self.fake_client, self.exception_mod, 'foo_group')
+        self.auth = client_auth.AuthClientLoader(self.fake_client, 'foo_group')

    def test_get_client_admin_true(self):
        mock_load_session = self.mock_object(auth,
@ -61,7 +60,7 @@ class ClientAuthTestCase(test.TestCase):
    def test_load_auth_plugin_no_auth(self):
        auth.load_auth_from_conf_options.return_value = None

-        self.assertRaises(fake_client_exception_class.Unauthorized,
+        self.assertRaises(exception.BadConfigurationException,
                          self.auth._load_auth_plugin)

    @mock.patch.object(auth, 'get_session_conf_options')
--- a/manila/tests/compute/test_nova.py
+++ b/manila/tests/compute/test_nova.py
@ -146,7 +146,6 @@ class NovaclientTestCase(test.TestCase):

        mock_client_loader.assert_called_once_with(
            client_class=nova.nova_client.Client,
-            exception_module=nova.nova_exception,
            cfg_group=nova.NOVA_GROUP
        )
        mock_client_loader.return_value.get_client.assert_called_once_with(
--- a/manila/tests/network/neutron/test_neutron_api.py
+++ b/manila/tests/network/neutron/test_neutron_api.py
@ -102,7 +102,6 @@ class NeutronclientTestCase(test.TestCase):

        mock_client_loader.assert_called_once_with(
            client_class=neutron_api.clientv20.Client,
-            exception_module=neutron_api.neutron_client_exc,
            cfg_group=neutron_api.NEUTRON_GROUP
        )
        mock_client_loader.return_value.get_client.assert_called_once_with(
--- a/manila/tests/volume/test_cinder.py
+++ b/manila/tests/volume/test_cinder.py
@ -67,7 +67,6 @@ class CinderclientTestCase(test.TestCase):

        mock_client_loader.assert_called_once_with(
            client_class=cinder.cinder_client.Client,
-            exception_module=cinder.cinder_exception,
            cfg_group=cinder.CINDER_GROUP
        )
        mock_client_loader.return_value.get_client.assert_called_once_with(
--- a/manila/volume/cinder.py
+++ b/manila/volume/cinder.py
@ -88,9 +88,7 @@ def cinderclient(context):
    global AUTH_OBJ
    if not AUTH_OBJ:
        AUTH_OBJ = client_auth.AuthClientLoader(
-            client_class=cinder_client.Client,
-            exception_module=cinder_exception,
-            cfg_group=CINDER_GROUP)
+            client_class=cinder_client.Client, cfg_group=CINDER_GROUP)
    return AUTH_OBJ.get_client(context,
                               retries=CONF[CINDER_GROUP].http_retries,
                               endpoint_type=CONF[CINDER_GROUP].endpoint_type,
--- a/releasenotes/notes/bug-1921927-handle-service-client-unauthorized-exceptions-b2ebc08a072f7e12.yaml
+++ b/releasenotes/notes/bug-1921927-handle-service-client-unauthorized-exceptions-b2ebc08a072f7e12.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Authentication errors when loading service clients of OpenStack Compute
+    (nova), OpenStack Volume (cinder) and OpenStack
+    Networking (neutron) services are now handled in a better manner.