Browse Source

Merge "Replace httplib2 with requests in metadata agent" into stable/rocky

changes/03/675603/1
Zuul 1 month ago
parent
commit
5cab69b4b9

+ 0
- 1
lower-constraints.txt View File

@@ -31,7 +31,6 @@ future==0.16.0
31 31
 futurist==1.2.0
32 32
 greenlet==0.4.10
33 33
 hacking==0.12.0
34
-httplib2==0.9.1
35 34
 idna==2.6
36 35
 imagesize==0.7.1
37 36
 iso8601==0.1.11

+ 31
- 25
networking_ovn/agent/metadata/server.py View File

@@ -15,7 +15,6 @@
15 15
 import hashlib
16 16
 import hmac
17 17
 
18
-import httplib2
19 18
 from neutron.agent.linux import utils as agent_utils
20 19
 from neutron.conf.agent.metadata import config
21 20
 from neutron_lib.callbacks import events
@@ -24,6 +23,7 @@ from neutron_lib.callbacks import resources
24 23
 from oslo_config import cfg
25 24
 from oslo_log import log as logging
26 25
 from oslo_utils import encodeutils
26
+import requests
27 27
 import six
28 28
 import six.moves.urllib.parse as urlparse
29 29
 import webob
@@ -91,15 +91,14 @@ class MetadataProxyHandler(object):
91 91
     def _proxy_request(self, instance_id, tenant_id, req):
92 92
         headers = {
93 93
             'X-Forwarded-For': req.headers.get('X-Forwarded-For'),
94
-            'X-Instance-ID': str(instance_id),
95
-            'X-Tenant-ID': str(tenant_id),
94
+            'X-Instance-ID': instance_id,
95
+            'X-Tenant-ID': tenant_id,
96 96
             'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
97 97
         }
98 98
 
99 99
         nova_host_port = '%s:%s' % (self.conf.nova_metadata_host,
100 100
                                     self.conf.nova_metadata_port)
101
-        LOG.debug('Request to Nova at %s', nova_host_port)
102
-        LOG.debug(headers)
101
+
103 102
         url = urlparse.urlunsplit((
104 103
             self.conf.nova_metadata_protocol,
105 104
             nova_host_port,
@@ -107,43 +106,50 @@ class MetadataProxyHandler(object):
107 106
             req.query_string,
108 107
             ''))
109 108
 
110
-        h = httplib2.Http(
111
-            ca_certs=self.conf.auth_ca_cert,
112
-            disable_ssl_certificate_validation=self.conf.nova_metadata_insecure
113
-        )
109
+        disable_ssl_certificate_validation = self.conf.nova_metadata_insecure
110
+        if self.conf.auth_ca_cert and not disable_ssl_certificate_validation:
111
+            verify_cert = self.conf.auth_ca_cert
112
+        else:
113
+            verify_cert = not disable_ssl_certificate_validation
114
+
115
+        client_cert = None
114 116
         if self.conf.nova_client_cert and self.conf.nova_client_priv_key:
115
-            h.add_certificate(self.conf.nova_client_priv_key,
116
-                              self.conf.nova_client_cert,
117
-                              nova_host_port)
118
-        resp, content = h.request(url, method=req.method, headers=headers,
119
-                                  body=req.body)
120
-
121
-        if resp.status == 200:
122
-            req.response.content_type = resp['content-type']
123
-            req.response.body = content
117
+            client_cert = (self.conf.nova_client_cert,
118
+                           self.conf.nova_client_priv_key)
119
+
120
+        resp = requests.request(method=req.method, url=url,
121
+                                headers=headers,
122
+                                data=req.body,
123
+                                cert=client_cert,
124
+                                verify=verify_cert)
125
+
126
+        if resp.status_code == 200:
127
+            req.response.content_type = resp.headers['content-type']
128
+            req.response.body = resp.content
124 129
             LOG.debug(str(resp))
125 130
             return req.response
126
-        elif resp.status == 403:
131
+        elif resp.status_code == 403:
127 132
             LOG.warning(
128 133
                 'The remote metadata server responded with Forbidden. This '
129 134
                 'response usually occurs when shared secrets do not match.'
130 135
             )
131 136
             return webob.exc.HTTPForbidden()
132
-        elif resp.status == 400:
137
+        elif resp.status_code == 400:
133 138
             return webob.exc.HTTPBadRequest()
134
-        elif resp.status == 404:
139
+        elif resp.status_code == 404:
135 140
             return webob.exc.HTTPNotFound()
136
-        elif resp.status == 409:
141
+        elif resp.status_code == 409:
137 142
             return webob.exc.HTTPConflict()
138
-        elif resp.status == 500:
143
+        elif resp.status_code == 500:
139 144
             msg = _(
140 145
                 'Remote metadata server experienced an internal server error.'
141 146
             )
142
-            LOG.debug(msg)
147
+            LOG.warning(msg)
143 148
             explanation = six.text_type(msg)
144 149
             return webob.exc.HTTPInternalServerError(explanation=explanation)
145 150
         else:
146
-            raise Exception(_('Unexpected response code: %s') % resp.status)
151
+            raise Exception(_('Unexpected response code: %s') %
152
+                            resp.status_code)
147 153
 
148 154
     def _sign_instance_id(self, instance_id):
149 155
         secret = self.conf.metadata_proxy_shared_secret

+ 18
- 26
networking_ovn/tests/unit/agent/metadata/test_server.py View File

@@ -140,37 +140,29 @@ class TestMetadataProxyHandler(base.BaseTestCase):
140 140
 
141 141
         req = mock.Mock(path_info='/the_path', query_string='', headers=hdrs,
142 142
                         method=method, body=body)
143
-        resp = mock.MagicMock(status=response_code)
143
+        resp = mock.MagicMock(status_code=response_code)
144
+        resp.status.__str__.side_effect = AttributeError
145
+        resp.content = 'content'
144 146
         req.response = resp
145 147
         with mock.patch.object(self.handler, '_sign_instance_id') as sign:
146 148
             sign.return_value = 'signed'
147
-            with mock.patch('httplib2.Http') as mock_http:
148
-                resp.__getitem__.return_value = "text/plain"
149
-                mock_http.return_value.request.return_value = (resp, 'content')
150
-
149
+            with mock.patch('requests.request') as mock_request:
150
+                resp.headers = {'content-type': 'text/plain'}
151
+                mock_request.return_value = resp
151 152
                 retval = self.handler._proxy_request('the_id', 'tenant_id',
152 153
                                                      req)
153
-                mock_http.assert_called_once_with(
154
-                    ca_certs=None, disable_ssl_certificate_validation=True)
155
-                mock_http.assert_has_calls([
156
-                    mock.call().add_certificate(
157
-                        self.fake_conf.nova_client_priv_key,
158
-                        self.fake_conf.nova_client_cert,
159
-                        "%s:%s" % (self.fake_conf.nova_metadata_host,
160
-                                   self.fake_conf.nova_metadata_port)
161
-                    ),
162
-                    mock.call().request(
163
-                        'http://9.9.9.9:8775/the_path',
164
-                        method=method,
165
-                        headers={
166
-                            'X-Forwarded-For': '8.8.8.8',
167
-                            'X-Instance-ID-Signature': 'signed',
168
-                            'X-Instance-ID': 'the_id',
169
-                            'X-Tenant-ID': 'tenant_id'
170
-                        },
171
-                        body=body
172
-                    )]
173
-                )
154
+                mock_request.assert_called_once_with(
155
+                    method=method, url='http://9.9.9.9:8775/the_path',
156
+                    headers={
157
+                        'X-Forwarded-For': '8.8.8.8',
158
+                        'X-Instance-ID-Signature': 'signed',
159
+                        'X-Instance-ID': 'the_id',
160
+                        'X-Tenant-ID': 'tenant_id'
161
+                    },
162
+                    data=body,
163
+                    cert=(self.fake_conf.nova_client_cert,
164
+                          self.fake_conf.nova_client_priv_key),
165
+                    verify=False)
174 166
 
175 167
                 return retval
176 168
 

+ 1
- 0
requirements.txt View File

@@ -15,3 +15,4 @@ tenacity>=4.4.0 # Apache-2.0
15 15
 Babel!=2.4.0,>=2.3.4 # BSD
16 16
 six>=1.10.0 # MIT
17 17
 neutron>=13.0.0.0b2,<14.0.0.0b1 # Apache-2.0
18
+requests!=2.20.0,>=2.14.2 # Apache-2.0

Loading…
Cancel
Save