Browse Source

Merge "metadata: use requests for comms with nova api" into stable/rocky

changes/18/604118/1
Zuul 4 years ago committed by Gerrit Code Review
parent
commit
517918dc5e
  1. 44
      neutron/agent/metadata/agent.py
  2. 43
      neutron/tests/unit/agent/metadata/test_agent.py
  3. 1
      requirements.txt

44
neutron/agent/metadata/agent.py

@ -15,7 +15,6 @@
import hashlib
import hmac
import httplib2
from neutron_lib.agent import topics
from neutron_lib import constants
from neutron_lib import context
@ -24,6 +23,7 @@ from oslo_log import log as logging
import oslo_messaging
from oslo_service import loopingcall
from oslo_utils import encodeutils
import requests
import six
import six.moves.urllib.parse as urlparse
import webob
@ -186,35 +186,41 @@ class MetadataProxyHandler(object):
req.query_string,
''))
h = httplib2.Http(
ca_certs=self.conf.auth_ca_cert,
disable_ssl_certificate_validation=self.conf.nova_metadata_insecure
)
disable_ssl_certificate_validation = self.conf.nova_metadata_insecure
if self.conf.auth_ca_cert and not disable_ssl_certificate_validation:
verify_cert = self.conf.auth_ca_cert
else:
verify_cert = not disable_ssl_certificate_validation
client_cert = None
if self.conf.nova_client_cert and self.conf.nova_client_priv_key:
h.add_certificate(self.conf.nova_client_priv_key,
self.conf.nova_client_cert,
nova_host_port)
resp, content = h.request(url, method=req.method, headers=headers,
body=req.body)
if resp.status == 200:
req.response.content_type = resp['content-type']
req.response.body = content
client_cert = (self.conf.nova_client_cert,
self.conf.nova_client_priv_key)
resp = requests.request(method=req.method, url=url,
headers=headers,
data=req.body,
cert=client_cert,
verify=verify_cert)
if resp.status_code == 200:
req.response.content_type = resp.headers['content-type']
req.response.body = resp.content
LOG.debug(str(resp))
return req.response
elif resp.status == 403:
elif resp.status_code == 403:
LOG.warning(
'The remote metadata server responded with Forbidden. This '
'response usually occurs when shared secrets do not match.'
)
return webob.exc.HTTPForbidden()
elif resp.status == 400:
elif resp.status_code == 400:
return webob.exc.HTTPBadRequest()
elif resp.status == 404:
elif resp.status_code == 404:
return webob.exc.HTTPNotFound()
elif resp.status == 409:
elif resp.status_code == 409:
return webob.exc.HTTPConflict()
elif resp.status == 500:
elif resp.status_code == 500:
msg = _(
'Remote metadata server experienced an internal server error.'
)

43
neutron/tests/unit/agent/metadata/test_agent.py

@ -339,37 +339,28 @@ class _TestMetadataProxyHandlerCacheMixin(object):
req = mock.Mock(path_info='/the_path', query_string='', headers=hdrs,
method=method, body=body)
resp = mock.MagicMock(status=response_code)
resp = mock.MagicMock(status_code=response_code)
resp.content = 'content'
req.response = resp
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
sign.return_value = 'signed'
with mock.patch('httplib2.Http') as mock_http:
resp.__getitem__.return_value = "text/plain"
mock_http.return_value.request.return_value = (resp, 'content')
with mock.patch('requests.request') as mock_request:
resp.headers = {'content-type': 'text/plain'}
mock_request.return_value = resp
retval = self.handler._proxy_request('the_id', 'tenant_id',
req)
mock_http.assert_called_once_with(
ca_certs=None, disable_ssl_certificate_validation=True)
mock_http.assert_has_calls([
mock.call().add_certificate(
self.fake_conf.nova_client_priv_key,
self.fake_conf.nova_client_cert,
"%s:%s" % (self.fake_conf.nova_metadata_host,
self.fake_conf.nova_metadata_port)
),
mock.call().request(
'http://9.9.9.9:8775/the_path',
method=method,
headers={
'X-Forwarded-For': '8.8.8.8',
'X-Instance-ID-Signature': 'signed',
'X-Instance-ID': 'the_id',
'X-Tenant-ID': 'tenant_id'
},
body=body
)]
)
mock_request.assert_called_once_with(
method=method, url='http://9.9.9.9:8775/the_path',
headers={
'X-Forwarded-For': '8.8.8.8',
'X-Instance-ID-Signature': 'signed',
'X-Instance-ID': 'the_id',
'X-Tenant-ID': 'tenant_id'
},
data=body,
cert=(self.fake_conf.nova_client_cert,
self.fake_conf.nova_client_priv_key),
verify=False)
return retval

1
requirements.txt

@ -10,6 +10,7 @@ debtcollector>=1.2.0 # Apache-2.0
eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT
pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.1.1 # BSD
httplib2>=0.9.1 # MIT
requests>=2.14.2 # Apache-2.0
Jinja2>=2.10 # BSD License (3 clause)
keystonemiddleware>=4.17.0 # Apache-2.0
netaddr>=0.7.18 # BSD

Loading…
Cancel
Save