openstack
/
neutron
Code Issues Proposed changes

Use HTTP BASIC AUTH exclusively (no longer use JSESSIONID) 

It also fixes an issue about the former auth implementation when ODL
restarts. It implies the use of OpenDaylight Helium SR2.

Closes-Bug: 1376169
Closes-Bug: 1419499

Conflicts:
	networking_odl/common/client.py

Change-Id: I97c610578fe489b25697394fa33f5410f0bfbe1b
Signed-off-by: Ed Warnicke <eaw@cisco.com>
(cherry picked from commit f25f85eaeca1deeada6c7fd70abf83b31046c89e)
This commit is contained in:
Ed Warnicke 2015-02-09 10:44:14 -07:00 committed by Cédric Ollivier
parent da0641eedb
commit 792aa823a4
2 changed files with 4 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
neutron/plugins/ml2/drivers/mechanism_odl.py
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
import time
from oslo.config import cfg
import requests
@ -63,58 +61,6 @@ class OpendaylightAuthError(n_exc.NeutronException):
message = '%(msg)s'
class JsessionId(requests.auth.AuthBase):
"""Attaches the JSESSIONID and JSESSIONIDSSO cookies to an HTTP Request.
If the cookies are not available or when the session expires, a new
set of cookies are obtained.
"""
def __init__(self, url, username, password):
"""Initialization function for JsessionId."""
# NOTE(kmestery) The 'limit' paramater is intended to limit how much
# data is returned from ODL. This is not implemented in the Hydrogen
# release of OpenDaylight, but will be implemented in the Helium
# timeframe. Hydrogen will silently ignore this value.
self.url = str(url) + '/' + ODL_NETWORKS + '?limit=1'
self.username = username
self.password = password
self.auth_cookies = None
self.last_request = None
self.expired = None
self.session_timeout = cfg.CONF.ml2_odl.session_timeout * 60
self.session_deadline = 0
def obtain_auth_cookies(self):
"""Make a REST call to obtain cookies for ODL authenticiation."""
try:
r = requests.get(self.url, auth=(self.username, self.password))
r.raise_for_status()
except requests.exceptions.HTTPError as e:
raise OpendaylightAuthError(msg="Failed to authenticate with "
"OpenDaylight: %s" % e)
except requests.exceptions.Timeout as e:
raise OpendaylightAuthError(msg="Authentication Timed Out: %s" % e)
jsessionid = r.cookies.get('JSESSIONID')
jsessionidsso = r.cookies.get('JSESSIONIDSSO')
if jsessionid and jsessionidsso:
self.auth_cookies = dict(JSESSIONID=jsessionid,
JSESSIONIDSSO=jsessionidsso)
def __call__(self, r):
"""Verify timestamp for Tomcat session timeout."""
if time.time() > self.session_deadline:
self.obtain_auth_cookies()
self.session_deadline = time.time() + self.session_timeout
r.prepare_cookies(self.auth_cookies)
return r
class OpenDaylightMechanismDriver(api.MechanismDriver):
"""Mechanism Driver for OpenDaylight.
@ -135,7 +81,7 @@ class OpenDaylightMechanismDriver(api.MechanismDriver):
for opt in required_opts:
if not getattr(self, opt):
raise cfg.RequiredOptError(opt, 'ml2_odl')
self.auth = JsessionId(self.url, self.username, self.password)
self.auth = (self.username, self.password)
self.vif_type = portbindings.VIF_TYPE_OVS
self.vif_details = {portbindings.CAP_PORT_FILTER: True}

11
neutron/tests/unit/ml2/test_mechanism_odl.py
View File

@ -121,13 +121,6 @@ class OpenDaylightMechanismTestPortsV2(test_plugin.TestPortsV2,
pass
class AuthMatcher(object):
def __eq__(self, obj):
return (obj.username == config.cfg.CONF.ml2_odl.username and
obj.password == config.cfg.CONF.ml2_odl.password)
class DataMatcher(object):
def __init__(self, operation, object_type, context):
@ -251,7 +244,9 @@ class OpenDaylightMechanismDriverTestCase(base.BaseTestCase):
else:
method(context)
mock_method.assert_called_once_with(
headers={'Content-Type': 'application/json'}, auth=AuthMatcher(),
headers={'Content-Type': 'application/json'},
auth=(config.cfg.CONF.ml2_odl.username,
config.cfg.CONF.ml2_odl.password),
timeout=config.cfg.CONF.ml2_odl.timeout, *args, **kwargs)
def _test_create_resource_postcommit(self, object_type, status_code,