Allow keystone v3 in the designate driver
Using the loader from keystoneauth1, it is possible to easily use keystone v3 options in [designate]. For the end user, it means she/he must specify designate.auth_type, then she/he can specify an Keystone v3 endpoint in designate.auth_url. Change-Id: I8bb02f11e60767dacdf6ac852979cfa82de1e08b Closes-bug: #1585976 DocImpact
This commit is contained in:
parent
d41bed0ee6
commit
91d048dbde
@ -13,6 +13,7 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystoneauth1 import loading
|
||||
from oslo_config import cfg
|
||||
|
||||
from neutron._i18n import _
|
||||
@ -62,3 +63,4 @@ designate_opts = [
|
||||
|
||||
def register_designate_opts(cfg=cfg.CONF):
|
||||
cfg.register_opts(designate_opts, 'designate')
|
||||
loading.conf.register_conf_options(cfg, 'designate')
|
||||
|
@ -18,6 +18,7 @@ import netaddr
|
||||
from designateclient import exceptions as d_exc
|
||||
from designateclient.v2 import client as d_client
|
||||
from keystoneauth1.identity.generic import password
|
||||
from keystoneauth1 import loading
|
||||
from keystoneauth1 import session
|
||||
from keystoneauth1 import token_endpoint
|
||||
from neutron_lib import constants
|
||||
@ -50,6 +51,10 @@ def get_clients(context):
|
||||
|
||||
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
|
||||
client = d_client.Client(session=_SESSION, auth=auth)
|
||||
if CONF.designate.auth_type:
|
||||
admin_auth = loading.load_auth_from_conf_options(
|
||||
CONF, 'designate')
|
||||
else:
|
||||
admin_auth = password.Password(
|
||||
auth_url=CONF.designate.admin_auth_url,
|
||||
username=CONF.designate.admin_username,
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
import uuid
|
||||
|
||||
from keystoneauth1 import loading
|
||||
import mock
|
||||
import netaddr
|
||||
from neutron_lib import constants
|
||||
@ -527,7 +528,7 @@ class DNSIntegrationTestCaseDefaultDomain(DNSIntegrationTestCase):
|
||||
self._verify_port_dns(net, port, dns_data_db)
|
||||
|
||||
|
||||
class TestDesignateClient(testtools.TestCase):
|
||||
class TestDesignateClientKeystoneV2(testtools.TestCase):
|
||||
"""Test case for designate clients """
|
||||
|
||||
TEST_URL = 'http://127.0.0.1:9001/v2'
|
||||
@ -542,7 +543,7 @@ class TestDesignateClient(testtools.TestCase):
|
||||
TEST_CONTEXT.auth_token = uuid.uuid4().hex
|
||||
|
||||
def setUp(self):
|
||||
super(TestDesignateClient, self).setUp()
|
||||
super(TestDesignateClientKeystoneV2, self).setUp()
|
||||
config.cfg.CONF.set_override('url',
|
||||
self.TEST_URL,
|
||||
group='designate')
|
||||
@ -565,8 +566,12 @@ class TestDesignateClient(testtools.TestCase):
|
||||
# enforce session recalculation
|
||||
mock.patch.object(driver, '_SESSION', new=None).start()
|
||||
self.driver_session = (
|
||||
mock.patch.object(driver.session, 'Session').start()
|
||||
)
|
||||
mock.patch.object(driver.session, 'Session').start())
|
||||
self.load_auth = (
|
||||
mock.patch.object(driver.loading,
|
||||
'load_auth_from_conf_options').start())
|
||||
self.password = (
|
||||
mock.patch.object(driver.password, 'Password').start())
|
||||
|
||||
def test_insecure_client(self):
|
||||
config.cfg.CONF.set_override('insecure',
|
||||
@ -584,3 +589,96 @@ class TestDesignateClient(testtools.TestCase):
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
|
||||
|
||||
def test_auth_type_not_defined(self):
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.load_auth.assert_not_called()
|
||||
self.password.assert_called_with(
|
||||
auth_url=self.TEST_ADMIN_AUTH_URL,
|
||||
password=self.TEST_ADMIN_PASSWORD,
|
||||
tenant_id=self.TEST_ADMIN_TENANT_ID,
|
||||
tenant_name=self.TEST_ADMIN_TENANT_NAME,
|
||||
username=self.TEST_ADMIN_USERNAME)
|
||||
|
||||
|
||||
class TestDesignateClientKeystoneV3(testtools.TestCase):
|
||||
"""Test case for designate clients """
|
||||
|
||||
TEST_URL = 'http://127.0.0.1:9001/v2'
|
||||
TEST_ADMIN_USERNAME = uuid.uuid4().hex
|
||||
TEST_ADMIN_PASSWORD = uuid.uuid4().hex
|
||||
TEST_ADMIN_USER_DOMAIN_ID = 'Default'
|
||||
TEST_ADMIN_PROJECT_ID = uuid.uuid4().hex
|
||||
TEST_ADMIN_PROJECT_DOMAIN_ID = 'Default'
|
||||
TEST_ADMIN_AUTH_URL = 'http://127.0.0.1:35357/v3'
|
||||
TEST_CA_CERT = uuid.uuid4().hex
|
||||
|
||||
TEST_CONTEXT = mock.Mock()
|
||||
TEST_CONTEXT.auth_token = uuid.uuid4().hex
|
||||
|
||||
def setUp(self):
|
||||
super(TestDesignateClientKeystoneV3, self).setUp()
|
||||
# Register the Password auth plugin options,
|
||||
# so we can use CONF.set_override
|
||||
config.cfg.CONF.register_opts(
|
||||
loading.get_auth_plugin_conf_options('password'),
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('url',
|
||||
self.TEST_URL,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('auth_type',
|
||||
'password',
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('username',
|
||||
self.TEST_ADMIN_USERNAME,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('password',
|
||||
self.TEST_ADMIN_PASSWORD,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('user_domain_id',
|
||||
self.TEST_ADMIN_USER_DOMAIN_ID,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('project_domain_id',
|
||||
self.TEST_ADMIN_PROJECT_DOMAIN_ID,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('auth_url',
|
||||
self.TEST_ADMIN_AUTH_URL,
|
||||
group='designate')
|
||||
|
||||
# enforce session recalculation
|
||||
mock.patch.object(driver, '_SESSION', new=None).start()
|
||||
self.driver_session = (
|
||||
mock.patch.object(driver.session, 'Session').start())
|
||||
self.load_auth = (
|
||||
mock.patch.object(driver.loading,
|
||||
'load_auth_from_conf_options').start())
|
||||
self.password = (
|
||||
mock.patch.object(driver.password, 'Password').start())
|
||||
|
||||
def tearDown(self):
|
||||
super(TestDesignateClientKeystoneV3, self).tearDown()
|
||||
config.cfg.CONF.unregister_opts(
|
||||
loading.get_auth_plugin_conf_options('password'),
|
||||
group='designate')
|
||||
|
||||
def test_insecure_client(self):
|
||||
config.cfg.CONF.set_override('insecure',
|
||||
True,
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=False)
|
||||
|
||||
def test_secure_client(self):
|
||||
config.cfg.CONF.set_override('insecure',
|
||||
False,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('ca_cert',
|
||||
self.TEST_CA_CERT,
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
|
||||
|
||||
def test_auth_type_password(self):
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.load_auth.assert_called_with(config.cfg.CONF, 'designate')
|
||||
self.password.assert_not_called()
|
||||
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
prelude: >
|
||||
Designate driver can use Keystone v3 auth options.
|
||||
features:
|
||||
- "[designate] section accepts now auth_type parameter,
|
||||
and the usual keystoneauth options (e.g. auth_url,
|
||||
username, user_domain_name, password, project_name,
|
||||
project_domain_name), so Keystone v3 endpoints can
|
||||
be used."
|
Loading…
Reference in New Issue
Block a user