Use the session loader in keystoneauth1 for designate

Using the session loader has the benefit of compatibility with
settings in other sections (like keystone_authtoken), and the
ability to use client certs and setting the timeout. This changes
the designate.ca_cert setting to designate.cafile, but the former
is added as a deprecated option, so existing config files will work.

DocImpact
ca_cert in [designate] is deprecated, use cafile instead.

Change-Id: I9f2173b02af5c3929a96ef8c773d587e9b673d62
changes/48/416048/3
Gyorgy Szombathelyi 6 years ago
parent 0092198b23
commit b38f1cb1f7
  1. 14
      neutron/conf/services/extdns_designate_driver.py
  2. 8
      neutron/services/externaldns/drivers/designate/driver.py
  3. 25
      neutron/tests/unit/plugins/ml2/extensions/test_dns_integration.py

@ -37,11 +37,6 @@ designate_opts = [
cfg.StrOpt('admin_auth_url',
help=_('Authorization URL for connecting to designate in admin '
'context')),
cfg.BoolOpt('insecure', default=False,
help=_('Skip cert validation for SSL based admin_auth_url')),
cfg.StrOpt('ca_cert',
help=_('CA certificate file to use to verify '
'connecting clients')),
cfg.BoolOpt('allow_reverse_dns_lookup', default=True,
help=_('Allow the creation of PTR records')),
cfg.IntOpt('ipv4_ptr_zone_prefix_size', default=24,
@ -61,6 +56,9 @@ designate_opts = [
]
def register_designate_opts(cfg=cfg.CONF):
cfg.register_opts(designate_opts, 'designate')
loading.conf.register_conf_options(cfg, 'designate')
def register_designate_opts(CONF=cfg.CONF):
CONF.register_opts(designate_opts, 'designate')
loading.register_auth_conf_options(CONF, 'designate')
loading.register_session_conf_options(conf=CONF,
group='designate',
deprecated_opts={'cafile': [cfg.DeprecatedOpt('ca_cert')]})

@ -19,7 +19,6 @@ from designateclient import exceptions as d_exc
from designateclient.v2 import client as d_client
from keystoneauth1.identity.generic import password
from keystoneauth1 import loading
from keystoneauth1 import session
from keystoneauth1 import token_endpoint
from neutron_lib import constants
from oslo_config import cfg
@ -43,11 +42,8 @@ def get_clients(context):
global _SESSION
if not _SESSION:
if CONF.designate.insecure:
verify = False
else:
verify = CONF.designate.ca_cert or True
_SESSION = session.Session(verify=verify)
_SESSION = loading.load_session_from_conf_options(
CONF, 'designate')
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
client = d_client.Client(session=_SESSION, auth=auth)

@ -16,6 +16,7 @@
import uuid
from keystoneauth1 import loading
from keystoneauth1 import session
import mock
import netaddr
from neutron_lib import constants
@ -566,7 +567,7 @@ class TestDesignateClientKeystoneV2(testtools.TestCase):
# enforce session recalculation
mock.patch.object(driver, '_SESSION', new=None).start()
self.driver_session = (
mock.patch.object(driver.session, 'Session').start())
mock.patch.object(session, 'Session').start())
self.load_auth = (
mock.patch.object(driver.loading,
'load_auth_from_conf_options').start())
@ -578,17 +579,21 @@ class TestDesignateClientKeystoneV2(testtools.TestCase):
True,
group='designate')
driver.get_clients(self.TEST_CONTEXT)
self.driver_session.assert_called_with(verify=False)
self.driver_session.assert_called_with(cert=None,
timeout=None,
verify=False)
def test_secure_client(self):
config.cfg.CONF.set_override('insecure',
False,
group='designate')
config.cfg.CONF.set_override('ca_cert',
config.cfg.CONF.set_override('cafile',
self.TEST_CA_CERT,
group='designate')
driver.get_clients(self.TEST_CONTEXT)
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
self.driver_session.assert_called_with(cert=None,
timeout=None,
verify=self.TEST_CA_CERT)
def test_auth_type_not_defined(self):
driver.get_clients(self.TEST_CONTEXT)
@ -648,7 +653,7 @@ class TestDesignateClientKeystoneV3(testtools.TestCase):
# enforce session recalculation
mock.patch.object(driver, '_SESSION', new=None).start()
self.driver_session = (
mock.patch.object(driver.session, 'Session').start())
mock.patch.object(session, 'Session').start())
self.load_auth = (
mock.patch.object(driver.loading,
'load_auth_from_conf_options').start())
@ -666,17 +671,21 @@ class TestDesignateClientKeystoneV3(testtools.TestCase):
True,
group='designate')
driver.get_clients(self.TEST_CONTEXT)
self.driver_session.assert_called_with(verify=False)
self.driver_session.assert_called_with(cert=None,
timeout=None,
verify=False)
def test_secure_client(self):
config.cfg.CONF.set_override('insecure',
False,
group='designate')
config.cfg.CONF.set_override('ca_cert',
config.cfg.CONF.set_override('cafile',
self.TEST_CA_CERT,
group='designate')
driver.get_clients(self.TEST_CONTEXT)
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
self.driver_session.assert_called_with(cert=None,
timeout=None,
verify=self.TEST_CA_CERT)
def test_auth_type_password(self):
driver.get_clients(self.TEST_CONTEXT)

Loading…
Cancel
Save