Use the session loader in keystoneauth1 for designate
Using the session loader has the benefit of compatibility with settings in other sections (like keystone_authtoken), and the ability to use client certs and setting the timeout. This changes the designate.ca_cert setting to designate.cafile, but the former is added as a deprecated option, so existing config files will work. DocImpact ca_cert in [designate] is deprecated, use cafile instead. Change-Id: I9f2173b02af5c3929a96ef8c773d587e9b673d62
This commit is contained in:
parent
0092198b23
commit
b38f1cb1f7
|
@ -37,11 +37,6 @@ designate_opts = [
|
|||
cfg.StrOpt('admin_auth_url',
|
||||
help=_('Authorization URL for connecting to designate in admin '
|
||||
'context')),
|
||||
cfg.BoolOpt('insecure', default=False,
|
||||
help=_('Skip cert validation for SSL based admin_auth_url')),
|
||||
cfg.StrOpt('ca_cert',
|
||||
help=_('CA certificate file to use to verify '
|
||||
'connecting clients')),
|
||||
cfg.BoolOpt('allow_reverse_dns_lookup', default=True,
|
||||
help=_('Allow the creation of PTR records')),
|
||||
cfg.IntOpt('ipv4_ptr_zone_prefix_size', default=24,
|
||||
|
@ -61,6 +56,9 @@ designate_opts = [
|
|||
]
|
||||
|
||||
|
||||
def register_designate_opts(cfg=cfg.CONF):
|
||||
cfg.register_opts(designate_opts, 'designate')
|
||||
loading.conf.register_conf_options(cfg, 'designate')
|
||||
def register_designate_opts(CONF=cfg.CONF):
|
||||
CONF.register_opts(designate_opts, 'designate')
|
||||
loading.register_auth_conf_options(CONF, 'designate')
|
||||
loading.register_session_conf_options(conf=CONF,
|
||||
group='designate',
|
||||
deprecated_opts={'cafile': [cfg.DeprecatedOpt('ca_cert')]})
|
||||
|
|
|
@ -19,7 +19,6 @@ from designateclient import exceptions as d_exc
|
|||
from designateclient.v2 import client as d_client
|
||||
from keystoneauth1.identity.generic import password
|
||||
from keystoneauth1 import loading
|
||||
from keystoneauth1 import session
|
||||
from keystoneauth1 import token_endpoint
|
||||
from neutron_lib import constants
|
||||
from oslo_config import cfg
|
||||
|
@ -43,11 +42,8 @@ def get_clients(context):
|
|||
global _SESSION
|
||||
|
||||
if not _SESSION:
|
||||
if CONF.designate.insecure:
|
||||
verify = False
|
||||
else:
|
||||
verify = CONF.designate.ca_cert or True
|
||||
_SESSION = session.Session(verify=verify)
|
||||
_SESSION = loading.load_session_from_conf_options(
|
||||
CONF, 'designate')
|
||||
|
||||
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
|
||||
client = d_client.Client(session=_SESSION, auth=auth)
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
import uuid
|
||||
|
||||
from keystoneauth1 import loading
|
||||
from keystoneauth1 import session
|
||||
import mock
|
||||
import netaddr
|
||||
from neutron_lib import constants
|
||||
|
@ -566,7 +567,7 @@ class TestDesignateClientKeystoneV2(testtools.TestCase):
|
|||
# enforce session recalculation
|
||||
mock.patch.object(driver, '_SESSION', new=None).start()
|
||||
self.driver_session = (
|
||||
mock.patch.object(driver.session, 'Session').start())
|
||||
mock.patch.object(session, 'Session').start())
|
||||
self.load_auth = (
|
||||
mock.patch.object(driver.loading,
|
||||
'load_auth_from_conf_options').start())
|
||||
|
@ -578,17 +579,21 @@ class TestDesignateClientKeystoneV2(testtools.TestCase):
|
|||
True,
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=False)
|
||||
self.driver_session.assert_called_with(cert=None,
|
||||
timeout=None,
|
||||
verify=False)
|
||||
|
||||
def test_secure_client(self):
|
||||
config.cfg.CONF.set_override('insecure',
|
||||
False,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('ca_cert',
|
||||
config.cfg.CONF.set_override('cafile',
|
||||
self.TEST_CA_CERT,
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
|
||||
self.driver_session.assert_called_with(cert=None,
|
||||
timeout=None,
|
||||
verify=self.TEST_CA_CERT)
|
||||
|
||||
def test_auth_type_not_defined(self):
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
|
@ -648,7 +653,7 @@ class TestDesignateClientKeystoneV3(testtools.TestCase):
|
|||
# enforce session recalculation
|
||||
mock.patch.object(driver, '_SESSION', new=None).start()
|
||||
self.driver_session = (
|
||||
mock.patch.object(driver.session, 'Session').start())
|
||||
mock.patch.object(session, 'Session').start())
|
||||
self.load_auth = (
|
||||
mock.patch.object(driver.loading,
|
||||
'load_auth_from_conf_options').start())
|
||||
|
@ -666,17 +671,21 @@ class TestDesignateClientKeystoneV3(testtools.TestCase):
|
|||
True,
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=False)
|
||||
self.driver_session.assert_called_with(cert=None,
|
||||
timeout=None,
|
||||
verify=False)
|
||||
|
||||
def test_secure_client(self):
|
||||
config.cfg.CONF.set_override('insecure',
|
||||
False,
|
||||
group='designate')
|
||||
config.cfg.CONF.set_override('ca_cert',
|
||||
config.cfg.CONF.set_override('cafile',
|
||||
self.TEST_CA_CERT,
|
||||
group='designate')
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
|
||||
self.driver_session.assert_called_with(cert=None,
|
||||
timeout=None,
|
||||
verify=self.TEST_CA_CERT)
|
||||
|
||||
def test_auth_type_password(self):
|
||||
driver.get_clients(self.TEST_CONTEXT)
|
||||
|
|
Loading…
Reference in New Issue