Use the session loader in keystoneauth1 for designate
Using the session loader has the benefit of compatibility with settings in other sections (like keystone_authtoken), and the ability to use client certs and setting the timeout. This changes the designate.ca_cert setting to designate.cafile, but the former is added as a deprecated option, so existing config files will work. DocImpact ca_cert in [designate] is deprecated, use cafile instead. Change-Id: I9f2173b02af5c3929a96ef8c773d587e9b673d62
This commit is contained in:
parent
0092198b23
commit
b38f1cb1f7
|
@ -37,11 +37,6 @@ designate_opts = [
|
||||||
cfg.StrOpt('admin_auth_url',
|
cfg.StrOpt('admin_auth_url',
|
||||||
help=_('Authorization URL for connecting to designate in admin '
|
help=_('Authorization URL for connecting to designate in admin '
|
||||||
'context')),
|
'context')),
|
||||||
cfg.BoolOpt('insecure', default=False,
|
|
||||||
help=_('Skip cert validation for SSL based admin_auth_url')),
|
|
||||||
cfg.StrOpt('ca_cert',
|
|
||||||
help=_('CA certificate file to use to verify '
|
|
||||||
'connecting clients')),
|
|
||||||
cfg.BoolOpt('allow_reverse_dns_lookup', default=True,
|
cfg.BoolOpt('allow_reverse_dns_lookup', default=True,
|
||||||
help=_('Allow the creation of PTR records')),
|
help=_('Allow the creation of PTR records')),
|
||||||
cfg.IntOpt('ipv4_ptr_zone_prefix_size', default=24,
|
cfg.IntOpt('ipv4_ptr_zone_prefix_size', default=24,
|
||||||
|
@ -61,6 +56,9 @@ designate_opts = [
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
def register_designate_opts(cfg=cfg.CONF):
|
def register_designate_opts(CONF=cfg.CONF):
|
||||||
cfg.register_opts(designate_opts, 'designate')
|
CONF.register_opts(designate_opts, 'designate')
|
||||||
loading.conf.register_conf_options(cfg, 'designate')
|
loading.register_auth_conf_options(CONF, 'designate')
|
||||||
|
loading.register_session_conf_options(conf=CONF,
|
||||||
|
group='designate',
|
||||||
|
deprecated_opts={'cafile': [cfg.DeprecatedOpt('ca_cert')]})
|
||||||
|
|
|
@ -19,7 +19,6 @@ from designateclient import exceptions as d_exc
|
||||||
from designateclient.v2 import client as d_client
|
from designateclient.v2 import client as d_client
|
||||||
from keystoneauth1.identity.generic import password
|
from keystoneauth1.identity.generic import password
|
||||||
from keystoneauth1 import loading
|
from keystoneauth1 import loading
|
||||||
from keystoneauth1 import session
|
|
||||||
from keystoneauth1 import token_endpoint
|
from keystoneauth1 import token_endpoint
|
||||||
from neutron_lib import constants
|
from neutron_lib import constants
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
@ -43,11 +42,8 @@ def get_clients(context):
|
||||||
global _SESSION
|
global _SESSION
|
||||||
|
|
||||||
if not _SESSION:
|
if not _SESSION:
|
||||||
if CONF.designate.insecure:
|
_SESSION = loading.load_session_from_conf_options(
|
||||||
verify = False
|
CONF, 'designate')
|
||||||
else:
|
|
||||||
verify = CONF.designate.ca_cert or True
|
|
||||||
_SESSION = session.Session(verify=verify)
|
|
||||||
|
|
||||||
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
|
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
|
||||||
client = d_client.Client(session=_SESSION, auth=auth)
|
client = d_client.Client(session=_SESSION, auth=auth)
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from keystoneauth1 import loading
|
from keystoneauth1 import loading
|
||||||
|
from keystoneauth1 import session
|
||||||
import mock
|
import mock
|
||||||
import netaddr
|
import netaddr
|
||||||
from neutron_lib import constants
|
from neutron_lib import constants
|
||||||
|
@ -566,7 +567,7 @@ class TestDesignateClientKeystoneV2(testtools.TestCase):
|
||||||
# enforce session recalculation
|
# enforce session recalculation
|
||||||
mock.patch.object(driver, '_SESSION', new=None).start()
|
mock.patch.object(driver, '_SESSION', new=None).start()
|
||||||
self.driver_session = (
|
self.driver_session = (
|
||||||
mock.patch.object(driver.session, 'Session').start())
|
mock.patch.object(session, 'Session').start())
|
||||||
self.load_auth = (
|
self.load_auth = (
|
||||||
mock.patch.object(driver.loading,
|
mock.patch.object(driver.loading,
|
||||||
'load_auth_from_conf_options').start())
|
'load_auth_from_conf_options').start())
|
||||||
|
@ -578,17 +579,21 @@ class TestDesignateClientKeystoneV2(testtools.TestCase):
|
||||||
True,
|
True,
|
||||||
group='designate')
|
group='designate')
|
||||||
driver.get_clients(self.TEST_CONTEXT)
|
driver.get_clients(self.TEST_CONTEXT)
|
||||||
self.driver_session.assert_called_with(verify=False)
|
self.driver_session.assert_called_with(cert=None,
|
||||||
|
timeout=None,
|
||||||
|
verify=False)
|
||||||
|
|
||||||
def test_secure_client(self):
|
def test_secure_client(self):
|
||||||
config.cfg.CONF.set_override('insecure',
|
config.cfg.CONF.set_override('insecure',
|
||||||
False,
|
False,
|
||||||
group='designate')
|
group='designate')
|
||||||
config.cfg.CONF.set_override('ca_cert',
|
config.cfg.CONF.set_override('cafile',
|
||||||
self.TEST_CA_CERT,
|
self.TEST_CA_CERT,
|
||||||
group='designate')
|
group='designate')
|
||||||
driver.get_clients(self.TEST_CONTEXT)
|
driver.get_clients(self.TEST_CONTEXT)
|
||||||
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
|
self.driver_session.assert_called_with(cert=None,
|
||||||
|
timeout=None,
|
||||||
|
verify=self.TEST_CA_CERT)
|
||||||
|
|
||||||
def test_auth_type_not_defined(self):
|
def test_auth_type_not_defined(self):
|
||||||
driver.get_clients(self.TEST_CONTEXT)
|
driver.get_clients(self.TEST_CONTEXT)
|
||||||
|
@ -648,7 +653,7 @@ class TestDesignateClientKeystoneV3(testtools.TestCase):
|
||||||
# enforce session recalculation
|
# enforce session recalculation
|
||||||
mock.patch.object(driver, '_SESSION', new=None).start()
|
mock.patch.object(driver, '_SESSION', new=None).start()
|
||||||
self.driver_session = (
|
self.driver_session = (
|
||||||
mock.patch.object(driver.session, 'Session').start())
|
mock.patch.object(session, 'Session').start())
|
||||||
self.load_auth = (
|
self.load_auth = (
|
||||||
mock.patch.object(driver.loading,
|
mock.patch.object(driver.loading,
|
||||||
'load_auth_from_conf_options').start())
|
'load_auth_from_conf_options').start())
|
||||||
|
@ -666,17 +671,21 @@ class TestDesignateClientKeystoneV3(testtools.TestCase):
|
||||||
True,
|
True,
|
||||||
group='designate')
|
group='designate')
|
||||||
driver.get_clients(self.TEST_CONTEXT)
|
driver.get_clients(self.TEST_CONTEXT)
|
||||||
self.driver_session.assert_called_with(verify=False)
|
self.driver_session.assert_called_with(cert=None,
|
||||||
|
timeout=None,
|
||||||
|
verify=False)
|
||||||
|
|
||||||
def test_secure_client(self):
|
def test_secure_client(self):
|
||||||
config.cfg.CONF.set_override('insecure',
|
config.cfg.CONF.set_override('insecure',
|
||||||
False,
|
False,
|
||||||
group='designate')
|
group='designate')
|
||||||
config.cfg.CONF.set_override('ca_cert',
|
config.cfg.CONF.set_override('cafile',
|
||||||
self.TEST_CA_CERT,
|
self.TEST_CA_CERT,
|
||||||
group='designate')
|
group='designate')
|
||||||
driver.get_clients(self.TEST_CONTEXT)
|
driver.get_clients(self.TEST_CONTEXT)
|
||||||
self.driver_session.assert_called_with(verify=self.TEST_CA_CERT)
|
self.driver_session.assert_called_with(cert=None,
|
||||||
|
timeout=None,
|
||||||
|
verify=self.TEST_CA_CERT)
|
||||||
|
|
||||||
def test_auth_type_password(self):
|
def test_auth_type_password(self):
|
||||||
driver.get_clients(self.TEST_CONTEXT)
|
driver.get_clients(self.TEST_CONTEXT)
|
||||||
|
|
Loading…
Reference in New Issue