diff --git a/nova/service_auth.py b/nova/service_auth.py index b9191f303305..f5ae0646d8ad 100644 --- a/nova/service_auth.py +++ b/nova/service_auth.py @@ -13,15 +13,23 @@ from keystoneauth1 import loading as ks_loading from keystoneauth1 import service_token +from oslo_log import log as logging import nova.conf CONF = nova.conf.CONF +LOG = logging.getLogger(__name__) _SERVICE_AUTH = None +def reset_globals(): + """For async unit test consistency.""" + global _SERVICE_AUTH + _SERVICE_AUTH = None + + def get_auth_plugin(context): user_auth = context.get_auth_plugin() @@ -32,6 +40,12 @@ def get_auth_plugin(context): CONF, group= nova.conf.service_token.SERVICE_USER_GROUP) + if _SERVICE_AUTH is None: + # This indicates a misconfiguration so log a warning and + # return the user_auth. + LOG.warning('Unable to load auth from [service_user] ' + 'configuration. Ensure "auth_type" is set.') + return user_auth return service_token.ServiceTokenAuthWrapper( user_auth=user_auth, service_auth=_SERVICE_AUTH) diff --git a/nova/tests/unit/network/test_neutronv2.py b/nova/tests/unit/network/test_neutronv2.py index ff92bd887a8b..2980078512c5 100644 --- a/nova/tests/unit/network/test_neutronv2.py +++ b/nova/tests/unit/network/test_neutronv2.py @@ -47,6 +47,7 @@ from nova.pci import manager as pci_manager from nova.pci import utils as pci_utils from nova.pci import whitelist as pci_whitelist from nova import policy +from nova import service_auth from nova import test from nova.tests.unit import fake_instance from nova.tests import uuidsentinel as uuids @@ -121,6 +122,7 @@ class TestNeutronClient(test.NoDBTestCase): def setUp(self): super(TestNeutronClient, self).setUp() neutronapi.reset_state() + self.addCleanup(service_auth.reset_globals) def test_withtoken(self): self.flags(url='http://anyhost/', group='neutron') @@ -141,7 +143,8 @@ class TestNeutronClient(test.NoDBTestCase): neutronapi.get_client, my_context) - def test_non_admin_with_service_token(self): + @mock.patch.object(ks_loading, 'load_auth_from_conf_options') + def test_non_admin_with_service_token(self, mock_load): self.flags(send_service_user_token=True, group='service_user') my_context = context.RequestContext('userid', diff --git a/nova/tests/unit/test_service_auth.py b/nova/tests/unit/test_service_auth.py index 481daf5a3243..863143ad0e8c 100644 --- a/nova/tests/unit/test_service_auth.py +++ b/nova/tests/unit/test_service_auth.py @@ -28,6 +28,7 @@ class ServiceAuthTestCase(test.NoDBTestCase): def setUp(self): super(ServiceAuthTestCase, self).setUp() self.ctx = context.RequestContext('fake', 'fake') + self.addCleanup(service_auth.reset_globals) @mock.patch.object(ks_loading, 'load_auth_from_conf_options') def test_get_auth_plugin_no_wraps(self, mock_load): @@ -39,9 +40,22 @@ class ServiceAuthTestCase(test.NoDBTestCase): self.assertEqual("fake", result) mock_load.assert_not_called() - def test_get_auth_plugin_wraps(self): + @mock.patch.object(ks_loading, 'load_auth_from_conf_options') + def test_get_auth_plugin_wraps(self, mock_load): self.flags(send_service_user_token=True, group='service_user') result = service_auth.get_auth_plugin(self.ctx) self.assertIsInstance(result, service_token.ServiceTokenAuthWrapper) + + @mock.patch.object(ks_loading, 'load_auth_from_conf_options', + return_value=None) + def test_get_auth_plugin_wraps_bad_config(self, mock_load): + """Tests the case that send_service_user_token is True but there + is some misconfiguration with the [service_user] section which makes + KSA return None for the service user auth. + """ + self.flags(send_service_user_token=True, group='service_user') + result = service_auth.get_auth_plugin(self.ctx) + self.assertEqual(1, mock_load.call_count) + self.assertNotIsInstance(result, service_token.ServiceTokenAuthWrapper)