Backend Keystone authentication

Change methods used in backend to authenticate with keystone.
Use autodetection mechanizm for API version and refactor config
options specified in Octavia.

Change-Id: Id0deee2714040d271f43a537c27f410e2f4e3ef2
Closes-Bug: #1620668
Closes-Bug: #1618691
changes/55/364655/18
Lubosz "diltram" Kosnik 6 years ago
parent 7476aea667
commit 076e016bb2
  1. 55
      devstack/plugin.sh
  2. 11
      devstack/settings
  3. 48
      etc/octavia.conf
  4. 5
      octavia/certificates/common/auth/barbican_acl.py
  5. 12
      octavia/common/clients.py
  6. 54
      octavia/common/config.py
  7. 3
      octavia/common/constants.py
  8. 63
      octavia/common/keystone.py
  9. 3
      octavia/compute/drivers/nova_driver.py
  10. 1
      octavia/network/drivers/neutron/base.py
  11. 30
      octavia/opts.py
  12. 5
      octavia/tests/unit/certificates/common/auth/test_barbican_acl.py
  13. 13
      octavia/tests/unit/common/test_clients.py
  14. 1
      octavia/tests/unit/compute/drivers/test_nova_driver.py
  15. 1
      octavia/tests/unit/controller/worker/flows/test_amphora_flows.py
  16. 2
      octavia/tests/unit/controller/worker/tasks/test_compute_tasks.py
  17. 2
      octavia/tests/unit/network/drivers/neutron/test_allowed_address_pairs.py
  18. 2
      octavia/tests/unit/network/drivers/neutron/test_base.py
  19. 11
      releasenotes/notes/change-keystone-backend-config-d246b1e34015c86c.yaml

@ -42,22 +42,24 @@ function build_octavia_worker_image {
}
function create_octavia_accounts {
create_service_user "neutron"
create_service_user "octavia"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
local neutron_service=$(get_or_create_service "octavia" \
"octavia" "Octavia Service")
get_or_create_endpoint $neutron_service \
"$REGION_NAME" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/"
fi
local octavia_service=$(get_or_create_service "octavia" \
"octavia" "Octavia Service")
get_or_create_endpoint $octavia_service \
"$REGION_NAME" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/"
fi
}
function octavia_configure {
create_octavia_cache_dir
sudo mkdir -m 755 -p $OCTAVIA_CONF_DIR
safe_chown $STACK_USER $OCTAVIA_CONF_DIR
@ -67,16 +69,20 @@ function octavia_configure {
iniset $OCTAVIA_CONF database connection "mysql+pymysql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:3306/octavia"
if [ "$OCTAVIA_AUTH_VERSION" == "2" ] ; then
AUTH_URI=${KEYSTONE_AUTH_URI%/v3}/v2.0
else
AUTH_URI=${KEYSTONE_AUTH_URI}
fi
iniset $OCTAVIA_CONF keystone_authtoken auth_uri ${AUTH_URI}
iniset $OCTAVIA_CONF keystone_authtoken admin_user ${OCTAVIA_ADMIN_USER}
iniset $OCTAVIA_CONF keystone_authtoken admin_tenant_name ${OCTAVIA_ADMIN_TENANT_NAME}
iniset $OCTAVIA_CONF keystone_authtoken admin_password ${OCTAVIA_ADMIN_PASSWORD}
iniset $OCTAVIA_CONF keystone_authtoken auth_version ${OCTAVIA_AUTH_VERSION}
# Configure keystone auth_token for all users
configure_auth_token_middleware $OCTAVIA_CONF octavia $OCTAVIA_AUTH_CACHE_DIR
# Ensure config is set up properly for authentication as admin
iniset $OCTAVIA_CONF service_auth auth_url $KEYSTONE_AUTH_URI
iniset $OCTAVIA_CONF service_auth auth_type password
iniset $OCTAVIA_CONF service_auth username $OCTAVIA_USERNAME
iniset $OCTAVIA_CONF service_auth password $OCTAVIA_PASSWORD
iniset $OCTAVIA_CONF service_auth user_domain_name $OCTAVIA_USER_DOMAIN_NAME
iniset $OCTAVIA_CONF service_auth project_name $OCTAVIA_PROJECT_NAME
iniset $OCTAVIA_CONF service_auth project_domain_name $OCTAVIA_PROJECT_DOMAIN_NAME
iniset $OCTAVIA_CONF service_auth cafile $SSL_BUNDLE_FILE
iniset $OCTAVIA_CONF service_auth signing_dir $signing_dir
iniset $OCTAVIA_CONF service_auth memcached_servers $SERVICE_HOST:11211
# Setting other required default options
iniset $OCTAVIA_CONF controller_worker amphora_driver ${OCTAVIA_AMPHORA_DRIVER}
@ -373,6 +379,15 @@ function octavia_cleanup {
openstack keypair delete ${OCTAVIA_AMP_SSH_KEY_NAME}
fi
fi
sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR
}
# create_octavia_cache_dir() - Part of the configure_octavia() process
function create_octavia_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $OCTAVIA_AUTH_CACHE_DIR
rm -f $OCTAVIA_AUTH_CACHE_DIR/*
}
# check for service enabled

@ -10,6 +10,7 @@ TRIPLEO_IMAGE_ELEMENTS_BRANCH=${TRIPLEO_IMAGE_ELEMENTS_BRANCH:-master}
TRIPLEO_IMAGE_ELEMENTS_DIR=$DEST/tripleo-image-elements
OCTAVIA_BIN_DIR=${OCTAVIA_BIN_DIR:-$(get_python_exec_prefix)}
OCTAVIA_CONF_DIR=${OCTAVIA_CONF_DIR:-"/etc/octavia"}
OCTAVIA_AUTH_CACHE_DIR=${OCTAVIA_AUTH_CACHE_DIR:-"/var/cache/octavia"}
OCTAVIA_SSH_DIR=${OCTAVIA_SSH_DIR:-${OCTAVIA_CONF_DIR}/.ssh}
OCTAVIA_CERTS_DIR=${OCTAVIA_CERTS_DIR:-${OCTAVIA_CONF_DIR}/certs}
OCTAVIA_DHCLIENT_DIR=${OCTAVIA_DHCLIENT_DIR:-${OCTAVIA_CONF_DIR}/dhcp}
@ -21,13 +22,11 @@ OCTAVIA_AMPHORA_DRIVER=${OCTAVIA_AMPHORA_DRIVER:-"amphora_haproxy_rest_driver"}
OCTAVIA_NETWORK_DRIVER=${OCTAVIA_NETWORK_DRIVER:-"allowed_address_pairs_driver"}
OCTAVIA_COMPUTE_DRIVER=${OCTAVIA_COMPUTE_DRIVER:-"compute_nova_driver"}
OCTAVIA_ADMIN_USER=${OCTAVIA_ADMIN_USER:-"admin"}
OCTAVIA_USER=${OCTAVIA_USER:-${OCTAVIA_ADMIN_USER}}
OCTAVIA_USERNAME=${OCTAVIA_ADMIN_USER:-"admin"}
OCTAVIA_PASSWORD=${OCTAVIA_PASSWORD:-${ADMIN_PASSWORD}}
OCTAVIA_TENANT_ID=${OCTAVIA_TENANT_ID:-${ADMIN_TENANT_ID}}
OCTAVIA_AUTH_VERSION=${OCTAVIA_AUTH_VERSION:-"2"}
OCTAVIA_ADMIN_TENANT_NAME=${OCTAVIA_ADMIN_TENANT_NAME:-${OCTAVIA_ADMIN_USER}}
OCTAVIA_ADMIN_PASSWORD=${OCTAVIA_ADMIN_PASSWORD:-${ADMIN_PASSWORD}}
OCTAVIA_PROJECT_NAME=${OCTAVIA_PROJECT_NAME:-$OCTAVIA_USERNAME}
OCTAVIA_USER_DOMAIN_NAME=${OCTAVIA_USER_DOMAIN_NAME:-"Default"}
OCTAVIA_PROJECT_DOMAIN_NAME=${OCTAVIA_PROJECT_DOMAIN_NAME:-"Default"}
OCTAVIA_PROTOCOL=${OCTAVIA_PROTOCOL:-"http"}
OCTAVIA_PORT=${OCTAVIA_PORT:-"9876"}

@ -47,8 +47,6 @@
# noop_event_streamer
# event_streamer_driver = noop_event_streamer
[keystone_authtoken]
# This group of config options are imported from keystone middleware. Thus the
# option names should match the names declared in the middleware.
@ -59,11 +57,6 @@
# insecure = False
# cafile =
[keystone_authtoken_v3]
# If using Keystone v3
# admin_user_domain = default
# admin_project_domain = default
[certificates]
# cert_generator = local_cert_generator
@ -238,51 +231,62 @@
# vrrp_garp_refresh_interval = 5
# vrrp_garp_refresh_count = 2
[glance]
# The name of the glance service in the keystone catalog
[service_auth]
# memcached_servers =
# signing_dir =
# cafile = /opt/stack/data/ca-bundle.pem
# project_domain_name = Default
# project_name = admin
# user_domain_name = Default
# password = password
# username = admin
# auth_type = password
# auth_url = http://localhost:5555/
[nova]
# The name of the nova service in the keystone catalog
# service_name =
# Custom glance endpoint if override is necessary
# Custom nova endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the OpenStack services.
# Region in Identity service catalog to use for communication with the
# OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
# endpoint_type = publicURL
# CA certificates file to verify glance connections when TLS is enabled
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[nova]
# The name of the nova service in the keystone catalog
[glance]
# The name of the glance service in the keystone catalog
# service_name =
# Custom nova endpoint if override is necessary
# Custom glance endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the OpenStack services.
# Region in Identity service catalog to use for communication with the
# OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
# endpoint_type = publicURL
# CA certificates file to verify nova connections when TLS is enabled
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
# Flag to enable nova anti-affinity capabilities to place amphorae on
# different hosts
# enable_anti_affinity = False
[neutron]
# The name of the neutron service in the keystone catalog
# service_name =
# Custom neutron endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the OpenStack services.
# Region in Identity service catalog to use for communication with the
# OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with

@ -27,9 +27,7 @@ from octavia.i18n import _LE
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
CONF.import_group('certificates', 'octavia.common.config')
class BarbicanACLAuth(barbican_common.BarbicanAuth):
@ -39,8 +37,9 @@ class BarbicanACLAuth(barbican_common.BarbicanAuth):
def get_barbican_client(cls, project_id=None):
if not cls._barbican_client:
try:
session = keystone.KeystoneSession().get_session()
cls._barbican_client = barbican_client.Client(
session=keystone.get_session(),
session=session,
region_name=CONF.certificates.region_name,
interface=CONF.certificates.endpoint_type
)

@ -14,6 +14,7 @@ from glanceclient import client as glance_client
from neutronclient.neutron import client as neutron_client
from novaclient import api_versions
from novaclient import client as nova_client
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
@ -21,6 +22,8 @@ from octavia.common import keystone
from octavia.i18n import _LE
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
GLANCE_VERSION = '2'
NEUTRON_VERSION = '2.0'
NOVA_VERSION = '2.1'
@ -44,9 +47,10 @@ class NovaAuth(object):
:return: a Nova Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.nova_client:
kwargs = {'region_name': region,
'session': keystone.get_session(),
'session': ksession.get_session(),
'endpoint_type': endpoint_type,
'insecure': insecure}
if service_name:
@ -82,9 +86,10 @@ class NeutronAuth(object):
:return: a Neutron Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.neutron_client:
kwargs = {'region_name': region,
'session': keystone.get_session(),
'session': ksession.get_session(),
'endpoint_type': endpoint_type,
'insecure': insecure}
if service_name:
@ -120,9 +125,10 @@ class GlanceAuth(object):
:return: a Glance Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.glance_client:
kwargs = {'region_name': region,
'session': keystone.get_session(),
'session': ksession.get_session(),
'interface': endpoint_type}
if service_name:
kwargs['service_name'] = service_name

@ -17,6 +17,7 @@
Routines for configuring Octavia
"""
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
from oslo_db import options as db_options
from oslo_log import log as logging
@ -41,6 +42,7 @@ core_opts = [
cfg.StrOpt('api_extensions_path', default="",
help=_("The path for API extensions")),
cfg.StrOpt('auth_strategy', default='keystone',
choices=('noauth', 'keystone'),
help=_("The type of authentication to use")),
cfg.BoolOpt('allow_bulk', default=True,
help=_("Allow the usage of the bulk API")),
@ -142,13 +144,6 @@ oslo_messaging_opts = [
help=_('topic name for communicating events through a queue')),
]
keystone_authtoken_v3_opts = [
cfg.StrOpt('admin_user_domain', default='default',
help=_('Admin user keystone authentication domain')),
cfg.StrOpt('admin_project_domain', default='default',
help=_('Admin project keystone authentication domain'))
]
haproxy_amphora_opts = [
cfg.StrOpt('base_path',
default='/var/lib/octavia',
@ -289,12 +284,22 @@ certificate_opts = [
cfg.StrOpt('barbican_auth',
default='barbican_acl_auth',
help='Name of the Barbican authentication method to use'),
cfg.StrOpt('service_name',
help=_('The name of the certificate service in the keystone'
'catalog')),
cfg.StrOpt('endpoint', help=_('A new endpoint to override the endpoint '
'in the keystone catalog.')),
cfg.StrOpt('region_name',
help='Region in Identity service catalog to use for '
'communication with the barbican service.'),
cfg.StrOpt('endpoint_type',
default='publicURL',
help='The endpoint_type to be used for barbican service.')
help='The endpoint_type to be used for barbican service.'),
cfg.StrOpt('ca_certificates_file',
help=_('CA certificates file path')),
cfg.BoolOpt('insecure',
default=False,
help=_('Disable certificate validation on SSL connections ')),
]
house_keeping_opts = [
@ -436,9 +441,6 @@ cfg.CONF.register_opts(anchor_opts, group='anchor')
cfg.CONF.register_cli_opts(core_cli_opts)
cfg.CONF.register_opts(certificate_opts, group='certificates')
cfg.CONF.register_cli_opts(healthmanager_opts, group='health_manager')
cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
cfg.CONF.register_opts(keystone_authtoken_v3_opts,
group='keystone_authtoken_v3')
cfg.CONF.register_opts(nova_opts, group='nova')
cfg.CONF.register_opts(glance_opts, group='glance')
cfg.CONF.register_opts(neutron_opts, group='neutron')
@ -454,6 +456,9 @@ db_options.set_defaults(cfg.CONF, connection=_SQL_CONNECTION_DEFAULT,
logging.register_options(cfg.CONF)
ks_loading.register_auth_conf_options(cfg.CONF, constants.SERVICE_AUTH)
ks_loading.register_session_conf_options(cfg.CONF, constants.SERVICE_AUTH)
def init(args, **kwargs):
cfg.CONF(args=args, project='octavia',
@ -469,30 +474,3 @@ def setup_logging(conf):
product_name = "octavia"
logging.setup(conf, product_name)
LOG.info(_LI("Logging enabled!"))
# def load_paste_app(app_name):
# """Builds and returns a WSGI app from a paste config file.
# :param app_name: Name of the application to load
# :raises ConfigFilesNotFoundError when config file cannot be located
# :raises RuntimeError when application cannot be loaded from config file
# """
# config_path = cfg.CONF.find_file(cfg.CONF.api_paste_config)
# if not config_path:
# raise cfg.ConfigFilesNotFoundError(
# config_files=[cfg.CONF.api_paste_config])
# config_path = os.path.abspath(config_path)
# LOG.info(_LI("Config paste file: %s"), config_path)
# try:
# app = deploy.loadapp("config:%s" % config_path, name=app_name)
# except (LookupError, ImportError):
# msg = (_("Unable to load %(app_name)s from "
# "configuration file %(config_path)s.") %
# {'app_name': app_name,
# 'config_path': config_path})
# LOG.exception(msg)
# raise RuntimeError(msg)
# return app

@ -252,6 +252,9 @@ NOVA_21 = '2.1'
NOVA_3 = '3'
NOVA_VERSIONS = (NOVA_1, NOVA_21, NOVA_3)
# Auth sections
SERVICE_AUTH = 'service_auth'
RPC_NAMESPACE_CONTROLLER_AGENT = 'controller'

@ -12,59 +12,32 @@
# License for the specific language governing permissions and limitations
# under the License.
from keystoneauth1.identity import v2 as v2_client
from keystoneauth1.identity import v3 as v3_client
from keystoneauth1 import session
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
from octavia.i18n import _LE
from octavia.common import constants
LOG = logging.getLogger(__name__)
cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
cfg.CONF.import_group('keystone_authtoken_v3', 'octavia.common.config')
_SESSION = None
def get_session():
"""Initializes a Keystone session.
:return: a Keystone Session object
:raises Exception: if the session cannot be established
"""
global _SESSION
if not _SESSION:
class KeystoneSession:
kwargs = {'auth_url': cfg.CONF.keystone_authtoken.auth_uri,
'username': cfg.CONF.keystone_authtoken.admin_user,
'password': cfg.CONF.keystone_authtoken.admin_password}
def __init__(self, section=constants.SERVICE_AUTH):
self._session = None
self.section = section
ks_loading.register_auth_conf_options(cfg.CONF, self.section)
ks_loading.register_session_conf_options(cfg.CONF, self.section)
if cfg.CONF.keystone_authtoken.auth_version == '2':
client = v2_client
kwargs['tenant_name'] = (cfg.CONF.keystone_authtoken.
admin_tenant_name)
elif cfg.CONF.keystone_authtoken.auth_version == '3':
client = v3_client
kwargs['project_name'] = (cfg.CONF.keystone_authtoken.
admin_tenant_name)
kwargs['user_domain_name'] = (cfg.CONF.keystone_authtoken_v3.
admin_user_domain)
kwargs['project_domain_name'] = (cfg.CONF.keystone_authtoken_v3.
admin_project_domain)
else:
raise Exception('Unknown keystone version!')
def get_session(self):
"""Initializes a Keystone session.
try:
kc = client.Password(**kwargs)
_SESSION = session.Session(
auth=kc, verify=(cfg.CONF.keystone_authtoken.cafile or
not cfg.CONF.keystone_authtoken.insecure))
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("Error creating Keystone session."))
:return: a Keystone Session object
"""
if not self._session:
self._auth = ks_loading.load_auth_from_conf_options(
cfg.CONF, self.section)
self._session = ks_loading.load_session_from_conf_options(
cfg.CONF, self.section, auth=self._auth)
return _SESSION
return self._session

@ -26,10 +26,7 @@ from octavia.i18n import _LE, _LW
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
CONF.import_group('glance', 'octavia.common.config')
CONF.import_group('keystone_authtoken', 'octavia.common.config')
CONF.import_group('networking', 'octavia.common.config')
CONF.import_group('nova', 'octavia.common.config')
def _extract_amp_image_id_by_tag(client, image_tag, image_owner):

@ -29,7 +29,6 @@ DNS_INT_EXT_ALIAS = 'dns-integration'
SEC_GRP_EXT_ALIAS = 'security-group'
CONF = cfg.CONF
CONF.import_group('neutron', 'octavia.common.config')
class BaseNeutronDriver(base.AbstractNetworkDriver):

@ -10,9 +10,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import copy
import itertools
import operator
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
import octavia.common.config
from octavia.common import constants
def list_opts():
@ -22,13 +28,31 @@ def list_opts():
('amphora_agent', octavia.common.config.amphora_agent_opts),
('networking', octavia.common.config.networking_opts),
('oslo_messaging', octavia.common.config.oslo_messaging_opts),
('keystone_authtoken_v3',
octavia.common.config.keystone_authtoken_v3_opts),
('haproxy_amphora', octavia.common.config.haproxy_amphora_opts),
('health_manager', octavia.common.config.healthmanager_opts),
('controller_worker', octavia.common.config.controller_worker_opts),
('task_flow', octavia.common.config.task_flow_opts),
('certificates', octavia.common.config.certificate_opts),
('house_keeping', octavia.common.config.house_keeping_opts),
('keepalived_vrrp', octavia.common.config.keepalived_vrrp_opts)
('keepalived_vrrp', octavia.common.config.keepalived_vrrp_opts),
('nova', octavia.common.config.nova_opts),
('neutron', octavia.common.config.neutron_opts),
('glance', octavia.common.config.glance_opts),
add_auth_opts(),
]
def add_auth_opts():
opts = ks_loading.register_session_conf_options(
cfg.CONF, constants.SERVICE_AUTH)
opt_list = copy.deepcopy(opts)
opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
# NOTE(mhickey): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
if all(option.name != plugin_option.name for option in opt_list):
opt_list.append(plugin_option)
opt_list.sort(key=operator.attrgetter('name'))
return (constants.SERVICE_AUTH, opt_list)

@ -36,12 +36,9 @@ class TestBarbicanACLAuth(base.TestCase):
conf.config(group="certificates", endpoint_type='publicURL')
super(TestBarbicanACLAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_barbican_client(self):
# There should be no existing client
self.assertIsNone(keystone._SESSION)
# Mock out the keystone session and get the client
keystone._SESSION = mock.MagicMock()
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc1 = acl_auth_object.get_barbican_client()

@ -15,7 +15,6 @@ import mock
import neutronclient.v2_0
import novaclient.v2
from oslo_config import cfg
from oslo_config import fixture as oslo_fixture
from octavia.common import clients
from octavia.common import keystone
@ -27,15 +26,13 @@ CONF = cfg.CONF
class TestNovaAuth(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
# Reset the session and client
clients.NovaAuth.nova_client = None
keystone._SESSION = None
super(TestNovaAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_nova_client(self):
# There should be no existing client
self.assertIsNone(
@ -67,15 +64,13 @@ class TestNovaAuth(base.TestCase):
class TestNeutronAuth(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
# Reset the session and client
clients.NeutronAuth.neutron_client = None
keystone._SESSION = None
super(TestNeutronAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_neutron_client(self):
# There should be no existing client
self.assertIsNone(
@ -107,15 +102,13 @@ class TestNeutronAuth(base.TestCase):
class TestGlanceAuth(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
# Reset the session and client
clients.GlanceAuth.glance_client = None
keystone._SESSION = None
super(TestGlanceAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_glance_client(self):
# There should be no existing client
self.assertIsNone(

@ -91,7 +91,6 @@ class TestNovaClient(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
self.net_name = "lb-mgmt-net"
conf.config(group="networking", lb_network_name=self.net_name)
conf.config(group="controller_worker", amp_boot_network_list=[1, 2])

@ -33,7 +33,6 @@ class TestAmphoraFlows(base.TestCase):
def setUp(self):
super(TestAmphoraFlows, self).setUp()
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
self.conf.config(group="keystone_authtoken", auth_version=AUTH_VERSION)
self.conf.config(
group="controller_worker",
amphora_driver='amphora_haproxy_rest_driver')

@ -36,7 +36,6 @@ AMPHORA_ID = uuidutils.generate_uuid()
COMPUTE_ID = uuidutils.generate_uuid()
LB_NET_IP = '192.0.2.1'
PORT_ID = uuidutils.generate_uuid()
AUTH_VERSION = '2'
SERVER_GRPOUP_ID = uuidutils.generate_uuid()
@ -70,7 +69,6 @@ class TestComputeTasks(base.TestCase):
conf.config(group="controller_worker", amp_active_wait_sec=AMP_WAIT)
conf.config(group="controller_worker",
amp_secgroup_list=AMP_SEC_GROUPS)
conf.config(group="keystone_authtoken", auth_version=AUTH_VERSION)
conf.config(group="controller_worker", amp_image_owner_id='')
_amphora_mock.id = AMPHORA_ID

@ -70,7 +70,7 @@ class TestAllowedAddressPairsDriver(base.TestCase):
]
}
self.k_session = mock.patch(
'octavia.common.keystone.get_session').start()
'keystoneauth1.session.Session').start()
self.driver = allowed_address_pairs.AllowedAddressPairsDriver()
@mock.patch('octavia.network.drivers.neutron.base.BaseNeutronDriver.'

@ -49,7 +49,7 @@ class TestBaseNeutronNetworkDriver(base.TestCase):
]
}
self.k_session = mock.patch(
'octavia.common.keystone.get_session').start()
'keystoneauth1.session.Session').start()
self.driver = self._instantiate_partial_abc(
neutron_base.BaseNeutronDriver)

@ -0,0 +1,11 @@
---
prelude: >
Extended support for Keystone API v3.
features:
- Octavia supports different Keystone APIs and choose authentication
mechanism based on configuration specified in "keystone_authtoken" section
of octavia.conf file.
upgrade:
- From configuration file section "keystone_authtoken_v3" was removed and all
parameters are stored in "keystone_authtoken" section of configuration
file.
Loading…
Cancel
Save