openstack
/
octavia
Code Issues Proposed changes

Backend Keystone authentication 

Change methods used in backend to authenticate with keystone.
Use autodetection mechanizm for API version and refactor config
options specified in Octavia.

Change-Id: Id0deee2714040d271f43a537c27f410e2f4e3ef2
Closes-Bug: #1620668
Closes-Bug: #1618691
This commit is contained in:
Lubosz "diltram" Kosnik 2016-09-01 23:03:50 -05:00
parent 7476aea667
commit 076e016bb2
19 changed files with 181 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
devstack/plugin.sh
View File

@ -42,13 +42,13 @@ function build_octavia_worker_image {
}
function create_octavia_accounts {
create_service_user "neutron"
create_service_user "octavia"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
local neutron_service=$(get_or_create_service "octavia" \
local octavia_service=$(get_or_create_service "octavia" \
"octavia" "Octavia Service")
get_or_create_endpoint $neutron_service \
get_or_create_endpoint $octavia_service \
"$REGION_NAME" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/" \
"$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/" \
@ -58,6 +58,8 @@ function create_octavia_accounts {
function octavia_configure {
create_octavia_cache_dir
sudo mkdir -m 755 -p $OCTAVIA_CONF_DIR
safe_chown $STACK_USER $OCTAVIA_CONF_DIR
@ -67,16 +69,20 @@ function octavia_configure {
iniset $OCTAVIA_CONF database connection "mysql+pymysql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:3306/octavia"
if [ "$OCTAVIA_AUTH_VERSION" == "2" ] ; then
AUTH_URI=${KEYSTONE_AUTH_URI%/v3}/v2.0
else
AUTH_URI=${KEYSTONE_AUTH_URI}
fi
iniset $OCTAVIA_CONF keystone_authtoken auth_uri ${AUTH_URI}
iniset $OCTAVIA_CONF keystone_authtoken admin_user ${OCTAVIA_ADMIN_USER}
iniset $OCTAVIA_CONF keystone_authtoken admin_tenant_name ${OCTAVIA_ADMIN_TENANT_NAME}
iniset $OCTAVIA_CONF keystone_authtoken admin_password ${OCTAVIA_ADMIN_PASSWORD}
iniset $OCTAVIA_CONF keystone_authtoken auth_version ${OCTAVIA_AUTH_VERSION}
# Configure keystone auth_token for all users
configure_auth_token_middleware $OCTAVIA_CONF octavia $OCTAVIA_AUTH_CACHE_DIR
# Ensure config is set up properly for authentication as admin
iniset $OCTAVIA_CONF service_auth auth_url $KEYSTONE_AUTH_URI
iniset $OCTAVIA_CONF service_auth auth_type password
iniset $OCTAVIA_CONF service_auth username $OCTAVIA_USERNAME
iniset $OCTAVIA_CONF service_auth password $OCTAVIA_PASSWORD
iniset $OCTAVIA_CONF service_auth user_domain_name $OCTAVIA_USER_DOMAIN_NAME
iniset $OCTAVIA_CONF service_auth project_name $OCTAVIA_PROJECT_NAME
iniset $OCTAVIA_CONF service_auth project_domain_name $OCTAVIA_PROJECT_DOMAIN_NAME
iniset $OCTAVIA_CONF service_auth cafile $SSL_BUNDLE_FILE
iniset $OCTAVIA_CONF service_auth signing_dir $signing_dir
iniset $OCTAVIA_CONF service_auth memcached_servers $SERVICE_HOST:11211
# Setting other required default options
iniset $OCTAVIA_CONF controller_worker amphora_driver ${OCTAVIA_AMPHORA_DRIVER}
@ -373,6 +379,15 @@ function octavia_cleanup {
openstack keypair delete ${OCTAVIA_AMP_SSH_KEY_NAME}
fi
fi
sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR
}
# create_octavia_cache_dir() - Part of the configure_octavia() process
function create_octavia_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $OCTAVIA_AUTH_CACHE_DIR
rm -f $OCTAVIA_AUTH_CACHE_DIR/*
}
# check for service enabled

11
devstack/settings
View File

@ -10,6 +10,7 @@ TRIPLEO_IMAGE_ELEMENTS_BRANCH=${TRIPLEO_IMAGE_ELEMENTS_BRANCH:-master}
TRIPLEO_IMAGE_ELEMENTS_DIR=$DEST/tripleo-image-elements
OCTAVIA_BIN_DIR=${OCTAVIA_BIN_DIR:-$(get_python_exec_prefix)}
OCTAVIA_CONF_DIR=${OCTAVIA_CONF_DIR:-"/etc/octavia"}
OCTAVIA_AUTH_CACHE_DIR=${OCTAVIA_AUTH_CACHE_DIR:-"/var/cache/octavia"}
OCTAVIA_SSH_DIR=${OCTAVIA_SSH_DIR:-${OCTAVIA_CONF_DIR}/.ssh}
OCTAVIA_CERTS_DIR=${OCTAVIA_CERTS_DIR:-${OCTAVIA_CONF_DIR}/certs}
OCTAVIA_DHCLIENT_DIR=${OCTAVIA_DHCLIENT_DIR:-${OCTAVIA_CONF_DIR}/dhcp}
@ -21,13 +22,11 @@ OCTAVIA_AMPHORA_DRIVER=${OCTAVIA_AMPHORA_DRIVER:-"amphora_haproxy_rest_driver"}
OCTAVIA_NETWORK_DRIVER=${OCTAVIA_NETWORK_DRIVER:-"allowed_address_pairs_driver"}
OCTAVIA_COMPUTE_DRIVER=${OCTAVIA_COMPUTE_DRIVER:-"compute_nova_driver"}
OCTAVIA_ADMIN_USER=${OCTAVIA_ADMIN_USER:-"admin"}
OCTAVIA_USER=${OCTAVIA_USER:-${OCTAVIA_ADMIN_USER}}
OCTAVIA_USERNAME=${OCTAVIA_ADMIN_USER:-"admin"}
OCTAVIA_PASSWORD=${OCTAVIA_PASSWORD:-${ADMIN_PASSWORD}}
OCTAVIA_TENANT_ID=${OCTAVIA_TENANT_ID:-${ADMIN_TENANT_ID}}
OCTAVIA_AUTH_VERSION=${OCTAVIA_AUTH_VERSION:-"2"}
OCTAVIA_ADMIN_TENANT_NAME=${OCTAVIA_ADMIN_TENANT_NAME:-${OCTAVIA_ADMIN_USER}}
OCTAVIA_ADMIN_PASSWORD=${OCTAVIA_ADMIN_PASSWORD:-${ADMIN_PASSWORD}}
OCTAVIA_PROJECT_NAME=${OCTAVIA_PROJECT_NAME:-$OCTAVIA_USERNAME}
OCTAVIA_USER_DOMAIN_NAME=${OCTAVIA_USER_DOMAIN_NAME:-"Default"}
OCTAVIA_PROJECT_DOMAIN_NAME=${OCTAVIA_PROJECT_DOMAIN_NAME:-"Default"}
OCTAVIA_PROTOCOL=${OCTAVIA_PROTOCOL:-"http"}
OCTAVIA_PORT=${OCTAVIA_PORT:-"9876"}

94
etc/octavia.conf
View File

@ -47,8 +47,6 @@
# noop_event_streamer
# event_streamer_driver = noop_event_streamer
[keystone_authtoken]
# This group of config options are imported from keystone middleware. Thus the
# option names should match the names declared in the middleware.
@ -59,11 +57,6 @@
# insecure = False
# cafile =
[keystone_authtoken_v3]
# If using Keystone v3
# admin_user_domain = default
# admin_project_domain = default
[certificates]
# cert_generator = local_cert_generator
@ -238,22 +231,17 @@
# vrrp_garp_refresh_interval = 5
# vrrp_garp_refresh_count = 2
[glance]
# The name of the glance service in the keystone catalog
# service_name =
# Custom glance endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
# endpoint_type = publicURL
# CA certificates file to verify glance connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[service_auth]
# memcached_servers =
# signing_dir =
# cafile = /opt/stack/data/ca-bundle.pem
# project_domain_name = Default
# project_name = admin
# user_domain_name = Default
# password = password
# username = admin
# auth_type = password
# auth_url = http://localhost:5555/
[nova]
# The name of the nova service in the keystone catalog
@ -261,28 +249,44 @@
# Custom nova endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
# endpoint_type = publicURL
# CA certificates file to verify nova connections when TLS is enabled
# insecure = False
# ca_certificates_file =
# Flag to enable nova anti-affinity capabilities to place amphorae on
# different hosts
# enable_anti_affinity = False
[neutron]
# The name of the neutron service in the keystone catalog
# service_name =
# Custom neutron endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the OpenStack services.
# Region in Identity service catalog to use for communication with the
# OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
# endpoint_type = publicURL
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[glance]
# The name of the glance service in the keystone catalog
# service_name =
# Custom glance endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the
# OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
# endpoint_type = publicURL
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[neutron]
# The name of the neutron service in the keystone catalog
# service_name =
# Custom neutron endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the
# OpenStack services.
# region_name =
# Endpoint type in Identity service catalog to use for communication with

5
octavia/certificates/common/auth/barbican_acl.py
View File

@ -27,9 +27,7 @@ from octavia.i18n import _LE
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
CONF.import_group('certificates', 'octavia.common.config')
class BarbicanACLAuth(barbican_common.BarbicanAuth):
@ -39,8 +37,9 @@ class BarbicanACLAuth(barbican_common.BarbicanAuth):
def get_barbican_client(cls, project_id=None):
if not cls._barbican_client:
try:
session = keystone.KeystoneSession().get_session()
cls._barbican_client = barbican_client.Client(
session=keystone.get_session(),
session=session,
region_name=CONF.certificates.region_name,
interface=CONF.certificates.endpoint_type
)

12
octavia/common/clients.py
View File

@ -14,6 +14,7 @@ from glanceclient import client as glance_client
from neutronclient.neutron import client as neutron_client
from novaclient import api_versions
from novaclient import client as nova_client
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
@ -21,6 +22,8 @@ from octavia.common import keystone
from octavia.i18n import _LE
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
GLANCE_VERSION = '2'
NEUTRON_VERSION = '2.0'
NOVA_VERSION = '2.1'
@ -44,9 +47,10 @@ class NovaAuth(object):
:return: a Nova Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.nova_client:
kwargs = {'region_name': region,
'session': keystone.get_session(),
'session': ksession.get_session(),
'endpoint_type': endpoint_type,
'insecure': insecure}
if service_name:
@ -82,9 +86,10 @@ class NeutronAuth(object):
:return: a Neutron Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.neutron_client:
kwargs = {'region_name': region,
'session': keystone.get_session(),
'session': ksession.get_session(),
'endpoint_type': endpoint_type,
'insecure': insecure}
if service_name:
@ -120,9 +125,10 @@ class GlanceAuth(object):
:return: a Glance Client object.
:raises Exception: if the client cannot be created
"""
ksession = keystone.KeystoneSession()
if not cls.glance_client:
kwargs = {'region_name': region,
'session': keystone.get_session(),
'session': ksession.get_session(),
'interface': endpoint_type}
if service_name:
kwargs['service_name'] = service_name

54
octavia/common/config.py
View File

@ -17,6 +17,7 @@
Routines for configuring Octavia
"""
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
from oslo_db import options as db_options
from oslo_log import log as logging
@ -41,6 +42,7 @@ core_opts = [
cfg.StrOpt('api_extensions_path', default="",
help=_("The path for API extensions")),
cfg.StrOpt('auth_strategy', default='keystone',
choices=('noauth', 'keystone'),
help=_("The type of authentication to use")),
cfg.BoolOpt('allow_bulk', default=True,
help=_("Allow the usage of the bulk API")),
@ -142,13 +144,6 @@ oslo_messaging_opts = [
help=_('topic name for communicating events through a queue')),
]
keystone_authtoken_v3_opts = [
cfg.StrOpt('admin_user_domain', default='default',
help=_('Admin user keystone authentication domain')),
cfg.StrOpt('admin_project_domain', default='default',
help=_('Admin project keystone authentication domain'))
]
haproxy_amphora_opts = [
cfg.StrOpt('base_path',
default='/var/lib/octavia',
@ -289,12 +284,22 @@ certificate_opts = [
cfg.StrOpt('barbican_auth',
default='barbican_acl_auth',
help='Name of the Barbican authentication method to use'),
cfg.StrOpt('service_name',
help=_('The name of the certificate service in the keystone'
'catalog')),
cfg.StrOpt('endpoint', help=_('A new endpoint to override the endpoint '
'in the keystone catalog.')),
cfg.StrOpt('region_name',
help='Region in Identity service catalog to use for '
'communication with the barbican service.'),
cfg.StrOpt('endpoint_type',
default='publicURL',
help='The endpoint_type to be used for barbican service.')
help='The endpoint_type to be used for barbican service.'),
cfg.StrOpt('ca_certificates_file',
help=_('CA certificates file path')),
cfg.BoolOpt('insecure',
default=False,
help=_('Disable certificate validation on SSL connections ')),
]
house_keeping_opts = [
@ -436,9 +441,6 @@ cfg.CONF.register_opts(anchor_opts, group='anchor')
cfg.CONF.register_cli_opts(core_cli_opts)
cfg.CONF.register_opts(certificate_opts, group='certificates')
cfg.CONF.register_cli_opts(healthmanager_opts, group='health_manager')
cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
cfg.CONF.register_opts(keystone_authtoken_v3_opts,
group='keystone_authtoken_v3')
cfg.CONF.register_opts(nova_opts, group='nova')
cfg.CONF.register_opts(glance_opts, group='glance')
cfg.CONF.register_opts(neutron_opts, group='neutron')
@ -454,6 +456,9 @@ db_options.set_defaults(cfg.CONF, connection=_SQL_CONNECTION_DEFAULT,
logging.register_options(cfg.CONF)
ks_loading.register_auth_conf_options(cfg.CONF, constants.SERVICE_AUTH)
ks_loading.register_session_conf_options(cfg.CONF, constants.SERVICE_AUTH)
def init(args, **kwargs):
cfg.CONF(args=args, project='octavia',
@ -469,30 +474,3 @@ def setup_logging(conf):
product_name = "octavia"
logging.setup(conf, product_name)
LOG.info(_LI("Logging enabled!"))
# def load_paste_app(app_name):
# """Builds and returns a WSGI app from a paste config file.
# :param app_name: Name of the application to load
# :raises ConfigFilesNotFoundError when config file cannot be located
# :raises RuntimeError when application cannot be loaded from config file
# """
# config_path = cfg.CONF.find_file(cfg.CONF.api_paste_config)
# if not config_path:
# raise cfg.ConfigFilesNotFoundError(
# config_files=[cfg.CONF.api_paste_config])
# config_path = os.path.abspath(config_path)
# LOG.info(_LI("Config paste file: %s"), config_path)
# try:
# app = deploy.loadapp("config:%s" % config_path, name=app_name)
# except (LookupError, ImportError):
# msg = (_("Unable to load %(app_name)s from "
# "configuration file %(config_path)s.") %
# {'app_name': app_name,
# 'config_path': config_path})
# LOG.exception(msg)
# raise RuntimeError(msg)
# return app

3
octavia/common/constants.py
View File

@ -252,6 +252,9 @@ NOVA_21 = '2.1'
NOVA_3 = '3'
NOVA_VERSIONS = (NOVA_1, NOVA_21, NOVA_3)
# Auth sections
SERVICE_AUTH = 'service_auth'
RPC_NAMESPACE_CONTROLLER_AGENT = 'controller'

57
octavia/common/keystone.py
View File

@ -12,59 +12,32 @@
# License for the specific language governing permissions and limitations
# under the License.
from keystoneauth1.identity import v2 as v2_client
from keystoneauth1.identity import v3 as v3_client
from keystoneauth1 import session
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
from octavia.i18n import _LE
from octavia.common import constants
LOG = logging.getLogger(__name__)
cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
cfg.CONF.import_group('keystone_authtoken_v3', 'octavia.common.config')
_SESSION = None
class KeystoneSession:
def __init__(self, section=constants.SERVICE_AUTH):
self._session = None
self.section = section
ks_loading.register_auth_conf_options(cfg.CONF, self.section)
ks_loading.register_session_conf_options(cfg.CONF, self.section)
def get_session():
def get_session(self):
"""Initializes a Keystone session.
:return: a Keystone Session object
:raises Exception: if the session cannot be established
"""
global _SESSION
if not _SESSION:
if not self._session:
self._auth = ks_loading.load_auth_from_conf_options(
cfg.CONF, self.section)
self._session = ks_loading.load_session_from_conf_options(
cfg.CONF, self.section, auth=self._auth)
kwargs = {'auth_url': cfg.CONF.keystone_authtoken.auth_uri,
'username': cfg.CONF.keystone_authtoken.admin_user,
'password': cfg.CONF.keystone_authtoken.admin_password}
if cfg.CONF.keystone_authtoken.auth_version == '2':
client = v2_client
kwargs['tenant_name'] = (cfg.CONF.keystone_authtoken.
admin_tenant_name)
elif cfg.CONF.keystone_authtoken.auth_version == '3':
client = v3_client
kwargs['project_name'] = (cfg.CONF.keystone_authtoken.
admin_tenant_name)
kwargs['user_domain_name'] = (cfg.CONF.keystone_authtoken_v3.
admin_user_domain)
kwargs['project_domain_name'] = (cfg.CONF.keystone_authtoken_v3.
admin_project_domain)
else:
raise Exception('Unknown keystone version!')
try:
kc = client.Password(**kwargs)
_SESSION = session.Session(
auth=kc, verify=(cfg.CONF.keystone_authtoken.cafile or
not cfg.CONF.keystone_authtoken.insecure))
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("Error creating Keystone session."))
return _SESSION
return self._session

3
octavia/compute/drivers/nova_driver.py
View File

@ -26,10 +26,7 @@ from octavia.i18n import _LE, _LW
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
CONF.import_group('glance', 'octavia.common.config')
CONF.import_group('keystone_authtoken', 'octavia.common.config')
CONF.import_group('networking', 'octavia.common.config')
CONF.import_group('nova', 'octavia.common.config')
def _extract_amp_image_id_by_tag(client, image_tag, image_owner):

1
octavia/network/drivers/neutron/base.py
View File

@ -29,7 +29,6 @@ DNS_INT_EXT_ALIAS = 'dns-integration'
SEC_GRP_EXT_ALIAS = 'security-group'
CONF = cfg.CONF
CONF.import_group('neutron', 'octavia.common.config')
class BaseNeutronDriver(base.AbstractNetworkDriver):

30
octavia/opts.py
View File

@ -10,9 +10,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import copy
import itertools
import operator
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
import octavia.common.config
from octavia.common import constants
def list_opts():
@ -22,13 +28,31 @@ def list_opts():
('amphora_agent', octavia.common.config.amphora_agent_opts),
('networking', octavia.common.config.networking_opts),
('oslo_messaging', octavia.common.config.oslo_messaging_opts),
('keystone_authtoken_v3',
octavia.common.config.keystone_authtoken_v3_opts),
('haproxy_amphora', octavia.common.config.haproxy_amphora_opts),
('health_manager', octavia.common.config.healthmanager_opts),
('controller_worker', octavia.common.config.controller_worker_opts),
('task_flow', octavia.common.config.task_flow_opts),
('certificates', octavia.common.config.certificate_opts),
('house_keeping', octavia.common.config.house_keeping_opts),
('keepalived_vrrp', octavia.common.config.keepalived_vrrp_opts)
('keepalived_vrrp', octavia.common.config.keepalived_vrrp_opts),
('nova', octavia.common.config.nova_opts),
('neutron', octavia.common.config.neutron_opts),
('glance', octavia.common.config.glance_opts),
add_auth_opts(),
]
def add_auth_opts():
opts = ks_loading.register_session_conf_options(
cfg.CONF, constants.SERVICE_AUTH)
opt_list = copy.deepcopy(opts)
opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
# NOTE(mhickey): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
if all(option.name != plugin_option.name for option in opt_list):
opt_list.append(plugin_option)
opt_list.sort(key=operator.attrgetter('name'))
return (constants.SERVICE_AUTH, opt_list)

5
octavia/tests/unit/certificates/common/auth/test_barbican_acl.py
View File

@ -36,12 +36,9 @@ class TestBarbicanACLAuth(base.TestCase):
conf.config(group="certificates", endpoint_type='publicURL')
super(TestBarbicanACLAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_barbican_client(self):
# There should be no existing client
self.assertIsNone(keystone._SESSION)
# Mock out the keystone session and get the client
keystone._SESSION = mock.MagicMock()
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc1 = acl_auth_object.get_barbican_client()

13
octavia/tests/unit/common/test_clients.py
View File

@ -15,7 +15,6 @@ import mock
import neutronclient.v2_0
import novaclient.v2
from oslo_config import cfg
from oslo_config import fixture as oslo_fixture
from octavia.common import clients
from octavia.common import keystone
@ -27,15 +26,13 @@ CONF = cfg.CONF
class TestNovaAuth(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
# Reset the session and client
clients.NovaAuth.nova_client = None
keystone._SESSION = None
super(TestNovaAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_nova_client(self):
# There should be no existing client
self.assertIsNone(
@ -67,15 +64,13 @@ class TestNovaAuth(base.TestCase):
class TestNeutronAuth(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
# Reset the session and client
clients.NeutronAuth.neutron_client = None
keystone._SESSION = None
super(TestNeutronAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_neutron_client(self):
# There should be no existing client
self.assertIsNone(
@ -107,15 +102,13 @@ class TestNeutronAuth(base.TestCase):
class TestGlanceAuth(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
# Reset the session and client
clients.GlanceAuth.glance_client = None
keystone._SESSION = None
super(TestGlanceAuth, self).setUp()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_glance_client(self):
# There should be no existing client
self.assertIsNone(

1
octavia/tests/unit/compute/drivers/test_nova_driver.py
View File

@ -91,7 +91,6 @@ class TestNovaClient(base.TestCase):
def setUp(self):
conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
conf.config(group="keystone_authtoken", auth_version='2')
self.net_name = "lb-mgmt-net"
conf.config(group="networking", lb_network_name=self.net_name)
conf.config(group="controller_worker", amp_boot_network_list=[1, 2])

1
octavia/tests/unit/controller/worker/flows/test_amphora_flows.py
View File

@ -33,7 +33,6 @@ class TestAmphoraFlows(base.TestCase):
def setUp(self):
super(TestAmphoraFlows, self).setUp()
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
self.conf.config(group="keystone_authtoken", auth_version=AUTH_VERSION)
self.conf.config(
group="controller_worker",
amphora_driver='amphora_haproxy_rest_driver')

2
octavia/tests/unit/controller/worker/tasks/test_compute_tasks.py
View File

@ -36,7 +36,6 @@ AMPHORA_ID = uuidutils.generate_uuid()
COMPUTE_ID = uuidutils.generate_uuid()
LB_NET_IP = '192.0.2.1'
PORT_ID = uuidutils.generate_uuid()
AUTH_VERSION = '2'
SERVER_GRPOUP_ID = uuidutils.generate_uuid()
@ -70,7 +69,6 @@ class TestComputeTasks(base.TestCase):
conf.config(group="controller_worker", amp_active_wait_sec=AMP_WAIT)
conf.config(group="controller_worker",
amp_secgroup_list=AMP_SEC_GROUPS)
conf.config(group="keystone_authtoken", auth_version=AUTH_VERSION)
conf.config(group="controller_worker", amp_image_owner_id='')
_amphora_mock.id = AMPHORA_ID

2
octavia/tests/unit/network/drivers/neutron/test_allowed_address_pairs.py
View File

@ -70,7 +70,7 @@ class TestAllowedAddressPairsDriver(base.TestCase):
]
}
self.k_session = mock.patch(
'octavia.common.keystone.get_session').start()
'keystoneauth1.session.Session').start()
self.driver = allowed_address_pairs.AllowedAddressPairsDriver()
@mock.patch('octavia.network.drivers.neutron.base.BaseNeutronDriver.'

2
octavia/tests/unit/network/drivers/neutron/test_base.py
View File

@ -49,7 +49,7 @@ class TestBaseNeutronNetworkDriver(base.TestCase):
]
}
self.k_session = mock.patch(
'octavia.common.keystone.get_session').start()
'keystoneauth1.session.Session').start()
self.driver = self._instantiate_partial_abc(
neutron_base.BaseNeutronDriver)

11
releasenotes/notes/change-keystone-backend-config-d246b1e34015c86c.yaml Normal file
View File

@ -0,0 +1,11 @@
---
prelude: >
Extended support for Keystone API v3.
features:
- Octavia supports different Keystone APIs and choose authentication
mechanism based on configuration specified in "keystone_authtoken" section
of octavia.conf file.
upgrade:
- From configuration file section "keystone_authtoken_v3" was removed and all
parameters are stored in "keystone_authtoken" section of configuration
file.