Fix getting user neutron client

Use token and endpoint URL to initialize neutron client for the
request user.

Story: 2007619
Task:  39641

Change-Id: I05a541a77f254a77ad5036e1062b61c8ce93b754
Lingxian Kong 2020-05-07 16:31:38 +12:00
parent bcef33a3ff
commit b54f373cac
1 changed files with 14 additions and 17 deletions

View File

@ -12,8 +12,6 @@
from cinderclient import client as cinder_client
from glanceclient import client as glance_client
from keystoneauth1.identity.generic import token
from keystoneauth1 import session
from neutronclient.neutron import client as neutron_client
from novaclient import api_versions
from novaclient import client as nova_client
@ -111,28 +109,27 @@ class NeutronAuth(object):
def get_user_neutron_client(cls, context):
# get a normal session
ksession = keystone.KeystoneSession()
service_auth = ksession.get_auth()
"""Get neutron client for request user.
# make user auth and swap it in session
user_auth = token.Token(auth_url=service_auth.auth_url,
user_session = session.Session(auth=user_auth)
It's possible that the token in the context is a trust scoped
which can't be used to initialize a keystone session.
We directly use the token and endpoint_url to initialize neutron
neutron_endpoint = CONF.neutron.endpoint
if not neutron_endpoint:
session = keystone.KeystoneSession().get_session()
endpoint_data = session.get_endpoint_data(service_type='network')
neutron_endpoint = endpoint_data.catalog_url
kwargs = {
'session': user_session,
'region_name': CONF.neutron.region_name,
'endpoint_type': CONF.neutron.endpoint_type,
'service_name': CONF.neutron.service_name,
'token': context.auth_token,
'endpoint_url': neutron_endpoint,
'insecure': CONF.neutron.insecure,
'ca_cert': CONF.neutron.ca_certificates_file
if CONF.neutron.endpoint:
kwargs['endpoint_override'] = CONF.neutron.endpoint
# create neutron client using user's session
return neutron_client.Client(NEUTRON_VERSION, **kwargs)