Fix getting user neutron client

Use token and endpoint URL to initialize neutron client for the request user. Story: 2007619 Task: 39641 Change-Id: I05a541a77f254a77ad5036e1062b61c8ce93b754
2020-05-07 16:31:38 +12:00 · 2020-05-07 16:31:38 +12:00 · b54f373cac
commit b54f373cac
parent bcef33a3ff
1 changed files with 14 additions and 17 deletions
--- a/octavia/common/clients.py
+++ b/octavia/common/clients.py
@ -12,8 +12,6 @@

 from cinderclient import client as cinder_client
 from glanceclient import client as glance_client
-from keystoneauth1.identity.generic import token
-from keystoneauth1 import session
 from neutronclient.neutron import client as neutron_client
 from novaclient import api_versions
 from novaclient import client as nova_client
@ -111,28 +109,27 @@ class NeutronAuth(object):

    @classmethod
    def get_user_neutron_client(cls, context):
-        # get a normal session
-        ksession = keystone.KeystoneSession()
-        service_auth = ksession.get_auth()
+        """Get neutron client for request user.

-        # make user auth and swap it in session
-        user_auth = token.Token(auth_url=service_auth.auth_url,
-                                token=context.auth_token,
-                                project_id=context.project_id)
-        user_session = session.Session(auth=user_auth)
+        It's possible that the token in the context is a trust scoped
+        which can't be used to initialize a keystone session.
+
+        We directly use the token and endpoint_url to initialize neutron
+        client.
+        """
+        neutron_endpoint = CONF.neutron.endpoint
+        if not neutron_endpoint:
+            session = keystone.KeystoneSession().get_session()
+            endpoint_data = session.get_endpoint_data(service_type='network')
+            neutron_endpoint = endpoint_data.catalog_url

        kwargs = {
-            'session': user_session,
-            'region_name': CONF.neutron.region_name,
-            'endpoint_type': CONF.neutron.endpoint_type,
-            'service_name': CONF.neutron.service_name,
+            'token': context.auth_token,
+            'endpoint_url': neutron_endpoint,
            'insecure': CONF.neutron.insecure,
            'ca_cert': CONF.neutron.ca_certificates_file
        }
-        if CONF.neutron.endpoint:
-            kwargs['endpoint_override'] = CONF.neutron.endpoint

-        # create neutron client using user's session
        return neutron_client.Client(NEUTRON_VERSION, **kwargs)