@ -12,8 +12,6 @@
from cinderclient import client as cinder_client
from glanceclient import client as glance_client
from keystoneauth1 . identity . generic import token
from keystoneauth1 import session
from neutronclient . neutron import client as neutron_client
from novaclient import api_versions
from novaclient import client as nova_client
@ -111,28 +109,27 @@ class NeutronAuth(object):
@classmethod
def get_user_neutron_client ( cls , context ) :
# get a normal session
ksession = keystone . KeystoneSession ( )
service_auth = ksession . get_auth ( )
""" Get neutron client for request user.
It ' s possible that the token in the context is a trust scoped
which can ' t be used to initialize a keystone session.
# make user auth and swap it in session
user_auth = token . Token ( auth_url = service_auth . auth_url ,
token = context . auth_token ,
project_id = context . project_id )
user_session = session . Session ( auth = user_auth )
We directly use the token and endpoint_url to initialize neutron
client .
"""
neutron_endpoint = CONF . neutron . endpoint
if not neutron_endpoint :
session = keystone . KeystoneSession ( ) . get_session ( )
endpoint_data = session . get_endpoint_data ( service_type = ' network ' )
neutron_endpoint = endpoint_data . catalog_url
kwargs = {
' session ' : user_session ,
' region_name ' : CONF . neutron . region_name ,
' endpoint_type ' : CONF . neutron . endpoint_type ,
' service_name ' : CONF . neutron . service_name ,
' token ' : context . auth_token ,
' endpoint_url ' : neutron_endpoint ,
' insecure ' : CONF . neutron . insecure ,
' ca_cert ' : CONF . neutron . ca_certificates_file
}
if CONF . neutron . endpoint :
kwargs [ ' endpoint_override ' ] = CONF . neutron . endpoint
# create neutron client using user's session
return neutron_client . Client ( NEUTRON_VERSION , * * kwargs )