Fix getting user neutron client
Use token and endpoint URL to initialize neutron client for the request user. Story: 2007619 Task: 39641 Change-Id: I05a541a77f254a77ad5036e1062b61c8ce93b754
This commit is contained in:
Lingxian Kong
parent
bcef33a3ff
commit
b54f373cac
@ -12,8 +12,6 @@
|
|||||||
|
|
||||||
from cinderclient import client as cinder_client
|
from cinderclient import client as cinder_client
|
||||||
from glanceclient import client as glance_client
|
from glanceclient import client as glance_client
|
||||||
from keystoneauth1.identity.generic import token
|
|
||||||
from keystoneauth1 import session
|
|
||||||
from neutronclient.neutron import client as neutron_client
|
from neutronclient.neutron import client as neutron_client
|
||||||
from novaclient import api_versions
|
from novaclient import api_versions
|
||||||
from novaclient import client as nova_client
|
from novaclient import client as nova_client
|
||||||
@ -111,28 +109,27 @@ class NeutronAuth(object):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_user_neutron_client(cls, context):
|
def get_user_neutron_client(cls, context):
|
||||||
# get a normal session
|
"""Get neutron client for request user.
|
||||||
ksession = keystone.KeystoneSession()
|
|
||||||
service_auth = ksession.get_auth()
|
|
||||||
|
|
||||||
# make user auth and swap it in session
|
It's possible that the token in the context is a trust scoped
|
||||||
user_auth = token.Token(auth_url=service_auth.auth_url,
|
which can't be used to initialize a keystone session.
|
||||||
token=context.auth_token,
|
|
||||||
project_id=context.project_id)
|
We directly use the token and endpoint_url to initialize neutron
|
||||||
user_session = session.Session(auth=user_auth)
|
client.
|
||||||
|
"""
|
||||||
|
neutron_endpoint = CONF.neutron.endpoint
|
||||||
|
if not neutron_endpoint:
|
||||||
|
session = keystone.KeystoneSession().get_session()
|
||||||
|
endpoint_data = session.get_endpoint_data(service_type='network')
|
||||||
|
neutron_endpoint = endpoint_data.catalog_url
|
||||||
|
|
||||||
kwargs = {
|
kwargs = {
|
||||||
'session': user_session,
|
'token': context.auth_token,
|
||||||
'region_name': CONF.neutron.region_name,
|
'endpoint_url': neutron_endpoint,
|
||||||
'endpoint_type': CONF.neutron.endpoint_type,
|
|
||||||
'service_name': CONF.neutron.service_name,
|
|
||||||
'insecure': CONF.neutron.insecure,
|
'insecure': CONF.neutron.insecure,
|
||||||
'ca_cert': CONF.neutron.ca_certificates_file
|
'ca_cert': CONF.neutron.ca_certificates_file
|
||||||
}
|
}
|
||||||
if CONF.neutron.endpoint:
|
|
||||||
kwargs['endpoint_override'] = CONF.neutron.endpoint
|
|
||||||
|
|
||||||
# create neutron client using user's session
|
|
||||||
return neutron_client.Client(NEUTRON_VERSION, **kwargs)
|
return neutron_client.Client(NEUTRON_VERSION, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user