Browse Source

Fix authentication failure when token expires

OpenStack service session is generated when downloading code from
inside the container, but when the function is invoked at a deferred
time, the token may already be expiried.

Need to create the session when executing the function instead of
when downloading.

Change-Id: I8170bfb1c5f8b6cf88a744547db12cc12248aaca
changes/04/489004/2
Lingxian Kong 4 years ago
parent
commit
ff873c3f95
  1. 13
      qinling/engine/default_engine.py
  2. 13
      qinling/orchestrator/kubernetes/manager.py
  3. 20
      runtimes/python2/server.py

13
qinling/engine/default_engine.py

@ -12,14 +12,17 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_log import log as logging
import requests
from qinling import context
from qinling.db import api as db_api
from qinling import status
from qinling.utils import common
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
class DefaultEngine(object):
@ -98,9 +101,15 @@ class DefaultEngine(object):
function_id, func_url
)
r = requests.post(func_url, json=input)
data = {
'token': context.get_ctx().auth_token,
'auth_url': CONF.keystone_authtoken.auth_url,
'input': input
}
r = requests.post(func_url, json=data)
execution.status = status.SUCCESS
execution.output = {'result': r.json()}
execution.output = r.json()
return
source = function.code['source']

13
qinling/orchestrator/kubernetes/manager.py

@ -353,11 +353,16 @@ class KubernetesManager(base.OrchestratorBase):
service_url=None):
if service_url:
func_url = '%s/execute' % service_url
LOG.info('Invoke function %s, url: %s', function_id, func_url)
data = {
'token': context.get_ctx().auth_token,
'auth_url': self.conf.keystone_authtoken.auth_url,
'input': input
}
r = requests.post(func_url, json=input)
LOG.info('Invoke function %s, url: %s', function_id, func_url)
return {'result': r.json()}
r = requests.post(func_url, json=data)
return r.json()
else:
status = None
@ -377,7 +382,7 @@ class KubernetesManager(base.OrchestratorBase):
self.conf.kubernetes.namespace,
)
return {'result': output}
return output
def delete_function(self, function_id, labels=None):
selector = common.convert_dict_to_string(labels)

20
runtimes/python2/server.py

@ -32,7 +32,6 @@ app = Flask(__name__)
zip_file = ''
function_module = 'main'
function_method = 'main'
openstack_session = None
@app.route('/download', methods=['POST'])
@ -42,17 +41,11 @@ def download():
function_id = params.get('function_id')
entry = params.get('entry')
token = params.get('token')
auth_url = params.get('auth_url')
headers = {}
if token:
headers = {'X-Auth-Token': token}
# Get openstack session.
global openstack_session
auth = generic.Token(auth_url=auth_url, token=token)
openstack_session = session.Session(auth=auth, verify=False)
global zip_file
zip_file = '%s.zip' % function_id
@ -61,6 +54,7 @@ def download():
(download_url, headers, entry)
)
# Get function code package from Qinling service.
r = requests.get(download_url, headers=headers, stream=True)
with open(zip_file, 'wb') as fd:
for chunk in r.iter_content(chunk_size=65535):
@ -82,10 +76,18 @@ def execute():
global zip_file
global function_module
global function_method
global openstack_session
openstack_session = None
params = request.get_json() or {}
token = params.get('token')
auth_url = params.get('auth_url')
input = params.get('input') or {}
if token:
auth = generic.Token(auth_url=auth_url, token=token)
openstack_session = session.Session(auth=auth, verify=False)
context = {'os_session': openstack_session}
input = request.get_json() or {}
app.logger.debug('Invoking function with input: %s' % input)
start = time.time()

Loading…
Cancel
Save