From ff873c3f957678a3bc1a87dc2fffeead61296a0d Mon Sep 17 00:00:00 2001
From: Lingxian Kong <anlin.kong@gmail.com>
Date: Sun, 30 Jul 2017 23:25:10 +1200
Subject: [PATCH] Fix authentication failure when token expires

OpenStack service session is generated when downloading code from
inside the container, but when the function is invoked at a deferred
time, the token may already be expiried.

Need to create the session when executing the function instead of
when downloading.

Change-Id: I8170bfb1c5f8b6cf88a744547db12cc12248aaca
---
 qinling/engine/default_engine.py           | 13 +++++++++++--
 qinling/orchestrator/kubernetes/manager.py | 13 +++++++++----
 runtimes/python2/server.py                 | 20 +++++++++++---------
 3 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/qinling/engine/default_engine.py b/qinling/engine/default_engine.py
index 414602ec..31daf817 100644
--- a/qinling/engine/default_engine.py
+++ b/qinling/engine/default_engine.py
@@ -12,14 +12,17 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_config import cfg
 from oslo_log import log as logging
 import requests
 
+from qinling import context
 from qinling.db import api as db_api
 from qinling import status
 from qinling.utils import common
 
 LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
 
 
 class DefaultEngine(object):
@@ -98,9 +101,15 @@ class DefaultEngine(object):
                     function_id, func_url
                 )
 
-                r = requests.post(func_url, json=input)
+                data = {
+                    'token': context.get_ctx().auth_token,
+                    'auth_url': CONF.keystone_authtoken.auth_url,
+                    'input': input
+                }
+
+                r = requests.post(func_url, json=data)
                 execution.status = status.SUCCESS
-                execution.output = {'result': r.json()}
+                execution.output = r.json()
                 return
 
             source = function.code['source']
diff --git a/qinling/orchestrator/kubernetes/manager.py b/qinling/orchestrator/kubernetes/manager.py
index 0496ca1b..b6ed8a40 100644
--- a/qinling/orchestrator/kubernetes/manager.py
+++ b/qinling/orchestrator/kubernetes/manager.py
@@ -353,11 +353,16 @@ class KubernetesManager(base.OrchestratorBase):
                       service_url=None):
         if service_url:
             func_url = '%s/execute' % service_url
+            data = {
+                'token': context.get_ctx().auth_token,
+                'auth_url': self.conf.keystone_authtoken.auth_url,
+                'input': input
+            }
+
             LOG.info('Invoke function %s, url: %s', function_id, func_url)
 
-            r = requests.post(func_url, json=input)
-
-            return {'result': r.json()}
+            r = requests.post(func_url, json=data)
+            return r.json()
         else:
             status = None
 
@@ -377,7 +382,7 @@ class KubernetesManager(base.OrchestratorBase):
                 self.conf.kubernetes.namespace,
             )
 
-            return {'result': output}
+            return output
 
     def delete_function(self, function_id, labels=None):
         selector = common.convert_dict_to_string(labels)
diff --git a/runtimes/python2/server.py b/runtimes/python2/server.py
index fb2cdccc..d7cf9668 100644
--- a/runtimes/python2/server.py
+++ b/runtimes/python2/server.py
@@ -32,7 +32,6 @@ app = Flask(__name__)
 zip_file = ''
 function_module = 'main'
 function_method = 'main'
-openstack_session = None
 
 
 @app.route('/download', methods=['POST'])
@@ -42,17 +41,11 @@ def download():
     function_id = params.get('function_id')
     entry = params.get('entry')
     token = params.get('token')
-    auth_url = params.get('auth_url')
 
     headers = {}
     if token:
         headers = {'X-Auth-Token': token}
 
-        # Get openstack session.
-        global openstack_session
-        auth = generic.Token(auth_url=auth_url, token=token)
-        openstack_session = session.Session(auth=auth, verify=False)
-
     global zip_file
     zip_file = '%s.zip' % function_id
 
@@ -61,6 +54,7 @@ def download():
         (download_url, headers, entry)
     )
 
+    # Get function code package from Qinling service.
     r = requests.get(download_url, headers=headers, stream=True)
     with open(zip_file, 'wb') as fd:
         for chunk in r.iter_content(chunk_size=65535):
@@ -82,10 +76,18 @@ def execute():
     global zip_file
     global function_module
     global function_method
-    global openstack_session
+    openstack_session = None
+
+    params = request.get_json() or {}
+    token = params.get('token')
+    auth_url = params.get('auth_url')
+    input = params.get('input') or {}
+
+    if token:
+        auth = generic.Token(auth_url=auth_url, token=token)
+        openstack_session = session.Session(auth=auth, verify=False)
 
     context = {'os_session': openstack_session}
-    input = request.get_json() or {}
     app.logger.debug('Invoking function with input: %s' % input)
 
     start = time.time()