Fix authentication failure when token expires
OpenStack service session is generated when downloading code from inside the container, but when the function is invoked at a deferred time, the token may already be expiried. Need to create the session when executing the function instead of when downloading. Change-Id: I8170bfb1c5f8b6cf88a744547db12cc12248aaca
This commit is contained in:
parent
a2213f3f6d
commit
ff873c3f95
|
@ -12,14 +12,17 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
|
from qinling import context
|
||||||
from qinling.db import api as db_api
|
from qinling.db import api as db_api
|
||||||
from qinling import status
|
from qinling import status
|
||||||
from qinling.utils import common
|
from qinling.utils import common
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
CONF = cfg.CONF
|
||||||
|
|
||||||
|
|
||||||
class DefaultEngine(object):
|
class DefaultEngine(object):
|
||||||
|
@ -98,9 +101,15 @@ class DefaultEngine(object):
|
||||||
function_id, func_url
|
function_id, func_url
|
||||||
)
|
)
|
||||||
|
|
||||||
r = requests.post(func_url, json=input)
|
data = {
|
||||||
|
'token': context.get_ctx().auth_token,
|
||||||
|
'auth_url': CONF.keystone_authtoken.auth_url,
|
||||||
|
'input': input
|
||||||
|
}
|
||||||
|
|
||||||
|
r = requests.post(func_url, json=data)
|
||||||
execution.status = status.SUCCESS
|
execution.status = status.SUCCESS
|
||||||
execution.output = {'result': r.json()}
|
execution.output = r.json()
|
||||||
return
|
return
|
||||||
|
|
||||||
source = function.code['source']
|
source = function.code['source']
|
||||||
|
|
|
@ -353,11 +353,16 @@ class KubernetesManager(base.OrchestratorBase):
|
||||||
service_url=None):
|
service_url=None):
|
||||||
if service_url:
|
if service_url:
|
||||||
func_url = '%s/execute' % service_url
|
func_url = '%s/execute' % service_url
|
||||||
|
data = {
|
||||||
|
'token': context.get_ctx().auth_token,
|
||||||
|
'auth_url': self.conf.keystone_authtoken.auth_url,
|
||||||
|
'input': input
|
||||||
|
}
|
||||||
|
|
||||||
LOG.info('Invoke function %s, url: %s', function_id, func_url)
|
LOG.info('Invoke function %s, url: %s', function_id, func_url)
|
||||||
|
|
||||||
r = requests.post(func_url, json=input)
|
r = requests.post(func_url, json=data)
|
||||||
|
return r.json()
|
||||||
return {'result': r.json()}
|
|
||||||
else:
|
else:
|
||||||
status = None
|
status = None
|
||||||
|
|
||||||
|
@ -377,7 +382,7 @@ class KubernetesManager(base.OrchestratorBase):
|
||||||
self.conf.kubernetes.namespace,
|
self.conf.kubernetes.namespace,
|
||||||
)
|
)
|
||||||
|
|
||||||
return {'result': output}
|
return output
|
||||||
|
|
||||||
def delete_function(self, function_id, labels=None):
|
def delete_function(self, function_id, labels=None):
|
||||||
selector = common.convert_dict_to_string(labels)
|
selector = common.convert_dict_to_string(labels)
|
||||||
|
|
|
@ -32,7 +32,6 @@ app = Flask(__name__)
|
||||||
zip_file = ''
|
zip_file = ''
|
||||||
function_module = 'main'
|
function_module = 'main'
|
||||||
function_method = 'main'
|
function_method = 'main'
|
||||||
openstack_session = None
|
|
||||||
|
|
||||||
|
|
||||||
@app.route('/download', methods=['POST'])
|
@app.route('/download', methods=['POST'])
|
||||||
|
@ -42,17 +41,11 @@ def download():
|
||||||
function_id = params.get('function_id')
|
function_id = params.get('function_id')
|
||||||
entry = params.get('entry')
|
entry = params.get('entry')
|
||||||
token = params.get('token')
|
token = params.get('token')
|
||||||
auth_url = params.get('auth_url')
|
|
||||||
|
|
||||||
headers = {}
|
headers = {}
|
||||||
if token:
|
if token:
|
||||||
headers = {'X-Auth-Token': token}
|
headers = {'X-Auth-Token': token}
|
||||||
|
|
||||||
# Get openstack session.
|
|
||||||
global openstack_session
|
|
||||||
auth = generic.Token(auth_url=auth_url, token=token)
|
|
||||||
openstack_session = session.Session(auth=auth, verify=False)
|
|
||||||
|
|
||||||
global zip_file
|
global zip_file
|
||||||
zip_file = '%s.zip' % function_id
|
zip_file = '%s.zip' % function_id
|
||||||
|
|
||||||
|
@ -61,6 +54,7 @@ def download():
|
||||||
(download_url, headers, entry)
|
(download_url, headers, entry)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Get function code package from Qinling service.
|
||||||
r = requests.get(download_url, headers=headers, stream=True)
|
r = requests.get(download_url, headers=headers, stream=True)
|
||||||
with open(zip_file, 'wb') as fd:
|
with open(zip_file, 'wb') as fd:
|
||||||
for chunk in r.iter_content(chunk_size=65535):
|
for chunk in r.iter_content(chunk_size=65535):
|
||||||
|
@ -82,10 +76,18 @@ def execute():
|
||||||
global zip_file
|
global zip_file
|
||||||
global function_module
|
global function_module
|
||||||
global function_method
|
global function_method
|
||||||
global openstack_session
|
openstack_session = None
|
||||||
|
|
||||||
|
params = request.get_json() or {}
|
||||||
|
token = params.get('token')
|
||||||
|
auth_url = params.get('auth_url')
|
||||||
|
input = params.get('input') or {}
|
||||||
|
|
||||||
|
if token:
|
||||||
|
auth = generic.Token(auth_url=auth_url, token=token)
|
||||||
|
openstack_session = session.Session(auth=auth, verify=False)
|
||||||
|
|
||||||
context = {'os_session': openstack_session}
|
context = {'os_session': openstack_session}
|
||||||
input = request.get_json() or {}
|
|
||||||
app.logger.debug('Invoking function with input: %s' % input)
|
app.logger.debug('Invoking function with input: %s' % input)
|
||||||
|
|
||||||
start = time.time()
|
start = time.time()
|
||||||
|
|
Loading…
Reference in New Issue