Use auth admin for get_router when building proxy commands
The default proxy command that is generated when use_namespaces is true retrieves the router id from neutron. Because the neutron client uses the service catalog to process the request, admin authentication is needed. Change-Id: Icdd25764017cdf86914650b2b62ac29405b93326 Closes-Bug: #1556173
This commit is contained in:
parent
707828274c
commit
bb4b00085e
@ -163,3 +163,21 @@ def use_os_admin_auth_token(cluster):
|
||||
ctx.auth_token = context.get_auth_token()
|
||||
ctx.service_catalog = json.dumps(
|
||||
keystone.service_catalog_from_auth(ctx.auth_plugin))
|
||||
|
||||
|
||||
def get_os_admin_auth_plugin(cluster):
|
||||
'''Return an admin auth plugin based on the cluster trust id or project
|
||||
|
||||
If a trust id is available for the cluster, then it is used
|
||||
to create an auth plugin scoped to the trust. If not, the
|
||||
project name from the current context is used to scope the
|
||||
auth plugin.
|
||||
|
||||
:param cluster: The id of the cluster to use for trust identification.
|
||||
|
||||
'''
|
||||
ctx = context.current()
|
||||
cluster = conductor.cluster_get(ctx, cluster)
|
||||
if CONF.use_identity_api_v3 and cluster.trust_id:
|
||||
return keystone.auth_for_admin(trust_id=cluster.trust_id)
|
||||
return keystone.auth_for_admin(project_name=ctx.tenant_name)
|
||||
|
@ -123,10 +123,12 @@ class TestInstanceInteropHelper(base.SaharaTestCase):
|
||||
# When use_floating_ips=False and use_namespaces=True, a netcat socket
|
||||
# created with 'ip netns exec qrouter-...' should be used to access
|
||||
# instances.
|
||||
@mock.patch("sahara.service.trusts.get_os_admin_auth_plugin")
|
||||
@mock.patch("sahara.utils.openstack.keystone.token_auth")
|
||||
@mock.patch('sahara.utils.ssh_remote._simple_exec_func')
|
||||
@mock.patch('sahara.utils.ssh_remote.ProxiedHTTPAdapter')
|
||||
def test_use_namespaces(self, p_adapter, p_simple_exec_func, token_auth):
|
||||
def test_use_namespaces(self, p_adapter, p_simple_exec_func, token_auth,
|
||||
use_os_admin):
|
||||
self.override_config('use_floating_ips', False)
|
||||
self.override_config('use_namespaces', True)
|
||||
|
||||
|
@ -59,9 +59,10 @@ class NeutronClient(object):
|
||||
neutron = None
|
||||
routers = {}
|
||||
|
||||
def __init__(self, network, token, tenant_name):
|
||||
def __init__(self, network, token, tenant_name, auth=None):
|
||||
session = sessions.cache().get_session(sessions.SESSION_TYPE_NEUTRON)
|
||||
auth = keystone.token_auth(token=token, project_name=tenant_name)
|
||||
if auth is None:
|
||||
auth = keystone.token_auth(token=token, project_name=tenant_name)
|
||||
self.neutron = neutron_cli.Client('2.0', session=session, auth=auth,
|
||||
region_name=CONF.os_region_name)
|
||||
self.network = network
|
||||
|
@ -54,6 +54,7 @@ from sahara import context
|
||||
from sahara import exceptions as ex
|
||||
from sahara.i18n import _
|
||||
from sahara.i18n import _LE
|
||||
from sahara.service import trusts
|
||||
from sahara.utils import crypto
|
||||
from sahara.utils.openstack import neutron
|
||||
from sahara.utils import procutils
|
||||
@ -594,8 +595,9 @@ class InstanceInteropHelper(remote.Remote):
|
||||
|
||||
# Query Neutron only if needed
|
||||
if '{router_id}' in command:
|
||||
auth = trusts.get_os_admin_auth_plugin(instance.cluster)
|
||||
client = neutron.NeutronClient(info['network'], info['token'],
|
||||
info['tenant'])
|
||||
info['tenant'], auth=auth)
|
||||
keywords['router_id'] = client.get_router()
|
||||
|
||||
keywords['host'] = instance.management_ip
|
||||
|
Loading…
Reference in New Issue
Block a user