openstack/senlin
Code Issues Proposed changes

Rework some interfaces in sdk and keystone_v3 drivers

Browse Source 
Currently, some modules which are not openstack driver will directly
invoke openstack sdk driver to do credential related operations,
e.g. get token, get service user id. This is inappropriate since
openstack sdk driver should only be used by other openstack driver
modules to talk with openstack services. High level modules, like
profile, policy should not directly invoke it. This patch reworks
some interfaces in sdk and keystone_v3 drivers to solve this problem:

1. Adding get_token method in keystone_v3 driver to avoid referring
   sdk access_info directly;
2. Moving get_service_user_id method into keystone_v3 driver from
   sdk driver;

Related test cases are also revised to match this change.

Change-Id: Ia1f79c104bc6a468f02d5ffadc5f08c1832bb0d0
This commit is contained in:
yanyanhu
2015-08-09 22:19:33 -04:00
parent 9431a6da1d
commit d4bcbc3e35
5 changed files with 37 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
senlin/api/middleware/trust.py
View File

@@ -19,7 +19,6 @@ from senlin.common.i18n import _
from senlin.common import wsgi
from senlin.db import api as db_api
from senlin.drivers.openstack import keystone_v3
from senlin.drivers.openstack import sdk
class TrustMiddleware(wsgi.Middleware):
@@ -43,7 +42,7 @@ class TrustMiddleware(wsgi.Middleware):
cred_exists = True
pass
admin_id = sdk.get_service_user_id()
admin_id = keystone_v3.get_service_user_id()
if admin_id is None:
msg = _('Failed checking service user checking.')
raise webob.exc.HTTPInternalServerError(msg)

5
senlin/api/middleware/webhook.py
View File

@@ -19,7 +19,7 @@ from senlin.common import exception as exc
from senlin.common.i18n import _
from senlin.common import utils
from senlin.common import wsgi
from senlin.drivers.openstack import sdk
from senlin.drivers.openstack import keystone_v3
from senlin.engine import webhook as webhook_mod
LOG = logging.getLogger(__name__)
@@ -110,8 +110,7 @@ class WebhookMiddleware(wsgi.Middleware):
:param cred: Rebuilt credential dictionary for authentication.
"""
try:
access_info = sdk.authenticate(**cred)
token = access_info.auth_token
token = keystone_v3.get_token(**cred)
except Exception as ex:
LOG.exception(_('Webhook failed authentication: %s.'),
six.text_type(ex))

29
senlin/drivers/openstack/keystone_v3.py
View File

@@ -173,8 +173,33 @@ def get_service_credentials(**kwargs):
'password': CONF.authentication.service_password,
'auth_url': CONF.authentication.auth_url,
'project_name': CONF.authentication.service_project_name,
'user_domain_name': 'Default',
'project_domain_name': 'Default',
'user_domain_name': cfg.CONF.authentication.service_user_domain,
'project_domain_name': cfg.CONF.authentication.service_project_domain,
}
creds.update(**kwargs)
return creds
def get_service_user_id():
'''Get ID of senlin service user'''
creds = get_service_credentials()
try:
access_info = sdk.authenticate(**creds)
user_id = access_info.user_id
except Exception as ex:
LOG.exception(_('Authentication failure: %s'), six.text_type(ex))
return user_id
def get_token(**creds):
'''Get token using given credential'''
try:
access_info = sdk.authenticate(**creds)
token = access_info.auth_token
except Exception as ex:
LOG.exception(_('Authentication failure: %s'), six.text_type(ex))
return token

22
senlin/drivers/openstack/sdk.py
View File

@@ -14,7 +14,6 @@
SDK Client
'''
import functools
from oslo_config import cfg
from oslo_log import log as logging
import six
@@ -236,24 +235,3 @@ def authenticate(**kwargs):
raise ex
return access_info
def get_service_user_id():
# Convert user name to user ID
params = {
'auth_url': cfg.CONF.authentication.auth_url,
'user_name': cfg.CONF.authentication.service_username,
'password': cfg.CONF.authentication.service_password,
'project_name': cfg.CONF.authentication.service_project_name,
'user_domain_name': cfg.CONF.authentication.service_user_domain,
'project_domain_name': cfg.CONF.authentication.service_project_domain,
}
user_id = None
try:
access_info = authenticate(**params)
user_id = access_info.user_id
except Exception as ex:
LOG.exception(_('Authentication failure: %s'), six.text_type(ex))
return user_id

15
senlin/tests/unit/middleware/test_webhook_middleware.py
View File

@@ -19,7 +19,7 @@ from senlin.api.middleware import webhook as webhook_middleware
from senlin.common import context
from senlin.common import exception
from senlin.common import policy
from senlin.drivers.openstack import sdk
from senlin.drivers.openstack import keystone_v3
from senlin.engine import webhook as webhook_mod
from senlin.tests.unit.common import base
from senlin.tests.unit.common import utils
@@ -155,22 +155,21 @@ class TestWebhookMiddleware(base.SenlinTestCase):
res = self.middleware._get_credential(webhook.id, key)
self.assertEqual(expected_auth_url, res['auth_url'])
@mock.patch.object(sdk, 'authenticate')
def test_get_token_succeeded(self, mock_authenticate):
@mock.patch.object(keystone_v3, 'get_token')
def test_get_token_succeeded(self, mock_get_token):
class FakeAccessInfo(object):
def __init__(self, auth_token):
self.auth_token = auth_token
access_info = FakeAccessInfo('TEST_TOKEN')
mock_authenticate.return_value = access_info
mock_get_token.return_value = 'TEST_TOKEN'
token = self.middleware._get_token(self.credential)
self.assertEqual('TEST_TOKEN', token)
@mock.patch.object(sdk, 'authenticate')
def test_get_token_failed(self, mock_authenticate):
@mock.patch.object(keystone_v3, 'get_token')
def test_get_token_failed(self, mock_get_token):
self.credential['webhook_id'] = 'WEBHOOK_ID'
mock_authenticate.side_effect = Exception()
mock_get_token.side_effect = Exception()
self.assertRaises(exception.Forbidden, self.middleware._get_token,
self.credential)