diff --git a/senlin/api/middleware/trust.py b/senlin/api/middleware/trust.py index a1d5835d0..afdc260ef 100644 --- a/senlin/api/middleware/trust.py +++ b/senlin/api/middleware/trust.py @@ -19,7 +19,6 @@ from senlin.common.i18n import _ from senlin.common import wsgi from senlin.db import api as db_api from senlin.drivers.openstack import keystone_v3 -from senlin.drivers.openstack import sdk class TrustMiddleware(wsgi.Middleware): @@ -43,7 +42,7 @@ class TrustMiddleware(wsgi.Middleware): cred_exists = True pass - admin_id = sdk.get_service_user_id() + admin_id = keystone_v3.get_service_user_id() if admin_id is None: msg = _('Failed checking service user checking.') raise webob.exc.HTTPInternalServerError(msg) diff --git a/senlin/api/middleware/webhook.py b/senlin/api/middleware/webhook.py index 85778906f..4f435db51 100644 --- a/senlin/api/middleware/webhook.py +++ b/senlin/api/middleware/webhook.py @@ -19,7 +19,7 @@ from senlin.common import exception as exc from senlin.common.i18n import _ from senlin.common import utils from senlin.common import wsgi -from senlin.drivers.openstack import sdk +from senlin.drivers.openstack import keystone_v3 from senlin.engine import webhook as webhook_mod LOG = logging.getLogger(__name__) @@ -110,8 +110,7 @@ class WebhookMiddleware(wsgi.Middleware): :param cred: Rebuilt credential dictionary for authentication. """ try: - access_info = sdk.authenticate(**cred) - token = access_info.auth_token + token = keystone_v3.get_token(**cred) except Exception as ex: LOG.exception(_('Webhook failed authentication: %s.'), six.text_type(ex)) diff --git a/senlin/drivers/openstack/keystone_v3.py b/senlin/drivers/openstack/keystone_v3.py index 154fa147e..c3e364010 100644 --- a/senlin/drivers/openstack/keystone_v3.py +++ b/senlin/drivers/openstack/keystone_v3.py @@ -173,8 +173,33 @@ def get_service_credentials(**kwargs): 'password': CONF.authentication.service_password, 'auth_url': CONF.authentication.auth_url, 'project_name': CONF.authentication.service_project_name, - 'user_domain_name': 'Default', - 'project_domain_name': 'Default', + 'user_domain_name': cfg.CONF.authentication.service_user_domain, + 'project_domain_name': cfg.CONF.authentication.service_project_domain, } creds.update(**kwargs) return creds + + +def get_service_user_id(): + '''Get ID of senlin service user''' + creds = get_service_credentials() + + try: + access_info = sdk.authenticate(**creds) + user_id = access_info.user_id + except Exception as ex: + LOG.exception(_('Authentication failure: %s'), six.text_type(ex)) + + return user_id + + +def get_token(**creds): + '''Get token using given credential''' + + try: + access_info = sdk.authenticate(**creds) + token = access_info.auth_token + except Exception as ex: + LOG.exception(_('Authentication failure: %s'), six.text_type(ex)) + + return token diff --git a/senlin/drivers/openstack/sdk.py b/senlin/drivers/openstack/sdk.py index 31ae311f6..9c1258030 100644 --- a/senlin/drivers/openstack/sdk.py +++ b/senlin/drivers/openstack/sdk.py @@ -14,7 +14,6 @@ SDK Client ''' import functools -from oslo_config import cfg from oslo_log import log as logging import six @@ -236,24 +235,3 @@ def authenticate(**kwargs): raise ex return access_info - - -def get_service_user_id(): - # Convert user name to user ID - params = { - 'auth_url': cfg.CONF.authentication.auth_url, - 'user_name': cfg.CONF.authentication.service_username, - 'password': cfg.CONF.authentication.service_password, - 'project_name': cfg.CONF.authentication.service_project_name, - 'user_domain_name': cfg.CONF.authentication.service_user_domain, - 'project_domain_name': cfg.CONF.authentication.service_project_domain, - } - - user_id = None - try: - access_info = authenticate(**params) - user_id = access_info.user_id - except Exception as ex: - LOG.exception(_('Authentication failure: %s'), six.text_type(ex)) - - return user_id diff --git a/senlin/tests/unit/middleware/test_webhook_middleware.py b/senlin/tests/unit/middleware/test_webhook_middleware.py index 114e4dce6..41fb301cf 100644 --- a/senlin/tests/unit/middleware/test_webhook_middleware.py +++ b/senlin/tests/unit/middleware/test_webhook_middleware.py @@ -19,7 +19,7 @@ from senlin.api.middleware import webhook as webhook_middleware from senlin.common import context from senlin.common import exception from senlin.common import policy -from senlin.drivers.openstack import sdk +from senlin.drivers.openstack import keystone_v3 from senlin.engine import webhook as webhook_mod from senlin.tests.unit.common import base from senlin.tests.unit.common import utils @@ -155,22 +155,21 @@ class TestWebhookMiddleware(base.SenlinTestCase): res = self.middleware._get_credential(webhook.id, key) self.assertEqual(expected_auth_url, res['auth_url']) - @mock.patch.object(sdk, 'authenticate') - def test_get_token_succeeded(self, mock_authenticate): + @mock.patch.object(keystone_v3, 'get_token') + def test_get_token_succeeded(self, mock_get_token): class FakeAccessInfo(object): def __init__(self, auth_token): self.auth_token = auth_token - access_info = FakeAccessInfo('TEST_TOKEN') - mock_authenticate.return_value = access_info + mock_get_token.return_value = 'TEST_TOKEN' token = self.middleware._get_token(self.credential) self.assertEqual('TEST_TOKEN', token) - @mock.patch.object(sdk, 'authenticate') - def test_get_token_failed(self, mock_authenticate): + @mock.patch.object(keystone_v3, 'get_token') + def test_get_token_failed(self, mock_get_token): self.credential['webhook_id'] = 'WEBHOOK_ID' - mock_authenticate.side_effect = Exception() + mock_get_token.side_effect = Exception() self.assertRaises(exception.Forbidden, self.middleware._get_token, self.credential)