openstack/tacker
Code Issues Proposed changes

Fix error in HeatClient uses OAuth2.0 mTLS

Browse Source 
This patch fixes the EndpointNotFound exception thrown by keystone
when HeatClient uses OAuth2.0 mTLS authentication.

Closes-Bug: #2028058
Change-Id: Ic5b4d5fa3ac9f10392859891b436e877deca5670
This commit is contained in:
YiFeng
2023-08-08 11:20:46 +09:00
parent 72573d2f42
commit 9113c65fc7
3 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tacker/sol_refactored/common/http_client.py
View File

@@ -37,7 +37,7 @@ class HttpClient(object):
def __init__(self, auth_handle, version=None,
service_type='nfv-orchestration', connect_retries=None,
timeout=None):
timeout=None, base_url=None):
self.auth_handle = auth_handle
self.version = version
self.service_type = service_type
@@ -45,6 +45,7 @@ class HttpClient(object):
# if a HttpClient user want to use these.
self.connect_retries = connect_retries
self.timeout = timeout
self.base_url = base_url
def do_request(self, url, method, context=None, expected_status=[],
**kwargs):
@@ -70,6 +71,8 @@ class HttpClient(object):
kwargs.setdefault('connect_retries', self.connect_retries)
if self.timeout is not None:
kwargs.setdefault('timeout', self.timeout)
if self.base_url is not None:
kwargs.setdefault('endpoint_override', self.base_url)
session = self.auth_handle.get_session(
self.auth_handle.get_auth(context), self.service_type)

7
tacker/sol_refactored/infra_drivers/openstack/heat_utils.py
View File

@@ -31,14 +31,16 @@ CHECK_INTERVAL = 5
class HeatClient(object):
def __init__(self, vim_info):
base_url = None
if CONF.v2_vnfm.use_oauth2_mtls_for_heat:
auth = http_client.OAuth2MtlsAuthHandle(
endpoint=None,
token_endpoint=vim_info.interfaceInfo['endpoint'],
token_endpoint=vim_info.interfaceInfo['tokenEndpoint'],
client_id=vim_info.accessInfo['username'],
ca_cert=CONF.v2_vnfm.heat_mtls_ca_cert_file,
client_cert=CONF.v2_vnfm.heat_mtls_client_cert_file
)
base_url = vim_info.interfaceInfo['heatEndpoint']
else:
verify = CONF.v2_vnfm.heat_verify_cert
if verify and CONF.v2_vnfm.heat_ca_cert_file:
@@ -54,7 +56,8 @@ class HeatClient(object):
)
self.client = http_client.HttpClient(auth,
service_type='orchestration')
service_type='orchestration',
base_url=base_url)
def create_stack(self, fields, wait=True):
path = "stacks"

10
tacker/tests/unit/sol_refactored/infra_drivers/openstack/test_openstack.py
View File

@@ -3579,7 +3579,7 @@ class TestOpenstack(base.BaseTestCase):
self.driver = openstack.Openstack()
self.context = context.get_admin_context()
CONF.v2_vnfm.default_graceful_termination_timeout = 0
CONF.v2_vnfm.use_oauth2_mtls_for_heat = True
CONF.v2_vnfm.use_oauth2_mtls_for_heat = False
cur_dir = os.path.dirname(__file__)
sample_dir = os.path.join(cur_dir, "../..", "samples")
@@ -4432,7 +4432,7 @@ class TestOpenstack(base.BaseTestCase):
mock_stack_id.return_value = None
# execute
CONF.v2_vnfm.use_oauth2_mtls_for_heat = True
CONF.v2_vnfm.use_oauth2_mtls_for_heat = False
CONF.v2_vnfm.heat_verify_cert = True
self.driver.instantiate(req, inst, grant_req, grant, self.vnfd_1)
@@ -4466,6 +4466,10 @@ class TestOpenstack(base.BaseTestCase):
instantiationState='INSTANTIATED',
vimConnectionInfo=req.vimConnectionInfo
)
inst.vimConnectionInfo['vim1'].interfaceInfo = {
'tokenEndpoint': 'https://host/identity/v3/OS-OAUTH2/token',
'heatEndpoint': 'https://host/heat-api/v1/test_tenant_a'}
grant_req = objects.GrantRequestV1(
operation=fields.LcmOperationType.INSTANTIATE
)
@@ -4475,7 +4479,7 @@ class TestOpenstack(base.BaseTestCase):
mock_template.return_value = _heat_get_template_example
mock_stack_id.return_value = None
CONF.v2_vnfm.use_oauth2_mtls_for_heat = False
CONF.v2_vnfm.use_oauth2_mtls_for_heat = True
CONF.v2_vnfm.heat_verify_cert = True
CONF.v2_vnfm.heat_mtls_ca_cert_file = '/path/to/cacert'
CONF.v2_vnfm.heat_mtls_client_cert_file = '/path/to/clientcert'