Move to use only kestone v3 api
Currently Tacker usage a misxture of v2 v3 api, which is suboptimal from both a performance and code-elegance perspective. In this patch we refactor v2 apis from code. Change-Id: I981887f3f5af6356aba45a6d128d3e4b23b10286 Implements: blueprint keystone-v3
This commit is contained in:
parent
1d7cd6f604
commit
c9fee0af8d
@ -283,7 +283,7 @@ function _tacker_setup_keystone {
|
|||||||
# Configures keystone for metadata_agent
|
# Configures keystone for metadata_agent
|
||||||
# metadata_agent needs auth_url to communicate with keystone
|
# metadata_agent needs auth_url to communicate with keystone
|
||||||
if [[ "$use_auth_url" == "True" ]]; then
|
if [[ "$use_auth_url" == "True" ]]; then
|
||||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
|
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
||||||
fi
|
fi
|
||||||
|
|
||||||
create_tacker_cache_dir
|
create_tacker_cache_dir
|
||||||
|
@ -26,9 +26,7 @@ class OpenstackClients(object):
|
|||||||
self.auth_attr = auth_attr
|
self.auth_attr = auth_attr
|
||||||
|
|
||||||
def _keystone_client(self):
|
def _keystone_client(self):
|
||||||
version = self.auth_attr['auth_url'].rpartition('/')[2]
|
return self.keystone_plugin.initialize_client(**self.auth_attr)
|
||||||
return self.keystone_plugin.initialize_client(version,
|
|
||||||
**self.auth_attr)
|
|
||||||
|
|
||||||
def _heat_client(self):
|
def _heat_client(self):
|
||||||
endpoint = self.keystone_session.get_endpoint(
|
endpoint = self.keystone_session.get_endpoint(
|
||||||
|
@ -20,7 +20,6 @@ import yaml
|
|||||||
|
|
||||||
from keystoneauth1 import exceptions
|
from keystoneauth1 import exceptions
|
||||||
from keystoneauth1 import identity
|
from keystoneauth1 import identity
|
||||||
from keystoneauth1.identity import v2
|
|
||||||
from keystoneauth1.identity import v3
|
from keystoneauth1.identity import v3
|
||||||
from keystoneauth1 import session
|
from keystoneauth1 import session
|
||||||
from neutronclient.common import exceptions as nc_exceptions
|
from neutronclient.common import exceptions as nc_exceptions
|
||||||
@ -124,54 +123,32 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
|||||||
keystone_version = NfvoPlugin.validate_keystone_auth_url(
|
keystone_version = NfvoPlugin.validate_keystone_auth_url(
|
||||||
auth_url=auth_url,
|
auth_url=auth_url,
|
||||||
verify=verify)
|
verify=verify)
|
||||||
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
|
auth_cred = self._get_auth_creds(vim_obj, keystone_version)
|
||||||
return self._initialize_keystone(keystone_version, auth_cred)
|
return self._initialize_keystone(auth_cred)
|
||||||
|
|
||||||
def _get_auth_creds(self, keystone_version, vim_obj):
|
def _get_auth_creds(self, vim_obj, keystone_version):
|
||||||
auth_url = vim_obj['auth_url']
|
|
||||||
auth_cred = vim_obj['auth_cred']
|
auth_cred = vim_obj['auth_cred']
|
||||||
vim_project = vim_obj['vim_project']
|
vim_project = vim_obj['vim_project']
|
||||||
|
|
||||||
if keystone_version not in auth_url:
|
|
||||||
vim_obj['auth_url'] = auth_url + '/' + keystone_version
|
|
||||||
if keystone_version == 'v3':
|
|
||||||
auth_cred['project_id'] = vim_project.get('id')
|
auth_cred['project_id'] = vim_project.get('id')
|
||||||
auth_cred['project_name'] = vim_project.get('name')
|
auth_cred['project_name'] = vim_project.get('name')
|
||||||
auth_cred['project_domain_name'] = vim_project.get(
|
auth_cred['project_domain_name'] = vim_project.get(
|
||||||
'project_domain_name')
|
'project_domain_name')
|
||||||
else:
|
|
||||||
auth_cred['tenant_id'] = vim_project.get('id')
|
|
||||||
auth_cred['tenant_name'] = vim_project.get('name')
|
|
||||||
# pop stuff not supported in keystone v2
|
|
||||||
auth_cred.pop('user_domain_name', None)
|
|
||||||
auth_cred.pop('user_id', None)
|
|
||||||
auth_cred['auth_url'] = vim_obj['auth_url']
|
auth_cred['auth_url'] = vim_obj['auth_url']
|
||||||
|
if keystone_version not in auth_cred['auth_url']:
|
||||||
|
auth_cred['auth_url'] = auth_cred['auth_url'] + '/' + \
|
||||||
|
keystone_version
|
||||||
return auth_cred
|
return auth_cred
|
||||||
|
|
||||||
def _get_auth_plugin(self, version, **kwargs):
|
def _get_auth_plugin(self, **kwargs):
|
||||||
if version == 'v2.0':
|
|
||||||
auth_plugin = v2.Password(**kwargs)
|
|
||||||
else:
|
|
||||||
auth_plugin = v3.Password(**kwargs)
|
auth_plugin = v3.Password(**kwargs)
|
||||||
|
|
||||||
return auth_plugin
|
return auth_plugin
|
||||||
|
|
||||||
def _initialize_keystone(self, version, auth):
|
def _initialize_keystone(self, auth):
|
||||||
ks_client = self.keystone.initialize_client(version=version, **auth)
|
ks_client = self.keystone.initialize_client(**auth)
|
||||||
return ks_client
|
return ks_client
|
||||||
|
|
||||||
def _find_regions(self, ks_client):
|
def _find_regions(self, ks_client):
|
||||||
if ks_client.version == 'v2.0':
|
|
||||||
service_list = ks_client.services.list()
|
|
||||||
heat_service_id = None
|
|
||||||
for service in service_list:
|
|
||||||
if service.type == 'orchestration':
|
|
||||||
heat_service_id = service.id
|
|
||||||
endpoints_list = ks_client.endpoints.list()
|
|
||||||
region_list = [endpoint.region for endpoint in
|
|
||||||
endpoints_list if endpoint.service_id ==
|
|
||||||
heat_service_id]
|
|
||||||
else:
|
|
||||||
region_info = ks_client.regions.list()
|
region_info = ks_client.regions.list()
|
||||||
region_list = [region.id for region in region_info]
|
region_list = [region.id for region in region_info]
|
||||||
return region_list
|
return region_list
|
||||||
@ -336,8 +313,8 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
|||||||
keystone_version = NfvoPlugin.validate_keystone_auth_url(
|
keystone_version = NfvoPlugin.validate_keystone_auth_url(
|
||||||
auth_url=auth_url,
|
auth_url=auth_url,
|
||||||
verify=verify)
|
verify=verify)
|
||||||
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
|
auth_cred = self._get_auth_creds(vim_obj, keystone_version)
|
||||||
auth_plugin = self._get_auth_plugin(keystone_version, **auth_cred)
|
auth_plugin = self._get_auth_plugin(**auth_cred)
|
||||||
sess = session.Session(auth=auth_plugin)
|
sess = session.Session(auth=auth_plugin)
|
||||||
return client_type(session=sess)
|
return client_type(session=sess)
|
||||||
|
|
||||||
@ -735,7 +712,7 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
|||||||
raise EnvironmentError('auth dict required for'
|
raise EnvironmentError('auth dict required for'
|
||||||
' mistral workflow driver')
|
' mistral workflow driver')
|
||||||
return mistral_client.MistralClient(
|
return mistral_client.MistralClient(
|
||||||
keystone.Keystone().initialize_client('2', **auth_dict),
|
keystone.Keystone().initialize_client(**auth_dict),
|
||||||
auth_dict['token']).get_client()
|
auth_dict['token']).get_client()
|
||||||
|
|
||||||
def prepare_and_create_workflow(self, resource, action,
|
def prepare_and_create_workflow(self, resource, action,
|
||||||
|
@ -117,6 +117,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin,
|
|||||||
LOG.debug('Create vim called with parameters %s',
|
LOG.debug('Create vim called with parameters %s',
|
||||||
strutils.mask_password(vim))
|
strutils.mask_password(vim))
|
||||||
vim_obj = vim['vim']
|
vim_obj = vim['vim']
|
||||||
|
vim_obj['auth_url'] = utils.get_auth_url_v3(vim_obj['auth_url'])
|
||||||
vim_type = vim_obj['type']
|
vim_type = vim_obj['type']
|
||||||
vim_obj['id'] = uuidutils.generate_uuid()
|
vim_obj['id'] = uuidutils.generate_uuid()
|
||||||
vim_obj['status'] = 'PENDING'
|
vim_obj['status'] = 'PENDING'
|
||||||
|
@ -27,7 +27,7 @@ LOG = logging.getLogger(__name__)
|
|||||||
|
|
||||||
def get_mistral_client(auth_dict):
|
def get_mistral_client(auth_dict):
|
||||||
return mistral_client.MistralClient(
|
return mistral_client.MistralClient(
|
||||||
keystone.Keystone().initialize_client('2', **auth_dict),
|
keystone.Keystone().initialize_client(**auth_dict),
|
||||||
auth_dict['token']).get_client()
|
auth_dict['token']).get_client()
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,9 +25,7 @@ class OpenstackClients(object):
|
|||||||
self.auth_attr = auth_attr
|
self.auth_attr = auth_attr
|
||||||
|
|
||||||
def _keystone_client(self):
|
def _keystone_client(self):
|
||||||
version = self.auth_attr['auth_url'].rpartition('/')[2]
|
return self.keystone_plugin.initialize_client(**self.auth_attr)
|
||||||
return self.keystone_plugin.initialize_client(version,
|
|
||||||
**self.auth_attr)
|
|
||||||
|
|
||||||
def _heat_client(self):
|
def _heat_client(self):
|
||||||
endpoint = self.keystone_session.get_endpoint(
|
endpoint = self.keystone_session.get_endpoint(
|
||||||
|
@ -47,10 +47,9 @@ class Keystone(object):
|
|||||||
def get_endpoint(self, ses, service_type, region_name=None):
|
def get_endpoint(self, ses, service_type, region_name=None):
|
||||||
return ses.get_endpoint(service_type, region_name)
|
return ses.get_endpoint(service_type, region_name)
|
||||||
|
|
||||||
def initialize_client(self, version, **kwargs):
|
def initialize_client(self, **kwargs):
|
||||||
from keystoneclient.v3 import client
|
|
||||||
verify = 'True' == kwargs.pop('cert_verify', 'False')
|
verify = 'True' == kwargs.pop('cert_verify', 'False')
|
||||||
auth_plugin = v3.Password(**kwargs)
|
auth_plugin = v3.Password(**kwargs)
|
||||||
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
||||||
cli = client.Client(session=ses)
|
cli = client.Client('v3', session=ses)
|
||||||
return cli
|
return cli
|
||||||
|
@ -110,10 +110,6 @@ class VimTestCreate(base.BaseTackerTest):
|
|||||||
"List of VIM events are Empty")
|
"List of VIM events are Empty")
|
||||||
self.assertEqual(cnt, len(vim_evt_list['vim_events']))
|
self.assertEqual(cnt, len(vim_evt_list['vim_events']))
|
||||||
|
|
||||||
def verify_vim_v2(self, vim_instance, config_data):
|
|
||||||
self.assertEqual(config_data['project_name'],
|
|
||||||
vim_instance['auth_cred']['tenant_name'])
|
|
||||||
|
|
||||||
def verify_vim_v3(self, vim_instance, config_data):
|
def verify_vim_v3(self, vim_instance, config_data):
|
||||||
self.assertEqual(config_data['project_name'],
|
self.assertEqual(config_data['project_name'],
|
||||||
vim_instance['auth_cred']['project_name'])
|
vim_instance['auth_cred']['project_name'])
|
||||||
@ -135,10 +131,7 @@ class VimTestCreate(base.BaseTackerTest):
|
|||||||
project_name = data['project_name']
|
project_name = data['project_name']
|
||||||
auth_url = data['auth_url']
|
auth_url = data['auth_url']
|
||||||
if version:
|
if version:
|
||||||
if ('v2' == version and (not auth_url.endswith("/v2.0") or
|
if (not auth_url.endswith("/v3") or
|
||||||
not auth_url.endswith("/v2.0/"))):
|
|
||||||
auth_url += "/v2.0"
|
|
||||||
elif (not auth_url.endswith("/v3") or
|
|
||||||
not auth_url.endswith("/v3/")):
|
not auth_url.endswith("/v3/")):
|
||||||
auth_url += "/v3"
|
auth_url += "/v3"
|
||||||
domain_name = data.get('domain_name', None)
|
domain_name = data.get('domain_name', None)
|
||||||
|
@ -130,31 +130,12 @@ class TestOpenstack_Driver(base.TestCase):
|
|||||||
regions = [mock_dict({'id': 'RegionOne'})]
|
regions = [mock_dict({'id': 'RegionOne'})]
|
||||||
attrs = {'regions.list.return_value': regions}
|
attrs = {'regions.list.return_value': regions}
|
||||||
keystone_version = 'v3'
|
keystone_version = 'v3'
|
||||||
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
|
mock_ks_client = mock.Mock(**attrs)
|
||||||
self.keystone.get_version.return_value = keystone_version
|
self.keystone.get_version.return_value = keystone_version
|
||||||
self._test_register_vim(self.vim_obj, mock_ks_client)
|
self._test_register_vim(self.vim_obj, mock_ks_client)
|
||||||
mock_ks_client.regions.list.assert_called_once_with()
|
mock_ks_client.regions.list.assert_called_once_with()
|
||||||
self.keystone.initialize_client.assert_called_once_with(
|
self.keystone.initialize_client.assert_called_once_with(
|
||||||
version=keystone_version, **self.auth_obj)
|
**self.auth_obj)
|
||||||
|
|
||||||
def test_register_keystone_v2(self):
|
|
||||||
services_list = [mock_dict({'type': 'orchestration', 'id':
|
|
||||||
'test_id'})]
|
|
||||||
endpoints_regions = mock_dict({'region': 'RegionOne'})
|
|
||||||
endpoints_list = [mock_dict({'service_id': 'test_id', 'regions':
|
|
||||||
endpoints_regions})]
|
|
||||||
attrs = {'endpoints.list.return_value': endpoints_list,
|
|
||||||
'services.list.return_value': services_list}
|
|
||||||
keystone_version = 'v2.0'
|
|
||||||
mock_ks_client = mock.Mock(version='v2.0', **attrs)
|
|
||||||
self.keystone.get_version.return_value = keystone_version
|
|
||||||
auth_obj = {'tenant_name': 'test_project', 'username': 'test_user',
|
|
||||||
'password': 'test_password', 'cert_verify': 'True',
|
|
||||||
'auth_url': 'http://localhost/identity/v2.0',
|
|
||||||
'tenant_id': None}
|
|
||||||
self._test_register_vim(self.vim_obj, mock_ks_client)
|
|
||||||
self.keystone.initialize_client.assert_called_once_with(
|
|
||||||
version=keystone_version, **auth_obj)
|
|
||||||
|
|
||||||
def _test_register_vim(self, vim_obj, mock_ks_client):
|
def _test_register_vim(self, vim_obj, mock_ks_client):
|
||||||
self.keystone.initialize_client.return_value = mock_ks_client
|
self.keystone.initialize_client.return_value = mock_ks_client
|
||||||
@ -220,15 +201,15 @@ class TestOpenstack_Driver(base.TestCase):
|
|||||||
|
|
||||||
def _test_register_vim_auth(self, attrs):
|
def _test_register_vim_auth(self, attrs):
|
||||||
keystone_version = 'v3'
|
keystone_version = 'v3'
|
||||||
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
|
|
||||||
self.keystone.get_version.return_value = keystone_version
|
self.keystone.get_version.return_value = keystone_version
|
||||||
|
mock_ks_client = mock.Mock(**attrs)
|
||||||
self.keystone.initialize_client.return_value = mock_ks_client
|
self.keystone.initialize_client.return_value = mock_ks_client
|
||||||
self.assertRaises(nfvo.VimUnauthorizedException,
|
self.assertRaises(nfvo.VimUnauthorizedException,
|
||||||
self.openstack_driver.register_vim,
|
self.openstack_driver.register_vim,
|
||||||
self.vim_obj)
|
self.vim_obj)
|
||||||
mock_ks_client.regions.list.assert_called_once_with()
|
mock_ks_client.regions.list.assert_called_once_with()
|
||||||
self.keystone.initialize_client.assert_called_once_with(
|
self.keystone.initialize_client.assert_called_once_with(
|
||||||
version=keystone_version, **self.auth_obj)
|
**self.auth_obj)
|
||||||
|
|
||||||
def test_get_vim_resource_id(self):
|
def test_get_vim_resource_id(self):
|
||||||
resource_type = 'network'
|
resource_type = 'network'
|
||||||
|
@ -25,6 +25,7 @@ from oslo_config import cfg
|
|||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
|
||||||
|
DEFAULT_IDENTITY_VERSION = "v3"
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
|
||||||
@ -51,22 +52,14 @@ class Keystone(object):
|
|||||||
def get_endpoint(self, ses, service_type, region_name=None):
|
def get_endpoint(self, ses, service_type, region_name=None):
|
||||||
return ses.get_endpoint(service_type, region_name)
|
return ses.get_endpoint(service_type, region_name)
|
||||||
|
|
||||||
def initialize_client(self, version, **kwargs):
|
def initialize_client(self, **kwargs):
|
||||||
verify = 'True' == kwargs.pop('cert_verify', 'True') or False
|
verify = 'True' == kwargs.pop('cert_verify', 'True') or False
|
||||||
if version == 'v2.0':
|
|
||||||
from keystoneclient.v2_0 import client
|
|
||||||
if 'token' in kwargs:
|
|
||||||
auth_plugin = identity.v2.Token(**kwargs)
|
|
||||||
else:
|
|
||||||
auth_plugin = identity.v2.Password(**kwargs)
|
|
||||||
else:
|
|
||||||
from keystoneclient.v3 import client
|
|
||||||
if 'token' in kwargs:
|
if 'token' in kwargs:
|
||||||
auth_plugin = identity.v3.Token(**kwargs)
|
auth_plugin = identity.v3.Token(**kwargs)
|
||||||
else:
|
else:
|
||||||
auth_plugin = identity.v3.Password(**kwargs)
|
auth_plugin = identity.v3.Password(**kwargs)
|
||||||
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
||||||
cli = client.Client(session=ses)
|
cli = client.Client(DEFAULT_IDENTITY_VERSION, session=ses)
|
||||||
return cli
|
return cli
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
Loading…
Reference in New Issue
Block a user