Move to use only kestone v3 api

Currently Tacker usage a misxture of v2 v3 api, which is suboptimal
from both a performance and code-elegance perspective. In this patch
we refactor v2 apis from code.

Change-Id: I981887f3f5af6356aba45a6d128d3e4b23b10286
Implements: blueprint keystone-v3
This commit is contained in:
dharmendra 2019-01-23 13:40:48 +00:00 committed by dharmendra kushwaha
parent 1d7cd6f604
commit c9fee0af8d
10 changed files with 38 additions and 98 deletions

View File

@ -283,7 +283,7 @@ function _tacker_setup_keystone {
# Configures keystone for metadata_agent # Configures keystone for metadata_agent
# metadata_agent needs auth_url to communicate with keystone # metadata_agent needs auth_url to communicate with keystone
if [[ "$use_auth_url" == "True" ]]; then if [[ "$use_auth_url" == "True" ]]; then
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0 iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
fi fi
create_tacker_cache_dir create_tacker_cache_dir

View File

@ -26,9 +26,7 @@ class OpenstackClients(object):
self.auth_attr = auth_attr self.auth_attr = auth_attr
def _keystone_client(self): def _keystone_client(self):
version = self.auth_attr['auth_url'].rpartition('/')[2] return self.keystone_plugin.initialize_client(**self.auth_attr)
return self.keystone_plugin.initialize_client(version,
**self.auth_attr)
def _heat_client(self): def _heat_client(self):
endpoint = self.keystone_session.get_endpoint( endpoint = self.keystone_session.get_endpoint(

View File

@ -20,7 +20,6 @@ import yaml
from keystoneauth1 import exceptions from keystoneauth1 import exceptions
from keystoneauth1 import identity from keystoneauth1 import identity
from keystoneauth1.identity import v2
from keystoneauth1.identity import v3 from keystoneauth1.identity import v3
from keystoneauth1 import session from keystoneauth1 import session
from neutronclient.common import exceptions as nc_exceptions from neutronclient.common import exceptions as nc_exceptions
@ -124,54 +123,32 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
keystone_version = NfvoPlugin.validate_keystone_auth_url( keystone_version = NfvoPlugin.validate_keystone_auth_url(
auth_url=auth_url, auth_url=auth_url,
verify=verify) verify=verify)
auth_cred = self._get_auth_creds(keystone_version, vim_obj) auth_cred = self._get_auth_creds(vim_obj, keystone_version)
return self._initialize_keystone(keystone_version, auth_cred) return self._initialize_keystone(auth_cred)
def _get_auth_creds(self, keystone_version, vim_obj): def _get_auth_creds(self, vim_obj, keystone_version):
auth_url = vim_obj['auth_url']
auth_cred = vim_obj['auth_cred'] auth_cred = vim_obj['auth_cred']
vim_project = vim_obj['vim_project'] vim_project = vim_obj['vim_project']
if keystone_version not in auth_url:
vim_obj['auth_url'] = auth_url + '/' + keystone_version
if keystone_version == 'v3':
auth_cred['project_id'] = vim_project.get('id') auth_cred['project_id'] = vim_project.get('id')
auth_cred['project_name'] = vim_project.get('name') auth_cred['project_name'] = vim_project.get('name')
auth_cred['project_domain_name'] = vim_project.get( auth_cred['project_domain_name'] = vim_project.get(
'project_domain_name') 'project_domain_name')
else:
auth_cred['tenant_id'] = vim_project.get('id')
auth_cred['tenant_name'] = vim_project.get('name')
# pop stuff not supported in keystone v2
auth_cred.pop('user_domain_name', None)
auth_cred.pop('user_id', None)
auth_cred['auth_url'] = vim_obj['auth_url'] auth_cred['auth_url'] = vim_obj['auth_url']
if keystone_version not in auth_cred['auth_url']:
auth_cred['auth_url'] = auth_cred['auth_url'] + '/' + \
keystone_version
return auth_cred return auth_cred
def _get_auth_plugin(self, version, **kwargs): def _get_auth_plugin(self, **kwargs):
if version == 'v2.0':
auth_plugin = v2.Password(**kwargs)
else:
auth_plugin = v3.Password(**kwargs) auth_plugin = v3.Password(**kwargs)
return auth_plugin return auth_plugin
def _initialize_keystone(self, version, auth): def _initialize_keystone(self, auth):
ks_client = self.keystone.initialize_client(version=version, **auth) ks_client = self.keystone.initialize_client(**auth)
return ks_client return ks_client
def _find_regions(self, ks_client): def _find_regions(self, ks_client):
if ks_client.version == 'v2.0':
service_list = ks_client.services.list()
heat_service_id = None
for service in service_list:
if service.type == 'orchestration':
heat_service_id = service.id
endpoints_list = ks_client.endpoints.list()
region_list = [endpoint.region for endpoint in
endpoints_list if endpoint.service_id ==
heat_service_id]
else:
region_info = ks_client.regions.list() region_info = ks_client.regions.list()
region_list = [region.id for region in region_info] region_list = [region.id for region in region_info]
return region_list return region_list
@ -336,8 +313,8 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
keystone_version = NfvoPlugin.validate_keystone_auth_url( keystone_version = NfvoPlugin.validate_keystone_auth_url(
auth_url=auth_url, auth_url=auth_url,
verify=verify) verify=verify)
auth_cred = self._get_auth_creds(keystone_version, vim_obj) auth_cred = self._get_auth_creds(vim_obj, keystone_version)
auth_plugin = self._get_auth_plugin(keystone_version, **auth_cred) auth_plugin = self._get_auth_plugin(**auth_cred)
sess = session.Session(auth=auth_plugin) sess = session.Session(auth=auth_plugin)
return client_type(session=sess) return client_type(session=sess)
@ -735,7 +712,7 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
raise EnvironmentError('auth dict required for' raise EnvironmentError('auth dict required for'
' mistral workflow driver') ' mistral workflow driver')
return mistral_client.MistralClient( return mistral_client.MistralClient(
keystone.Keystone().initialize_client('2', **auth_dict), keystone.Keystone().initialize_client(**auth_dict),
auth_dict['token']).get_client() auth_dict['token']).get_client()
def prepare_and_create_workflow(self, resource, action, def prepare_and_create_workflow(self, resource, action,

View File

@ -117,6 +117,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin,
LOG.debug('Create vim called with parameters %s', LOG.debug('Create vim called with parameters %s',
strutils.mask_password(vim)) strutils.mask_password(vim))
vim_obj = vim['vim'] vim_obj = vim['vim']
vim_obj['auth_url'] = utils.get_auth_url_v3(vim_obj['auth_url'])
vim_type = vim_obj['type'] vim_type = vim_obj['type']
vim_obj['id'] = uuidutils.generate_uuid() vim_obj['id'] = uuidutils.generate_uuid()
vim_obj['status'] = 'PENDING' vim_obj['status'] = 'PENDING'

View File

@ -27,7 +27,7 @@ LOG = logging.getLogger(__name__)
def get_mistral_client(auth_dict): def get_mistral_client(auth_dict):
return mistral_client.MistralClient( return mistral_client.MistralClient(
keystone.Keystone().initialize_client('2', **auth_dict), keystone.Keystone().initialize_client(**auth_dict),
auth_dict['token']).get_client() auth_dict['token']).get_client()

View File

@ -25,9 +25,7 @@ class OpenstackClients(object):
self.auth_attr = auth_attr self.auth_attr = auth_attr
def _keystone_client(self): def _keystone_client(self):
version = self.auth_attr['auth_url'].rpartition('/')[2] return self.keystone_plugin.initialize_client(**self.auth_attr)
return self.keystone_plugin.initialize_client(version,
**self.auth_attr)
def _heat_client(self): def _heat_client(self):
endpoint = self.keystone_session.get_endpoint( endpoint = self.keystone_session.get_endpoint(

View File

@ -47,10 +47,9 @@ class Keystone(object):
def get_endpoint(self, ses, service_type, region_name=None): def get_endpoint(self, ses, service_type, region_name=None):
return ses.get_endpoint(service_type, region_name) return ses.get_endpoint(service_type, region_name)
def initialize_client(self, version, **kwargs): def initialize_client(self, **kwargs):
from keystoneclient.v3 import client
verify = 'True' == kwargs.pop('cert_verify', 'False') verify = 'True' == kwargs.pop('cert_verify', 'False')
auth_plugin = v3.Password(**kwargs) auth_plugin = v3.Password(**kwargs)
ses = self.get_session(auth_plugin=auth_plugin, verify=verify) ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
cli = client.Client(session=ses) cli = client.Client('v3', session=ses)
return cli return cli

View File

@ -110,10 +110,6 @@ class VimTestCreate(base.BaseTackerTest):
"List of VIM events are Empty") "List of VIM events are Empty")
self.assertEqual(cnt, len(vim_evt_list['vim_events'])) self.assertEqual(cnt, len(vim_evt_list['vim_events']))
def verify_vim_v2(self, vim_instance, config_data):
self.assertEqual(config_data['project_name'],
vim_instance['auth_cred']['tenant_name'])
def verify_vim_v3(self, vim_instance, config_data): def verify_vim_v3(self, vim_instance, config_data):
self.assertEqual(config_data['project_name'], self.assertEqual(config_data['project_name'],
vim_instance['auth_cred']['project_name']) vim_instance['auth_cred']['project_name'])
@ -135,10 +131,7 @@ class VimTestCreate(base.BaseTackerTest):
project_name = data['project_name'] project_name = data['project_name']
auth_url = data['auth_url'] auth_url = data['auth_url']
if version: if version:
if ('v2' == version and (not auth_url.endswith("/v2.0") or if (not auth_url.endswith("/v3") or
not auth_url.endswith("/v2.0/"))):
auth_url += "/v2.0"
elif (not auth_url.endswith("/v3") or
not auth_url.endswith("/v3/")): not auth_url.endswith("/v3/")):
auth_url += "/v3" auth_url += "/v3"
domain_name = data.get('domain_name', None) domain_name = data.get('domain_name', None)

View File

@ -130,31 +130,12 @@ class TestOpenstack_Driver(base.TestCase):
regions = [mock_dict({'id': 'RegionOne'})] regions = [mock_dict({'id': 'RegionOne'})]
attrs = {'regions.list.return_value': regions} attrs = {'regions.list.return_value': regions}
keystone_version = 'v3' keystone_version = 'v3'
mock_ks_client = mock.Mock(version=keystone_version, **attrs) mock_ks_client = mock.Mock(**attrs)
self.keystone.get_version.return_value = keystone_version self.keystone.get_version.return_value = keystone_version
self._test_register_vim(self.vim_obj, mock_ks_client) self._test_register_vim(self.vim_obj, mock_ks_client)
mock_ks_client.regions.list.assert_called_once_with() mock_ks_client.regions.list.assert_called_once_with()
self.keystone.initialize_client.assert_called_once_with( self.keystone.initialize_client.assert_called_once_with(
version=keystone_version, **self.auth_obj) **self.auth_obj)
def test_register_keystone_v2(self):
services_list = [mock_dict({'type': 'orchestration', 'id':
'test_id'})]
endpoints_regions = mock_dict({'region': 'RegionOne'})
endpoints_list = [mock_dict({'service_id': 'test_id', 'regions':
endpoints_regions})]
attrs = {'endpoints.list.return_value': endpoints_list,
'services.list.return_value': services_list}
keystone_version = 'v2.0'
mock_ks_client = mock.Mock(version='v2.0', **attrs)
self.keystone.get_version.return_value = keystone_version
auth_obj = {'tenant_name': 'test_project', 'username': 'test_user',
'password': 'test_password', 'cert_verify': 'True',
'auth_url': 'http://localhost/identity/v2.0',
'tenant_id': None}
self._test_register_vim(self.vim_obj, mock_ks_client)
self.keystone.initialize_client.assert_called_once_with(
version=keystone_version, **auth_obj)
def _test_register_vim(self, vim_obj, mock_ks_client): def _test_register_vim(self, vim_obj, mock_ks_client):
self.keystone.initialize_client.return_value = mock_ks_client self.keystone.initialize_client.return_value = mock_ks_client
@ -220,15 +201,15 @@ class TestOpenstack_Driver(base.TestCase):
def _test_register_vim_auth(self, attrs): def _test_register_vim_auth(self, attrs):
keystone_version = 'v3' keystone_version = 'v3'
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
self.keystone.get_version.return_value = keystone_version self.keystone.get_version.return_value = keystone_version
mock_ks_client = mock.Mock(**attrs)
self.keystone.initialize_client.return_value = mock_ks_client self.keystone.initialize_client.return_value = mock_ks_client
self.assertRaises(nfvo.VimUnauthorizedException, self.assertRaises(nfvo.VimUnauthorizedException,
self.openstack_driver.register_vim, self.openstack_driver.register_vim,
self.vim_obj) self.vim_obj)
mock_ks_client.regions.list.assert_called_once_with() mock_ks_client.regions.list.assert_called_once_with()
self.keystone.initialize_client.assert_called_once_with( self.keystone.initialize_client.assert_called_once_with(
version=keystone_version, **self.auth_obj) **self.auth_obj)
def test_get_vim_resource_id(self): def test_get_vim_resource_id(self):
resource_type = 'network' resource_type = 'network'

View File

@ -25,6 +25,7 @@ from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
DEFAULT_IDENTITY_VERSION = "v3"
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
CONF = cfg.CONF CONF = cfg.CONF
@ -51,22 +52,14 @@ class Keystone(object):
def get_endpoint(self, ses, service_type, region_name=None): def get_endpoint(self, ses, service_type, region_name=None):
return ses.get_endpoint(service_type, region_name) return ses.get_endpoint(service_type, region_name)
def initialize_client(self, version, **kwargs): def initialize_client(self, **kwargs):
verify = 'True' == kwargs.pop('cert_verify', 'True') or False verify = 'True' == kwargs.pop('cert_verify', 'True') or False
if version == 'v2.0':
from keystoneclient.v2_0 import client
if 'token' in kwargs:
auth_plugin = identity.v2.Token(**kwargs)
else:
auth_plugin = identity.v2.Password(**kwargs)
else:
from keystoneclient.v3 import client
if 'token' in kwargs: if 'token' in kwargs:
auth_plugin = identity.v3.Token(**kwargs) auth_plugin = identity.v3.Token(**kwargs)
else: else:
auth_plugin = identity.v3.Password(**kwargs) auth_plugin = identity.v3.Password(**kwargs)
ses = self.get_session(auth_plugin=auth_plugin, verify=verify) ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
cli = client.Client(session=ses) cli = client.Client(DEFAULT_IDENTITY_VERSION, session=ses)
return cli return cli
@staticmethod @staticmethod