Move to use only kestone v3 api

Currently Tacker usage a misxture of v2 v3 api, which is suboptimal
from both a performance and code-elegance perspective. In this patch
we refactor v2 apis from code.

Change-Id: I981887f3f5af6356aba45a6d128d3e4b23b10286
Implements: blueprint keystone-v3
This commit is contained in:
dharmendra 2019-01-23 13:40:48 +00:00 committed by dharmendra kushwaha
parent 1d7cd6f604
commit c9fee0af8d
10 changed files with 38 additions and 98 deletions

View File

@ -283,7 +283,7 @@ function _tacker_setup_keystone {
# Configures keystone for metadata_agent
# metadata_agent needs auth_url to communicate with keystone
if [[ "$use_auth_url" == "True" ]]; then
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
fi
create_tacker_cache_dir

View File

@ -26,9 +26,7 @@ class OpenstackClients(object):
self.auth_attr = auth_attr
def _keystone_client(self):
version = self.auth_attr['auth_url'].rpartition('/')[2]
return self.keystone_plugin.initialize_client(version,
**self.auth_attr)
return self.keystone_plugin.initialize_client(**self.auth_attr)
def _heat_client(self):
endpoint = self.keystone_session.get_endpoint(

View File

@ -20,7 +20,6 @@ import yaml
from keystoneauth1 import exceptions
from keystoneauth1 import identity
from keystoneauth1.identity import v2
from keystoneauth1.identity import v3
from keystoneauth1 import session
from neutronclient.common import exceptions as nc_exceptions
@ -124,54 +123,32 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
keystone_version = NfvoPlugin.validate_keystone_auth_url(
auth_url=auth_url,
verify=verify)
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
return self._initialize_keystone(keystone_version, auth_cred)
auth_cred = self._get_auth_creds(vim_obj, keystone_version)
return self._initialize_keystone(auth_cred)
def _get_auth_creds(self, keystone_version, vim_obj):
auth_url = vim_obj['auth_url']
def _get_auth_creds(self, vim_obj, keystone_version):
auth_cred = vim_obj['auth_cred']
vim_project = vim_obj['vim_project']
if keystone_version not in auth_url:
vim_obj['auth_url'] = auth_url + '/' + keystone_version
if keystone_version == 'v3':
auth_cred['project_id'] = vim_project.get('id')
auth_cred['project_name'] = vim_project.get('name')
auth_cred['project_domain_name'] = vim_project.get(
'project_domain_name')
else:
auth_cred['tenant_id'] = vim_project.get('id')
auth_cred['tenant_name'] = vim_project.get('name')
# pop stuff not supported in keystone v2
auth_cred.pop('user_domain_name', None)
auth_cred.pop('user_id', None)
auth_cred['auth_url'] = vim_obj['auth_url']
if keystone_version not in auth_cred['auth_url']:
auth_cred['auth_url'] = auth_cred['auth_url'] + '/' + \
keystone_version
return auth_cred
def _get_auth_plugin(self, version, **kwargs):
if version == 'v2.0':
auth_plugin = v2.Password(**kwargs)
else:
def _get_auth_plugin(self, **kwargs):
auth_plugin = v3.Password(**kwargs)
return auth_plugin
def _initialize_keystone(self, version, auth):
ks_client = self.keystone.initialize_client(version=version, **auth)
def _initialize_keystone(self, auth):
ks_client = self.keystone.initialize_client(**auth)
return ks_client
def _find_regions(self, ks_client):
if ks_client.version == 'v2.0':
service_list = ks_client.services.list()
heat_service_id = None
for service in service_list:
if service.type == 'orchestration':
heat_service_id = service.id
endpoints_list = ks_client.endpoints.list()
region_list = [endpoint.region for endpoint in
endpoints_list if endpoint.service_id ==
heat_service_id]
else:
region_info = ks_client.regions.list()
region_list = [region.id for region in region_info]
return region_list
@ -336,8 +313,8 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
keystone_version = NfvoPlugin.validate_keystone_auth_url(
auth_url=auth_url,
verify=verify)
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
auth_plugin = self._get_auth_plugin(keystone_version, **auth_cred)
auth_cred = self._get_auth_creds(vim_obj, keystone_version)
auth_plugin = self._get_auth_plugin(**auth_cred)
sess = session.Session(auth=auth_plugin)
return client_type(session=sess)
@ -735,7 +712,7 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
raise EnvironmentError('auth dict required for'
' mistral workflow driver')
return mistral_client.MistralClient(
keystone.Keystone().initialize_client('2', **auth_dict),
keystone.Keystone().initialize_client(**auth_dict),
auth_dict['token']).get_client()
def prepare_and_create_workflow(self, resource, action,

View File

@ -117,6 +117,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin,
LOG.debug('Create vim called with parameters %s',
strutils.mask_password(vim))
vim_obj = vim['vim']
vim_obj['auth_url'] = utils.get_auth_url_v3(vim_obj['auth_url'])
vim_type = vim_obj['type']
vim_obj['id'] = uuidutils.generate_uuid()
vim_obj['status'] = 'PENDING'

View File

@ -27,7 +27,7 @@ LOG = logging.getLogger(__name__)
def get_mistral_client(auth_dict):
return mistral_client.MistralClient(
keystone.Keystone().initialize_client('2', **auth_dict),
keystone.Keystone().initialize_client(**auth_dict),
auth_dict['token']).get_client()

View File

@ -25,9 +25,7 @@ class OpenstackClients(object):
self.auth_attr = auth_attr
def _keystone_client(self):
version = self.auth_attr['auth_url'].rpartition('/')[2]
return self.keystone_plugin.initialize_client(version,
**self.auth_attr)
return self.keystone_plugin.initialize_client(**self.auth_attr)
def _heat_client(self):
endpoint = self.keystone_session.get_endpoint(

View File

@ -47,10 +47,9 @@ class Keystone(object):
def get_endpoint(self, ses, service_type, region_name=None):
return ses.get_endpoint(service_type, region_name)
def initialize_client(self, version, **kwargs):
from keystoneclient.v3 import client
def initialize_client(self, **kwargs):
verify = 'True' == kwargs.pop('cert_verify', 'False')
auth_plugin = v3.Password(**kwargs)
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
cli = client.Client(session=ses)
cli = client.Client('v3', session=ses)
return cli

View File

@ -110,10 +110,6 @@ class VimTestCreate(base.BaseTackerTest):
"List of VIM events are Empty")
self.assertEqual(cnt, len(vim_evt_list['vim_events']))
def verify_vim_v2(self, vim_instance, config_data):
self.assertEqual(config_data['project_name'],
vim_instance['auth_cred']['tenant_name'])
def verify_vim_v3(self, vim_instance, config_data):
self.assertEqual(config_data['project_name'],
vim_instance['auth_cred']['project_name'])
@ -135,10 +131,7 @@ class VimTestCreate(base.BaseTackerTest):
project_name = data['project_name']
auth_url = data['auth_url']
if version:
if ('v2' == version and (not auth_url.endswith("/v2.0") or
not auth_url.endswith("/v2.0/"))):
auth_url += "/v2.0"
elif (not auth_url.endswith("/v3") or
if (not auth_url.endswith("/v3") or
not auth_url.endswith("/v3/")):
auth_url += "/v3"
domain_name = data.get('domain_name', None)

View File

@ -130,31 +130,12 @@ class TestOpenstack_Driver(base.TestCase):
regions = [mock_dict({'id': 'RegionOne'})]
attrs = {'regions.list.return_value': regions}
keystone_version = 'v3'
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
mock_ks_client = mock.Mock(**attrs)
self.keystone.get_version.return_value = keystone_version
self._test_register_vim(self.vim_obj, mock_ks_client)
mock_ks_client.regions.list.assert_called_once_with()
self.keystone.initialize_client.assert_called_once_with(
version=keystone_version, **self.auth_obj)
def test_register_keystone_v2(self):
services_list = [mock_dict({'type': 'orchestration', 'id':
'test_id'})]
endpoints_regions = mock_dict({'region': 'RegionOne'})
endpoints_list = [mock_dict({'service_id': 'test_id', 'regions':
endpoints_regions})]
attrs = {'endpoints.list.return_value': endpoints_list,
'services.list.return_value': services_list}
keystone_version = 'v2.0'
mock_ks_client = mock.Mock(version='v2.0', **attrs)
self.keystone.get_version.return_value = keystone_version
auth_obj = {'tenant_name': 'test_project', 'username': 'test_user',
'password': 'test_password', 'cert_verify': 'True',
'auth_url': 'http://localhost/identity/v2.0',
'tenant_id': None}
self._test_register_vim(self.vim_obj, mock_ks_client)
self.keystone.initialize_client.assert_called_once_with(
version=keystone_version, **auth_obj)
**self.auth_obj)
def _test_register_vim(self, vim_obj, mock_ks_client):
self.keystone.initialize_client.return_value = mock_ks_client
@ -220,15 +201,15 @@ class TestOpenstack_Driver(base.TestCase):
def _test_register_vim_auth(self, attrs):
keystone_version = 'v3'
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
self.keystone.get_version.return_value = keystone_version
mock_ks_client = mock.Mock(**attrs)
self.keystone.initialize_client.return_value = mock_ks_client
self.assertRaises(nfvo.VimUnauthorizedException,
self.openstack_driver.register_vim,
self.vim_obj)
mock_ks_client.regions.list.assert_called_once_with()
self.keystone.initialize_client.assert_called_once_with(
version=keystone_version, **self.auth_obj)
**self.auth_obj)
def test_get_vim_resource_id(self):
resource_type = 'network'

View File

@ -25,6 +25,7 @@ from oslo_config import cfg
from oslo_log import log as logging
DEFAULT_IDENTITY_VERSION = "v3"
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
@ -51,22 +52,14 @@ class Keystone(object):
def get_endpoint(self, ses, service_type, region_name=None):
return ses.get_endpoint(service_type, region_name)
def initialize_client(self, version, **kwargs):
def initialize_client(self, **kwargs):
verify = 'True' == kwargs.pop('cert_verify', 'True') or False
if version == 'v2.0':
from keystoneclient.v2_0 import client
if 'token' in kwargs:
auth_plugin = identity.v2.Token(**kwargs)
else:
auth_plugin = identity.v2.Password(**kwargs)
else:
from keystoneclient.v3 import client
if 'token' in kwargs:
auth_plugin = identity.v3.Token(**kwargs)
else:
auth_plugin = identity.v3.Password(**kwargs)
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
cli = client.Client(session=ses)
cli = client.Client(DEFAULT_IDENTITY_VERSION, session=ses)
return cli
@staticmethod