Move to use only kestone v3 api
Currently Tacker usage a misxture of v2 v3 api, which is suboptimal from both a performance and code-elegance perspective. In this patch we refactor v2 apis from code. Change-Id: I981887f3f5af6356aba45a6d128d3e4b23b10286 Implements: blueprint keystone-v3
This commit is contained in:
parent
1d7cd6f604
commit
c9fee0af8d
@ -283,7 +283,7 @@ function _tacker_setup_keystone {
|
||||
# Configures keystone for metadata_agent
|
||||
# metadata_agent needs auth_url to communicate with keystone
|
||||
if [[ "$use_auth_url" == "True" ]]; then
|
||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
|
||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
||||
fi
|
||||
|
||||
create_tacker_cache_dir
|
||||
|
@ -26,9 +26,7 @@ class OpenstackClients(object):
|
||||
self.auth_attr = auth_attr
|
||||
|
||||
def _keystone_client(self):
|
||||
version = self.auth_attr['auth_url'].rpartition('/')[2]
|
||||
return self.keystone_plugin.initialize_client(version,
|
||||
**self.auth_attr)
|
||||
return self.keystone_plugin.initialize_client(**self.auth_attr)
|
||||
|
||||
def _heat_client(self):
|
||||
endpoint = self.keystone_session.get_endpoint(
|
||||
|
@ -20,7 +20,6 @@ import yaml
|
||||
|
||||
from keystoneauth1 import exceptions
|
||||
from keystoneauth1 import identity
|
||||
from keystoneauth1.identity import v2
|
||||
from keystoneauth1.identity import v3
|
||||
from keystoneauth1 import session
|
||||
from neutronclient.common import exceptions as nc_exceptions
|
||||
@ -124,54 +123,32 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
||||
keystone_version = NfvoPlugin.validate_keystone_auth_url(
|
||||
auth_url=auth_url,
|
||||
verify=verify)
|
||||
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
|
||||
return self._initialize_keystone(keystone_version, auth_cred)
|
||||
auth_cred = self._get_auth_creds(vim_obj, keystone_version)
|
||||
return self._initialize_keystone(auth_cred)
|
||||
|
||||
def _get_auth_creds(self, keystone_version, vim_obj):
|
||||
auth_url = vim_obj['auth_url']
|
||||
def _get_auth_creds(self, vim_obj, keystone_version):
|
||||
auth_cred = vim_obj['auth_cred']
|
||||
vim_project = vim_obj['vim_project']
|
||||
|
||||
if keystone_version not in auth_url:
|
||||
vim_obj['auth_url'] = auth_url + '/' + keystone_version
|
||||
if keystone_version == 'v3':
|
||||
auth_cred['project_id'] = vim_project.get('id')
|
||||
auth_cred['project_name'] = vim_project.get('name')
|
||||
auth_cred['project_domain_name'] = vim_project.get(
|
||||
'project_domain_name')
|
||||
else:
|
||||
auth_cred['tenant_id'] = vim_project.get('id')
|
||||
auth_cred['tenant_name'] = vim_project.get('name')
|
||||
# pop stuff not supported in keystone v2
|
||||
auth_cred.pop('user_domain_name', None)
|
||||
auth_cred.pop('user_id', None)
|
||||
auth_cred['auth_url'] = vim_obj['auth_url']
|
||||
if keystone_version not in auth_cred['auth_url']:
|
||||
auth_cred['auth_url'] = auth_cred['auth_url'] + '/' + \
|
||||
keystone_version
|
||||
return auth_cred
|
||||
|
||||
def _get_auth_plugin(self, version, **kwargs):
|
||||
if version == 'v2.0':
|
||||
auth_plugin = v2.Password(**kwargs)
|
||||
else:
|
||||
def _get_auth_plugin(self, **kwargs):
|
||||
auth_plugin = v3.Password(**kwargs)
|
||||
|
||||
return auth_plugin
|
||||
|
||||
def _initialize_keystone(self, version, auth):
|
||||
ks_client = self.keystone.initialize_client(version=version, **auth)
|
||||
def _initialize_keystone(self, auth):
|
||||
ks_client = self.keystone.initialize_client(**auth)
|
||||
return ks_client
|
||||
|
||||
def _find_regions(self, ks_client):
|
||||
if ks_client.version == 'v2.0':
|
||||
service_list = ks_client.services.list()
|
||||
heat_service_id = None
|
||||
for service in service_list:
|
||||
if service.type == 'orchestration':
|
||||
heat_service_id = service.id
|
||||
endpoints_list = ks_client.endpoints.list()
|
||||
region_list = [endpoint.region for endpoint in
|
||||
endpoints_list if endpoint.service_id ==
|
||||
heat_service_id]
|
||||
else:
|
||||
region_info = ks_client.regions.list()
|
||||
region_list = [region.id for region in region_info]
|
||||
return region_list
|
||||
@ -336,8 +313,8 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
||||
keystone_version = NfvoPlugin.validate_keystone_auth_url(
|
||||
auth_url=auth_url,
|
||||
verify=verify)
|
||||
auth_cred = self._get_auth_creds(keystone_version, vim_obj)
|
||||
auth_plugin = self._get_auth_plugin(keystone_version, **auth_cred)
|
||||
auth_cred = self._get_auth_creds(vim_obj, keystone_version)
|
||||
auth_plugin = self._get_auth_plugin(**auth_cred)
|
||||
sess = session.Session(auth=auth_plugin)
|
||||
return client_type(session=sess)
|
||||
|
||||
@ -735,7 +712,7 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
|
||||
raise EnvironmentError('auth dict required for'
|
||||
' mistral workflow driver')
|
||||
return mistral_client.MistralClient(
|
||||
keystone.Keystone().initialize_client('2', **auth_dict),
|
||||
keystone.Keystone().initialize_client(**auth_dict),
|
||||
auth_dict['token']).get_client()
|
||||
|
||||
def prepare_and_create_workflow(self, resource, action,
|
||||
|
@ -117,6 +117,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin,
|
||||
LOG.debug('Create vim called with parameters %s',
|
||||
strutils.mask_password(vim))
|
||||
vim_obj = vim['vim']
|
||||
vim_obj['auth_url'] = utils.get_auth_url_v3(vim_obj['auth_url'])
|
||||
vim_type = vim_obj['type']
|
||||
vim_obj['id'] = uuidutils.generate_uuid()
|
||||
vim_obj['status'] = 'PENDING'
|
||||
|
@ -27,7 +27,7 @@ LOG = logging.getLogger(__name__)
|
||||
|
||||
def get_mistral_client(auth_dict):
|
||||
return mistral_client.MistralClient(
|
||||
keystone.Keystone().initialize_client('2', **auth_dict),
|
||||
keystone.Keystone().initialize_client(**auth_dict),
|
||||
auth_dict['token']).get_client()
|
||||
|
||||
|
||||
|
@ -25,9 +25,7 @@ class OpenstackClients(object):
|
||||
self.auth_attr = auth_attr
|
||||
|
||||
def _keystone_client(self):
|
||||
version = self.auth_attr['auth_url'].rpartition('/')[2]
|
||||
return self.keystone_plugin.initialize_client(version,
|
||||
**self.auth_attr)
|
||||
return self.keystone_plugin.initialize_client(**self.auth_attr)
|
||||
|
||||
def _heat_client(self):
|
||||
endpoint = self.keystone_session.get_endpoint(
|
||||
|
@ -47,10 +47,9 @@ class Keystone(object):
|
||||
def get_endpoint(self, ses, service_type, region_name=None):
|
||||
return ses.get_endpoint(service_type, region_name)
|
||||
|
||||
def initialize_client(self, version, **kwargs):
|
||||
from keystoneclient.v3 import client
|
||||
def initialize_client(self, **kwargs):
|
||||
verify = 'True' == kwargs.pop('cert_verify', 'False')
|
||||
auth_plugin = v3.Password(**kwargs)
|
||||
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
||||
cli = client.Client(session=ses)
|
||||
cli = client.Client('v3', session=ses)
|
||||
return cli
|
||||
|
@ -110,10 +110,6 @@ class VimTestCreate(base.BaseTackerTest):
|
||||
"List of VIM events are Empty")
|
||||
self.assertEqual(cnt, len(vim_evt_list['vim_events']))
|
||||
|
||||
def verify_vim_v2(self, vim_instance, config_data):
|
||||
self.assertEqual(config_data['project_name'],
|
||||
vim_instance['auth_cred']['tenant_name'])
|
||||
|
||||
def verify_vim_v3(self, vim_instance, config_data):
|
||||
self.assertEqual(config_data['project_name'],
|
||||
vim_instance['auth_cred']['project_name'])
|
||||
@ -135,10 +131,7 @@ class VimTestCreate(base.BaseTackerTest):
|
||||
project_name = data['project_name']
|
||||
auth_url = data['auth_url']
|
||||
if version:
|
||||
if ('v2' == version and (not auth_url.endswith("/v2.0") or
|
||||
not auth_url.endswith("/v2.0/"))):
|
||||
auth_url += "/v2.0"
|
||||
elif (not auth_url.endswith("/v3") or
|
||||
if (not auth_url.endswith("/v3") or
|
||||
not auth_url.endswith("/v3/")):
|
||||
auth_url += "/v3"
|
||||
domain_name = data.get('domain_name', None)
|
||||
|
@ -130,31 +130,12 @@ class TestOpenstack_Driver(base.TestCase):
|
||||
regions = [mock_dict({'id': 'RegionOne'})]
|
||||
attrs = {'regions.list.return_value': regions}
|
||||
keystone_version = 'v3'
|
||||
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
|
||||
mock_ks_client = mock.Mock(**attrs)
|
||||
self.keystone.get_version.return_value = keystone_version
|
||||
self._test_register_vim(self.vim_obj, mock_ks_client)
|
||||
mock_ks_client.regions.list.assert_called_once_with()
|
||||
self.keystone.initialize_client.assert_called_once_with(
|
||||
version=keystone_version, **self.auth_obj)
|
||||
|
||||
def test_register_keystone_v2(self):
|
||||
services_list = [mock_dict({'type': 'orchestration', 'id':
|
||||
'test_id'})]
|
||||
endpoints_regions = mock_dict({'region': 'RegionOne'})
|
||||
endpoints_list = [mock_dict({'service_id': 'test_id', 'regions':
|
||||
endpoints_regions})]
|
||||
attrs = {'endpoints.list.return_value': endpoints_list,
|
||||
'services.list.return_value': services_list}
|
||||
keystone_version = 'v2.0'
|
||||
mock_ks_client = mock.Mock(version='v2.0', **attrs)
|
||||
self.keystone.get_version.return_value = keystone_version
|
||||
auth_obj = {'tenant_name': 'test_project', 'username': 'test_user',
|
||||
'password': 'test_password', 'cert_verify': 'True',
|
||||
'auth_url': 'http://localhost/identity/v2.0',
|
||||
'tenant_id': None}
|
||||
self._test_register_vim(self.vim_obj, mock_ks_client)
|
||||
self.keystone.initialize_client.assert_called_once_with(
|
||||
version=keystone_version, **auth_obj)
|
||||
**self.auth_obj)
|
||||
|
||||
def _test_register_vim(self, vim_obj, mock_ks_client):
|
||||
self.keystone.initialize_client.return_value = mock_ks_client
|
||||
@ -220,15 +201,15 @@ class TestOpenstack_Driver(base.TestCase):
|
||||
|
||||
def _test_register_vim_auth(self, attrs):
|
||||
keystone_version = 'v3'
|
||||
mock_ks_client = mock.Mock(version=keystone_version, **attrs)
|
||||
self.keystone.get_version.return_value = keystone_version
|
||||
mock_ks_client = mock.Mock(**attrs)
|
||||
self.keystone.initialize_client.return_value = mock_ks_client
|
||||
self.assertRaises(nfvo.VimUnauthorizedException,
|
||||
self.openstack_driver.register_vim,
|
||||
self.vim_obj)
|
||||
mock_ks_client.regions.list.assert_called_once_with()
|
||||
self.keystone.initialize_client.assert_called_once_with(
|
||||
version=keystone_version, **self.auth_obj)
|
||||
**self.auth_obj)
|
||||
|
||||
def test_get_vim_resource_id(self):
|
||||
resource_type = 'network'
|
||||
|
@ -25,6 +25,7 @@ from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
||||
|
||||
DEFAULT_IDENTITY_VERSION = "v3"
|
||||
LOG = logging.getLogger(__name__)
|
||||
CONF = cfg.CONF
|
||||
|
||||
@ -51,22 +52,14 @@ class Keystone(object):
|
||||
def get_endpoint(self, ses, service_type, region_name=None):
|
||||
return ses.get_endpoint(service_type, region_name)
|
||||
|
||||
def initialize_client(self, version, **kwargs):
|
||||
def initialize_client(self, **kwargs):
|
||||
verify = 'True' == kwargs.pop('cert_verify', 'True') or False
|
||||
if version == 'v2.0':
|
||||
from keystoneclient.v2_0 import client
|
||||
if 'token' in kwargs:
|
||||
auth_plugin = identity.v2.Token(**kwargs)
|
||||
else:
|
||||
auth_plugin = identity.v2.Password(**kwargs)
|
||||
else:
|
||||
from keystoneclient.v3 import client
|
||||
if 'token' in kwargs:
|
||||
auth_plugin = identity.v3.Token(**kwargs)
|
||||
else:
|
||||
auth_plugin = identity.v3.Password(**kwargs)
|
||||
ses = self.get_session(auth_plugin=auth_plugin, verify=verify)
|
||||
cli = client.Client(session=ses)
|
||||
cli = client.Client(DEFAULT_IDENTITY_VERSION, session=ses)
|
||||
return cli
|
||||
|
||||
@staticmethod
|
||||
|
Loading…
Reference in New Issue
Block a user