Use keystone group for loading auth params

This really needs to come from mistral-extra. Change-Id: I8c1ff35df46347c2f247f74720942f9884908449 Partial-Bug: #1595084 Partial-Bug: #1761050
2018-07-25 18:40:43 -04:00 · 2018-07-25 18:40:43 -04:00 · 0f17aecbe9
parent 2dfed4e87a
commit 0f17aecbe9
2 changed files with 49 additions and 24 deletions
--- a/tripleo_common/tests/actions/test_base.py
+++ b/tripleo_common/tests/actions/test_base.py
@ -54,8 +54,9 @@ class TestActionsBase(tests_base.TestCase):
            cache_key
        )

+    @mock.patch("tripleo_common.utils.keystone.get_session_and_auth")
    @mock.patch("tripleo_common.actions.base.swift_client.Connection")
-    def test_cache_set(self, mock_conn, mock_endpoint):
+    def test_cache_set(self, mock_conn, mock_keystone, mock_endpoint):
        mock_ctx = mock.Mock()
        mock_swift = mock.Mock()
        mock_conn.return_value = mock_swift
@ -74,8 +75,9 @@ class TestActionsBase(tests_base.TestCase):
        )
        mock_swift.delete_object.assert_not_called()

+    @mock.patch("tripleo_common.utils.keystone.get_session_and_auth")
    @mock.patch("tripleo_common.actions.base.swift_client.Connection")
-    def test_cache_set_none(self, mock_conn, mock_endpoint):
+    def test_cache_set_none(self, mock_conn, mock_keystone, mock_endpoint):
        mock_ctx = mock.Mock()
        mock_swift = mock.Mock()
        mock_conn.return_value = mock_swift
@ -92,8 +94,9 @@ class TestActionsBase(tests_base.TestCase):
            cache_key
        )

+    @mock.patch("tripleo_common.utils.keystone.get_session_and_auth")
    @mock.patch("tripleo_common.actions.base.swift_client.Connection")
-    def test_cache_get_filled(self, mock_conn, mock_endpoint):
+    def test_cache_get_filled(self, mock_conn, mock_keystone, mock_endpoint):
        mock_ctx = mock.Mock()
        mock_swift = mock.Mock()
        mock_conn.return_value = mock_swift
@ -106,8 +109,9 @@ class TestActionsBase(tests_base.TestCase):
        result = self.action.cache_get(mock_ctx, container, key)
        self.assertEqual(result, {"foo": 1})

+    @mock.patch("tripleo_common.utils.keystone.get_session_and_auth")
    @mock.patch("tripleo_common.actions.base.swift_client.Connection")
-    def test_cache_empty(self, mock_conn, mock_endpoint):
+    def test_cache_empty(self, mock_conn, mock_keystone, mock_endpoint):
        mock_ctx = mock.Mock()
        mock_swift = mock.Mock()
        mock_conn.return_value = mock_swift
@ -130,8 +134,9 @@ class TestActionsBase(tests_base.TestCase):
            cache_key
        )

+    @mock.patch("tripleo_common.utils.keystone.get_session_and_auth")
    @mock.patch("tripleo_common.actions.base.swift_client.Connection")
-    def test_cache_delete(self, mock_conn, mock_endpoint):
+    def test_cache_delete(self, mock_conn, mock_keystone, mock_endpoint):
        mock_ctx = mock.Mock()
        mock_swift = mock.Mock()
        mock_conn.return_value = mock_swift
--- a/tripleo_common/utils/keystone.py
+++ b/tripleo_common/utils/keystone.py
@ -63,26 +63,44 @@ def get_session_and_auth(context, **kwargs):
    if not context:
        raise AssertionError('context is mandatory')

-    project_endpoint = get_endpoint_for_project(context, **kwargs)
-    endpoint = format_url(
-        project_endpoint.url,
-        {
-            'tenant_id': context.project_id,
-            'project_id': context.project_id
-        }
-    )
+    if context.trust_id:
+        kwargs['project_name'] = None
+        kwargs['project_domain_name'] = None
+        kwargs['project_id'] = None
+        kwargs['trust_id'] = context.trust_id
+        kwargs.pop('service_name')

-    auth = Token(endpoint=endpoint, token=context.auth_token)
+        auth = loading.load_auth_from_conf_options(
+            CONF,
+            'keystone_authtoken',
+            **kwargs
+        )
+        session = loading.load_session_from_conf_options(
+            CONF,
+            'keystone',
+            auth=auth
+        )
+    else:
+        project_endpoint = get_endpoint_for_project(context, **kwargs)
+        endpoint = format_url(
+            project_endpoint.url,
+            {
+                'tenant_id': context.project_id,
+                'project_id': context.project_id
+            }
+        )

-    auth_uri = context.auth_uri or CONF.keystone_authtoken.auth_uri
-    ks_auth = Token(
-        endpoint=auth_uri,
-        token=context.auth_token
-    )
-    session = ks_session.Session(
-        auth=ks_auth,
-        verify=_determine_verify(context)
-    )
+        auth = Token(endpoint=endpoint, token=context.auth_token)
+
+        auth_uri = context.auth_uri or CONF.keystone_authtoken.auth_uri
+        ks_auth = Token(
+            endpoint=auth_uri,
+            token=context.auth_token
+        )
+        session = ks_session.Session(
+            auth=ks_auth,
+            verify=_determine_verify(context)
+        )

    return {
        "session": session,
@ -117,6 +135,8 @@ def _admin_client(trust_id=None):
        if trust_id:
            # Remove project_name and project_id, since we need a trust scoped
            # auth object
+            kwargs['domain_id'] = None
+            kwargs['domain_name'] = None
            kwargs['project_name'] = None
            kwargs['project_domain_name'] = None
            kwargs['project_id'] = None
@ -129,7 +149,7 @@ def _admin_client(trust_id=None):
        )
        sess = loading.load_session_from_conf_options(
            CONF,
-            'keystone_authtoken',
+            'keystone',
            auth=auth
        )