diff options
| author | Jamie Lennox <jamielennox@gmail.com> | 2016-08-24 21:05:23 +1000 |
|---|---|---|
| committer | Jamie Lennox <jamielennox@gmail.com> | 2016-11-02 09:53:07 +1100 |
| commit | 4d7703b934b3ba0533dbc084e41ed0fae75ed25a (patch) | |
| tree | 79821640452cf40d51808f872432c981435564bd | |
| parent | 9ba10d8e257bf3324487538b98ec10f2a2e28f45 (diff) | |
| download | glance_store-4d7703b934b3ba0533dbc084e41ed0fae75ed25a.tar.gz | |
Convert to keystoneauth
A direct conversion of keystoneclient usage to the newer supported
keystoneauth library. The libraries are largely compatible and there
should be no issues swapping between them.
This doesn't fix any problems of the way auth is used, it just changes
out the library.
Change-Id: Ibe212e17150a3c750e9c2536a4c869d87e9d4e13
| -rw-r--r-- | glance_store/_drivers/cinder.py | 16 | ||||
| -rw-r--r-- | glance_store/_drivers/swift/connection_manager.py | 2 | ||||
| -rw-r--r-- | glance_store/_drivers/swift/store.py | 62 | ||||
| -rw-r--r-- | glance_store/tests/unit/test_swift_store.py | 27 | ||||
| -rw-r--r-- | requirements.txt | 1 |
5 files changed, 58 insertions, 50 deletions
diff --git a/glance_store/_drivers/cinder.py b/glance_store/_drivers/cinder.py index 9d3b9ad..521eb83 100644 --- a/glance_store/_drivers/cinder.py +++ b/glance_store/_drivers/cinder.py @@ -21,6 +21,8 @@ import os import socket import time +from keystoneauth1.access import service_catalog as keystone_sc +from keystoneauth1 import exceptions as keystone_exc from oslo_concurrency import processutils from oslo_config import cfg from oslo_utils import units @@ -31,8 +33,6 @@ import glance_store.driver from glance_store import exceptions from glance_store.i18n import _, _LE, _LW, _LI import glance_store.location -from keystoneclient import exceptions as keystone_exc -from keystoneclient import service_catalog as keystone_sc try: from cinderclient import exceptions as cinder_exception @@ -64,8 +64,8 @@ The service catalog can be listed by the ``openstack catalog list`` command. Possible values: * A string of of the following form: - ``<service_type>:<service_name>:<endpoint_type>`` - At least ``service_type`` and ``endpoint_type`` should be specified. + ``<service_type>:<service_name>:<interface>`` + At least ``service_type`` and ``interface`` should be specified. ``service_name`` can be omitted. Related options: @@ -332,14 +332,14 @@ def get_cinderclient(conf, context=None): url = glance_store.cinder_endpoint_template % context.to_dict() else: info = glance_store.cinder_catalog_info - service_type, service_name, endpoint_type = info.split(':') - sc = {'serviceCatalog': context.service_catalog} + service_type, service_name, interface = info.split(':') try: - url = keystone_sc.ServiceCatalogV2(sc).url_for( + catalog = keystone_sc.ServiceCatalogV2(context.service_catalog) + url = catalog.url_for( region_name=glance_store.cinder_os_region_name, service_type=service_type, service_name=service_name, - endpoint_type=endpoint_type) + interface=interface) except keystone_exc.EndpointNotFound: reason = _("Failed to find Cinder from a service catalog.") raise exceptions.BadStoreConfiguration(store_name="cinder", diff --git a/glance_store/_drivers/swift/connection_manager.py b/glance_store/_drivers/swift/connection_manager.py index f417ffd..c7bacc5 100644 --- a/glance_store/_drivers/swift/connection_manager.py +++ b/glance_store/_drivers/swift/connection_manager.py @@ -18,7 +18,7 @@ connection with valid credentials and updated token""" import logging -from keystoneclient import exceptions as ks_exceptions +from keystoneauth1 import exceptions as ks_exceptions from oslo_utils import encodeutils from glance_store import exceptions diff --git a/glance_store/_drivers/swift/store.py b/glance_store/_drivers/swift/store.py index 70d7e5b..d4b3881 100644 --- a/glance_store/_drivers/swift/store.py +++ b/glance_store/_drivers/swift/store.py @@ -19,8 +19,11 @@ import hashlib import logging import math -from keystoneclient import exceptions as keystone_exc -from keystoneclient import service_catalog as keystone_sc +from keystoneauth1.access import service_catalog as keystone_sc +from keystoneauth1 import exceptions as keystone_exc +from keystoneauth1 import identity as ks_identity +from keystoneauth1 import session as ks_session +from keystoneclient.v3 import client as ks_client from oslo_config import cfg from oslo_utils import encodeutils from oslo_utils import excutils @@ -33,9 +36,6 @@ try: except ImportError: swiftclient = None -from keystoneclient.auth.identity import v3 as ks_v3 -from keystoneclient import session as ks_session -from keystoneclient.v3 import client as ks_client import glance_store from glance_store._drivers.swift import connection_manager @@ -1268,16 +1268,17 @@ class SingleTenantStore(BaseStore): raise exceptions.BadStoreUri(message=reason) # initialize a keystone plugin for swift admin with creds - password = ks_v3.Password(auth_url=auth_url, - username=user, - password=location.key, - project_name=tenant_name, - user_domain_id=self.user_domain_id, - user_domain_name=self.user_domain_name, - project_domain_id=self.project_domain_id, - project_domain_name=self.project_domain_name) - sess = ks_session.Session(auth=password) + password = ks_identity.V3Password( + auth_url=auth_url, + username=user, + password=location.key, + project_name=tenant_name, + user_domain_id=self.user_domain_id, + user_domain_name=self.user_domain_name, + project_domain_id=self.project_domain_id, + project_domain_name=self.project_domain_name) + sess = ks_session.Session(auth=password) return ks_client.Client(session=sess) def get_manager(self, store_location, context=None, allow_reauth=False): @@ -1303,10 +1304,10 @@ class MultiTenantStore(BaseStore): reason=reason) self.storage_url = self.conf_endpoint if not self.storage_url: - sc = {'serviceCatalog': context.service_catalog} - self.storage_url = keystone_sc.ServiceCatalogV2(sc).url_for( - service_type=self.service_type, region_name=self.region, - endpoint_type=self.endpoint_type) + catalog = keystone_sc.ServiceCatalogV2(context.service_catalog) + self.storage_url = catalog.url_for(service_type=self.service_type, + region_name=self.region, + interface=self.endpoint_type) if self.storage_url.startswith('http://'): self.scheme = 'swift+http' @@ -1402,9 +1403,9 @@ class MultiTenantStore(BaseStore): 'project_domain_name') # create client for multitenant user(trustor) - trustor_auth = ks_v3.Token(auth_url=auth_address, - token=context.auth_token, - project_id=context.tenant) + trustor_auth = ks_identity.V3Token(auth_url=auth_address, + token=context.auth_token, + project_id=context.tenant) trustor_sess = ks_session.Session(auth=trustor_auth) trustor_client = ks_client.Client(session=trustor_sess) auth_ref = trustor_client.session.auth.get_auth_ref(trustor_sess) @@ -1412,14 +1413,15 @@ class MultiTenantStore(BaseStore): # create client for trustee - glance user specified in swift config tenant_name, user = user.split(':') - password = ks_v3.Password(auth_url=auth_address, - username=user, - password=key, - project_name=tenant_name, - user_domain_id=user_domain_id, - user_domain_name=user_domain_name, - project_domain_id=project_domain_id, - project_domain_name=project_domain_name) + password = ks_identity.V3Password( + auth_url=auth_address, + username=user, + password=key, + project_name=tenant_name, + user_domain_id=user_domain_id, + user_domain_name=user_domain_name, + project_domain_id=project_domain_id, + project_domain_name=project_domain_name) trustee_sess = ks_session.Session(auth=password) trustee_client = ks_client.Client(session=trustee_sess) @@ -1434,7 +1436,7 @@ class MultiTenantStore(BaseStore): ).id # initialize a new client with trust and trustee credentials # create client for glance trustee user - client_password = ks_v3.Password( + client_password = ks_identity.V3Password( auth_url=auth_address, username=user, password=key, diff --git a/glance_store/tests/unit/test_swift_store.py b/glance_store/tests/unit/test_swift_store.py index 427f06a..ab515ef 100644 --- a/glance_store/tests/unit/test_swift_store.py +++ b/glance_store/tests/unit/test_swift_store.py @@ -1124,11 +1124,13 @@ class SwiftTests(object): loc = mock.MagicMock() self.assertRaises(NotImplementedError, store.get_manager, loc) - @mock.patch("glance_store._drivers.swift.store.ks_v3") + @mock.patch("glance_store._drivers.swift.store.ks_identity") @mock.patch("glance_store._drivers.swift.store.ks_session") @mock.patch("glance_store._drivers.swift.store.ks_client") def test_init_client_multi_tenant(self, - mock_client, mock_session, mock_v3): + mock_client, + mock_session, + mock_identity): """Test that keystone client was initialized correctly""" # initialize store and connection parameters self.config(swift_store_multi_tenant=True) @@ -1158,16 +1160,16 @@ class SwiftTests(object): ctxt = mock.MagicMock() client = store.init_client(location=mock.MagicMock(), context=ctxt) # test trustor usage - mock_v3.Token.assert_called_once_with( + mock_identity.V3Token.assert_called_once_with( auth_url=default_swift_reference.get('auth_address'), token=ctxt.auth_token, project_id=ctxt.tenant ) - mock_session.Session.assert_any_call(auth=mock_v3.Token()) + mock_session.Session.assert_any_call(auth=mock_identity.V3Token()) mock_client.Client.assert_any_call(session=trustor_session) # test trustee usage and trust creation tenant_name, user = default_swift_reference.get('user').split(':') - mock_v3.Password.assert_any_call( + mock_identity.V3Password.assert_any_call( auth_url=default_swift_reference.get('auth_address'), username=user, password=default_swift_reference.get('key'), @@ -1178,14 +1180,14 @@ class SwiftTests(object): project_domain_name=default_swift_reference.get( 'project_domain_name') ) - mock_session.Session.assert_any_call(auth=mock_v3.Password()) + mock_session.Session.assert_any_call(auth=mock_identity.V3Password()) mock_client.Client.assert_any_call(session=trustee_session) trustor_client.trusts.create.assert_called_once_with( trustee_user='fake_user', trustor_user=ctxt.user, project=ctxt.tenant, impersonation=True, role_names=['fake_role'] ) - mock_v3.Password.assert_any_call( + mock_identity.V3Password.assert_any_call( auth_url=default_swift_reference.get('auth_address'), username=user, password=default_swift_reference.get('key'), @@ -1262,11 +1264,13 @@ class TestStoreAuthV3(TestStoreAuthV1): conf['swift_store_user'] = 'tenant:user1' return conf - @mock.patch("glance_store._drivers.swift.store.ks_v3") + @mock.patch("glance_store._drivers.swift.store.ks_identity") @mock.patch("glance_store._drivers.swift.store.ks_session") @mock.patch("glance_store._drivers.swift.store.ks_client") def test_init_client_single_tenant(self, - mock_client, mock_session, mock_v3): + mock_client, + mock_session, + mock_identity): """Test that keystone client was initialized correctly""" # initialize client store = Store(self.conf) @@ -1279,13 +1283,14 @@ class TestStoreAuthV3(TestStoreAuthV1): # check that keystone was initialized correctly tenant = None if store.auth_version == '1' else "tenant" username = "tenant:user1" if store.auth_version == '1' else "user1" - mock_v3.Password.assert_called_once_with( + mock_identity.V3Password.assert_called_once_with( auth_url=loc.store_location.swift_url + '/', username=username, password="key", project_name=tenant, project_domain_id='default', project_domain_name=None, user_domain_id='default', user_domain_name=None,) - mock_session.Session.assert_called_once_with(auth=mock_v3.Password()) + mock_session.Session.assert_called_once_with( + auth=mock_identity.V3Password()) mock_client.Client.assert_called_once_with( session=mock_session.Session()) diff --git a/requirements.txt b/requirements.txt index c36085e..c98a250 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,5 +14,6 @@ six>=1.9.0 # MIT debtcollector>=1.2.0 # Apache-2.0 jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT +keystoneauth1>=2.14.0 # Apache-2.0 python-keystoneclient>=3.6.0 # Apache-2.0 requests>=2.10.0 # Apache-2.0 |