Use proper config option to connect to keystone

Earlier, quotas used to authenticate to endpoint from not required
option located in keymgr.encryption_auth_url. Now, the required
auth_uri option from config file is used to authenticate to
keystone.

Co-Authored-By: Michal Dulko <michal.dulko@intel.com>
Change-Id: I1076527704f8def2c6755c060df49232e5ebe805
Closes-Bug: 1516085
This commit is contained in:
Szymon Borkowski 2015-12-01 14:12:03 +01:00 committed by Michał Dulko
parent 4d235771cf
commit 109353dedb
4 changed files with 26 additions and 10 deletions

View File

@ -15,8 +15,10 @@
import webob import webob
from keystoneclient.auth.identity.generic import token
from keystoneclient import client
from keystoneclient import exceptions from keystoneclient import exceptions
from keystoneclient.v3 import client from keystoneclient import session
from cinder.api import extensions from cinder.api import extensions
from cinder.api.openstack import wsgi from cinder.api.openstack import wsgi
@ -180,9 +182,13 @@ class QuotaSetsController(wsgi.Controller):
order to do quota operations properly. order to do quota operations properly.
""" """
try: try:
keystone = client.Client(auth_url=CONF.keymgr.encryption_auth_url, auth_plugin = token.Token(
token=context.auth_token, auth_url=CONF.keystone_authtoken.auth_uri,
project_id=context.project_id) token=context.auth_token,
project_id=context.project_id)
client_session = session.Session(auth=auth_plugin)
keystone = client.Client(auth_url=CONF.keystone_authtoken.auth_uri,
session=client_session)
project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids) project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids)
except exceptions.NotFound: except exceptions.NotFound:
msg = (_("Tenant ID: %s does not exist.") % id) msg = (_("Tenant ID: %s does not exist.") % id)

View File

@ -32,7 +32,9 @@ from cinder import db
from cinder import test from cinder import test
from cinder.tests.unit import test_db_api from cinder.tests.unit import test_db_api
from keystonemiddleware import auth_token
from oslo_config import cfg from oslo_config import cfg
from oslo_config import fixture as config_fixture
CONF = cfg.CONF CONF = cfg.CONF
@ -92,7 +94,10 @@ class QuotaSetsControllerTest(test.TestCase):
self.req.environ['cinder.context'].project_id = 'foo' self.req.environ['cinder.context'].project_id = 'foo'
self._create_project_hierarchy() self._create_project_hierarchy()
self.auth_url = CONF.keymgr.encryption_auth_url
self.auth_url = 'http://localhost:5000'
self.fixture = self.useFixture(config_fixture.Config(auth_token.CONF))
self.fixture.config(auth_uri=self.auth_url, group='keystone_authtoken')
def _create_project_hierarchy(self): def _create_project_hierarchy(self):
"""Sets an environment used for nested quotas tests. """Sets an environment used for nested quotas tests.
@ -123,15 +128,16 @@ class QuotaSetsControllerTest(test.TestCase):
def _get_project(self, context, id, subtree_as_ids=False): def _get_project(self, context, id, subtree_as_ids=False):
return self.project_by_id.get(id, self.FakeProject()) return self.project_by_id.get(id, self.FakeProject())
@mock.patch('keystoneclient.v3.client.Client') @mock.patch('keystoneclient.client.Client')
def test_keystone_client_instantiation(self, ksclient_class): @mock.patch('keystoneclient.session.Session')
def test_keystone_client_instantiation(self, ksclient_session,
ksclient_class):
context = self.req.environ['cinder.context'] context = self.req.environ['cinder.context']
self.controller._get_project(context, context.project_id) self.controller._get_project(context, context.project_id)
ksclient_class.assert_called_once_with(auth_url=self.auth_url, ksclient_class.assert_called_once_with(auth_url=self.auth_url,
token=context.auth_token, session=ksclient_session())
project_id=context.project_id)
@mock.patch('keystoneclient.v3.client.Client') @mock.patch('keystoneclient.client.Client')
def test_get_project(self, ksclient_class): def test_get_project(self, ksclient_class):
context = self.req.environ['cinder.context'] context = self.req.environ['cinder.context']
keystoneclient = ksclient_class.return_value keystoneclient = ksclient_class.return_value

View File

@ -0,0 +1,3 @@
---
fixes:
- Cinder will now correctly read Keystone's endpoint for quota calls from keystone_authtoken.auth_uri instead of keymgr.encryption_auth_url config option.

View File

@ -33,6 +33,7 @@ pycrypto>=2.6
pyparsing>=2.0.1 pyparsing>=2.0.1
python-barbicanclient>=3.3.0 python-barbicanclient>=3.3.0
python-glanceclient>=0.18.0 python-glanceclient>=0.18.0
python-keystoneclient>=1.6.0,!=1.8.0
python-novaclient!=2.33.0,>=2.29.0 python-novaclient!=2.33.0,>=2.29.0
python-swiftclient>=2.2.0 python-swiftclient>=2.2.0
requests>=2.8.1 requests>=2.8.1