From 4fe3f4cfdaf3ed08cd61ed18a8e31ecf4b36f682 Mon Sep 17 00:00:00 2001 From: Clenimar Filemon Date: Mon, 4 Jul 2016 13:40:59 -0300 Subject: [PATCH] Read domain info from context when contacting nova When we make a keystoneauth Session instance we are not looking at domain info. This way we're always creating v2Password auth plugin, which will obviously fail in an Identity v3-only scenario. This patch makes domain information (i.e user_domain_id and project_domain_id) be read from the context so that we can issue v3Password plugin as well. Also, the logic behind auth plugin creation has been changed, as long as the loading mechanism is designed to read options from config files, which is not the case. Creating the plugin directly seems to fit better here. This change is backwards compatible, since identity.Password can figure out what Identity version is in use and will ignore domain info if v2.0 Change-Id: I687a73cce4230e1d98d5c42fdc81549d5bc6ab1a Closes-Bug: #1599168 --- cinder/compute/nova.py | 22 +++++++------ cinder/tests/unit/compute/test_nova.py | 45 ++++++++++++++------------ 2 files changed, 37 insertions(+), 30 deletions(-) diff --git a/cinder/compute/nova.py b/cinder/compute/nova.py index 4d93a377b84..5cdbe62edcc 100644 --- a/cinder/compute/nova.py +++ b/cinder/compute/nova.py @@ -16,8 +16,8 @@ Handles all requests to Nova. """ -import keystoneauth1.loading -import keystoneauth1.session +from keystoneauth1 import identity +from keystoneauth1 import session as ka_session from novaclient import api_versions from novaclient import client as nova_client from novaclient import exceptions as nova_exceptions @@ -137,14 +137,16 @@ def novaclient(context, admin_endpoint=False, privileged_user=False, LOG.debug('Nova client connection created using URL: %s', url) - # Now that we have the correct auth_url, username, password and - # project_name, let's build a Keystone session. - loader = keystoneauth1.loading.get_plugin_loader('password') - auth = loader.load_from_options(auth_url=url, - username=context.user_id, - password=context.auth_token, - project_name=context.project_name) - keystone_session = keystoneauth1.session.Session(auth=auth) + # Now that we have the correct auth_url, username, password, project_name + # and domain information, i.e. project_domain_id and user_domain_id (if + # using Identity v3 API) let's build a Keystone session. + auth = identity.Password(auth_url=url, + username=context.user_id, + password=context.auth_token, + project_name=context.project_name, + project_domain_id=context.project_domain, + user_domain_id=context.user_domain) + keystone_session = ka_session.Session(auth=auth) c = nova_client.Client(api_versions.APIVersion(NOVA_API_VERSION), session=keystone_session, diff --git a/cinder/tests/unit/compute/test_nova.py b/cinder/tests/unit/compute/test_nova.py index 2c69b6b041f..689d354f4e2 100644 --- a/cinder/tests/unit/compute/test_nova.py +++ b/cinder/tests/unit/compute/test_nova.py @@ -40,14 +40,15 @@ class NovaClientTestCase(test.TestCase): @mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.client.Client') - @mock.patch('keystoneauth1.loading.get_plugin_loader') + @mock.patch('keystoneauth1.identity.Password') @mock.patch('keystoneauth1.session.Session') - def test_nova_client_regular(self, p_session, p_plugin_loader, p_client, + def test_nova_client_regular(self, p_session, p_password_plugin, p_client, p_api_version): nova.novaclient(self.ctx) - p_plugin_loader.return_value.load_from_options.assert_called_once_with( + p_password_plugin.assert_called_once_with( auth_url='http://novahost:8774/v2/e3f0833dc08b4cea', - password='token', project_name=None, username='regularuser' + password='token', project_name=None, username='regularuser', + project_domain_id=None, user_domain_id=None ) p_client.assert_called_once_with( p_api_version(nova.NOVA_API_VERSION), @@ -57,14 +58,15 @@ class NovaClientTestCase(test.TestCase): @mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.client.Client') - @mock.patch('keystoneauth1.loading.get_plugin_loader') + @mock.patch('keystoneauth1.identity.Password') @mock.patch('keystoneauth1.session.Session') - def test_nova_client_admin_endpoint(self, p_session, p_plugin_loader, + def test_nova_client_admin_endpoint(self, p_session, p_password_plugin, p_client, p_api_version): nova.novaclient(self.ctx, admin_endpoint=True) - p_plugin_loader.return_value.load_from_options.assert_called_once_with( + p_password_plugin.assert_called_once_with( auth_url='http://novaadmhost:4778/v2/e3f0833dc08b4cea', - password='token', project_name=None, username='regularuser' + password='token', project_name=None, username='regularuser', + project_domain_id=None, user_domain_id=None ) p_client.assert_called_once_with( p_api_version(nova.NOVA_API_VERSION), @@ -74,14 +76,15 @@ class NovaClientTestCase(test.TestCase): @mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.client.Client') - @mock.patch('keystoneauth1.loading.get_plugin_loader') + @mock.patch('keystoneauth1.identity.Password') @mock.patch('keystoneauth1.session.Session') - def test_nova_client_privileged_user(self, p_session, p_plugin_loader, + def test_nova_client_privileged_user(self, p_session, p_password_plugin, p_client, p_api_version): nova.novaclient(self.ctx, privileged_user=True) - p_plugin_loader.return_value.load_from_options.assert_called_once_with( + p_password_plugin.assert_called_once_with( auth_url='http://keystonehost:5000/v2.0', - password='strongpassword', project_name=None, username='adminuser' + password='strongpassword', project_name=None, username='adminuser', + project_domain_id=None, user_domain_id=None ) p_client.assert_called_once_with( p_api_version(nova.NOVA_API_VERSION), @@ -91,18 +94,19 @@ class NovaClientTestCase(test.TestCase): @mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.client.Client') - @mock.patch('keystoneauth1.loading.get_plugin_loader') + @mock.patch('keystoneauth1.identity.Password') @mock.patch('keystoneauth1.session.Session') def test_nova_client_privileged_user_custom_auth_url(self, p_session, - p_plugin_loader, + p_password_plugin, p_client, p_api_version): self.override_config('os_privileged_user_auth_url', 'http://privatekeystonehost:5000/v2.0') nova.novaclient(self.ctx, privileged_user=True) - p_plugin_loader.return_value.load_from_options.assert_called_once_with( + p_password_plugin.assert_called_once_with( auth_url='http://privatekeystonehost:5000/v2.0', - password='strongpassword', project_name=None, username='adminuser' + password='strongpassword', project_name=None, username='adminuser', + project_domain_id=None, user_domain_id=None ) p_client.assert_called_once_with( p_api_version(nova.NOVA_API_VERSION), @@ -112,15 +116,16 @@ class NovaClientTestCase(test.TestCase): @mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.client.Client') - @mock.patch('keystoneauth1.loading.get_plugin_loader') + @mock.patch('keystoneauth1.identity.Password') @mock.patch('keystoneauth1.session.Session') - def test_nova_client_custom_region(self, p_session, p_plugin_loader, + def test_nova_client_custom_region(self, p_session, p_password_plugin, p_client, p_api_version): self.override_config('os_region_name', 'farfaraway') nova.novaclient(self.ctx) - p_plugin_loader.return_value.load_from_options.assert_called_once_with( + p_password_plugin.assert_called_once_with( auth_url='http://novahost:8774/v2/e3f0833dc08b4cea', - password='token', project_name=None, username='regularuser' + password='token', project_name=None, username='regularuser', + project_domain_id=None, user_domain_id=None ) p_client.assert_called_once_with( p_api_version(nova.NOVA_API_VERSION),