Read domain info from context when contacting nova

When we make a keystoneauth Session instance we are not looking at domain
info. This way we're always creating v2Password auth plugin, which will
obviously fail in an Identity v3-only scenario.

This patch makes domain information (i.e user_domain_id and project_domain_id)
be read from the context so that we can issue v3Password plugin as well.

Also, the logic behind auth plugin creation has been changed, as long as the
loading mechanism is designed to read options from config files, which is not
the case. Creating the plugin directly seems to fit better here.

This change is backwards compatible, since identity.Password can figure
out what Identity version is in use and will ignore domain info if v2.0

Change-Id: I687a73cce4230e1d98d5c42fdc81549d5bc6ab1a
Closes-Bug: #1599168
This commit is contained in:
Clenimar Filemon 2016-07-04 13:40:59 -03:00 committed by Clenimar Filemon
parent 47b02d1b47
commit 4fe3f4cfda
2 changed files with 37 additions and 30 deletions

View File

@ -16,8 +16,8 @@
Handles all requests to Nova. Handles all requests to Nova.
""" """
import keystoneauth1.loading from keystoneauth1 import identity
import keystoneauth1.session from keystoneauth1 import session as ka_session
from novaclient import api_versions from novaclient import api_versions
from novaclient import client as nova_client from novaclient import client as nova_client
from novaclient import exceptions as nova_exceptions from novaclient import exceptions as nova_exceptions
@ -137,14 +137,16 @@ def novaclient(context, admin_endpoint=False, privileged_user=False,
LOG.debug('Nova client connection created using URL: %s', url) LOG.debug('Nova client connection created using URL: %s', url)
# Now that we have the correct auth_url, username, password and # Now that we have the correct auth_url, username, password, project_name
# project_name, let's build a Keystone session. # and domain information, i.e. project_domain_id and user_domain_id (if
loader = keystoneauth1.loading.get_plugin_loader('password') # using Identity v3 API) let's build a Keystone session.
auth = loader.load_from_options(auth_url=url, auth = identity.Password(auth_url=url,
username=context.user_id, username=context.user_id,
password=context.auth_token, password=context.auth_token,
project_name=context.project_name) project_name=context.project_name,
keystone_session = keystoneauth1.session.Session(auth=auth) project_domain_id=context.project_domain,
user_domain_id=context.user_domain)
keystone_session = ka_session.Session(auth=auth)
c = nova_client.Client(api_versions.APIVersion(NOVA_API_VERSION), c = nova_client.Client(api_versions.APIVersion(NOVA_API_VERSION),
session=keystone_session, session=keystone_session,

View File

@ -40,14 +40,15 @@ class NovaClientTestCase(test.TestCase):
@mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.api_versions.APIVersion')
@mock.patch('novaclient.client.Client') @mock.patch('novaclient.client.Client')
@mock.patch('keystoneauth1.loading.get_plugin_loader') @mock.patch('keystoneauth1.identity.Password')
@mock.patch('keystoneauth1.session.Session') @mock.patch('keystoneauth1.session.Session')
def test_nova_client_regular(self, p_session, p_plugin_loader, p_client, def test_nova_client_regular(self, p_session, p_password_plugin, p_client,
p_api_version): p_api_version):
nova.novaclient(self.ctx) nova.novaclient(self.ctx)
p_plugin_loader.return_value.load_from_options.assert_called_once_with( p_password_plugin.assert_called_once_with(
auth_url='http://novahost:8774/v2/e3f0833dc08b4cea', auth_url='http://novahost:8774/v2/e3f0833dc08b4cea',
password='token', project_name=None, username='regularuser' password='token', project_name=None, username='regularuser',
project_domain_id=None, user_domain_id=None
) )
p_client.assert_called_once_with( p_client.assert_called_once_with(
p_api_version(nova.NOVA_API_VERSION), p_api_version(nova.NOVA_API_VERSION),
@ -57,14 +58,15 @@ class NovaClientTestCase(test.TestCase):
@mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.api_versions.APIVersion')
@mock.patch('novaclient.client.Client') @mock.patch('novaclient.client.Client')
@mock.patch('keystoneauth1.loading.get_plugin_loader') @mock.patch('keystoneauth1.identity.Password')
@mock.patch('keystoneauth1.session.Session') @mock.patch('keystoneauth1.session.Session')
def test_nova_client_admin_endpoint(self, p_session, p_plugin_loader, def test_nova_client_admin_endpoint(self, p_session, p_password_plugin,
p_client, p_api_version): p_client, p_api_version):
nova.novaclient(self.ctx, admin_endpoint=True) nova.novaclient(self.ctx, admin_endpoint=True)
p_plugin_loader.return_value.load_from_options.assert_called_once_with( p_password_plugin.assert_called_once_with(
auth_url='http://novaadmhost:4778/v2/e3f0833dc08b4cea', auth_url='http://novaadmhost:4778/v2/e3f0833dc08b4cea',
password='token', project_name=None, username='regularuser' password='token', project_name=None, username='regularuser',
project_domain_id=None, user_domain_id=None
) )
p_client.assert_called_once_with( p_client.assert_called_once_with(
p_api_version(nova.NOVA_API_VERSION), p_api_version(nova.NOVA_API_VERSION),
@ -74,14 +76,15 @@ class NovaClientTestCase(test.TestCase):
@mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.api_versions.APIVersion')
@mock.patch('novaclient.client.Client') @mock.patch('novaclient.client.Client')
@mock.patch('keystoneauth1.loading.get_plugin_loader') @mock.patch('keystoneauth1.identity.Password')
@mock.patch('keystoneauth1.session.Session') @mock.patch('keystoneauth1.session.Session')
def test_nova_client_privileged_user(self, p_session, p_plugin_loader, def test_nova_client_privileged_user(self, p_session, p_password_plugin,
p_client, p_api_version): p_client, p_api_version):
nova.novaclient(self.ctx, privileged_user=True) nova.novaclient(self.ctx, privileged_user=True)
p_plugin_loader.return_value.load_from_options.assert_called_once_with( p_password_plugin.assert_called_once_with(
auth_url='http://keystonehost:5000/v2.0', auth_url='http://keystonehost:5000/v2.0',
password='strongpassword', project_name=None, username='adminuser' password='strongpassword', project_name=None, username='adminuser',
project_domain_id=None, user_domain_id=None
) )
p_client.assert_called_once_with( p_client.assert_called_once_with(
p_api_version(nova.NOVA_API_VERSION), p_api_version(nova.NOVA_API_VERSION),
@ -91,18 +94,19 @@ class NovaClientTestCase(test.TestCase):
@mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.api_versions.APIVersion')
@mock.patch('novaclient.client.Client') @mock.patch('novaclient.client.Client')
@mock.patch('keystoneauth1.loading.get_plugin_loader') @mock.patch('keystoneauth1.identity.Password')
@mock.patch('keystoneauth1.session.Session') @mock.patch('keystoneauth1.session.Session')
def test_nova_client_privileged_user_custom_auth_url(self, p_session, def test_nova_client_privileged_user_custom_auth_url(self, p_session,
p_plugin_loader, p_password_plugin,
p_client, p_client,
p_api_version): p_api_version):
self.override_config('os_privileged_user_auth_url', self.override_config('os_privileged_user_auth_url',
'http://privatekeystonehost:5000/v2.0') 'http://privatekeystonehost:5000/v2.0')
nova.novaclient(self.ctx, privileged_user=True) nova.novaclient(self.ctx, privileged_user=True)
p_plugin_loader.return_value.load_from_options.assert_called_once_with( p_password_plugin.assert_called_once_with(
auth_url='http://privatekeystonehost:5000/v2.0', auth_url='http://privatekeystonehost:5000/v2.0',
password='strongpassword', project_name=None, username='adminuser' password='strongpassword', project_name=None, username='adminuser',
project_domain_id=None, user_domain_id=None
) )
p_client.assert_called_once_with( p_client.assert_called_once_with(
p_api_version(nova.NOVA_API_VERSION), p_api_version(nova.NOVA_API_VERSION),
@ -112,15 +116,16 @@ class NovaClientTestCase(test.TestCase):
@mock.patch('novaclient.api_versions.APIVersion') @mock.patch('novaclient.api_versions.APIVersion')
@mock.patch('novaclient.client.Client') @mock.patch('novaclient.client.Client')
@mock.patch('keystoneauth1.loading.get_plugin_loader') @mock.patch('keystoneauth1.identity.Password')
@mock.patch('keystoneauth1.session.Session') @mock.patch('keystoneauth1.session.Session')
def test_nova_client_custom_region(self, p_session, p_plugin_loader, def test_nova_client_custom_region(self, p_session, p_password_plugin,
p_client, p_api_version): p_client, p_api_version):
self.override_config('os_region_name', 'farfaraway') self.override_config('os_region_name', 'farfaraway')
nova.novaclient(self.ctx) nova.novaclient(self.ctx)
p_plugin_loader.return_value.load_from_options.assert_called_once_with( p_password_plugin.assert_called_once_with(
auth_url='http://novahost:8774/v2/e3f0833dc08b4cea', auth_url='http://novahost:8774/v2/e3f0833dc08b4cea',
password='token', project_name=None, username='regularuser' password='token', project_name=None, username='regularuser',
project_domain_id=None, user_domain_id=None
) )
p_client.assert_called_once_with( p_client.assert_called_once_with(
p_api_version(nova.NOVA_API_VERSION), p_api_version(nova.NOVA_API_VERSION),