Read domain info from context when contacting nova
When we make a keystoneauth Session instance we are not looking at domain info. This way we're always creating v2Password auth plugin, which will obviously fail in an Identity v3-only scenario. This patch makes domain information (i.e user_domain_id and project_domain_id) be read from the context so that we can issue v3Password plugin as well. Also, the logic behind auth plugin creation has been changed, as long as the loading mechanism is designed to read options from config files, which is not the case. Creating the plugin directly seems to fit better here. This change is backwards compatible, since identity.Password can figure out what Identity version is in use and will ignore domain info if v2.0 Change-Id: I687a73cce4230e1d98d5c42fdc81549d5bc6ab1a Closes-Bug: #1599168
This commit is contained in:
parent
47b02d1b47
commit
4fe3f4cfda
@ -16,8 +16,8 @@
|
|||||||
Handles all requests to Nova.
|
Handles all requests to Nova.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import keystoneauth1.loading
|
from keystoneauth1 import identity
|
||||||
import keystoneauth1.session
|
from keystoneauth1 import session as ka_session
|
||||||
from novaclient import api_versions
|
from novaclient import api_versions
|
||||||
from novaclient import client as nova_client
|
from novaclient import client as nova_client
|
||||||
from novaclient import exceptions as nova_exceptions
|
from novaclient import exceptions as nova_exceptions
|
||||||
@ -137,14 +137,16 @@ def novaclient(context, admin_endpoint=False, privileged_user=False,
|
|||||||
|
|
||||||
LOG.debug('Nova client connection created using URL: %s', url)
|
LOG.debug('Nova client connection created using URL: %s', url)
|
||||||
|
|
||||||
# Now that we have the correct auth_url, username, password and
|
# Now that we have the correct auth_url, username, password, project_name
|
||||||
# project_name, let's build a Keystone session.
|
# and domain information, i.e. project_domain_id and user_domain_id (if
|
||||||
loader = keystoneauth1.loading.get_plugin_loader('password')
|
# using Identity v3 API) let's build a Keystone session.
|
||||||
auth = loader.load_from_options(auth_url=url,
|
auth = identity.Password(auth_url=url,
|
||||||
username=context.user_id,
|
username=context.user_id,
|
||||||
password=context.auth_token,
|
password=context.auth_token,
|
||||||
project_name=context.project_name)
|
project_name=context.project_name,
|
||||||
keystone_session = keystoneauth1.session.Session(auth=auth)
|
project_domain_id=context.project_domain,
|
||||||
|
user_domain_id=context.user_domain)
|
||||||
|
keystone_session = ka_session.Session(auth=auth)
|
||||||
|
|
||||||
c = nova_client.Client(api_versions.APIVersion(NOVA_API_VERSION),
|
c = nova_client.Client(api_versions.APIVersion(NOVA_API_VERSION),
|
||||||
session=keystone_session,
|
session=keystone_session,
|
||||||
|
@ -40,14 +40,15 @@ class NovaClientTestCase(test.TestCase):
|
|||||||
|
|
||||||
@mock.patch('novaclient.api_versions.APIVersion')
|
@mock.patch('novaclient.api_versions.APIVersion')
|
||||||
@mock.patch('novaclient.client.Client')
|
@mock.patch('novaclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.loading.get_plugin_loader')
|
@mock.patch('keystoneauth1.identity.Password')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_nova_client_regular(self, p_session, p_plugin_loader, p_client,
|
def test_nova_client_regular(self, p_session, p_password_plugin, p_client,
|
||||||
p_api_version):
|
p_api_version):
|
||||||
nova.novaclient(self.ctx)
|
nova.novaclient(self.ctx)
|
||||||
p_plugin_loader.return_value.load_from_options.assert_called_once_with(
|
p_password_plugin.assert_called_once_with(
|
||||||
auth_url='http://novahost:8774/v2/e3f0833dc08b4cea',
|
auth_url='http://novahost:8774/v2/e3f0833dc08b4cea',
|
||||||
password='token', project_name=None, username='regularuser'
|
password='token', project_name=None, username='regularuser',
|
||||||
|
project_domain_id=None, user_domain_id=None
|
||||||
)
|
)
|
||||||
p_client.assert_called_once_with(
|
p_client.assert_called_once_with(
|
||||||
p_api_version(nova.NOVA_API_VERSION),
|
p_api_version(nova.NOVA_API_VERSION),
|
||||||
@ -57,14 +58,15 @@ class NovaClientTestCase(test.TestCase):
|
|||||||
|
|
||||||
@mock.patch('novaclient.api_versions.APIVersion')
|
@mock.patch('novaclient.api_versions.APIVersion')
|
||||||
@mock.patch('novaclient.client.Client')
|
@mock.patch('novaclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.loading.get_plugin_loader')
|
@mock.patch('keystoneauth1.identity.Password')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_nova_client_admin_endpoint(self, p_session, p_plugin_loader,
|
def test_nova_client_admin_endpoint(self, p_session, p_password_plugin,
|
||||||
p_client, p_api_version):
|
p_client, p_api_version):
|
||||||
nova.novaclient(self.ctx, admin_endpoint=True)
|
nova.novaclient(self.ctx, admin_endpoint=True)
|
||||||
p_plugin_loader.return_value.load_from_options.assert_called_once_with(
|
p_password_plugin.assert_called_once_with(
|
||||||
auth_url='http://novaadmhost:4778/v2/e3f0833dc08b4cea',
|
auth_url='http://novaadmhost:4778/v2/e3f0833dc08b4cea',
|
||||||
password='token', project_name=None, username='regularuser'
|
password='token', project_name=None, username='regularuser',
|
||||||
|
project_domain_id=None, user_domain_id=None
|
||||||
)
|
)
|
||||||
p_client.assert_called_once_with(
|
p_client.assert_called_once_with(
|
||||||
p_api_version(nova.NOVA_API_VERSION),
|
p_api_version(nova.NOVA_API_VERSION),
|
||||||
@ -74,14 +76,15 @@ class NovaClientTestCase(test.TestCase):
|
|||||||
|
|
||||||
@mock.patch('novaclient.api_versions.APIVersion')
|
@mock.patch('novaclient.api_versions.APIVersion')
|
||||||
@mock.patch('novaclient.client.Client')
|
@mock.patch('novaclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.loading.get_plugin_loader')
|
@mock.patch('keystoneauth1.identity.Password')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_nova_client_privileged_user(self, p_session, p_plugin_loader,
|
def test_nova_client_privileged_user(self, p_session, p_password_plugin,
|
||||||
p_client, p_api_version):
|
p_client, p_api_version):
|
||||||
nova.novaclient(self.ctx, privileged_user=True)
|
nova.novaclient(self.ctx, privileged_user=True)
|
||||||
p_plugin_loader.return_value.load_from_options.assert_called_once_with(
|
p_password_plugin.assert_called_once_with(
|
||||||
auth_url='http://keystonehost:5000/v2.0',
|
auth_url='http://keystonehost:5000/v2.0',
|
||||||
password='strongpassword', project_name=None, username='adminuser'
|
password='strongpassword', project_name=None, username='adminuser',
|
||||||
|
project_domain_id=None, user_domain_id=None
|
||||||
)
|
)
|
||||||
p_client.assert_called_once_with(
|
p_client.assert_called_once_with(
|
||||||
p_api_version(nova.NOVA_API_VERSION),
|
p_api_version(nova.NOVA_API_VERSION),
|
||||||
@ -91,18 +94,19 @@ class NovaClientTestCase(test.TestCase):
|
|||||||
|
|
||||||
@mock.patch('novaclient.api_versions.APIVersion')
|
@mock.patch('novaclient.api_versions.APIVersion')
|
||||||
@mock.patch('novaclient.client.Client')
|
@mock.patch('novaclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.loading.get_plugin_loader')
|
@mock.patch('keystoneauth1.identity.Password')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_nova_client_privileged_user_custom_auth_url(self, p_session,
|
def test_nova_client_privileged_user_custom_auth_url(self, p_session,
|
||||||
p_plugin_loader,
|
p_password_plugin,
|
||||||
p_client,
|
p_client,
|
||||||
p_api_version):
|
p_api_version):
|
||||||
self.override_config('os_privileged_user_auth_url',
|
self.override_config('os_privileged_user_auth_url',
|
||||||
'http://privatekeystonehost:5000/v2.0')
|
'http://privatekeystonehost:5000/v2.0')
|
||||||
nova.novaclient(self.ctx, privileged_user=True)
|
nova.novaclient(self.ctx, privileged_user=True)
|
||||||
p_plugin_loader.return_value.load_from_options.assert_called_once_with(
|
p_password_plugin.assert_called_once_with(
|
||||||
auth_url='http://privatekeystonehost:5000/v2.0',
|
auth_url='http://privatekeystonehost:5000/v2.0',
|
||||||
password='strongpassword', project_name=None, username='adminuser'
|
password='strongpassword', project_name=None, username='adminuser',
|
||||||
|
project_domain_id=None, user_domain_id=None
|
||||||
)
|
)
|
||||||
p_client.assert_called_once_with(
|
p_client.assert_called_once_with(
|
||||||
p_api_version(nova.NOVA_API_VERSION),
|
p_api_version(nova.NOVA_API_VERSION),
|
||||||
@ -112,15 +116,16 @@ class NovaClientTestCase(test.TestCase):
|
|||||||
|
|
||||||
@mock.patch('novaclient.api_versions.APIVersion')
|
@mock.patch('novaclient.api_versions.APIVersion')
|
||||||
@mock.patch('novaclient.client.Client')
|
@mock.patch('novaclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.loading.get_plugin_loader')
|
@mock.patch('keystoneauth1.identity.Password')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_nova_client_custom_region(self, p_session, p_plugin_loader,
|
def test_nova_client_custom_region(self, p_session, p_password_plugin,
|
||||||
p_client, p_api_version):
|
p_client, p_api_version):
|
||||||
self.override_config('os_region_name', 'farfaraway')
|
self.override_config('os_region_name', 'farfaraway')
|
||||||
nova.novaclient(self.ctx)
|
nova.novaclient(self.ctx)
|
||||||
p_plugin_loader.return_value.load_from_options.assert_called_once_with(
|
p_password_plugin.assert_called_once_with(
|
||||||
auth_url='http://novahost:8774/v2/e3f0833dc08b4cea',
|
auth_url='http://novahost:8774/v2/e3f0833dc08b4cea',
|
||||||
password='token', project_name=None, username='regularuser'
|
password='token', project_name=None, username='regularuser',
|
||||||
|
project_domain_id=None, user_domain_id=None
|
||||||
)
|
)
|
||||||
p_client.assert_called_once_with(
|
p_client.assert_called_once_with(
|
||||||
p_api_version(nova.NOVA_API_VERSION),
|
p_api_version(nova.NOVA_API_VERSION),
|
||||||
|
Loading…
Reference in New Issue
Block a user