From 5b10a82bf6b0cb3e7b4762d7f5022882b22d96f6 Mon Sep 17 00:00:00 2001
From: Pavlo Shchelokovskyy <shchelokovskyy@gmail.com>
Date: Tue, 7 Feb 2017 10:49:22 +0000
Subject: [PATCH] Pass session directly to swiftclient

since v3.2.0 swiftclient supports instantiating the API client from
keystonauth session, and we already require this version as minimal in
ironic.

This patch removes existing workarounds in SwiftAPI code which were there
only to accomodate for absence of session handling in swiftclient,
and now the keystoneauth session built from the [swift] config section
is used directly to instantiate the swift API client.

Change-Id: I52f1386df45ebe0a43b11fe1583e012dfa3af532
Related-Bug: #1518938
---
 ironic/common/swift.py                 | 22 +---------------------
 ironic/tests/unit/common/test_swift.py | 13 ++-----------
 2 files changed, 3 insertions(+), 32 deletions(-)

diff --git a/ironic/common/swift.py b/ironic/common/swift.py
index bc40ec0915..a11736003e 100644
--- a/ironic/common/swift.py
+++ b/ironic/common/swift.py
@@ -14,7 +14,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import six
 from six.moves import http_client
 from six.moves.urllib import parse
 from swiftclient import client as swift_client
@@ -24,7 +23,6 @@ from swiftclient import utils as swift_utils
 from ironic.common import exception
 from ironic.common.i18n import _
 from ironic.common import keystone
-from ironic.conf import CONF
 
 
 _SWIFT_SESSION = None
@@ -41,26 +39,8 @@ class SwiftAPI(object):
     """API for communicating with Swift."""
 
     def __init__(self):
-        # TODO(pas-ha): swiftclient does not support keystone sessions ATM.
-        # Must be reworked when LP bug #1518938 is fixed.
         session = _get_swift_session()
-        params = {
-            'retries': CONF.swift.swift_max_retries,
-            'preauthurl': keystone.get_service_url(
-                session,
-                service_type='object-store'),
-            'preauthtoken': keystone.get_admin_auth_token(session)
-        }
-        # NOTE(pas-ha):session.verify is for HTTPS urls and can be
-        # - False (do not verify)
-        # - True (verify but try to locate system CA certificates)
-        # - Path (verify using specific CA certificate)
-        verify = session.verify
-        params['insecure'] = not verify
-        if verify and isinstance(verify, six.string_types):
-            params['cacert'] = verify
-
-        self.connection = swift_client.Connection(**params)
+        self.connection = swift_client.Connection(session=session)
 
     def create_object(self, container, obj, filename,
                       object_headers=None):
diff --git a/ironic/tests/unit/common/test_swift.py b/ironic/tests/unit/common/test_swift.py
index e5bc306fd1..305881a1a7 100644
--- a/ironic/tests/unit/common/test_swift.py
+++ b/ironic/tests/unit/common/test_swift.py
@@ -39,18 +39,9 @@ class SwiftTestCase(base.TestCase):
         self.swift_exception = swift_exception.ClientException('', '')
 
     def test___init__(self, connection_mock, keystone_mock):
-        sess = mock.Mock()
-        sess.get_endpoint.return_value = 'http://swift:8080'
-        sess.get_token.return_value = 'fake_token'
-        sess.verify = '/path/to/ca/file'
-        keystone_mock.return_value = sess
         swift.SwiftAPI()
-        params = {'retries': 2,
-                  'preauthurl': 'http://swift:8080',
-                  'preauthtoken': 'fake_token',
-                  'insecure': False,
-                  'cacert': '/path/to/ca/file'}
-        connection_mock.assert_called_once_with(**params)
+        connection_mock.assert_called_once_with(
+            session=keystone_mock.return_value)
 
     @mock.patch.object(__builtin__, 'open', autospec=True)
     def test_create_object(self, open_mock, connection_mock, keystone_mock):