Charm Helpers

Merge lp:~thedac/charm-helpers/keystoneauth1 into lp:charm-helpers

  1. keystoneauth1
  2. Merge into devel
Proposed by David Ames
Status: Merged
Merged at revision: 750
Proposed branch: lp:~thedac/charm-helpers/keystoneauth1
Merge into: lp:charm-helpers
Diff against target: 144 lines (+56/-27)
1 file modified
charmhelpers/contrib/openstack/amulet/utils.py (+56/-27)
To merge this branch: bzr merge lp:~thedac/charm-helpers/keystoneauth1
Reviewer Review Type Date Requested Status
Billy Olsen Approve
charmers Pending
Review via email: mp+325317@code.launchpad.net

Description of the change

Use keystoneauth1 sessions

As of Ocata clients keystoneauth1 sessions is the appropriate method
to authenticate against keystone.

This changes some of the previous methods used to interrogate
keystone including retrieving catalog entries.

This change updates the amulet utilities to use keystoneauth1.

To post a comment you must log in.
Revision history for this message
Billy Olsen (billy-olsen) wrote :

Changes look fine to me. I'd be nice to have unit tests, but none exist for this module as it is.

review: Approve
lp:~thedac/charm-helpers/keystoneauth1 updated
751. By David Ames

Avoid collision between project_name and tenant

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'charmhelpers/contrib/openstack/amulet/utils.py'
2--- charmhelpers/contrib/openstack/amulet/utils.py 2017-04-20 21:30:53 +0000
3+++ charmhelpers/contrib/openstack/amulet/utils.py 2017-06-08 17:03:27 +0000
4@@ -26,8 +26,11 @@
5 import glanceclient.v1.client as glance_client
6 import heatclient.v1.client as heat_client
7 import keystoneclient.v2_0 as keystone_client
8-from keystoneclient.auth.identity import v3 as keystone_id_v3
9-from keystoneclient import session as keystone_session
10+from keystoneauth1.identity import (
11+ v3,
12+ v2,
13+)
14+from keystoneauth1 import session as keystone_session
15 from keystoneclient.v3 import client as keystone_client_v3
16 from novaclient import exceptions
17
18@@ -368,12 +371,19 @@
19 port)
20 if not api_version or api_version == 2:
21 ep = base_ep + "/v2.0"
22- return keystone_client.Client(username=username, password=password,
23- tenant_name=project_name,
24- auth_url=ep)
25+ auth = v2.Password(
26+ username=username,
27+ password=password,
28+ tenant_name=project_name,
29+ auth_url=ep
30+ )
31+
32+ return keystone_client.Client(
33+ session=keystone_session.Session(auth=auth)
34+ )
35 else:
36 ep = base_ep + "/v3"
37- auth = keystone_id_v3.Password(
38+ auth = v3.Password(
39 user_domain_name=user_domain_name,
40 username=username,
41 password=password,
42@@ -388,30 +398,40 @@
43
44 def authenticate_keystone_admin(self, keystone_sentry, user, password,
45 tenant=None, api_version=None,
46- keystone_ip=None):
47+ keystone_ip=None, user_domain_name=None,
48+ project_domain_name=None,
49+ project_name=None):
50 """Authenticates admin user with the keystone admin endpoint."""
51 self.log.debug('Authenticating keystone admin...')
52 if not keystone_ip:
53 keystone_ip = keystone_sentry.info['public-address']
54
55- user_domain_name = None
56- domain_name = None
57- if api_version == 3:
58+ # To support backward compatibility usage of this function
59+ if not project_name:
60+ project_name = tenant
61+ if api_version == 3 and not user_domain_name:
62 user_domain_name = 'admin_domain'
63- domain_name = user_domain_name
64+ if api_version == 3 and not project_domain_name:
65+ project_domain_name = 'admin_domain'
66+ if api_version == 3 and not project_name:
67+ project_name = 'admin'
68
69- return self.authenticate_keystone(keystone_ip, user, password,
70- project_name=tenant,
71- api_version=api_version,
72- user_domain_name=user_domain_name,
73- domain_name=domain_name,
74- admin_port=True)
75+ return self.authenticate_keystone(
76+ keystone_ip, user, password,
77+ api_version=api_version,
78+ user_domain_name=user_domain_name,
79+ project_domain_name=project_domain_name,
80+ project_name=project_name,
81+ admin_port=True)
82
83 def authenticate_keystone_user(self, keystone, user, password, tenant):
84 """Authenticates a regular user with the keystone public endpoint."""
85 self.log.debug('Authenticating keystone user ({})...'.format(user))
86- ep = keystone.service_catalog.url_for(service_type='identity',
87- endpoint_type='publicURL')
88+
89+ endpoint_filter = {'service_type': 'identity',
90+ 'interface': 'public',
91+ 'region_name': 'RegionOne'}
92+ ep = keystone.session.get_endpoint(**endpoint_filter)
93 keystone_ip = urlparse.urlparse(ep).hostname
94
95 return self.authenticate_keystone(keystone_ip, user, password,
96@@ -420,22 +440,29 @@
97 def authenticate_glance_admin(self, keystone):
98 """Authenticates admin user with glance."""
99 self.log.debug('Authenticating glance admin...')
100- ep = keystone.service_catalog.url_for(service_type='image',
101- endpoint_type='adminURL')
102+ endpoint_filter = {'service_type': 'image',
103+ 'interface': 'admin',
104+ 'region_name': 'RegionOne'}
105+ ep = keystone.session.get_endpoint(**endpoint_filter)
106 return glance_client.Client(ep, token=keystone.auth_token)
107
108 def authenticate_heat_admin(self, keystone):
109 """Authenticates the admin user with heat."""
110 self.log.debug('Authenticating heat admin...')
111- ep = keystone.service_catalog.url_for(service_type='orchestration',
112- endpoint_type='publicURL')
113+ endpoint_filter = {'service_type': 'orchestration',
114+ 'interface': 'public',
115+ 'region_name': 'RegionOne'}
116+ ep = keystone.session.get_endpoint(**endpoint_filter)
117 return heat_client.Client(endpoint=ep, token=keystone.auth_token)
118
119 def authenticate_nova_user(self, keystone, user, password, tenant):
120 """Authenticates a regular user with nova-api."""
121 self.log.debug('Authenticating nova user ({})...'.format(user))
122- ep = keystone.service_catalog.url_for(service_type='identity',
123- endpoint_type='publicURL')
124+ endpoint_filter = {'service_type': 'identity',
125+ 'interface': 'public',
126+ 'region_name': 'RegionOne'}
127+ ep = keystone.session.get_endpoint(**endpoint_filter)
128+
129 if novaclient.__version__[0] >= "7":
130 return nova_client.Client(NOVA_CLIENT_VERSION,
131 username=user, password=password,
132@@ -448,8 +475,10 @@
133 def authenticate_swift_user(self, keystone, user, password, tenant):
134 """Authenticates a regular user with swift api."""
135 self.log.debug('Authenticating swift user ({})...'.format(user))
136- ep = keystone.service_catalog.url_for(service_type='identity',
137- endpoint_type='publicURL')
138+ endpoint_filter = {'service_type': 'identity',
139+ 'interface': 'public',
140+ 'region_name': 'RegionOne'}
141+ ep = keystone.session.get_endpoint(**endpoint_filter)
142 return swiftclient.Connection(authurl=ep,
143 user=user,
144 key=password,

Subscribers

People subscribed via source and target branches