Updated keystone_admin conf section to reflect changes in middleware

keystonemiddleware module now prefers auth_uri (for public auth endpoint) and identity_uri (for admin auth endpoint). Made cisco plugin to use public auth_uri instead of identity_uri. identity_uri is used by keystonemiddleware only, anyway added it to several unit tests for consistency. DocImpact Closes-Bug: 1313783 Change-Id: I8bce9bfc01859dad82e5a98f4ac1da54ed86392a
2014-04-28 15:02:34 +02:00 · 2014-04-28 15:02:34 +02:00 · c5928a4464
parent 5de1d2ed67
commit c5928a4464
8 changed files with 54 additions and 43 deletions
--- a/etc/neutron.conf
+++ b/etc/neutron.conf
@ -589,9 +589,8 @@ lock_path = $state_path/lock
 # ===========  end of items for agent management extension =====

 [keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
+auth_uri = http://127.0.0.1:35357/v2.0/
+identity_uri = http://127.0.0.1:5000
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%
--- a/neutron/common/utils.py
+++ b/neutron/common/utils.py
@ -357,3 +357,15 @@ def is_dvr_serviced(device_owner):
                                  q_const.DEVICE_OWNER_DHCP)
    return (device_owner.startswith('compute:') or
            device_owner in dvr_serviced_device_owners)
+
+
+def get_keystone_url(conf):
+    if conf.auth_uri:
+        auth_uri = conf.auth_uri.rstrip('/')
+    else:
+        auth_uri = ('%(protocol)s://%(host)s:%(port)s' %
+            {'protocol': conf.auth_protocol,
+             'host': conf.auth_host,
+             'port': conf.auth_port})
+    # NOTE(ihrachys): all existing consumers assume version 2.0
+    return '%s/v2.0/' % auth_uri
--- a/neutron/plugins/cisco/db/l3/device_handling_db.py
+++ b/neutron/plugins/cisco/db/l3/device_handling_db.py
@ -108,7 +108,7 @@ class DeviceHandlingMixin(object):
    def l3_tenant_id(cls):
        """Returns id of tenant owning hosting device resources."""
        if cls._l3_tenant_uuid is None:
-            auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
+            auth_url = cfg.CONF.keystone_authtoken.auth_uri
            user = cfg.CONF.keystone_authtoken.admin_user
            pw = cfg.CONF.keystone_authtoken.admin_password
            tenant = cfg.CONF.keystone_authtoken.admin_tenant_name
@ -336,7 +336,7 @@ class DeviceHandlingMixin(object):
            return True

    def _setup_device_handling(self):
-        auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
+        auth_url = cfg.CONF.keystone_authtoken.auth_uri
        u_name = cfg.CONF.keystone_authtoken.admin_user
        pw = cfg.CONF.keystone_authtoken.admin_password
        tenant = cfg.CONF.general.l3_admin_tenant
--- a/neutron/plugins/ibm/sdnve_api.py
+++ b/neutron/plugins/ibm/sdnve_api.py
@ -23,6 +23,7 @@ from keystoneclient.v2_0 import client as keyclient
 from oslo.config import cfg

 from neutron.api.v2 import attributes
+from neutron.common import utils
 from neutron.i18n import _LE, _LI
 from neutron.openstack.common import log as logging
 from neutron.plugins.ibm.common import config  # noqa
@ -341,15 +342,14 @@ class KeystoneClient(object):
                 auth_url=None):

        keystone_conf = cfg.CONF.keystone_authtoken
-        keystone_auth_url = ('%s://%s:%s/v2.0/' %
-                             (keystone_conf.auth_protocol,
-                              keystone_conf.auth_host,
-                              keystone_conf.auth_port))

        username = username or keystone_conf.admin_user
        tenant_name = tenant_name or keystone_conf.admin_tenant_name
        password = password or keystone_conf.admin_password
-        auth_url = auth_url or keystone_auth_url
+        # FIXME(ihrachys): plugins should not construct keystone URL
+        # from configuration file and should instead rely on service
+        # catalog contents
+        auth_url = auth_url or utils.get_keystone_url(keystone_conf)

        self.overlay_signature = cfg.CONF.SDNVE.overlay_signature
        self.of_signature = cfg.CONF.SDNVE.of_signature
--- a/neutron/plugins/ml2/drivers/arista/mechanism_arista.py
+++ b/neutron/plugins/ml2/drivers/arista/mechanism_arista.py
@ -20,6 +20,7 @@ import jsonrpclib
 from oslo.config import cfg

 from neutron.common import constants as n_const
+from neutron.common import utils
 from neutron.i18n import _LI, _LW
 from neutron.openstack.common import log as logging
 from neutron.plugins.ml2.common import exceptions as ml2_exc
@ -77,13 +78,6 @@ class AristaRPCWrapper(object):
            LOG.warn(_LW("'timestamp' command '%s' is not available on EOS"),
                     cmd)

-    def _keystone_url(self):
-        keystone_auth_url = ('%s://%s:%s/v2.0/' %
-                             (self.keystone_conf.auth_protocol,
-                              self.keystone_conf.auth_host,
-                              self.keystone_conf.auth_port))
-        return keystone_auth_url
-
    def get_tenants(self):
        """Returns dict of all tenants known by EOS.

@ -389,18 +383,25 @@ class AristaRPCWrapper(object):
        This the initial handshake between Neutron and EOS.
        critical end-point information is registered with EOS.
        """
+        keystone_conf = self.keystone_conf
+        # FIXME(ihrachys): plugins should not construct keystone URL
+        # from configuration file and should instead rely on service
+        # catalog contents
+        auth_uri = utils.get_keystone_url(keystone_conf)

-        cmds = ['auth url %s user %s password %s tenant %s' % (
-                self._keystone_url(),
-                self.keystone_conf.admin_user,
-                self.keystone_conf.admin_password,
-                self.keystone_conf.admin_tenant_name)]
+        cmds = ['auth url %(auth_url)s user %(user)s '
+                'password %(password)s tenant %(tenant)s' %
+                {'auth_url': auth_uri,
+                 'user': keystone_conf.admin_user,
+                 'password': keystone_conf.admin_password,
+                 'tenant': keystone_conf.admin_tenant_name}]

-        log_cmds = ['auth url %s user %s password %s tenant %s' % (
-                    self._keystone_url(),
-                    self.keystone_conf.admin_user,
-                    '******',
-                    self.keystone_conf.admin_tenant_name)]
+        log_cmds = ['auth url %(auth_url)s user %(user)s '
+                    'password %(password)s tenant %(tenant)s' %
+                    {'auth_url': auth_uri,
+                     'user': keystone_conf.admin_user,
+                     'password': '******',
+                     'tenant': keystone_conf.admin_tenant_name}]

        sync_interval_cmd = 'sync interval %d' % self.sync_interval
        cmds.append(sync_interval_cmd)
--- a/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py
+++ b/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py
@ -158,9 +158,8 @@ class L3RouterApplianceTestCaseBase(

        cfg.CONF.set_override('allow_sorting', True)
        test_opts = [
-            cfg.StrOpt('auth_protocol', default='http'),
-            cfg.StrOpt('auth_host', default='localhost'),
-            cfg.IntOpt('auth_port', default=35357),
+            cfg.StrOpt('auth_uri', default='http://localhost:35357/v2.0/'),
+            cfg.StrOpt('identity_uri', default='http://localhost:5000'),
            cfg.StrOpt('admin_user', default='neutron'),
            cfg.StrOpt('admin_password', default='secrete')]
        cfg.CONF.register_opts(test_opts, 'keystone_authtoken')
--- a/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py
+++ b/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py
@ -17,6 +17,7 @@ import mock
 from oslo.config import cfg

 from neutron.common import constants as n_const
+from neutron.common import utils
 from neutron.extensions import portbindings
 from neutron.plugins.ml2.drivers.arista import db
 from neutron.plugins.ml2.drivers.arista import exceptions as arista_exc
@ -525,13 +526,14 @@ class PositiveRPCWrapperValidConfigTestCase(base.BaseTestCase):
    def test_register_with_eos(self):
        self.drv.register_with_eos()
        auth = fake_keystone_info_class()
-        keystone_url = '%s://%s:%s/v2.0/' % (auth.auth_protocol,
-                                             auth.auth_host,
-                                             auth.auth_port)
-        auth_cmd = 'auth url %s user %s password %s tenant %s' % (keystone_url,
-                    auth.admin_user,
-                    auth.admin_password,
-                    auth.admin_tenant_name)
+        auth_cmd = (
+            'auth url %(auth_url)s user %(user)s '
+            'password %(password)s tenant %(tenant)s' %
+            {'auth_url': utils.get_keystone_url(auth),
+             'user': auth.admin_user,
+             'password': auth.admin_password,
+             'tenant': auth.admin_tenant_name}
+        )
        cmds = ['enable',
                'configure',
                'cvx',
@ -713,9 +715,8 @@ class fake_keystone_info_class(object):
    Arista Driver expects Keystone auth info. This fake information
    is for testing only
    """
-    auth_protocol = 'abc'
-    auth_host = 'host'
-    auth_port = 5000
+    auth_uri = 'abc://host:35357/v2.0/'
+    identity_uri = 'abc://host:5000'
    admin_user = 'neutron'
    admin_password = 'fun'
    admin_tenant_name = 'tenant_name'
--- a/neutron/tests/unit/opencontrail/test_contrail_plugin.py
+++ b/neutron/tests/unit/opencontrail/test_contrail_plugin.py
@ -201,9 +201,8 @@ class KeyStoneInfo(object):
    """To generate Keystone Authentication information
       Contrail Driver expects Keystone auth info for testing purpose.
    """
-    auth_protocol = 'http'
-    auth_host = 'host'
-    auth_port = 5000
+    auth_uri = 'http://host:35357/v2.0/'
+    identity_uri = 'http://host:5000'
    admin_user = 'neutron'
    admin_password = 'neutron'
    admin_token = 'neutron'