From fbeb0783e4b2f1fc5f44da7f7b704ce48bfe0087 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Thu, 8 Feb 2018 14:03:13 +0000 Subject: [PATCH] ironic_inspector: ironic: Fix 'auth_type' when 'auth_strategy' is used We should override the 'auth_type' to 'none' when using the old way of setting up authentication with 'auth_strategy' so we can override the default 'auth_type' value before getting the session information. This fixes the following issue Unhandled error: MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url This also adds a new testcase to test the strategy='noauth' scenario. Closes-Bug: #1748263 Change-Id: I875e2b17f5c6829ad81f86c32959cb106bf57e53 --- ironic_inspector/common/ironic.py | 18 +++++---- .../test/unit/test_common_ironic.py | 39 +++++++++++++------ .../keystone-noauth-9ba5ad9884c6273c.yaml | 6 +++ 3 files changed, 43 insertions(+), 20 deletions(-) create mode 100644 releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml diff --git a/ironic_inspector/common/ironic.py b/ironic_inspector/common/ironic.py index e9374ad2b..5e3684b81 100644 --- a/ironic_inspector/common/ironic.py +++ b/ironic_inspector/common/ironic.py @@ -83,6 +83,14 @@ def get_client(token=None, api_version=DEFAULT_IRONIC_API_VERSION): # pragma: no cover """Get Ironic client instance.""" global IRONIC_SESSION + + # NOTE: To support standalone ironic without keystone + # TODO(pas-ha) remove handling of deprecated opts in Rocky + # TODO(pas-ha) rewrite when ironicclient natively supports 'none' auth + # via sessions https://review.openstack.org/#/c/359061/ + if CONF.ironic.auth_strategy == 'noauth': + CONF.set_override('auth_type', 'none', group='ironic') + if not IRONIC_SESSION: IRONIC_SESSION = keystone.get_session('ironic') @@ -93,14 +101,8 @@ def get_client(token=None, adapter_opts = dict() - # NOTE: To support standalone ironic without keystone - # TODO(pas-ha) remove handling of deprecated opts in Rocky - # TODO(pas-ha) rewrite when ironicclient natively supports 'none' auth - # via sessions https://review.openstack.org/#/c/359061/ - if CONF.ironic.auth_strategy == 'noauth': - CONF.set_override('auth_type', 'none', group='ironic') - else: - # TODO(pas-ha) use service auth with incoming token + # TODO(pas-ha) use service auth with incoming token + if CONF.ironic.auth_type != 'none': if token is None: args['session'] = IRONIC_SESSION else: diff --git a/ironic_inspector/test/unit/test_common_ironic.py b/ironic_inspector/test/unit/test_common_ironic.py index 8b69a68fd..5aa63b3c3 100644 --- a/ironic_inspector/test/unit/test_common_ironic.py +++ b/ironic_inspector/test/unit/test_common_ironic.py @@ -27,18 +27,7 @@ from ironic_inspector import utils CONF = cfg.CONF -@mock.patch.object(keystone, 'get_adapter') -@mock.patch.object(keystone, 'register_auth_opts') -@mock.patch.object(keystone, 'get_session') -@mock.patch.object(client, 'Client') -class TestGetClient(base.BaseTest): - def setUp(self): - super(TestGetClient, self).setUp() - ir_utils.reset_ironic_session() - self.cfg.config(auth_strategy='keystone') - self.cfg.config(os_region='somewhere', group='ironic') - self.addCleanup(ir_utils.reset_ironic_session) - +class TestGetClientBase(object): def test_get_client_with_auth_token(self, mock_client, mock_load, mock_opts, mock_adapter): fake_token = 'token' @@ -70,6 +59,32 @@ class TestGetClient(base.BaseTest): mock_client.assert_called_once_with(1, fake_ironic_url, **args) +@mock.patch.object(keystone, 'get_adapter') +@mock.patch.object(keystone, 'register_auth_opts') +@mock.patch.object(keystone, 'get_session') +@mock.patch.object(client, 'Client') +class TestGetClientAuth(TestGetClientBase, base.BaseTest): + def setUp(self): + super(TestGetClientAuth, self).setUp() + ir_utils.reset_ironic_session() + self.cfg.config(auth_strategy='keystone') + self.cfg.config(os_region='somewhere', group='ironic') + self.addCleanup(ir_utils.reset_ironic_session) + + +@mock.patch.object(keystone, 'get_adapter') +@mock.patch.object(keystone, 'register_auth_opts') +@mock.patch.object(keystone, 'get_session') +@mock.patch.object(client, 'Client') +class TestGetClientNoAuth(TestGetClientBase, base.BaseTest): + def setUp(self): + super(TestGetClientNoAuth, self).setUp() + ir_utils.reset_ironic_session() + self.cfg.config(auth_strategy='noauth') + self.cfg.config(os_region='somewhere', group='ironic') + self.addCleanup(ir_utils.reset_ironic_session) + + class TestGetIpmiAddress(base.BaseTest): def test_ipv4_in_resolves(self): node = mock.Mock(spec=['driver_info', 'uuid'], diff --git a/releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml b/releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml new file mode 100644 index 000000000..3a08e8a4d --- /dev/null +++ b/releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Ironic introspection no longer tries to access the Identity service if the + ``auth_strategy`` option is set to ``noauth`` and the ``auth_type`` option + is not set to ``none``.