From c9fee0af8d208ef884f8a364b2d33e3e0f7cce57 Mon Sep 17 00:00:00 2001 From: dharmendra Date: Wed, 23 Jan 2019 13:40:48 +0000 Subject: [PATCH] Move to use only kestone v3 api Currently Tacker usage a misxture of v2 v3 api, which is suboptimal from both a performance and code-elegance perspective. In this patch we refactor v2 apis from code. Change-Id: I981887f3f5af6356aba45a6d128d3e4b23b10286 Implements: blueprint keystone-v3 --- devstack/lib/tacker | 2 +- tacker/common/clients.py | 4 +- tacker/nfvo/drivers/vim/openstack_driver.py | 61 ++++++------------- tacker/nfvo/nfvo_plugin.py | 1 + .../vim_monitor/vim_monitor_utils.py | 2 +- tacker/tests/functional/clients.py | 4 +- tacker/tests/functional/keystone.py | 5 +- tacker/tests/functional/nfvo/test_vim.py | 11 +--- .../nfvo/drivers/vim/test_openstack_driver.py | 27 ++------ tacker/vnfm/keystone.py | 19 ++---- 10 files changed, 38 insertions(+), 98 deletions(-) diff --git a/devstack/lib/tacker b/devstack/lib/tacker index 0f0993def..240b0bd2c 100644 --- a/devstack/lib/tacker +++ b/devstack/lib/tacker @@ -283,7 +283,7 @@ function _tacker_setup_keystone { # Configures keystone for metadata_agent # metadata_agent needs auth_url to communicate with keystone if [[ "$use_auth_url" == "True" ]]; then - iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0 + iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI fi create_tacker_cache_dir diff --git a/tacker/common/clients.py b/tacker/common/clients.py index 3a56064bc..93154d60d 100644 --- a/tacker/common/clients.py +++ b/tacker/common/clients.py @@ -26,9 +26,7 @@ class OpenstackClients(object): self.auth_attr = auth_attr def _keystone_client(self): - version = self.auth_attr['auth_url'].rpartition('/')[2] - return self.keystone_plugin.initialize_client(version, - **self.auth_attr) + return self.keystone_plugin.initialize_client(**self.auth_attr) def _heat_client(self): endpoint = self.keystone_session.get_endpoint( diff --git a/tacker/nfvo/drivers/vim/openstack_driver.py b/tacker/nfvo/drivers/vim/openstack_driver.py index b2834960c..8607d9374 100644 --- a/tacker/nfvo/drivers/vim/openstack_driver.py +++ b/tacker/nfvo/drivers/vim/openstack_driver.py @@ -20,7 +20,6 @@ import yaml from keystoneauth1 import exceptions from keystoneauth1 import identity -from keystoneauth1.identity import v2 from keystoneauth1.identity import v3 from keystoneauth1 import session from neutronclient.common import exceptions as nc_exceptions @@ -124,56 +123,34 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver, keystone_version = NfvoPlugin.validate_keystone_auth_url( auth_url=auth_url, verify=verify) - auth_cred = self._get_auth_creds(keystone_version, vim_obj) - return self._initialize_keystone(keystone_version, auth_cred) + auth_cred = self._get_auth_creds(vim_obj, keystone_version) + return self._initialize_keystone(auth_cred) - def _get_auth_creds(self, keystone_version, vim_obj): - auth_url = vim_obj['auth_url'] + def _get_auth_creds(self, vim_obj, keystone_version): auth_cred = vim_obj['auth_cred'] vim_project = vim_obj['vim_project'] - - if keystone_version not in auth_url: - vim_obj['auth_url'] = auth_url + '/' + keystone_version - if keystone_version == 'v3': - auth_cred['project_id'] = vim_project.get('id') - auth_cred['project_name'] = vim_project.get('name') - auth_cred['project_domain_name'] = vim_project.get( - 'project_domain_name') - else: - auth_cred['tenant_id'] = vim_project.get('id') - auth_cred['tenant_name'] = vim_project.get('name') - # pop stuff not supported in keystone v2 - auth_cred.pop('user_domain_name', None) - auth_cred.pop('user_id', None) + auth_cred['project_id'] = vim_project.get('id') + auth_cred['project_name'] = vim_project.get('name') + auth_cred['project_domain_name'] = vim_project.get( + 'project_domain_name') auth_cred['auth_url'] = vim_obj['auth_url'] + if keystone_version not in auth_cred['auth_url']: + auth_cred['auth_url'] = auth_cred['auth_url'] + '/' + \ + keystone_version return auth_cred - def _get_auth_plugin(self, version, **kwargs): - if version == 'v2.0': - auth_plugin = v2.Password(**kwargs) - else: - auth_plugin = v3.Password(**kwargs) + def _get_auth_plugin(self, **kwargs): + auth_plugin = v3.Password(**kwargs) return auth_plugin - def _initialize_keystone(self, version, auth): - ks_client = self.keystone.initialize_client(version=version, **auth) + def _initialize_keystone(self, auth): + ks_client = self.keystone.initialize_client(**auth) return ks_client def _find_regions(self, ks_client): - if ks_client.version == 'v2.0': - service_list = ks_client.services.list() - heat_service_id = None - for service in service_list: - if service.type == 'orchestration': - heat_service_id = service.id - endpoints_list = ks_client.endpoints.list() - region_list = [endpoint.region for endpoint in - endpoints_list if endpoint.service_id == - heat_service_id] - else: - region_info = ks_client.regions.list() - region_list = [region.id for region in region_info] + region_info = ks_client.regions.list() + region_list = [region.id for region in region_info] return region_list def discover_placement_attr(self, vim_obj, ks_client): @@ -336,8 +313,8 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver, keystone_version = NfvoPlugin.validate_keystone_auth_url( auth_url=auth_url, verify=verify) - auth_cred = self._get_auth_creds(keystone_version, vim_obj) - auth_plugin = self._get_auth_plugin(keystone_version, **auth_cred) + auth_cred = self._get_auth_creds(vim_obj, keystone_version) + auth_plugin = self._get_auth_plugin(**auth_cred) sess = session.Session(auth=auth_plugin) return client_type(session=sess) @@ -735,7 +712,7 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver, raise EnvironmentError('auth dict required for' ' mistral workflow driver') return mistral_client.MistralClient( - keystone.Keystone().initialize_client('2', **auth_dict), + keystone.Keystone().initialize_client(**auth_dict), auth_dict['token']).get_client() def prepare_and_create_workflow(self, resource, action, diff --git a/tacker/nfvo/nfvo_plugin.py b/tacker/nfvo/nfvo_plugin.py index 5da38c43d..039e28584 100644 --- a/tacker/nfvo/nfvo_plugin.py +++ b/tacker/nfvo/nfvo_plugin.py @@ -117,6 +117,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin, LOG.debug('Create vim called with parameters %s', strutils.mask_password(vim)) vim_obj = vim['vim'] + vim_obj['auth_url'] = utils.get_auth_url_v3(vim_obj['auth_url']) vim_type = vim_obj['type'] vim_obj['id'] = uuidutils.generate_uuid() vim_obj['status'] = 'PENDING' diff --git a/tacker/nfvo/workflows/vim_monitor/vim_monitor_utils.py b/tacker/nfvo/workflows/vim_monitor/vim_monitor_utils.py index 88d9ec1c4..e6b4f67ae 100644 --- a/tacker/nfvo/workflows/vim_monitor/vim_monitor_utils.py +++ b/tacker/nfvo/workflows/vim_monitor/vim_monitor_utils.py @@ -27,7 +27,7 @@ LOG = logging.getLogger(__name__) def get_mistral_client(auth_dict): return mistral_client.MistralClient( - keystone.Keystone().initialize_client('2', **auth_dict), + keystone.Keystone().initialize_client(**auth_dict), auth_dict['token']).get_client() diff --git a/tacker/tests/functional/clients.py b/tacker/tests/functional/clients.py index b12d59928..1f6c282bf 100644 --- a/tacker/tests/functional/clients.py +++ b/tacker/tests/functional/clients.py @@ -25,9 +25,7 @@ class OpenstackClients(object): self.auth_attr = auth_attr def _keystone_client(self): - version = self.auth_attr['auth_url'].rpartition('/')[2] - return self.keystone_plugin.initialize_client(version, - **self.auth_attr) + return self.keystone_plugin.initialize_client(**self.auth_attr) def _heat_client(self): endpoint = self.keystone_session.get_endpoint( diff --git a/tacker/tests/functional/keystone.py b/tacker/tests/functional/keystone.py index 9fdbd960e..3be373f4f 100644 --- a/tacker/tests/functional/keystone.py +++ b/tacker/tests/functional/keystone.py @@ -47,10 +47,9 @@ class Keystone(object): def get_endpoint(self, ses, service_type, region_name=None): return ses.get_endpoint(service_type, region_name) - def initialize_client(self, version, **kwargs): - from keystoneclient.v3 import client + def initialize_client(self, **kwargs): verify = 'True' == kwargs.pop('cert_verify', 'False') auth_plugin = v3.Password(**kwargs) ses = self.get_session(auth_plugin=auth_plugin, verify=verify) - cli = client.Client(session=ses) + cli = client.Client('v3', session=ses) return cli diff --git a/tacker/tests/functional/nfvo/test_vim.py b/tacker/tests/functional/nfvo/test_vim.py index 70b66dc45..f112f1f29 100644 --- a/tacker/tests/functional/nfvo/test_vim.py +++ b/tacker/tests/functional/nfvo/test_vim.py @@ -110,10 +110,6 @@ class VimTestCreate(base.BaseTackerTest): "List of VIM events are Empty") self.assertEqual(cnt, len(vim_evt_list['vim_events'])) - def verify_vim_v2(self, vim_instance, config_data): - self.assertEqual(config_data['project_name'], - vim_instance['auth_cred']['tenant_name']) - def verify_vim_v3(self, vim_instance, config_data): self.assertEqual(config_data['project_name'], vim_instance['auth_cred']['project_name']) @@ -135,11 +131,8 @@ class VimTestCreate(base.BaseTackerTest): project_name = data['project_name'] auth_url = data['auth_url'] if version: - if ('v2' == version and (not auth_url.endswith("/v2.0") or - not auth_url.endswith("/v2.0/"))): - auth_url += "/v2.0" - elif (not auth_url.endswith("/v3") or - not auth_url.endswith("/v3/")): + if (not auth_url.endswith("/v3") or + not auth_url.endswith("/v3/")): auth_url += "/v3" domain_name = data.get('domain_name', None) vim_arg = {'vim': {'name': name, 'description': description, diff --git a/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py b/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py index 7416bbef2..816fe6641 100644 --- a/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py +++ b/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py @@ -130,31 +130,12 @@ class TestOpenstack_Driver(base.TestCase): regions = [mock_dict({'id': 'RegionOne'})] attrs = {'regions.list.return_value': regions} keystone_version = 'v3' - mock_ks_client = mock.Mock(version=keystone_version, **attrs) + mock_ks_client = mock.Mock(**attrs) self.keystone.get_version.return_value = keystone_version self._test_register_vim(self.vim_obj, mock_ks_client) mock_ks_client.regions.list.assert_called_once_with() self.keystone.initialize_client.assert_called_once_with( - version=keystone_version, **self.auth_obj) - - def test_register_keystone_v2(self): - services_list = [mock_dict({'type': 'orchestration', 'id': - 'test_id'})] - endpoints_regions = mock_dict({'region': 'RegionOne'}) - endpoints_list = [mock_dict({'service_id': 'test_id', 'regions': - endpoints_regions})] - attrs = {'endpoints.list.return_value': endpoints_list, - 'services.list.return_value': services_list} - keystone_version = 'v2.0' - mock_ks_client = mock.Mock(version='v2.0', **attrs) - self.keystone.get_version.return_value = keystone_version - auth_obj = {'tenant_name': 'test_project', 'username': 'test_user', - 'password': 'test_password', 'cert_verify': 'True', - 'auth_url': 'http://localhost/identity/v2.0', - 'tenant_id': None} - self._test_register_vim(self.vim_obj, mock_ks_client) - self.keystone.initialize_client.assert_called_once_with( - version=keystone_version, **auth_obj) + **self.auth_obj) def _test_register_vim(self, vim_obj, mock_ks_client): self.keystone.initialize_client.return_value = mock_ks_client @@ -220,15 +201,15 @@ class TestOpenstack_Driver(base.TestCase): def _test_register_vim_auth(self, attrs): keystone_version = 'v3' - mock_ks_client = mock.Mock(version=keystone_version, **attrs) self.keystone.get_version.return_value = keystone_version + mock_ks_client = mock.Mock(**attrs) self.keystone.initialize_client.return_value = mock_ks_client self.assertRaises(nfvo.VimUnauthorizedException, self.openstack_driver.register_vim, self.vim_obj) mock_ks_client.regions.list.assert_called_once_with() self.keystone.initialize_client.assert_called_once_with( - version=keystone_version, **self.auth_obj) + **self.auth_obj) def test_get_vim_resource_id(self): resource_type = 'network' diff --git a/tacker/vnfm/keystone.py b/tacker/vnfm/keystone.py index 116442db6..af11b6b15 100644 --- a/tacker/vnfm/keystone.py +++ b/tacker/vnfm/keystone.py @@ -25,6 +25,7 @@ from oslo_config import cfg from oslo_log import log as logging +DEFAULT_IDENTITY_VERSION = "v3" LOG = logging.getLogger(__name__) CONF = cfg.CONF @@ -51,22 +52,14 @@ class Keystone(object): def get_endpoint(self, ses, service_type, region_name=None): return ses.get_endpoint(service_type, region_name) - def initialize_client(self, version, **kwargs): + def initialize_client(self, **kwargs): verify = 'True' == kwargs.pop('cert_verify', 'True') or False - if version == 'v2.0': - from keystoneclient.v2_0 import client - if 'token' in kwargs: - auth_plugin = identity.v2.Token(**kwargs) - else: - auth_plugin = identity.v2.Password(**kwargs) + if 'token' in kwargs: + auth_plugin = identity.v3.Token(**kwargs) else: - from keystoneclient.v3 import client - if 'token' in kwargs: - auth_plugin = identity.v3.Token(**kwargs) - else: - auth_plugin = identity.v3.Password(**kwargs) + auth_plugin = identity.v3.Password(**kwargs) ses = self.get_session(auth_plugin=auth_plugin, verify=verify) - cli = client.Client(session=ses) + cli = client.Client(DEFAULT_IDENTITY_VERSION, session=ses) return cli @staticmethod