diff --git a/tripleo_common/actions/ansible.py b/tripleo_common/actions/ansible.py index 5a45e2c2e..53009c786 100644 --- a/tripleo_common/actions/ansible.py +++ b/tripleo_common/actions/ansible.py @@ -474,11 +474,12 @@ class AnsiblePlaybookAction(base.TripleOAction): env_variables.update(self.extra_env_variables) if self.use_openstack_credentials: + security_ctx = context.security env_variables.update({ - 'OS_AUTH_URL': context.auth_uri, - 'OS_USERNAME': context.user_name, - 'OS_AUTH_TOKEN': context.auth_token, - 'OS_PROJECT_NAME': context.project_name}) + 'OS_AUTH_URL': security_ctx.auth_uri, + 'OS_USERNAME': security_ctx.user_name, + 'OS_AUTH_TOKEN': security_ctx.auth_token, + 'OS_PROJECT_NAME': security_ctx.project_name}) command = [str(c) for c in command] diff --git a/tripleo_common/actions/base.py b/tripleo_common/actions/base.py index 90a0b1176..ec8cda878 100644 --- a/tripleo_common/actions/base.py +++ b/tripleo_common/actions/base.py @@ -48,17 +48,19 @@ class TripleOAction(actions.Action): return session_and_auth['session'] def get_object_client(self, context): + security_ctx = context.security + swift_endpoint = keystone_utils.get_endpoint_for_project( - context, + security_ctx, 'swift' ) kwargs = { 'preauthurl': swift_endpoint.url % { - 'tenant_id': context.project_id + 'tenant_id': security_ctx.project_id }, - 'session': self.get_session(context, 'swift'), - 'insecure': context.insecure, + 'session': self.get_session(security_ctx, 'swift'), + 'insecure': security_ctx.insecure, 'retries': 10, 'starting_backoff': 3, 'max_backoff': 120 @@ -82,8 +84,9 @@ class TripleOAction(actions.Action): return swift_service.SwiftService(options=swift_opts) def get_baremetal_client(self, context): + security_ctx = context.security ironic_endpoint = keystone_utils.get_endpoint_for_project( - context, 'ironic') + security_ctx, 'ironic') # FIXME(lucasagomes): Use ironicclient.get_client() instead # of ironicclient.Client(). Client() might cause errors since @@ -91,7 +94,7 @@ class TripleOAction(actions.Action): # prefered way return ironicclient.Client( ironic_endpoint.url, - token=context.auth_token, + token=security_ctx.auth_token, region_name=ironic_endpoint.region, os_ironic_api_version='1.36', # FIXME(lucasagomes):Paramtetize max_retries and @@ -104,10 +107,11 @@ class TripleOAction(actions.Action): ) def get_baremetal_introspection_client(self, context): + security_ctx = context.security bmi_endpoint = keystone_utils.get_endpoint_for_project( - context, 'ironic-inspector') + security_ctx, 'ironic-inspector') - auth = Token(endpoint=bmi_endpoint.url, token=context.auth_token) + auth = Token(endpoint=bmi_endpoint.url, token=security_ctx.auth_token) return ironic_inspector_client.ClientV1( api_version='1.2', @@ -116,28 +120,30 @@ class TripleOAction(actions.Action): ) def get_image_client(self, context): + security_ctx = context.security glance_endpoint = keystone_utils.get_endpoint_for_project( - context, 'glance') + security_ctx, 'glance') return glanceclient.Client( glance_endpoint.url, - token=context.auth_token, + token=security_ctx.auth_token, region_name=glance_endpoint.region ) def get_orchestration_client(self, context): + security_ctx = context.security heat_endpoint = keystone_utils.get_endpoint_for_project( - context, 'heat') + security_ctx, 'heat') endpoint_url = keystone_utils.format_url( heat_endpoint.url, - {'tenant_id': context.project_id} + {'tenant_id': security_ctx.project_id} ) return heatclient.Client( endpoint_url, region_name=heat_endpoint.region, - token=context.auth_token, - username=context.user_name + token=security_ctx.auth_token, + username=security_ctx.user_name ) def get_messaging_client(self, context): @@ -160,18 +166,20 @@ class TripleOAction(actions.Action): return zaqarclient.Client(zaqar_endpoint.url, conf=conf) def get_workflow_client(self, context): + security_ctx = context.security mistral_endpoint = keystone_utils.get_endpoint_for_project( - context, 'mistral') + security_ctx, 'mistral') - mc = mistral_client.client(auth_token=context.auth_token, + mc = mistral_client.client(auth_token=security_ctx.auth_token, mistral_url=mistral_endpoint.url) return mc def get_compute_client(self, context): + security_ctx = context.security conf = keystone_utils.get_session_and_auth( - context, + security_ctx, service_type='compute' ) diff --git a/tripleo_common/tests/actions/test_base.py b/tripleo_common/tests/actions/test_base.py index 01eeaeaa7..e6c38ac90 100644 --- a/tripleo_common/tests/actions/test_base.py +++ b/tripleo_common/tests/actions/test_base.py @@ -33,7 +33,7 @@ class TestActionsBase(tests_base.TestCase): self.action = base.TripleOAction() @mock.patch.object(ironicclient, 'Client') - def test__get_baremetal_client(self, mock_client, mock_endpoint): + def test_get_baremetal_client(self, mock_client, mock_endpoint): mock_cxt = mock.MagicMock() mock_endpoint.return_value = mock.Mock( url='http://ironic/v1', region='ironic-region') @@ -41,7 +41,7 @@ class TestActionsBase(tests_base.TestCase): mock_client.assert_called_once_with( 'http://ironic/v1', max_retries=12, os_ironic_api_version='1.36', region_name='ironic-region', retry_interval=5, token=mock.ANY) - mock_endpoint.assert_called_once_with(mock_cxt, 'ironic') + mock_endpoint.assert_called_once_with(mock_cxt.security, 'ironic') mock_cxt.assert_not_called() def test_cache_key(self, mock_endpoint): diff --git a/tripleo_common/tests/actions/test_templates.py b/tripleo_common/tests/actions/test_templates.py index 91d16ef29..b45c6a8ec 100644 --- a/tripleo_common/tests/actions/test_templates.py +++ b/tripleo_common/tests/actions/test_templates.py @@ -400,12 +400,13 @@ class ProcessTemplatesActionTest(base.TestCase): swift.get_object = mock.MagicMock() swift.get_container = mock.MagicMock() get_obj_client_mock.return_value = swift + mock_ctx = mock.MagicMock() # Test action = templates.ProcessTemplatesAction() action._j2_render_and_put(JINJA_SNIPPET_CONFIG, {'role': 'CustomRole'}, - 'customrole-config.yaml') + 'customrole-config.yaml', context=mock_ctx) action_result = swift.put_object._mock_mock_calls[0] @@ -427,12 +428,14 @@ class ProcessTemplatesActionTest(base.TestCase): swift.get_container = mock.MagicMock( side_effect=return_container_files) get_obj_client_mock.return_value = swift + mock_ctx = mock.MagicMock() # Test action = templates.ProcessTemplatesAction() action._j2_render_and_put(r"{% include 'foo.yaml' %}", {'role': 'CustomRole'}, - 'customrole-config.yaml') + 'customrole-config.yaml', + context=mock_ctx) action_result = swift.put_object._mock_mock_calls[0] @@ -456,12 +459,14 @@ class ProcessTemplatesActionTest(base.TestCase): swift.get_container = mock.MagicMock( side_effect=return_container_files) get_obj_client_mock.return_value = swift + mock_ctx = mock.MagicMock() # Test action = templates.ProcessTemplatesAction() action._j2_render_and_put(r"{% include 'foo.yaml' %}", {'role': 'CustomRole'}, - 'bar/customrole-config.yaml') + 'bar/customrole-config.yaml', + context=mock_ctx) action_result = swift.put_object._mock_mock_calls[0]