From 6237884f367605ec91001abb33cc094a2d267c67 Mon Sep 17 00:00:00 2001 From: Anand Shanmugam Date: Mon, 17 Oct 2016 10:16:36 -0700 Subject: [PATCH] Keystone v2/v3 commit Change-Id: Ib82f3159b9a35a970879a984a6cdb8ede693248b --- cloudpulse/openstack/api/cinder_api.py | 8 +-- cloudpulse/openstack/api/glance_api.py | 15 +++--- cloudpulse/openstack/api/keystone_api.py | 9 +--- cloudpulse/openstack/api/keystone_session.py | 51 +++++++++++++++++++ cloudpulse/openstack/api/neutron_api.py | 9 +--- cloudpulse/openstack/api/nova_api.py | 9 +--- .../plugins/endpoint_tests/endpoint.py | 39 ++++---------- 7 files changed, 73 insertions(+), 67 deletions(-) create mode 100644 cloudpulse/openstack/api/keystone_session.py diff --git a/cloudpulse/openstack/api/cinder_api.py b/cloudpulse/openstack/api/cinder_api.py index 5a394a9..592c50a 100644 --- a/cloudpulse/openstack/api/cinder_api.py +++ b/cloudpulse/openstack/api/cinder_api.py @@ -11,18 +11,12 @@ # under the License. from cinderclient.client import Client as cinder_client -from keystoneclient.auth.identity import v3 as keystone_v3 -from keystoneclient import session class CinderHealth(object): def __init__(self, creds): - cacert = creds['cacert'] - del creds['cacert'] - auth = keystone_v3.Password(**creds) - sess = session.Session(auth=auth, verify=cacert) - self.cinderclient = cinder_client(2, session=sess) + self.cinderclient = cinder_client(2, **creds) def cinder_list(self): try: diff --git a/cloudpulse/openstack/api/glance_api.py b/cloudpulse/openstack/api/glance_api.py index 16bd29b..4497805 100644 --- a/cloudpulse/openstack/api/glance_api.py +++ b/cloudpulse/openstack/api/glance_api.py @@ -12,18 +12,19 @@ from glanceclient.exc import ClientException from glanceclient.v2 import client as glance_client -from keystoneclient.auth.identity import v3 as keystone_v3 -from keystoneclient import session class GlanceHealth(object): def __init__(self, creds): - cacert = creds['cacert'] - del creds['cacert'] - auth = keystone_v3.Password(**creds) - sess = session.Session(auth=auth, verify=cacert) - self.glanceclient = glance_client.Client('1', session=sess) + endpoint = None + if 'endpoint_type' in creds: + del creds['endpoint_type'] + if 'session' in creds: + endpoint = creds['session'].get_endpoint( + service_type='image', interface='internal') + self.glanceclient = glance_client.Client( + '2', endpoint_override=endpoint, **creds) def glance_image_list(self): try: diff --git a/cloudpulse/openstack/api/keystone_api.py b/cloudpulse/openstack/api/keystone_api.py index 3d3c1c2..a835f37 100644 --- a/cloudpulse/openstack/api/keystone_api.py +++ b/cloudpulse/openstack/api/keystone_api.py @@ -10,21 +10,14 @@ # License for the specific language governing permissions and limitations # under the License. -from keystoneclient.auth.identity import v3 as keystone_v3 from keystoneclient import client as keystoneclient from keystoneclient.exceptions import ClientException -from keystoneclient import session class KeystoneHealth(object): def __init__(self, creds): - cacert = creds['cacert'] - del creds['cacert'] - auth = keystone_v3.Password(**creds) - sess = session.Session(auth=auth, verify=cacert) - self.keystoneclient = keystoneclient.Client( - 3, session=sess, auth_url=creds['auth_url']) + self.keystoneclient = keystoneclient.Client(**creds) def keystone_service_list(self): try: diff --git a/cloudpulse/openstack/api/keystone_session.py b/cloudpulse/openstack/api/keystone_session.py new file mode 100644 index 0000000..82ebd4d --- /dev/null +++ b/cloudpulse/openstack/api/keystone_session.py @@ -0,0 +1,51 @@ +# Copyright 2015 Rackspace +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneauth1.identity import v2 as v2_client +from keystoneauth1.identity import v3 as v3_client +from keystoneauth1 import session +from oslo_config import cfg +from oslo_log import log as logging +from oslo_utils import excutils + +LOG = logging.getLogger(__name__) + +cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token') + + +def _get_kssession(): + kwargs = {'auth_url': cfg.CONF.keystone_authtoken.auth_uri, + 'username': cfg.CONF.keystone_authtoken.username, + 'password': cfg.CONF.keystone_authtoken.password} + if cfg.CONF.keystone_authtoken.auth_version == '2': + client = v2_client + kwargs['tenant_name'] = cfg.CONF.keystone_authtoken.project_name + elif cfg.CONF.keystone_authtoken.auth_version == '3': + client = v3_client + kwargs['project_name'] = cfg.CONF.keystone_authtoken.project_name + kwargs['user_domain_id'] = cfg.CONF.keystone_authtoken.user_domain_id + kwargs[ + 'project_domain_id'] = (cfg.CONF.keystone_authtoken. + project_domain_id) + else: + raise Exception('Unknown keystone version!') + + try: + kc = client.Password(**kwargs) + kssession = session.Session( + auth=kc, verify=(cfg.CONF.keystone_authtoken.cafile)) + return kssession + except Exception: + with excutils.save_and_reraise_exception(): + LOG.exception("Error creating Keystone session.") diff --git a/cloudpulse/openstack/api/neutron_api.py b/cloudpulse/openstack/api/neutron_api.py index 9afe934..01eb825 100644 --- a/cloudpulse/openstack/api/neutron_api.py +++ b/cloudpulse/openstack/api/neutron_api.py @@ -11,8 +11,6 @@ # under the License. -from keystoneclient.auth.identity import v3 as keystone_v3 -from keystoneclient import session from neutronclient.common.exceptions import NeutronException from neutronclient.neutron import client as neutronclient @@ -20,12 +18,7 @@ from neutronclient.neutron import client as neutronclient class NeutronHealth(object): def __init__(self, creds): - # creds['timeout'] = 30 - cacert = creds['cacert'] - del creds['cacert'] - auth = keystone_v3.Password(**creds) - sess = session.Session(auth=auth, verify=cacert) - self.neutron_client = neutronclient.Client('2.0', session=sess) + self.neutron_client = neutronclient.Client('2.0', **creds) def neutron_agent_list(self): try: diff --git a/cloudpulse/openstack/api/nova_api.py b/cloudpulse/openstack/api/nova_api.py index 73c8cec..76705bd 100644 --- a/cloudpulse/openstack/api/nova_api.py +++ b/cloudpulse/openstack/api/nova_api.py @@ -10,8 +10,6 @@ # License for the specific language governing permissions and limitations # under the License. -from keystoneclient.auth.identity import v3 as keystone_v3 -from keystoneclient import session from novaclient.client import Client as novaclient from novaclient.exceptions import ClientException @@ -19,12 +17,7 @@ from novaclient.exceptions import ClientException class NovaHealth(object): def __init__(self, creds): - # creden['timeout'] = 30 - cacert = creds['cacert'] - del creds['cacert'] - auth = keystone_v3.Password(**creds) - sess = session.Session(auth=auth, verify=cacert) - self.novaclient = novaclient(2, session=sess) + self.novaclient = novaclient(2, **creds) def nova_hypervisor_list(self): try: diff --git a/cloudpulse/scenario/plugins/endpoint_tests/endpoint.py b/cloudpulse/scenario/plugins/endpoint_tests/endpoint.py index 6d6184c..f559f34 100644 --- a/cloudpulse/scenario/plugins/endpoint_tests/endpoint.py +++ b/cloudpulse/scenario/plugins/endpoint_tests/endpoint.py @@ -13,6 +13,7 @@ from cloudpulse.openstack.api.cinder_api import CinderHealth from cloudpulse.openstack.api.glance_api import GlanceHealth from cloudpulse.openstack.api.keystone_api import KeystoneHealth +from cloudpulse.openstack.api import keystone_session from cloudpulse.openstack.api.neutron_api import NeutronHealth from cloudpulse.openstack.api.nova_api import NovaHealth from cloudpulse.scenario import base @@ -53,61 +54,41 @@ CONF.register_opts(TESTS_OPTS, periodic_test_group) class endpoint_scenario(base.Scenario): - def _get_credentials(self): - importutils.import_module('keystonemiddleware.auth_token') + def _get_keystone_session_creds(self): creds = {} - creds['username'] = cfg.CONF.keystone_authtoken.username - creds['password'] = cfg.CONF.keystone_authtoken.password - creds['project_name'] = cfg.CONF.keystone_authtoken.project_name - creds['auth_url'] = cfg.CONF.keystone_authtoken.auth_uri - creds['cacert'] = cfg.CONF.keystone_authtoken.cafile - if cfg.CONF.keystone_authtoken.project_domain_id: - creds[ - 'project_domain_id'] = (cfg.CONF.keystone_authtoken. - project_domain_id) - creds[ - 'user_domain_id'] = cfg.CONF.keystone_authtoken.user_domain_id - return creds - - def _get_nova_v2_credentials(self): - importutils.import_module('keystonemiddleware.auth_token') - creds = {} - creds['username'] = cfg.CONF.keystone_authtoken.username - creds['project_id'] = cfg.CONF.keystone_authtoken.project_name - creds['api_key'] = cfg.CONF.keystone_authtoken.password - creds['auth_url'] = cfg.CONF.keystone_authtoken.auth_uri - creds['version'] = 2 - creds['cacert'] = cfg.CONF.keystone_authtoken.cafile + creds['session'] = keystone_session._get_kssession() creds['endpoint_type'] = 'internalURL' return creds @base.scenario(admin_only=False, operator=False) def nova_endpoint(self, *args, **kwargs): - creds = self._get_credentials() + creds = self._get_keystone_session_creds() nova = NovaHealth(creds) return nova.nova_service_list() @base.scenario(admin_only=False, operator=False) def neutron_endpoint(self, *args, **kwargs): - creds = self._get_credentials() + creds = self._get_keystone_session_creds() neutron = NeutronHealth(creds) return neutron.neutron_list_networks() @base.scenario(admin_only=False, operator=False) def keystone_endpoint(self, *args, **kwargs): - creds = self._get_credentials() + importutils.import_module('keystonemiddleware.auth_token') + creds = self._get_keystone_session_creds() + creds['auth_url'] = cfg.CONF.keystone_authtoken.auth_uri keystone = KeystoneHealth(creds) return keystone.keystone_service_list() @base.scenario(admin_only=False, operator=False) def glance_endpoint(self, *args, **kwargs): - creds = self._get_credentials() + creds = self._get_keystone_session_creds() glance = GlanceHealth(creds) return glance.glance_image_list() @base.scenario(admin_only=False, operator=False) def cinder_endpoint(self, *args, **kwargs): - creds = self._get_credentials() + creds = self._get_keystone_session_creds() cinder = CinderHealth(creds) return cinder.cinder_list()