From 26fa3181fed81a8f2a00e9fb15ee6d8ef8e59a87 Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Sat, 26 May 2018 01:01:42 -0500 Subject: [PATCH] refactor(keystone): reduce keystoneauth usage complexity This patch set refactors and fixes the use of the keystoneauth to load the session from cfg.CONF. This removes the unnecessary wrapping of utility function into a class, but also allows the code to use other accepted plugins to form the keystoneauth object. The need to read environment variables should be handled only in the CLI and should be accounted for by the CLI framework, not in a server utility function. Change-Id: Ib086f103bbb1e27fe8228ccf5f0d40526796e1e5 Signed-off-by: Tin Lam --- armada/handlers/document.py | 4 +-- armada/utils/keystone.py | 53 ++++--------------------------------- 2 files changed, 7 insertions(+), 50 deletions(-) diff --git a/armada/handlers/document.py b/armada/handlers/document.py index d16a6f81..4b28d78e 100644 --- a/armada/handlers/document.py +++ b/armada/handlers/document.py @@ -20,7 +20,7 @@ import requests from oslo_log import log as logging from armada.exceptions.source_exceptions import InvalidPathException -from armada.utils.keystone import KeystoneUtils +from armada.utils import keystone as ks_utils LOG = logging.getLogger(__name__) @@ -119,7 +119,7 @@ class ReferenceResolver(object): :param design_uri: Tuple as returned by urllib.parse for the design reference """ - ks_sess = KeystoneUtils.get_session() + ks_sess = ks_utils.get_keystone_session() (new_scheme, foo) = re.subn('^[^+]+\+', '', design_uri.scheme) url = urllib.parse.urlunparse( (new_scheme, design_uri.netloc, design_uri.path, design_uri.params, diff --git a/armada/utils/keystone.py b/armada/utils/keystone.py index 13dda4a5..33f48c0c 100644 --- a/armada/utils/keystone.py +++ b/armada/utils/keystone.py @@ -1,4 +1,4 @@ -# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,54 +11,11 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -"""Utility functions for accessing Openstack Keystone.""" -import os - -from keystoneauth1.identity import v3 -from keystoneauth1 import session +from keystoneauth1 import loading from oslo_config import cfg -CONF = cfg.CONF - - -class KeystoneUtils(object): - """Utility methods for using Keystone.""" - - @staticmethod - def get_session(): - """Get an initialized keystone session. - - Authentication is based on the keystone_authtoken - section of the config file primarily. If that fails - then attempt to create a session from environmental - variables. This is for cases of the CLI needing - a token. - """ - auth_info = dict() - auth_fields = ['auth_url', 'username', 'password', 'project_id', - 'user_domain_name'] - try: - for f in auth_fields: - auth_info[f] = getattr(CONF.keystone_authtoken, f) - auth = v3.Password(**auth_info) - ks_session = session.Session(auth=auth) - # Test the session - ks_session.get_auth_headers() - except Exception: # nosec this isn't a security issue - pass - else: - return ks_session - - try: - for f in auth_fields: - auth_info[f] = os.environ.get('os_{}'.format(f).upper()) - auth = v3.Password(**auth_info) - ks_session = session.Session(auth=auth) - # Test the session - ks_session.get_auth_headers() - except Exception: - raise Exception('Missing credential information for Keystone.') - - return ks_session +def get_keystone_session(): + return loading.load_session_from_conf_options( + cfg.CONF, group="keystone_authtoken")