refactor(keystone): reduce keystoneauth usage complexity

This patch set refactors and fixes the use of the keystoneauth to load
the session from cfg.CONF. This removes the unnecessary wrapping of
utility function into a class, but also allows the code to use other
accepted plugins to form the keystoneauth object.

The need to read environment variables should be handled only in the CLI
and should be accounted for by the CLI framework, not in a server utility
function.

Change-Id: Ib086f103bbb1e27fe8228ccf5f0d40526796e1e5
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2018-05-26 01:01:42 -05:00
parent 6f025d1d27
commit 26fa3181fe
2 changed files with 7 additions and 50 deletions

View File

@ -20,7 +20,7 @@ import requests
from oslo_log import log as logging
from armada.exceptions.source_exceptions import InvalidPathException
from armada.utils.keystone import KeystoneUtils
from armada.utils import keystone as ks_utils
LOG = logging.getLogger(__name__)
@ -119,7 +119,7 @@ class ReferenceResolver(object):
:param design_uri: Tuple as returned by urllib.parse for the design
reference
"""
ks_sess = KeystoneUtils.get_session()
ks_sess = ks_utils.get_keystone_session()
(new_scheme, foo) = re.subn('^[^+]+\+', '', design_uri.scheme)
url = urllib.parse.urlunparse(
(new_scheme, design_uri.netloc, design_uri.path, design_uri.params,

View File

@ -1,4 +1,4 @@
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -11,54 +11,11 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Utility functions for accessing Openstack Keystone."""
import os
from keystoneauth1.identity import v3
from keystoneauth1 import session
from keystoneauth1 import loading
from oslo_config import cfg
CONF = cfg.CONF
class KeystoneUtils(object):
"""Utility methods for using Keystone."""
@staticmethod
def get_session():
"""Get an initialized keystone session.
Authentication is based on the keystone_authtoken
section of the config file primarily. If that fails
then attempt to create a session from environmental
variables. This is for cases of the CLI needing
a token.
"""
auth_info = dict()
auth_fields = ['auth_url', 'username', 'password', 'project_id',
'user_domain_name']
try:
for f in auth_fields:
auth_info[f] = getattr(CONF.keystone_authtoken, f)
auth = v3.Password(**auth_info)
ks_session = session.Session(auth=auth)
# Test the session
ks_session.get_auth_headers()
except Exception: # nosec this isn't a security issue
pass
else:
return ks_session
try:
for f in auth_fields:
auth_info[f] = os.environ.get('os_{}'.format(f).upper())
auth = v3.Password(**auth_info)
ks_session = session.Session(auth=auth)
# Test the session
ks_session.get_auth_headers()
except Exception:
raise Exception('Missing credential information for Keystone.')
return ks_session
def get_keystone_session():
return loading.load_session_from_conf_options(
cfg.CONF, group="keystone_authtoken")