openstack
/
congress
Code Issues Proposed changes

Use keystone sessions to authenticate 

Tried out keystone session based authentication to solve our current
issue with token expiry. Just an alternate solution to

https://review.openstack.org/#/c/298960/1
https://review.openstack.org/#/c/298394/

Partial-Bug:#1563677
Partial-Bug:#1564115
Partial-Bug:#1563495
Closes-Bug:#1559362
Change-Id: I8a8a4fe5547b4aaa8a4735efd79857750e555578
This commit is contained in:
Anusha Ramineni 2016-03-30 10:09:13 +05:30 committed by Eric K
parent cd8b6fd07f
commit 2453c6f43e
4 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
congress/datasources/glancev2_driver.py
View File

@ -12,8 +12,9 @@
# License for the specific language governing permissions and limitations
# under the License.
#
import glanceclient.v2.client as glclient
import keystoneclient.v2_0.client as ksclient
import glanceclient.v2.client as glclient # require python-glanceclient>=1.0.0
from keystoneauth1.identity import v2
from keystoneauth1 import session
from oslo_log import log as logging
from congress.datasources import datasource_driver
@ -71,11 +72,12 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
super(GlanceV2Driver, self).__init__(name, keys, inbox, datapath, args)
datasource_driver.ExecutionDriver.__init__(self)
self.creds = args
keystone = ksclient.Client(**self.creds)
glance_endpoint = keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
self.glance = glclient.Client(glance_endpoint,
token=keystone.auth_token)
auth = v2.Password(auth_url=self.creds['auth_url'],
username=self.creds['username'],
password=self.creds['password'],
tenant_name=self.creds['tenant_name'])
sess = session.Session(auth=auth)
self.glance = glclient.Client(session=sess)
self.inspect_builtin_methods(self.glance, 'glanceclient.v2.')
self._init_end_start_poll()
@ -96,13 +98,7 @@ class GlanceV2Driver(datasource_driver.DataSourceDriver,
images = {'images': self.glance.images.list()}
self._translate_images(images)
except Exception as e:
# TODO(zhenzanz): this is a workaround. The glance client should
# handle 401 error.
if e.code == 401:
keystone = ksclient.Client(**self.creds)
self.glance.http_client.auth_token = keystone.auth_token
else:
raise e
raise e
@ds_utils.update_state_on_changed(IMAGES)
def _translate_images(self, obj):

10
congress/datasources/heatv1_driver.py
View File

@ -11,6 +11,8 @@
# under the License.
import heatclient.v1.client as heatclient
from keystoneauth1.identity import v2
from keystoneauth1 import session
import keystoneclient.v2_0.client as ksclient
from oslo_log import log as logging
@ -92,11 +94,15 @@ class HeatV1Driver(datasource_driver.DataSourceDriver,
super(HeatV1Driver, self).__init__(name, keys, inbox, datapath, args)
datasource_driver.ExecutionDriver.__init__(self)
self.creds = args
auth = v2.Password(auth_url=self.creds['auth_url'],
username=self.creds['username'],
password=self.creds['password'],
tenant_name=self.creds['tenant_name'])
sess = session.Session(auth=auth)
keystone = ksclient.Client(**self.creds)
endpoint = keystone.service_catalog.url_for(
service_type='orchestration', endpoint_type='publicURL')
self.heat = heatclient.Client(endpoint, token=keystone.auth_token)
self.heat = heatclient.Client(session=sess, endpoint=endpoint)
self._init_end_start_poll()
@staticmethod

2
requirements.txt
View File

@ -5,6 +5,7 @@ argparse
Babel>=1.3
eventlet>=0.17.4
PuLP>=1.0.4
keystoneauth1>=1.0.0
keystonemiddleware!=2.4.0,>=2.0.0
mox>=0.5.3
Paste
@ -20,6 +21,7 @@ python-cinderclient>=1.3.1
python-swiftclient>=2.2.0
python-ironicclient>=0.8.0
alembic>=0.8.0
# Congress requires python-glanceclient>=1.0.0
python-glanceclient>=0.18.0
Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7'
Routes!=2.0,>=1.12.3;python_version!='2.7'

2
setup.cfg
View File

@ -1,6 +1,6 @@
[metadata]
name = congress
version = 2.0.1
version = 2.0.2
summary = Congress: The open policy framework for the cloud.
description-file =
README.rst