Only create vendordata_dynamic ksa session if needed

We're logging a warning about vendordata dynamic auth not being configured every time we create a server with a config drive. The dynamic vendordata v2 stuff is all optional and controlled via configuring: CONF.api.vendordata_dynamic_targets This change only attempts to create the ksa session when we try to make a request, which would only happen if CONF.api.vendordata_dynamic_targets is configured. Change-Id: I1a6f6776670a2fa1439782d10d2e0777df2683ae Closes-Bug: #1665693 (cherry picked from commit 97e14fa3f3)
2017-02-17 13:31:41 -05:00 · 2017-02-17 13:31:41 -05:00 · c40d4f37d4
parent 9c37aa6810
commit c40d4f37d4
2 changed files with 19 additions and 2 deletions
--- a/nova/api/metadata/vendordata_dynamic.py
+++ b/nova/api/metadata/vendordata_dynamic.py
@ -69,9 +69,12 @@ class DynamicVendorData(vendordata.VendorDataDriver):
        # JSON plugin.
        self.context = context
        self.instance = instance
-        self.session = _load_ks_session(CONF)
+        # We only create the session if we make a request.
+        self.session = None

    def _do_request(self, service_name, url):
+        if self.session is None:
+            self.session = _load_ks_session(CONF)
        try:
            body = {'project-id': self.instance.project_id,
                    'instance-id': self.instance.uuid,
--- a/nova/tests/unit/test_metadata.py
+++ b/nova/tests/unit/test_metadata.py
@ -813,6 +813,9 @@ class OpenStackMetadataTestCase(test.TestCase):
        # verify that 2016-10-06 has the vendor_data2.json file
        result = mdinst.lookup("/openstack/2016-10-06")
        self.assertIn('vendor_data2.json', result)
+        # assert that we never created a ksa session for dynamic vendordata if
+        # we didn't make a request
+        self.assertIsNone(mdinst.vendordata_providers['DynamicJSON'].session)

    def test_vendor_data_response(self):
        inst = self.instance.obj_clone()
@ -879,7 +882,18 @@ class OpenStackMetadataTestCase(test.TestCase):

            # verify the new format as well
            vdpath = "/openstack/2016-10-06/vendor_data2.json"
-            vd = jsonutils.loads(mdinst.lookup(vdpath))
+            with mock.patch(
+                    'nova.api.metadata.vendordata_dynamic.LOG.warning') as wrn:
+                vd = jsonutils.loads(mdinst.lookup(vdpath))
+                # We don't have vendordata_dynamic_auth credentials configured
+                # so we expect to see a warning logged about making an insecure
+                # connection.
+                warning_calls = wrn.call_args_list
+                self.assertEqual(1, len(warning_calls))
+                # Verify the warning message is the one we expect which is the
+                # first and only arg to the first and only call to the warning.
+                self.assertIn('Passing insecure dynamic vendordata requests',
+                              six.text_type(warning_calls[0][0]))
            self.assertEqual('10.0.0.1', vd['static'].get('ldap'))
            self.assertEqual('10.0.0.2', vd['static'].get('ad'))