Point API clients at internal endpoints when configured

At present the ``use-internal-endpoints`` configuration option have no effect. Change-Id: Ia85609f70819b27241e43de27614624697622370 Closes-Bug: #1869463
2020-03-31 07:56:59 +02:00 · 2020-03-31 07:56:59 +02:00 · ab22820503
parent 8c9f34ec76
commit ab22820503
4 changed files with 92 additions and 15 deletions
--- a/src/lib/charm/openstack/api_crud.py
+++ b/src/lib/charm/openstack/api_crud.py
@ -87,6 +87,17 @@ class DuplicateResource(Exception):
        self.data = data


+def endpoint_type():
+    """Determine endpoint type to use.
+
+    :returns: endpoint type
+    :rtype: str
+    """
+    if ch_core.hookenv.config('use-internal-endpoints'):
+        return 'internalURL'
+    return 'publicURL'
+
+
 def session_from_identity_service(identity_service):
    """Get Keystone Session from `identity-service` relation.

@ -122,9 +133,25 @@ def init_neutron_client(keystone_session):
    """
    return neutron_client.Client(session=keystone_session,
                                 region_name=ch_core.hookenv.config('region'),
+                                 endpoint_type=endpoint_type(),
                                 )


+def get_nova_client(keystone_session):
+    """Get Nova client
+
+    :param keystone_session: Keystone client auth session
+    :type keystone_session.Session
+    :returns: Nova client
+    :rtype: nova_client.Client
+    """
+    return nova_client.Client('2',
+                              session=keystone_session,
+                              region_name=ch_core.hookenv.config('region'),
+                              endpoint_type=endpoint_type(),
+                              )
+
+
 def is_extension_enabled(neutron_client, ext_alias):
    """Check for presence of Neutron extension

@ -152,9 +179,7 @@ def get_nova_flavor(identity_service):
    """
    try:
        session = session_from_identity_service(identity_service)
-        nova = nova_client.Client('2',
-                                  session=session,
-                                  region_name=ch_core.hookenv.config('region'))
+        nova = get_nova_client(session)
        flavors = nova.flavors.list(is_public=False)
        for flavor in flavors:
            if flavor.name == 'charm-octavia':
@ -182,9 +207,7 @@ def create_nova_keypair(identity_service, amp_key_name):
    pubkey_decoded = base64.b64decode(pubkey).strip().decode()
    try:
        session = session_from_identity_service(identity_service)
-        nova = nova_client.Client('2',
-                                  session=session,
-                                  region_name=ch_core.hookenv.config('region'))
+        nova = get_nova_client(session)
        keys = nova.keypairs.list()
        for key in keys:
            if key.name == amp_key_name:
--- a/src/templates/rocky/octavia.conf
+++ b/src/templates/rocky/octavia.conf
@ -67,6 +67,10 @@ cert_manager = barbican_cert_manager
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+

 [haproxy_amphora]
 # This certificate is used by the ``Octavia`` controller to validate the
@ -82,6 +86,9 @@ client_cert = {{ options.controller_cert }}
 auth_section = keystone_authtoken

 {% include "parts/section-keystone-authtoken" %}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [oslo_messaging]
 topic = octavia
@ -90,21 +97,33 @@ topic = octavia
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [cinder]
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [glance]
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [neutron]
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 {% include "parts/section-oslo-messaging-rabbit" %}

--- a/src/templates/train/octavia.conf
+++ b/src/templates/train/octavia.conf
@ -78,6 +78,10 @@ cert_manager = barbican_cert_manager
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+

 [haproxy_amphora]
 # This certificate is used by the ``Octavia`` controller to validate the
@ -93,6 +97,9 @@ client_cert = {{ options.controller_cert }}
 auth_section = keystone_authtoken

 {% include "parts/section-keystone-authtoken" %}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [oslo_messaging]
 topic = octavia
@ -101,21 +108,33 @@ topic = octavia
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [cinder]
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [glance]
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 [neutron]
 {% if options.region -%}
 region_name = {{ options.region }}
 {% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}

 {% include "parts/section-oslo-messaging-rabbit" %}

--- a/unit_tests/test_lib_charm_openstack_api_crud.py
+++ b/unit_tests/test_lib_charm_openstack_api_crud.py
@ -70,6 +70,13 @@ class TestAPICrud(test_utils.PatchHelper):
                    'security_group_id': self.health_secgrp_uuid}}),
        ]

+    def test_endpoint_type(self):
+        self.patch_object(api_crud.ch_core.hookenv, 'config')
+        self.config.return_value = False
+        self.assertEquals(api_crud.endpoint_type(), 'publicURL')
+        self.config.return_value = True
+        self.assertEquals(api_crud.endpoint_type(), 'internalURL')
+
    def test_session_from_identity_service(self):
        self.patch_object(api_crud, 'keystone_identity')
        self.patch_object(api_crud, 'keystone_session')
@ -94,23 +101,37 @@ class TestAPICrud(test_utils.PatchHelper):
    def test_init_neutron_client(self):
        self.patch_object(api_crud, 'neutron_client')
        self.patch_object(api_crud.ch_core.hookenv, 'config')
+        self.patch_object(api_crud, 'endpoint_type')
+        self.endpoint_type.return_value = 'someeptype'
        api_crud.init_neutron_client('somesession')
        self.config.assert_called_once_with('region')
        self.neutron_client.Client.assert_called_once_with(
-            session='somesession', region_name=self.config())
+            session='somesession', region_name=self.config(),
+            endpoint_type='someeptype')
+
+    def test_get_nova_client(self):
+        self.patch_object(api_crud, 'nova_client')
+        self.patch_object(api_crud.ch_core.hookenv, 'config')
+        self.config.return_value = 'someregion'
+        self.patch_object(api_crud, 'endpoint_type')
+        self.endpoint_type.return_value = 'someeptype'
+        api_crud.get_nova_client('somesession')
+        self.config.assert_called_once_with('region')
+        self.nova_client.Client.assert_called_once_with(
+            '2', session='somesession', region_name='someregion',
+            endpoint_type='someeptype')

    def test_get_nova_flavor(self):
+        self.patch_object(api_crud, 'get_nova_client')
        self.patch_object(api_crud, 'nova_client')
        self.patch_object(api_crud, 'session_from_identity_service')
        self.patch_object(api_crud, 'keystone_exceptions')
-        self.patch_object(api_crud.ch_core.hookenv, 'config')
        nova = mock.MagicMock()
+        self.get_nova_client.return_value = nova
        flavor = mock.MagicMock()
        flavor.id = 'fake-id'
        flavor.name = 'charm-octavia'
        nova.flavors.list.return_value = [flavor]
-        self.nova_client.Client.return_value = nova
-        self.config.return_value = 'someregion'

        self.keystone_exceptions.catalog.EndpointNotFound = Exception
        self.keystone_exceptions.connection.ConnectFailure = Exception
@ -122,11 +143,6 @@ class TestAPICrud(test_utils.PatchHelper):

        nova.flavors.list.side_effect = None
        api_crud.get_nova_flavor(identity_service)
-        self.config.assert_called_with('region')
-        self.nova_client.Client.assert_called_with(
-            '2',
-            session=self.session_from_identity_service(),
-            region_name='someregion')
        nova.flavors.list.assert_called_with(is_public=False)
        self.assertFalse(nova.flavors.create.called)
        nova.flavors.list.return_value = []