diff --git a/kuryr/lib/config.py b/kuryr/lib/config.py index c0232e8f..089fe6af 100644 --- a/kuryr/lib/config.py +++ b/kuryr/lib/config.py @@ -14,8 +14,7 @@ Routines for configuring Kuryr """ -import os - +from keystoneauth1 import loading as ks_loading from oslo_config import cfg from kuryr.lib._i18n import _ @@ -29,10 +28,13 @@ core_opts = [ default='kuryrPool', help=_('Neutron subnetpool name will be prefixed by this.')), ] + +neutron_group = cfg.OptGroup( + 'neutron', + title='Neutron Options', + help=_('Configuration options for OpenStack Neutron')) + neutron_opts = [ - cfg.StrOpt('neutron_uri', - default=os.environ.get('OS_URL', 'http://127.0.0.1:9696'), - help=_('Neutron URL for accessing the network service.')), cfg.StrOpt('enable_dhcp', default='True', help=_('Enable or Disable dhcp for neutron subnets.')), @@ -49,34 +51,24 @@ neutron_opts = [ cfg.IntOpt('vif_plugging_timeout', default=0, help=_("Seconds to wait for port to become active")), + cfg.StrOpt('endpoint_type', + default='public', + choices=['public', 'admin', 'internal'], + help=_('Type of the neutron endpoint to use. This endpoint ' + 'will be looked up in the keystone catalog and should ' + 'be one of public, internal or admin.')), ] -keystone_opts = [ - cfg.StrOpt('auth_uri', - default=os.environ.get('IDENTITY_URL', - 'http://127.0.0.1:35357/v2.0'), - help=_('The URL for accessing the identity service.')), - cfg.StrOpt('admin_user', - default=os.environ.get('SERVICE_USER'), - help=_('The username to auth with the identity service.')), - cfg.StrOpt('admin_tenant_name', - default=os.environ.get('SERVICE_TENANT_NAME'), - help=_('The tenant name to auth with the identity service.')), - cfg.StrOpt('admin_password', - default=os.environ.get('SERVICE_PASSWORD'), - help=_('The password to auth with the identity service.')), - cfg.StrOpt('admin_token', - default=os.environ.get('SERVICE_TOKEN'), - help=_('The admin token.')), - cfg.StrOpt('auth_ca_cert', - default=os.environ.get('SERVICE_CA_CERT'), - help=_('The CA certification file.')), - cfg.BoolOpt('auth_insecure', - default=False, - help=_("Turn off verification of the certificate for ssl")), -] + binding_opts = [ cfg.StrOpt('veth_dst_prefix', default='eth', help=('The name prefix of the veth endpoint put inside the ' 'container.')) ] + + +def register_neutron_opts(conf): + conf.register_group(neutron_group) + conf.register_opts(neutron_opts, group=neutron_group) + ks_loading.register_session_conf_options(conf, neutron_group.name) + ks_loading.register_auth_conf_options(conf, neutron_group.name) diff --git a/kuryr/lib/opts.py b/kuryr/lib/opts.py index d0fa8690..4e58ec72 100644 --- a/kuryr/lib/opts.py +++ b/kuryr/lib/opts.py @@ -16,12 +16,17 @@ __all__ = [ import copy import itertools +import operator +from keystoneauth1 import loading as ks_loading from oslo_log import _options from kuryr.lib import config +ENABLED_AUTH_PLUGINS = ('password', 'v2password', 'v2token', 'v3password', + 'v3token') + _core_opts_with_logging = config.core_opts _core_opts_with_logging += _options.common_cli_opts _core_opts_with_logging += _options.logging_cli_opts @@ -29,12 +34,23 @@ _core_opts_with_logging += _options.generic_log_opts _kuryr_opts = [ (None, list(itertools.chain(_core_opts_with_logging))), - ('neutron_client', config.neutron_opts), - ('keystone_client', config.keystone_opts), ('binding', config.binding_opts), ] +def list_neutron_opts(): + opt_list = copy.deepcopy(config.neutron_opts) + opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0]) + # NOTE(apuimedo): There are a lot of auth plugins, we just generate the + # config options for a few common ones + for name in ENABLED_AUTH_PLUGINS: + for plugin_option in ks_loading.get_auth_plugin_conf_options(name): + if all(option.name != plugin_option.name for option in opt_list): + opt_list.append(plugin_option) + opt_list.sort(key=operator.attrgetter('name')) + return [(config.neutron_group, opt_list)] + + def list_kuryr_opts(): """Return a list of oslo_config options available in Kuryr service. @@ -52,4 +68,5 @@ def list_kuryr_opts(): :returns: a list of (group_name, opts) tuples """ - return [(k, copy.deepcopy(o)) for k, o in _kuryr_opts] + return ([(k, copy.deepcopy(o)) for k, o in _kuryr_opts] + + list_neutron_opts()) diff --git a/kuryr/lib/utils.py b/kuryr/lib/utils.py index f3ebe5ca..76155480 100644 --- a/kuryr/lib/utils.py +++ b/kuryr/lib/utils.py @@ -14,29 +14,26 @@ import hashlib import random import socket -from neutronclient.neutron import client -from neutronclient.v2_0 import client as client_v2 +from keystoneauth1 import loading as ks_loading +from neutronclient.v2_0 import client from oslo_config import cfg +from kuryr.lib import config as kuryr_config from kuryr.lib import constants as const DOCKER_NETNS_BASE = '/var/run/docker/netns' PORT_POSTFIX = 'port' -def get_neutron_client_simple(url, auth_url, token): - auths = auth_url.rsplit('/', 1) - version = auths[1][1:] - return client.Client(version, endpoint_url=url, token=token) - - -def get_neutron_client(url, username, tenant_name, password, - auth_url, ca_cert, insecure, timeout=30): - - return client_v2.Client(endpoint_url=url, timeout=timeout, - username=username, tenant_name=tenant_name, - password=password, auth_url=auth_url, - ca_cert=ca_cert, insecure=insecure) +def get_neutron_client(*args, **kwargs): + auth_plugin = ks_loading.load_auth_from_conf_options( + cfg.CONF, kuryr_config.neutron_group.name) + session = ks_loading.load_session_from_conf_options(cfg.CONF, + 'neutron', + auth=auth_plugin) + return client.Client(session=session, + auth=auth_plugin, + endpoint_type=cfg.CONF.neutron.endpoint_type) def get_hostname(): diff --git a/kuryr/tests/unit/base.py b/kuryr/tests/unit/base.py index 37cd8d8a..a5690860 100644 --- a/kuryr/tests/unit/base.py +++ b/kuryr/tests/unit/base.py @@ -24,9 +24,8 @@ class TestCase(base.BaseTestCase): super(TestCase, self).setUp() CONF = cfg.CONF CONF.register_opts(config.core_opts) - CONF.register_opts(config.neutron_opts, group='neutron_client') - CONF.register_opts(config.keystone_opts, group='keystone_client') CONF.register_opts(config.binding_opts, 'binding') + config.register_neutron_opts(CONF) @staticmethod def _get_fake_networks(neutron_network_id): diff --git a/kuryr/tests/unit/test_config.py b/kuryr/tests/unit/test_config.py old mode 100755 new mode 100644 index 5967933a..8cff8b2e --- a/kuryr/tests/unit/test_config.py +++ b/kuryr/tests/unit/test_config.py @@ -18,15 +18,10 @@ from kuryr.tests.unit import base class ConfigurationTest(base.TestCase): def test_defaults(self): - - self.assertEqual('http://127.0.0.1:9696', - cfg.CONF.neutron_client.neutron_uri) - self.assertEqual('kuryr', - cfg.CONF.neutron_client.default_subnetpool_v4) + cfg.CONF.neutron.default_subnetpool_v4) self.assertEqual('kuryr6', - cfg.CONF.neutron_client.default_subnetpool_v6) - - self.assertEqual('http://127.0.0.1:35357/v2.0', - cfg.CONF.keystone_client.auth_uri) + cfg.CONF.neutron.default_subnetpool_v6) + self.assertEqual('public', + cfg.CONF.neutron.endpoint_type) diff --git a/kuryr/tests/unit/test_opts.py b/kuryr/tests/unit/test_opts.py index 4c811b5e..8f44e0e0 100644 --- a/kuryr/tests/unit/test_opts.py +++ b/kuryr/tests/unit/test_opts.py @@ -18,10 +18,13 @@ from kuryr.tests.unit import base class OptsTest(base.TestCase): - def test_list_kuryr_opts(self): - fake_kuryr_opts = [(None, 'fakevalue1'), - ('Key1', 'fakevalue2')] - fake_kuryr_opts_mock = mock.PropertyMock(return_value=fake_kuryr_opts) - with mock.patch.object(kuryr_opts, '_kuryr_opts', - new_callable=fake_kuryr_opts_mock): - self.assertEqual(fake_kuryr_opts, kuryr_opts.list_kuryr_opts()) + _fake_kuryr_opts = [(None, 'fakevalue1'), ('Key1', 'fakevalue2')] + _fake_neutron_opts = [('poolv4', 'swimming4'), ('poolv6', 'swimming6')] + + @mock.patch.multiple(kuryr_opts, _kuryr_opts=_fake_kuryr_opts, + list_neutron_opts=mock.DEFAULT) + def test_list_kuryr_opts(self, list_neutron_opts): + list_neutron_opts.return_value = self._fake_neutron_opts + + self.assertEqual(self._fake_kuryr_opts + self._fake_neutron_opts, + kuryr_opts.list_kuryr_opts()) diff --git a/kuryr/tests/unit/test_utils.py b/kuryr/tests/unit/test_utils.py index a395d40c..0ea9b450 100644 --- a/kuryr/tests/unit/test_utils.py +++ b/kuryr/tests/unit/test_utils.py @@ -54,31 +54,20 @@ class TestKuryrUtils(base.TestCase): self.assertIn(name_prefix, generated_neutron_subnetpool_name) self.assertIn(fake_subnet_cidr, generated_neutron_subnetpool_name) - @mock.patch('neutronclient.neutron.client.Client') - def test_get_neutron_client_simple(self, mock_client): - fake_token = str(uuid.uuid4()) - utils.get_neutron_client_simple(url=self.fake_url, - auth_url=self.fake_auth_url, token=fake_token) - mock_client.assert_called_once_with('2.0', - endpoint_url=self.fake_url, token=fake_token) - @mock.patch('neutronclient.v2_0.client.Client') - def test_get_neutron_client(self, mock_client): - fake_username = 'fake_user' - fake_tenant_name = 'fake_tenant_name' - fake_password = 'fake_password' - fake_ca_cert = None - fake_insecure = False - fake_timeout = 60 - utils.get_neutron_client(url=self.fake_url, username=fake_username, - tenant_name=fake_tenant_name, password=fake_password, - auth_url=self.fake_auth_url, ca_cert=fake_ca_cert, - insecure=fake_insecure, timeout=fake_timeout) - mock_client.assert_called_once_with(endpoint_url=self.fake_url, - timeout=fake_timeout, username=fake_username, - tenant_name=fake_tenant_name, password=fake_password, - auth_url=self.fake_auth_url, ca_cert=fake_ca_cert, - insecure=fake_insecure) + @mock.patch('keystoneauth1.loading.load_auth_from_conf_options') + @mock.patch('keystoneauth1.loading.load_session_from_conf_options') + def test_get_neutron_client(self, mock_session_loader, mock_auth_loader, + mock_client): + fake_auth = 'Fake_auth_plugin' + fake_session = 'Fake_session_plugin' + mock_auth_loader.return_value = fake_auth + mock_session_loader.return_value = fake_session + utils.get_neutron_client() + mock_client.assert_called_once_with( + auth=fake_auth, + session=fake_session, + endpoint_type=cfg.CONF.neutron.endpoint_type) @mock.patch.object(socket, 'gethostname', return_value='fake_hostname') def test_get_hostname(self, mock_get_hostname): diff --git a/requirements.txt b/requirements.txt index d1ae9693..4b15ce8a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,6 +3,7 @@ # process, which may cause wedges in the gate later. Babel>=2.3.4 # BSD +keystoneauth1 >= 2.10.0 # Apache-2.0 netaddr!=0.7.16,>=0.7.12 # BSD neutron-lib>=0.3.0 # Apache-2.0 oslo.concurrency>=3.8.0 # Apache-2.0