From 78abdaa130fccbb539a8034da4488aefcca26764 Mon Sep 17 00:00:00 2001 From: Gyorgy Szombathelyi Date: Fri, 28 Jul 2017 12:10:07 +0200 Subject: [PATCH] Use consistent session options Various components defines different options for the client sessions. Standardize them with the help of keystonauth1 lib. Change-Id: I2f791caaf230a58b8426d1c1d6e1eb4316a85a28 --- murano/api/v1/catalog.py | 7 +- murano/cfapi/cfapi.py | 8 +- murano/common/auth_utils.py | 21 ++-- murano/common/config.py | 101 +++----------------- murano/engine/package_loader.py | 11 +-- murano/engine/system/heat_stack.py | 6 +- murano/engine/system/metadef_browser.py | 3 +- murano/engine/system/net_explorer.py | 3 +- murano/engine/system/workflowclient.py | 3 +- murano/opts.py | 23 +++-- murano/tests/unit/common/test_auth_utils.py | 21 ++-- murano/tests/unit/test_heat_stack.py | 4 +- 12 files changed, 70 insertions(+), 141 deletions(-) diff --git a/murano/api/v1/catalog.py b/murano/api/v1/catalog.py index 0f0786d1c..9549f4ae4 100644 --- a/murano/api/v1/catalog.py +++ b/murano/api/v1/catalog.py @@ -425,11 +425,12 @@ class Controller(object): url = glare_settings.url if not url: url = self._get_glare_url(request) + # TODO(gyurco): use auth_utils.get_session_client_parameters client = glare_client.Client( endpoint=url, token=token, insecure=glare_settings.insecure, - key_file=glare_settings.key_file or None, - ca_file=glare_settings.ca_file or None, - cert_file=glare_settings.cert_file or None, + key_file=glare_settings.keyfile or None, + ca_file=glare_settings.cafile or None, + cert_file=glare_settings.certfile or None, type_name='murano', type_version=1) return client diff --git a/murano/cfapi/cfapi.py b/murano/cfapi/cfapi.py index 3d23df1dd..37c22733f 100644 --- a/murano/cfapi/cfapi.py +++ b/murano/cfapi/cfapi.py @@ -320,13 +320,13 @@ def _get_glareclient(token_id, req): if not url: LOG.error('No glare url is specified and no "artifact" ' 'service is registered in keystone.') - + # TODO(gyurco): use auth_utils.get_session_client_parameters return glare_client.Client( endpoint=url, token=token_id, insecure=glare_settings.insecure, - key_file=glare_settings.key_file or None, - ca_file=glare_settings.ca_file or None, - cert_file=glare_settings.cert_file or None, + key_file=glare_settings.keyfile or None, + ca_file=glare_settings.cafile or None, + cert_file=glare_settings.certfile or None, type_name='murano', type_version=1) diff --git a/murano/common/auth_utils.py b/murano/common/auth_utils.py index 540a6e74a..8f9fb8b3c 100644 --- a/murano/common/auth_utils.py +++ b/murano/common/auth_utils.py @@ -138,12 +138,9 @@ def delete_trust(trust): user_client.trusts.delete(trust) -def _get_config_option(conf_section, option_names, default=None): - if not isinstance(option_names, (list, tuple)): - option_names = (option_names,) - for name in option_names: - if hasattr(conf_section, name): - return getattr(conf_section, name) +def _get_config_option(conf_section, option_name, default=None): + if hasattr(cfg.CONF[conf_section], option_name): + return getattr(cfg.CONF[conf_section], option_name) return default @@ -151,15 +148,11 @@ def _get_session(auth, conf_section=None): # Fallback to murano_auth section for TLS parameters # if no other conf_section supplied if not conf_section: - conf_section = cfg.CONF[CFG_MURANO_AUTH_GROUP] - session = ka_loading.session.Session().load_from_options( + conf_section = CFG_MURANO_AUTH_GROUP + session = ka_loading.load_session_from_conf_options( auth=auth, - insecure=_get_config_option(conf_section, 'insecure', False), - cacert=_get_config_option( - conf_section, - ('ca_file', 'cafile', 'cacert')), - key=_get_config_option(conf_section, ('key_file', 'keyfile')), - cert=_get_config_option(conf_section, ('cert_file', 'certfile'))) + conf=cfg.CONF, + group=conf_section) return session diff --git a/murano/common/config.py b/murano/common/config.py index 810bc79f4..1c4e492f0 100644 --- a/murano/common/config.py +++ b/murano/common/config.py @@ -74,21 +74,6 @@ rabbit_opts = [ heat_opts = [ cfg.StrOpt('url', help='Optional heat endpoint override'), - cfg.BoolOpt('insecure', default=False, - help='This option explicitly allows Murano to perform ' - '"insecure" SSL connections and transfers with Heat API.'), - - cfg.StrOpt('ca_file', - help='(SSL) Tells Murano to use the specified certificate file ' - 'to verify the peer running Heat API.'), - - cfg.StrOpt('cert_file', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Heat.'), - - cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name to ' - 'communicate with Heat API.'), - cfg.StrOpt('endpoint_type', default='publicURL', help='Heat endpoint type.'), @@ -104,28 +89,12 @@ mistral_opts = [ help='Mistral endpoint type.'), cfg.StrOpt('service_type', default='workflowv2', - help='Mistral service type.'), - - cfg.BoolOpt('insecure', default=False, - help='This option explicitly allows Murano to perform ' - '"insecure" SSL connections and transfers with Mistral.'), - - cfg.StrOpt('ca_cert', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Mistral.') + help='Mistral service type.') ] neutron_opts = [ cfg.StrOpt('url', help='Optional neutron endpoint override'), - cfg.BoolOpt('insecure', default=False, - help='This option explicitly allows Murano to perform ' - '"insecure" SSL connections and transfers with Neutron API.'), - - cfg.StrOpt('ca_cert', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Neutron.'), - cfg.StrOpt('endpoint_type', default='publicURL', help='Neutron endpoint type.') ] @@ -134,25 +103,6 @@ murano_opts = [ cfg.StrOpt('url', help='Optional murano url in format ' 'like http://0.0.0.0:8082 used by Murano engine'), - cfg.BoolOpt('insecure', default=False, - help='This option explicitly allows Murano to perform ' - '"insecure" SSL connections and transfers used by ' - 'Murano engine.'), - - cfg.StrOpt('cacert', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Murano API ' - 'used by Murano engine.'), - - cfg.StrOpt('cert_file', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Murano ' - 'used by Murano engine.'), - - cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name ' - 'to communicate with Murano API used by ' - 'Murano engine.'), - cfg.StrOpt('endpoint_type', default='publicURL', help='Murano endpoint type used by Murano engine.'), @@ -278,25 +228,6 @@ glare_opts = [ 'like http://0.0.0.0:9494 used by Glare API', deprecated_group='glance'), - cfg.BoolOpt('insecure', default=False, - help='This option explicitly allows Murano to perform ' - '"insecure" SSL connections and transfers with Glare API.', - deprecated_group='glance'), - - cfg.StrOpt('ca_file', - help='(SSL) Tells Murano to use the specified certificate file ' - 'to verify the peer running Glare API.', - deprecated_group='glance'), - - cfg.StrOpt('cert_file', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Glare.', - deprecated_group='glance'), - - cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name to ' - 'communicate with Glare API.', - deprecated_group='glance'), - cfg.StrOpt('endpoint_type', default='publicURL', help='Glare endpoint type.', deprecated_group='glance') @@ -305,21 +236,6 @@ glare_opts = [ glance_opts = [ cfg.StrOpt('url', help='Optional glance endpoint override'), - cfg.BoolOpt('insecure', default=False, - help='This option explicitly allows Murano to perform ' - '"insecure" SSL connections and transfers with Glance API.'), - - cfg.StrOpt('ca_file', - help='(SSL) Tells Murano to use the specified certificate file ' - 'to verify the peer running Glance API.'), - - cfg.StrOpt('cert_file', - help='(SSL) Tells Murano to use the specified client ' - 'certificate file when communicating with Glance.'), - - cfg.StrOpt('key_file', help='(SSL/SSH) Private key file name to ' - 'communicate with Glance API.'), - cfg.StrOpt('endpoint_type', default='publicURL', help='Glance endpoint type.') ] @@ -358,7 +274,20 @@ CONF.register_opts(glare_opts, group='glare') CONF.register_opts(glance_opts, group='glance') CONF.register_opts(murano_auth_opts, group='murano_auth') ks_loading.register_auth_conf_options(CONF, group='murano_auth') -ks_loading.register_session_conf_options(CONF, group='murano_auth') + + +for group in ('heat', 'mistral', 'neutron', 'glance', 'glare', + 'murano', 'murano_auth'): + ks_loading.register_session_conf_options( + CONF, + group=group, + deprecated_opts={ + 'cafile': [cfg.DeprecatedOpt('cacert', group), + cfg.DeprecatedOpt('ca_file', group)], + 'certfile': [cfg.DeprecatedOpt('cert_file', group)], + 'keyfile': [cfg.DeprecatedOpt('key_file', group)] + + }) def parse_args(args=None, usage=None, default_config_files=None): diff --git a/murano/engine/package_loader.py b/murano/engine/package_loader.py index 2f526c28a..78fe67811 100644 --- a/murano/engine/package_loader.py +++ b/murano/engine/package_loader.py @@ -84,20 +84,19 @@ class ApiPackageLoader(package_loader.MuranoPackageLoader): service_type='artifact', interface=glare_settings.endpoint_type, region_name=CONF.home_region) - + # TODO(gyurco): use auth_utils.get_session_client_parameters self._glare_client = glare_client.Client( endpoint=url, token=token, insecure=glare_settings.insecure, - key_file=glare_settings.key_file or None, - ca_file=glare_settings.ca_file or None, - cert_file=glare_settings.cert_file or None, + key_file=glare_settings.keyfile or None, + ca_file=glare_settings.cafile or None, + cert_file=glare_settings.certfile or None, type_name='murano', type_version=1) return self._glare_client @property def client(self): - murano_settings = CONF.murano last_glare_client = self._glare_client if CONF.engine.packages_service in ['glance', 'glare']: if CONF.engine.packages_service == 'glance': @@ -113,7 +112,7 @@ class ApiPackageLoader(package_loader.MuranoPackageLoader): parameters = auth_utils.get_session_client_parameters( service_type='application-catalog', execution_session=self._execution_session, - conf=murano_settings + conf='murano' ) self._murano_client = muranoclient.Client( artifacts_client=artifacts_client, **parameters) diff --git a/murano/engine/system/heat_stack.py b/murano/engine/system/heat_stack.py index 4029cf686..004cc782e 100644 --- a/murano/engine/system/heat_stack.py +++ b/murano/engine/system/heat_stack.py @@ -69,7 +69,7 @@ class HeatStack(object): def _create_client(session, region_name): parameters = auth_utils.get_session_client_parameters( service_type='orchestration', region=region_name, - conf=CONF.heat, session=session) + conf='heat', session=session) return hclient.Client('1', **parameters) @property @@ -79,11 +79,11 @@ class HeatStack(object): @staticmethod @session_local_storage.execution_session_memoize def _get_client(region_name): - session = auth_utils.get_client_session(conf=CONF.heat) + session = auth_utils.get_client_session(conf='heat') return HeatStack._create_client(session, region_name) def _get_token_client(self): - ks_session = auth_utils.get_token_client_session(conf=CONF.heat) + ks_session = auth_utils.get_token_client_session(conf='heat') return self._create_client(ks_session, self._region_name) def current(self): diff --git a/murano/engine/system/metadef_browser.py b/murano/engine/system/metadef_browser.py index 617127750..1234ef261 100644 --- a/murano/engine/system/metadef_browser.py +++ b/murano/engine/system/metadef_browser.py @@ -39,9 +39,8 @@ class MetadefBrowser(object): @staticmethod @session_local_storage.execution_session_memoize def _get_client(region_name): - glance_settings = CONF.glance return gclient.Client(**auth_utils.get_session_client_parameters( - service_type='image', region=region_name, conf=glance_settings + service_type='image', region=region_name, conf='glance' )) @property diff --git a/murano/engine/system/net_explorer.py b/murano/engine/system/net_explorer.py index 4cc504afd..9ac8905d9 100644 --- a/murano/engine/system/net_explorer.py +++ b/murano/engine/system/net_explorer.py @@ -45,9 +45,8 @@ class NetworkExplorer(object): @staticmethod @session_local_storage.execution_session_memoize def _get_client(region_name): - neutron_settings = CONF.neutron return nclient.Client(**auth_utils.get_session_client_parameters( - service_type='network', region=region_name, conf=neutron_settings + service_type='network', region=region_name, conf='neutron' )) @property diff --git a/murano/engine/system/workflowclient.py b/murano/engine/system/workflowclient.py index a922c34f9..913d981f5 100644 --- a/murano/engine/system/workflowclient.py +++ b/murano/engine/system/workflowclient.py @@ -67,6 +67,7 @@ class MistralClient(object): region_name=region) auth_ref = session.auth.get_access(session) + # TODO(gyurco): use auth_utils.get_session_client_parameters return mistralcli.client( mistral_url=mistral_url, project_id=auth_ref.project_id, @@ -75,7 +76,7 @@ class MistralClient(object): auth_token=auth_ref.auth_token, user_id=auth_ref.user_id, insecure=mistral_settings.insecure, - cacert=mistral_settings.ca_cert + cacert=mistral_settings.cafile ) def upload(self, definition): diff --git a/murano/opts.py b/murano/opts.py index 4ada818d4..593a05074 100644 --- a/murano/opts.py +++ b/murano/opts.py @@ -37,11 +37,20 @@ def build_list(opt_list): _opt_lists = [ ('engine', murano.common.config.engine_opts), ('rabbitmq', murano.common.config.rabbit_opts), - ('heat', murano.common.config.heat_opts), - ('neutron', murano.common.config.neutron_opts), - ('murano', murano.common.config.murano_opts), - ('glare', murano.common.config.glare_opts), - ('mistral', murano.common.config.mistral_opts), + ('heat', + murano.common.config.heat_opts + + ks_loading.get_session_conf_options()), + ('neutron', + murano.common.config.neutron_opts + + ks_loading.get_session_conf_options()), + ('murano', murano.common.config.murano_opts + + ks_loading.get_session_conf_options()), + ('glare', + murano.common.config.glare_opts + + ks_loading.get_session_conf_options()), + ('mistral', + murano.common.config.mistral_opts + + ks_loading.get_session_conf_options()), ('networking', murano.common.config.networking_opts), ('stats', murano.common.config.stats_opts), ('murano_auth', @@ -61,7 +70,9 @@ _opt_lists = [ _cfapi_opt_lists = [ ('cfapi', murano.common.cf_config.cfapi_opts), - ('glare', murano.common.config.glare_opts), + ('glare', + murano.common.config.glare_opts + + ks_loading.get_session_conf_options()) ] _opt_lists.extend(oslo_service.sslutils.list_opts()) diff --git a/murano/tests/unit/common/test_auth_utils.py b/murano/tests/unit/common/test_auth_utils.py index 96d930734..94d4988f4 100644 --- a/murano/tests/unit/common/test_auth_utils.py +++ b/murano/tests/unit/common/test_auth_utils.py @@ -44,7 +44,7 @@ class TestAuthUtils(base.MuranoTestCase): spec_set=ka_loading).start() mock_auth_obj.load_auth_from_conf_options.return_value = \ mock.sentinel.auth - mock_auth_obj.session.Session().load_from_options.\ + mock_auth_obj.load_session_from_conf_options.\ return_value = mock.sentinel.session cfg.CONF.set_override('auth_type', 'password', @@ -303,13 +303,12 @@ class TestAuthUtils(base.MuranoTestCase): mock.sentinel.trust) def test_get_config_option(self): - option_names = 'foo' - conf_section = mock.Mock(foo='bar') - self.assertEqual('bar', auth_utils._get_config_option( - conf_section, option_names)) + cfg.CONF.set_override('url', 'foourl', 'murano') + self.assertEqual('foourl', auth_utils._get_config_option( + 'murano', 'url')) def test_get_config_option_return_default(self): - self.assertIsNone(auth_utils._get_config_option(None, [])) + self.assertIsNone(auth_utils._get_config_option(None, 'url')) def test_get_session(self): mock_ka_loading = self._init_mock_cfg(True) @@ -317,12 +316,10 @@ class TestAuthUtils(base.MuranoTestCase): session = auth_utils._get_session(mock.sentinel.auth) self.assertEqual(mock.sentinel.session, session) - mock_ka_loading.session.Session().load_from_options.\ + mock_ka_loading.load_session_from_conf_options.\ assert_called_once_with(auth=mock.sentinel.auth, - cacert=None, - cert=None, - insecure=False, - key=None) + conf=cfg.CONF, + group=auth_utils.CFG_MURANO_AUTH_GROUP) def test_get_session_client_parameters(self): @@ -334,7 +331,7 @@ class TestAuthUtils(base.MuranoTestCase): } result = auth_utils.get_session_client_parameters( - conf=cfg.CONF.murano, + conf='murano', service_type=mock.sentinel.service_type, service_name=mock.sentinel.service_name, session=mock.sentinel.session) diff --git a/murano/tests/unit/test_heat_stack.py b/murano/tests/unit/test_heat_stack.py index 07eb712b6..94a9fe65a 100644 --- a/murano/tests/unit/test_heat_stack.py +++ b/murano/tests/unit/test_heat_stack.py @@ -605,7 +605,7 @@ class TestHeatStack(base.MuranoTestCase): self.assertEqual("", str(client.__class__)) mock_auth_utils.get_client_session.assert_called_with( - conf=heat_stack.CONF.heat) + conf='heat') @mock.patch.object(heat_stack, 'auth_utils') def test_get_token_client(self, mock_auth_utils): @@ -622,7 +622,7 @@ class TestHeatStack(base.MuranoTestCase): self.assertEqual("", str(token_client.__class__)) mock_auth_utils.get_token_client_session.assert_called_with( - conf=heat_stack.CONF.heat) + conf='heat') def test_wait_state(self): hs = heat_stack.HeatStack('test-stack', None)