Updated keystone_admin conf section to reflect changes in middleware

keystonemiddleware module now prefers auth_uri (for public auth
endpoint) and identity_uri (for admin auth endpoint).

Made cisco plugin to use public auth_uri instead of identity_uri.

identity_uri is used by keystonemiddleware only, anyway added it to
several unit tests for consistency.

DocImpact
Closes-Bug: 1313783
Change-Id: I8bce9bfc01859dad82e5a98f4ac1da54ed86392a

diff --git a/etc/neutron.conf b/etc/neutron.conf
index 998b2dea4a39bea09101bbd2ff12fa236c01c809..2164ce525e693a63d6233c73ffe64e1094023700 100644 (file)
--- a/etc/neutron.conf
+++ b/etc/neutron.conf
@@ -589,9 +589,8 @@ lock_path = $state_path/lock
 # ===========  end of items for agent management extension =====
 
 [keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
+auth_uri = http://127.0.0.1:35357/v2.0/
+identity_uri = http://127.0.0.1:5000
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%

diff --git a/neutron/common/utils.py b/neutron/common/utils.py
index 3824553e48c2cf3e969bb6b5e77c43f7d7e06d96..b5256a047fbdf27bb18571d5610f439c1eadece8 100644 (file)
--- a/neutron/common/utils.py
+++ b/neutron/common/utils.py
@@ -357,3 +357,15 @@ def is_dvr_serviced(device_owner):
                                   q_const.DEVICE_OWNER_DHCP)
     return (device_owner.startswith('compute:') or
             device_owner in dvr_serviced_device_owners)
+
+
+def get_keystone_url(conf):
+    if conf.auth_uri:
+        auth_uri = conf.auth_uri.rstrip('/')
+    else:
+        auth_uri = ('%(protocol)s://%(host)s:%(port)s' %
+            {'protocol': conf.auth_protocol,
+             'host': conf.auth_host,
+             'port': conf.auth_port})
+    # NOTE(ihrachys): all existing consumers assume version 2.0
+    return '%s/v2.0/' % auth_uri

diff --git a/neutron/plugins/cisco/db/l3/device_handling_db.py b/neutron/plugins/cisco/db/l3/device_handling_db.py
index 1fe911575a71a3fb24947829c0f2c1d5105d4cf9..a6fe717e4dd140ee8822b543db8d7050bc44df97 100644 (file)
--- a/neutron/plugins/cisco/db/l3/device_handling_db.py
+++ b/neutron/plugins/cisco/db/l3/device_handling_db.py
@@ -108,7 +108,7 @@ class DeviceHandlingMixin(object):
     def l3_tenant_id(cls):
         """Returns id of tenant owning hosting device resources."""
         if cls._l3_tenant_uuid is None:
-            auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
+            auth_url = cfg.CONF.keystone_authtoken.auth_uri
             user = cfg.CONF.keystone_authtoken.admin_user
             pw = cfg.CONF.keystone_authtoken.admin_password
             tenant = cfg.CONF.keystone_authtoken.admin_tenant_name
@@ -336,7 +336,7 @@ class DeviceHandlingMixin(object):
             return True
 
     def _setup_device_handling(self):
-        auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0"
+        auth_url = cfg.CONF.keystone_authtoken.auth_uri
         u_name = cfg.CONF.keystone_authtoken.admin_user
         pw = cfg.CONF.keystone_authtoken.admin_password
         tenant = cfg.CONF.general.l3_admin_tenant

diff --git a/neutron/plugins/ibm/sdnve_api.py b/neutron/plugins/ibm/sdnve_api.py
index 968365f6fdf38e53c2c70475ecef03dd05ce89b8..470cb47df79cee79352665123391c6a2a466af1d 100644 (file)
--- a/neutron/plugins/ibm/sdnve_api.py
+++ b/neutron/plugins/ibm/sdnve_api.py
@@ -23,6 +23,7 @@ from keystoneclient.v2_0 import client as keyclient
 from oslo.config import cfg
 
 from neutron.api.v2 import attributes
+from neutron.common import utils
 from neutron.i18n import _LE, _LI
 from neutron.openstack.common import log as logging
 from neutron.plugins.ibm.common import config  # noqa
@@ -341,15 +342,14 @@ class KeystoneClient(object):
                  auth_url=None):
 
         keystone_conf = cfg.CONF.keystone_authtoken
-        keystone_auth_url = ('%s://%s:%s/v2.0/' %
-                             (keystone_conf.auth_protocol,
-                              keystone_conf.auth_host,
-                              keystone_conf.auth_port))
 
         username = username or keystone_conf.admin_user
         tenant_name = tenant_name or keystone_conf.admin_tenant_name
         password = password or keystone_conf.admin_password
-        auth_url = auth_url or keystone_auth_url
+        # FIXME(ihrachys): plugins should not construct keystone URL
+        # from configuration file and should instead rely on service
+        # catalog contents
+        auth_url = auth_url or utils.get_keystone_url(keystone_conf)
 
         self.overlay_signature = cfg.CONF.SDNVE.overlay_signature
         self.of_signature = cfg.CONF.SDNVE.of_signature

diff --git a/neutron/plugins/ml2/drivers/arista/mechanism_arista.py b/neutron/plugins/ml2/drivers/arista/mechanism_arista.py
index 7e76c6ebb7ae2cdeac7d1948373bce90d3440267..09f6621d595aee45469fbde11f760809169ec2a8 100644 (file)
--- a/neutron/plugins/ml2/drivers/arista/mechanism_arista.py
+++ b/neutron/plugins/ml2/drivers/arista/mechanism_arista.py
@@ -20,6 +20,7 @@ import jsonrpclib
 from oslo.config import cfg
 
 from neutron.common import constants as n_const
+from neutron.common import utils
 from neutron.i18n import _LI, _LW
 from neutron.openstack.common import log as logging
 from neutron.plugins.ml2.common import exceptions as ml2_exc
@@ -77,13 +78,6 @@ class AristaRPCWrapper(object):
             LOG.warn(_LW("'timestamp' command '%s' is not available on EOS"),
                      cmd)
 
-    def _keystone_url(self):
-        keystone_auth_url = ('%s://%s:%s/v2.0/' %
-                             (self.keystone_conf.auth_protocol,
-                              self.keystone_conf.auth_host,
-                              self.keystone_conf.auth_port))
-        return keystone_auth_url
-
     def get_tenants(self):
         """Returns dict of all tenants known by EOS.
 
@@ -389,18 +383,25 @@ class AristaRPCWrapper(object):
         This the initial handshake between Neutron and EOS.
         critical end-point information is registered with EOS.
         """
-
-        cmds = ['auth url %s user %s password %s tenant %s' % (
-                self._keystone_url(),
-                self.keystone_conf.admin_user,
-                self.keystone_conf.admin_password,
-                self.keystone_conf.admin_tenant_name)]
-
-        log_cmds = ['auth url %s user %s password %s tenant %s' % (
-                    self._keystone_url(),
-                    self.keystone_conf.admin_user,
-                    '******',
-                    self.keystone_conf.admin_tenant_name)]
+        keystone_conf = self.keystone_conf
+        # FIXME(ihrachys): plugins should not construct keystone URL
+        # from configuration file and should instead rely on service
+        # catalog contents
+        auth_uri = utils.get_keystone_url(keystone_conf)
+
+        cmds = ['auth url %(auth_url)s user %(user)s '
+                'password %(password)s tenant %(tenant)s' %
+                {'auth_url': auth_uri,
+                 'user': keystone_conf.admin_user,
+                 'password': keystone_conf.admin_password,
+                 'tenant': keystone_conf.admin_tenant_name}]
+
+        log_cmds = ['auth url %(auth_url)s user %(user)s '
+                    'password %(password)s tenant %(tenant)s' %
+                    {'auth_url': auth_uri,
+                     'user': keystone_conf.admin_user,
+                     'password': '******',
+                     'tenant': keystone_conf.admin_tenant_name}]
 
         sync_interval_cmd = 'sync interval %d' % self.sync_interval
         cmds.append(sync_interval_cmd)

diff --git a/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py b/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py
index 00e2336bd67dbe08908a07d5a24455521d1aecdc..229dfc24d612b54cc415d2ded3e6e360f7ad400f 100644 (file)
--- a/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py
+++ b/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py
@@ -158,9 +158,8 @@ class L3RouterApplianceTestCaseBase(
 
         cfg.CONF.set_override('allow_sorting', True)
         test_opts = [
-            cfg.StrOpt('auth_protocol', default='http'),
-            cfg.StrOpt('auth_host', default='localhost'),
-            cfg.IntOpt('auth_port', default=35357),
+            cfg.StrOpt('auth_uri', default='http://localhost:35357/v2.0/'),
+            cfg.StrOpt('identity_uri', default='http://localhost:5000'),
             cfg.StrOpt('admin_user', default='neutron'),
             cfg.StrOpt('admin_password', default='secrete')]
         cfg.CONF.register_opts(test_opts, 'keystone_authtoken')

diff --git a/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py b/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py
index aff8e0293172537cddd0e2c89f68c15408641e60..f4fec0d724c7fc002c32483ee7de75f267c6cbe7 100644 (file)
--- a/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py
+++ b/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py
@@ -17,6 +17,7 @@ import mock
 from oslo.config import cfg
 
 from neutron.common import constants as n_const
+from neutron.common import utils
 from neutron.extensions import portbindings
 from neutron.plugins.ml2.drivers.arista import db
 from neutron.plugins.ml2.drivers.arista import exceptions as arista_exc
@@ -525,13 +526,14 @@ class PositiveRPCWrapperValidConfigTestCase(base.BaseTestCase):
     def test_register_with_eos(self):
         self.drv.register_with_eos()
         auth = fake_keystone_info_class()
-        keystone_url = '%s://%s:%s/v2.0/' % (auth.auth_protocol,
-                                             auth.auth_host,
-                                             auth.auth_port)
-        auth_cmd = 'auth url %s user %s password %s tenant %s' % (keystone_url,
-                    auth.admin_user,
-                    auth.admin_password,
-                    auth.admin_tenant_name)
+        auth_cmd = (
+            'auth url %(auth_url)s user %(user)s '
+            'password %(password)s tenant %(tenant)s' %
+            {'auth_url': utils.get_keystone_url(auth),
+             'user': auth.admin_user,
+             'password': auth.admin_password,
+             'tenant': auth.admin_tenant_name}
+        )
         cmds = ['enable',
                 'configure',
                 'cvx',
@@ -713,9 +715,8 @@ class fake_keystone_info_class(object):
     Arista Driver expects Keystone auth info. This fake information
     is for testing only
     """
-    auth_protocol = 'abc'
-    auth_host = 'host'
-    auth_port = 5000
+    auth_uri = 'abc://host:35357/v2.0/'
+    identity_uri = 'abc://host:5000'
     admin_user = 'neutron'
     admin_password = 'fun'
     admin_tenant_name = 'tenant_name'

diff --git a/neutron/tests/unit/opencontrail/test_contrail_plugin.py b/neutron/tests/unit/opencontrail/test_contrail_plugin.py
index 3c5486d7a59eccbe3fc9f62432ab19b5ed803987..346e89639c37c8ff61fae0d487eb52a6205d2c55 100644 (file)
--- a/neutron/tests/unit/opencontrail/test_contrail_plugin.py
+++ b/neutron/tests/unit/opencontrail/test_contrail_plugin.py
@@ -201,9 +201,8 @@ class KeyStoneInfo(object):
     """To generate Keystone Authentication information
        Contrail Driver expects Keystone auth info for testing purpose.
     """
-    auth_protocol = 'http'
-    auth_host = 'host'
-    auth_port = 5000
+    auth_uri = 'http://host:35357/v2.0/'
+    identity_uri = 'http://host:5000'
     admin_user = 'neutron'
     admin_password = 'neutron'
     admin_token = 'neutron'