From 109353dedbe53201eb6999984c5658d9193115df Mon Sep 17 00:00:00 2001 From: Szymon Borkowski Date: Tue, 1 Dec 2015 14:12:03 +0100 Subject: [PATCH] Use proper config option to connect to keystone Earlier, quotas used to authenticate to endpoint from not required option located in keymgr.encryption_auth_url. Now, the required auth_uri option from config file is used to authenticate to keystone. Co-Authored-By: Michal Dulko Change-Id: I1076527704f8def2c6755c060df49232e5ebe805 Closes-Bug: 1516085 --- cinder/api/contrib/quotas.py | 14 ++++++++++---- cinder/tests/unit/api/contrib/test_quotas.py | 18 ++++++++++++------ .../notes/a7401ead26a7c83b-keystone-url.yaml | 3 +++ requirements.txt | 1 + 4 files changed, 26 insertions(+), 10 deletions(-) create mode 100644 releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml diff --git a/cinder/api/contrib/quotas.py b/cinder/api/contrib/quotas.py index 004f101b9..e513f410b 100644 --- a/cinder/api/contrib/quotas.py +++ b/cinder/api/contrib/quotas.py @@ -15,8 +15,10 @@ import webob +from keystoneclient.auth.identity.generic import token +from keystoneclient import client from keystoneclient import exceptions -from keystoneclient.v3 import client +from keystoneclient import session from cinder.api import extensions from cinder.api.openstack import wsgi @@ -180,9 +182,13 @@ class QuotaSetsController(wsgi.Controller): order to do quota operations properly. """ try: - keystone = client.Client(auth_url=CONF.keymgr.encryption_auth_url, - token=context.auth_token, - project_id=context.project_id) + auth_plugin = token.Token( + auth_url=CONF.keystone_authtoken.auth_uri, + token=context.auth_token, + project_id=context.project_id) + client_session = session.Session(auth=auth_plugin) + keystone = client.Client(auth_url=CONF.keystone_authtoken.auth_uri, + session=client_session) project = keystone.projects.get(id, subtree_as_ids=subtree_as_ids) except exceptions.NotFound: msg = (_("Tenant ID: %s does not exist.") % id) diff --git a/cinder/tests/unit/api/contrib/test_quotas.py b/cinder/tests/unit/api/contrib/test_quotas.py index e4f4335bc..398f096d9 100644 --- a/cinder/tests/unit/api/contrib/test_quotas.py +++ b/cinder/tests/unit/api/contrib/test_quotas.py @@ -32,7 +32,9 @@ from cinder import db from cinder import test from cinder.tests.unit import test_db_api +from keystonemiddleware import auth_token from oslo_config import cfg +from oslo_config import fixture as config_fixture CONF = cfg.CONF @@ -92,7 +94,10 @@ class QuotaSetsControllerTest(test.TestCase): self.req.environ['cinder.context'].project_id = 'foo' self._create_project_hierarchy() - self.auth_url = CONF.keymgr.encryption_auth_url + + self.auth_url = 'http://localhost:5000' + self.fixture = self.useFixture(config_fixture.Config(auth_token.CONF)) + self.fixture.config(auth_uri=self.auth_url, group='keystone_authtoken') def _create_project_hierarchy(self): """Sets an environment used for nested quotas tests. @@ -123,15 +128,16 @@ class QuotaSetsControllerTest(test.TestCase): def _get_project(self, context, id, subtree_as_ids=False): return self.project_by_id.get(id, self.FakeProject()) - @mock.patch('keystoneclient.v3.client.Client') - def test_keystone_client_instantiation(self, ksclient_class): + @mock.patch('keystoneclient.client.Client') + @mock.patch('keystoneclient.session.Session') + def test_keystone_client_instantiation(self, ksclient_session, + ksclient_class): context = self.req.environ['cinder.context'] self.controller._get_project(context, context.project_id) ksclient_class.assert_called_once_with(auth_url=self.auth_url, - token=context.auth_token, - project_id=context.project_id) + session=ksclient_session()) - @mock.patch('keystoneclient.v3.client.Client') + @mock.patch('keystoneclient.client.Client') def test_get_project(self, ksclient_class): context = self.req.environ['cinder.context'] keystoneclient = ksclient_class.return_value diff --git a/releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml b/releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml new file mode 100644 index 000000000..93e66628f --- /dev/null +++ b/releasenotes/notes/a7401ead26a7c83b-keystone-url.yaml @@ -0,0 +1,3 @@ +--- +fixes: + - Cinder will now correctly read Keystone's endpoint for quota calls from keystone_authtoken.auth_uri instead of keymgr.encryption_auth_url config option. diff --git a/requirements.txt b/requirements.txt index 8f8a77874..35b2da684 100644 --- a/requirements.txt +++ b/requirements.txt @@ -33,6 +33,7 @@ pycrypto>=2.6 pyparsing>=2.0.1 python-barbicanclient>=3.3.0 python-glanceclient>=0.18.0 +python-keystoneclient>=1.6.0,!=1.8.0 python-novaclient!=2.33.0,>=2.29.0 python-swiftclient>=2.2.0 requests>=2.8.1 -- 2.45.2