From c5928a4464ce73998803aaa520a6deba79cc5d19 Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Mon, 28 Apr 2014 15:02:34 +0200 Subject: [PATCH] Updated keystone_admin conf section to reflect changes in middleware keystonemiddleware module now prefers auth_uri (for public auth endpoint) and identity_uri (for admin auth endpoint). Made cisco plugin to use public auth_uri instead of identity_uri. identity_uri is used by keystonemiddleware only, anyway added it to several unit tests for consistency. DocImpact Closes-Bug: 1313783 Change-Id: I8bce9bfc01859dad82e5a98f4ac1da54ed86392a --- etc/neutron.conf | 5 +-- neutron/common/utils.py | 12 ++++++ .../plugins/cisco/db/l3/device_handling_db.py | 4 +- neutron/plugins/ibm/sdnve_api.py | 10 ++--- .../ml2/drivers/arista/mechanism_arista.py | 39 ++++++++++--------- .../l3/test_l3_router_appliance_plugin.py | 5 +-- .../arista/test_arista_mechanism_driver.py | 21 +++++----- .../unit/opencontrail/test_contrail_plugin.py | 5 +-- 8 files changed, 56 insertions(+), 45 deletions(-) diff --git a/etc/neutron.conf b/etc/neutron.conf index 998b2dea4..2164ce525 100644 --- a/etc/neutron.conf +++ b/etc/neutron.conf @@ -589,9 +589,8 @@ lock_path = $state_path/lock # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_host = 127.0.0.1 -auth_port = 35357 -auth_protocol = http +auth_uri = http://127.0.0.1:35357/v2.0/ +identity_uri = http://127.0.0.1:5000 admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% diff --git a/neutron/common/utils.py b/neutron/common/utils.py index 3824553e4..b5256a047 100644 --- a/neutron/common/utils.py +++ b/neutron/common/utils.py @@ -357,3 +357,15 @@ def is_dvr_serviced(device_owner): q_const.DEVICE_OWNER_DHCP) return (device_owner.startswith('compute:') or device_owner in dvr_serviced_device_owners) + + +def get_keystone_url(conf): + if conf.auth_uri: + auth_uri = conf.auth_uri.rstrip('/') + else: + auth_uri = ('%(protocol)s://%(host)s:%(port)s' % + {'protocol': conf.auth_protocol, + 'host': conf.auth_host, + 'port': conf.auth_port}) + # NOTE(ihrachys): all existing consumers assume version 2.0 + return '%s/v2.0/' % auth_uri diff --git a/neutron/plugins/cisco/db/l3/device_handling_db.py b/neutron/plugins/cisco/db/l3/device_handling_db.py index 1fe911575..a6fe717e4 100644 --- a/neutron/plugins/cisco/db/l3/device_handling_db.py +++ b/neutron/plugins/cisco/db/l3/device_handling_db.py @@ -108,7 +108,7 @@ class DeviceHandlingMixin(object): def l3_tenant_id(cls): """Returns id of tenant owning hosting device resources.""" if cls._l3_tenant_uuid is None: - auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0" + auth_url = cfg.CONF.keystone_authtoken.auth_uri user = cfg.CONF.keystone_authtoken.admin_user pw = cfg.CONF.keystone_authtoken.admin_password tenant = cfg.CONF.keystone_authtoken.admin_tenant_name @@ -336,7 +336,7 @@ class DeviceHandlingMixin(object): return True def _setup_device_handling(self): - auth_url = cfg.CONF.keystone_authtoken.identity_uri + "/v2.0" + auth_url = cfg.CONF.keystone_authtoken.auth_uri u_name = cfg.CONF.keystone_authtoken.admin_user pw = cfg.CONF.keystone_authtoken.admin_password tenant = cfg.CONF.general.l3_admin_tenant diff --git a/neutron/plugins/ibm/sdnve_api.py b/neutron/plugins/ibm/sdnve_api.py index 968365f6f..470cb47df 100644 --- a/neutron/plugins/ibm/sdnve_api.py +++ b/neutron/plugins/ibm/sdnve_api.py @@ -23,6 +23,7 @@ from keystoneclient.v2_0 import client as keyclient from oslo.config import cfg from neutron.api.v2 import attributes +from neutron.common import utils from neutron.i18n import _LE, _LI from neutron.openstack.common import log as logging from neutron.plugins.ibm.common import config # noqa @@ -341,15 +342,14 @@ class KeystoneClient(object): auth_url=None): keystone_conf = cfg.CONF.keystone_authtoken - keystone_auth_url = ('%s://%s:%s/v2.0/' % - (keystone_conf.auth_protocol, - keystone_conf.auth_host, - keystone_conf.auth_port)) username = username or keystone_conf.admin_user tenant_name = tenant_name or keystone_conf.admin_tenant_name password = password or keystone_conf.admin_password - auth_url = auth_url or keystone_auth_url + # FIXME(ihrachys): plugins should not construct keystone URL + # from configuration file and should instead rely on service + # catalog contents + auth_url = auth_url or utils.get_keystone_url(keystone_conf) self.overlay_signature = cfg.CONF.SDNVE.overlay_signature self.of_signature = cfg.CONF.SDNVE.of_signature diff --git a/neutron/plugins/ml2/drivers/arista/mechanism_arista.py b/neutron/plugins/ml2/drivers/arista/mechanism_arista.py index 7e76c6ebb..09f6621d5 100644 --- a/neutron/plugins/ml2/drivers/arista/mechanism_arista.py +++ b/neutron/plugins/ml2/drivers/arista/mechanism_arista.py @@ -20,6 +20,7 @@ import jsonrpclib from oslo.config import cfg from neutron.common import constants as n_const +from neutron.common import utils from neutron.i18n import _LI, _LW from neutron.openstack.common import log as logging from neutron.plugins.ml2.common import exceptions as ml2_exc @@ -77,13 +78,6 @@ class AristaRPCWrapper(object): LOG.warn(_LW("'timestamp' command '%s' is not available on EOS"), cmd) - def _keystone_url(self): - keystone_auth_url = ('%s://%s:%s/v2.0/' % - (self.keystone_conf.auth_protocol, - self.keystone_conf.auth_host, - self.keystone_conf.auth_port)) - return keystone_auth_url - def get_tenants(self): """Returns dict of all tenants known by EOS. @@ -389,18 +383,25 @@ class AristaRPCWrapper(object): This the initial handshake between Neutron and EOS. critical end-point information is registered with EOS. """ - - cmds = ['auth url %s user %s password %s tenant %s' % ( - self._keystone_url(), - self.keystone_conf.admin_user, - self.keystone_conf.admin_password, - self.keystone_conf.admin_tenant_name)] - - log_cmds = ['auth url %s user %s password %s tenant %s' % ( - self._keystone_url(), - self.keystone_conf.admin_user, - '******', - self.keystone_conf.admin_tenant_name)] + keystone_conf = self.keystone_conf + # FIXME(ihrachys): plugins should not construct keystone URL + # from configuration file and should instead rely on service + # catalog contents + auth_uri = utils.get_keystone_url(keystone_conf) + + cmds = ['auth url %(auth_url)s user %(user)s ' + 'password %(password)s tenant %(tenant)s' % + {'auth_url': auth_uri, + 'user': keystone_conf.admin_user, + 'password': keystone_conf.admin_password, + 'tenant': keystone_conf.admin_tenant_name}] + + log_cmds = ['auth url %(auth_url)s user %(user)s ' + 'password %(password)s tenant %(tenant)s' % + {'auth_url': auth_uri, + 'user': keystone_conf.admin_user, + 'password': '******', + 'tenant': keystone_conf.admin_tenant_name}] sync_interval_cmd = 'sync interval %d' % self.sync_interval cmds.append(sync_interval_cmd) diff --git a/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py b/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py index 00e2336bd..229dfc24d 100644 --- a/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py +++ b/neutron/tests/unit/cisco/l3/test_l3_router_appliance_plugin.py @@ -158,9 +158,8 @@ class L3RouterApplianceTestCaseBase( cfg.CONF.set_override('allow_sorting', True) test_opts = [ - cfg.StrOpt('auth_protocol', default='http'), - cfg.StrOpt('auth_host', default='localhost'), - cfg.IntOpt('auth_port', default=35357), + cfg.StrOpt('auth_uri', default='http://localhost:35357/v2.0/'), + cfg.StrOpt('identity_uri', default='http://localhost:5000'), cfg.StrOpt('admin_user', default='neutron'), cfg.StrOpt('admin_password', default='secrete')] cfg.CONF.register_opts(test_opts, 'keystone_authtoken') diff --git a/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py b/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py index aff8e0293..f4fec0d72 100644 --- a/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py +++ b/neutron/tests/unit/ml2/drivers/arista/test_arista_mechanism_driver.py @@ -17,6 +17,7 @@ import mock from oslo.config import cfg from neutron.common import constants as n_const +from neutron.common import utils from neutron.extensions import portbindings from neutron.plugins.ml2.drivers.arista import db from neutron.plugins.ml2.drivers.arista import exceptions as arista_exc @@ -525,13 +526,14 @@ class PositiveRPCWrapperValidConfigTestCase(base.BaseTestCase): def test_register_with_eos(self): self.drv.register_with_eos() auth = fake_keystone_info_class() - keystone_url = '%s://%s:%s/v2.0/' % (auth.auth_protocol, - auth.auth_host, - auth.auth_port) - auth_cmd = 'auth url %s user %s password %s tenant %s' % (keystone_url, - auth.admin_user, - auth.admin_password, - auth.admin_tenant_name) + auth_cmd = ( + 'auth url %(auth_url)s user %(user)s ' + 'password %(password)s tenant %(tenant)s' % + {'auth_url': utils.get_keystone_url(auth), + 'user': auth.admin_user, + 'password': auth.admin_password, + 'tenant': auth.admin_tenant_name} + ) cmds = ['enable', 'configure', 'cvx', @@ -713,9 +715,8 @@ class fake_keystone_info_class(object): Arista Driver expects Keystone auth info. This fake information is for testing only """ - auth_protocol = 'abc' - auth_host = 'host' - auth_port = 5000 + auth_uri = 'abc://host:35357/v2.0/' + identity_uri = 'abc://host:5000' admin_user = 'neutron' admin_password = 'fun' admin_tenant_name = 'tenant_name' diff --git a/neutron/tests/unit/opencontrail/test_contrail_plugin.py b/neutron/tests/unit/opencontrail/test_contrail_plugin.py index 3c5486d7a..346e89639 100644 --- a/neutron/tests/unit/opencontrail/test_contrail_plugin.py +++ b/neutron/tests/unit/opencontrail/test_contrail_plugin.py @@ -201,9 +201,8 @@ class KeyStoneInfo(object): """To generate Keystone Authentication information Contrail Driver expects Keystone auth info for testing purpose. """ - auth_protocol = 'http' - auth_host = 'host' - auth_port = 5000 + auth_uri = 'http://host:35357/v2.0/' + identity_uri = 'http://host:5000' admin_user = 'neutron' admin_password = 'neutron' admin_token = 'neutron' -- 2.45.2