From c1dbf753d91376c3cc262a27a502462dce90c048 Mon Sep 17 00:00:00 2001 From: Julien Danjou Date: Thu, 23 Jul 2015 19:10:11 +0200 Subject: [PATCH] keystone_client: stop using cfg.CONF We don't want to rely on the global conf object to avoid all kind of conflicts and import issue, we're gonna build a local one in service.prepare_service(). Change-Id: I376879e3ccd6b8613125cd5c58a501cc9862a27e --- .../api/controllers/v2/alarm_rules/gnocchi.py | 6 +- aodh/api/controllers/v2/alarms.py | 5 +- aodh/evaluator/gnocchi.py | 2 +- aodh/keystone_client.py | 55 +++++++++---------- aodh/notifier/trust.py | 3 +- 5 files changed, 36 insertions(+), 35 deletions(-) diff --git a/aodh/api/controllers/v2/alarm_rules/gnocchi.py b/aodh/api/controllers/v2/alarm_rules/gnocchi.py index 55c749dfd..68fa5e50e 100644 --- a/aodh/api/controllers/v2/alarm_rules/gnocchi.py +++ b/aodh/api/controllers/v2/alarm_rules/gnocchi.py @@ -63,7 +63,7 @@ class AlarmGnocchiThresholdRule(base.AlarmRule): # @cachetools.ttl_cache(maxsize=1, ttl=600) @staticmethod def _get_aggregation_methods(): - ks_client = keystone_client.get_client() + ks_client = keystone_client.get_client(cfg.CONF) gnocchi_url = cfg.CONF.gnocchi_url headers = {'Content-Type': "application/json", 'X-Auth-Token': ks_client.auth_token} @@ -103,7 +103,7 @@ class MetricOfResourceRule(AlarmGnocchiThresholdRule): cls).validate_alarm(alarm) rule = alarm.gnocchi_resources_threshold_rule - ks_client = keystone_client.get_client() + ks_client = keystone_client.get_client(cfg.CONF) gnocchi_url = cfg.CONF.gnocchi_url headers = {'Content-Type': "application/json", 'X-Auth-Token': ks_client.auth_token} @@ -161,7 +161,7 @@ class AggregationMetricByResourcesLookupRule(AlarmGnocchiThresholdRule): query]}) # Delegate the query validation to gnocchi - ks_client = keystone_client.get_client() + ks_client = keystone_client.get_client(cfg.CONF) request = { 'url': "%s/v1/aggregation/resource/%s/metric/%s" % ( cfg.CONF.gnocchi_url, diff --git a/aodh/api/controllers/v2/alarms.py b/aodh/api/controllers/v2/alarms.py index 91cf8ede1..29e066e70 100644 --- a/aodh/api/controllers/v2/alarms.py +++ b/aodh/api/controllers/v2/alarms.py @@ -403,6 +403,7 @@ class Alarm(base.Base): # We have a trust action without a trust ID, # create it trust_id = keystone_client.create_trust_id( + cfg.CONF, trustor_user_id, trustor_project_id, roles, auth_plugin) netloc = '%s:delete@%s' % (trust_id, url.netloc) @@ -417,6 +418,7 @@ class Alarm(base.Base): if (self._is_trust_url(url) and url.password and action not in getattr(self, key)): keystone_client.delete_trust_id( + cfg.CONF, url.username, auth_plugin) def delete_actions(self): @@ -425,7 +427,8 @@ class Alarm(base.Base): self.insufficient_data_actions): url = netutils.urlsplit(action) if self._is_trust_url(url) and url.password: - keystone_client.delete_trust_id(url.username, auth_plugin) + keystone_client.delete_trust_id(cfg.CONF, + url.username, auth_plugin) Alarm.add_attributes(**{"%s_rule" % ext.name: ext.plugin diff --git a/aodh/evaluator/gnocchi.py b/aodh/evaluator/gnocchi.py index 4931f13d3..bbc7a7fe1 100644 --- a/aodh/evaluator/gnocchi.py +++ b/aodh/evaluator/gnocchi.py @@ -44,7 +44,7 @@ class GnocchiThresholdEvaluator(threshold.ThresholdEvaluator): @property def ks_client(self): if self._ks_client is None: - self._ks_client = keystone_client.get_client() + self._ks_client = keystone_client.get_client(cfg.CONF) return self._ks_client def _get_headers(self, content_type="application/json"): diff --git a/aodh/keystone_client.py b/aodh/keystone_client.py index 0d79c03bf..56a0bb687 100644 --- a/aodh/keystone_client.py +++ b/aodh/keystone_client.py @@ -19,28 +19,24 @@ from keystoneclient import exceptions as ks_exception from keystoneclient import session as ks_session from keystoneclient.v2_0 import client as ks_client from keystoneclient.v3 import client as ks_client_v3 -from oslo_config import cfg - -cfg.CONF.import_group('service_credentials', 'aodh.service') -cfg.CONF.import_opt('http_timeout', 'aodh.service') -def get_client(): +def get_client(conf): return ks_client.Client( - username=cfg.CONF.service_credentials.os_username, - password=cfg.CONF.service_credentials.os_password, - tenant_id=cfg.CONF.service_credentials.os_tenant_id, - tenant_name=cfg.CONF.service_credentials.os_tenant_name, - cacert=cfg.CONF.service_credentials.os_cacert, - auth_url=cfg.CONF.service_credentials.os_auth_url, - region_name=cfg.CONF.service_credentials.os_region_name, - insecure=cfg.CONF.service_credentials.insecure, - timeout=cfg.CONF.http_timeout,) + username=conf.service_credentials.os_username, + password=conf.service_credentials.os_password, + tenant_id=conf.service_credentials.os_tenant_id, + tenant_name=conf.service_credentials.os_tenant_name, + cacert=conf.service_credentials.os_cacert, + auth_url=conf.service_credentials.os_auth_url, + region_name=conf.service_credentials.os_region_name, + insecure=conf.service_credentials.insecure, + timeout=conf.http_timeout,) -def get_v3_client(trust_id=None): +def get_v3_client(conf, trust_id=None): """Return a client for keystone v3 endpoint, optionally using a trust.""" - auth_url = cfg.CONF.service_credentials.os_auth_url + auth_url = conf.service_credentials.os_auth_url try: auth_url_noneversion = auth_url.replace('/v2.0', '/') discover = ks_discover.Discover(auth_url=auth_url_noneversion) @@ -52,25 +48,26 @@ def get_v3_client(trust_id=None): except Exception: auth_url = auth_url.replace('/v2.0', '/v3') return ks_client_v3.Client( - username=cfg.CONF.service_credentials.os_username, - password=cfg.CONF.service_credentials.os_password, - cacert=cfg.CONF.service_credentials.os_cacert, + username=conf.service_credentials.os_username, + password=conf.service_credentials.os_password, + cacert=conf.service_credentials.os_cacert, auth_url=auth_url, - region_name=cfg.CONF.service_credentials.os_region_name, - insecure=cfg.CONF.service_credentials.insecure, - timeout=cfg.CONF.http_timeout, + region_name=conf.service_credentials.os_region_name, + insecure=conf.service_credentials.insecure, + timeout=conf.http_timeout, trust_id=trust_id) -def create_trust_id(trustor_user_id, trustor_project_id, roles, auth_plugin): +def create_trust_id(conf, trustor_user_id, trustor_project_id, + roles, auth_plugin): """Create a new trust using the aodh service user.""" - admin_client = get_v3_client() + admin_client = get_v3_client(conf) trustee_user_id = admin_client.auth_ref.user_id session = ks_session.Session.construct({ - 'cacert': cfg.CONF.service_credentials.os_cacert, - 'insecure': cfg.CONF.service_credentials.insecure}) + 'cacert': conf.service_credentials.os_cacert, + 'insecure': conf.service_credentials.insecure}) client = ks_client_v3.Client(session=session, auth=auth_plugin) @@ -82,11 +79,11 @@ def create_trust_id(trustor_user_id, trustor_project_id, roles, auth_plugin): return trust.id -def delete_trust_id(trust_id, auth_plugin): +def delete_trust_id(conf, trust_id, auth_plugin): """Delete a trust previously setup for the aodh user.""" session = ks_session.Session.construct({ - 'cacert': cfg.CONF.service_credentials.os_cacert, - 'insecure': cfg.CONF.service_credentials.insecure}) + 'cacert': conf.service_credentials.os_cacert, + 'insecure': conf.service_credentials.insecure}) client = ks_client_v3.Client(session=session, auth=auth_plugin) try: diff --git a/aodh/notifier/trust.py b/aodh/notifier/trust.py index b46d1c759..1527964b9 100644 --- a/aodh/notifier/trust.py +++ b/aodh/notifier/trust.py @@ -14,6 +14,7 @@ # under the License. """Rest alarm notifier with trusted authentication.""" +from oslo_config import cfg from six.moves.urllib import parse from aodh import keystone_client @@ -35,7 +36,7 @@ class TrustRestAlarmNotifier(rest.RestAlarmNotifier): reason, reason_data): trust_id = action.username - client = keystone_client.get_v3_client(trust_id) + client = keystone_client.get_v3_client(cfg.CONF, trust_id) # Remove the fake user netloc = action.netloc.split("@")[1]