openstack/aodh
Code Issues Proposed changes

keystone_client: stop using cfg.CONF

Browse Source 
We don't want to rely on the global conf object to avoid all kind of
conflicts and import issue, we're gonna build a local one in
service.prepare_service().

Change-Id: I376879e3ccd6b8613125cd5c58a501cc9862a27e
This commit is contained in:
Julien Danjou 2015-07-23 19:10:11 +02:00
parent a00af9ade8
commit c1dbf753d9
5 changed files with 36 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
aodh/api/controllers/v2/alarm_rules/gnocchi.py
View File

@ -63,7 +63,7 @@ class AlarmGnocchiThresholdRule(base.AlarmRule):
# @cachetools.ttl_cache(maxsize=1, ttl=600) # @cachetools.ttl_cache(maxsize=1, ttl=600)
@staticmethod @staticmethod
def _get_aggregation_methods(): def _get_aggregation_methods():
ks_client = keystone_client.get_client() ks_client = keystone_client.get_client(cfg.CONF)
gnocchi_url = cfg.CONF.gnocchi_url gnocchi_url = cfg.CONF.gnocchi_url
headers = {'Content-Type': "application/json", headers = {'Content-Type': "application/json",
'X-Auth-Token': ks_client.auth_token} 'X-Auth-Token': ks_client.auth_token}
@ -103,7 +103,7 @@ class MetricOfResourceRule(AlarmGnocchiThresholdRule):
cls).validate_alarm(alarm) cls).validate_alarm(alarm)
rule = alarm.gnocchi_resources_threshold_rule rule = alarm.gnocchi_resources_threshold_rule
ks_client = keystone_client.get_client() ks_client = keystone_client.get_client(cfg.CONF)
gnocchi_url = cfg.CONF.gnocchi_url gnocchi_url = cfg.CONF.gnocchi_url
headers = {'Content-Type': "application/json", headers = {'Content-Type': "application/json",
'X-Auth-Token': ks_client.auth_token} 'X-Auth-Token': ks_client.auth_token}
@ -161,7 +161,7 @@ class AggregationMetricByResourcesLookupRule(AlarmGnocchiThresholdRule):
query]}) query]})
# Delegate the query validation to gnocchi # Delegate the query validation to gnocchi
ks_client = keystone_client.get_client() ks_client = keystone_client.get_client(cfg.CONF)
request = { request = {
'url': "%s/v1/aggregation/resource/%s/metric/%s" % ( 'url': "%s/v1/aggregation/resource/%s/metric/%s" % (
cfg.CONF.gnocchi_url, cfg.CONF.gnocchi_url,

5
aodh/api/controllers/v2/alarms.py
View File

@ -403,6 +403,7 @@ class Alarm(base.Base):
# We have a trust action without a trust ID, # We have a trust action without a trust ID,
# create it # create it
trust_id = keystone_client.create_trust_id( trust_id = keystone_client.create_trust_id(
cfg.CONF,
trustor_user_id, trustor_project_id, roles, trustor_user_id, trustor_project_id, roles,
auth_plugin) auth_plugin)
netloc = '%s:delete@%s' % (trust_id, url.netloc) netloc = '%s:delete@%s' % (trust_id, url.netloc)
@ -417,6 +418,7 @@ class Alarm(base.Base):
if (self._is_trust_url(url) and url.password and if (self._is_trust_url(url) and url.password and
action not in getattr(self, key)): action not in getattr(self, key)):
keystone_client.delete_trust_id( keystone_client.delete_trust_id(
cfg.CONF,
url.username, auth_plugin) url.username, auth_plugin)
def delete_actions(self): def delete_actions(self):
@ -425,7 +427,8 @@ class Alarm(base.Base):
self.insufficient_data_actions): self.insufficient_data_actions):
url = netutils.urlsplit(action) url = netutils.urlsplit(action)
if self._is_trust_url(url) and url.password: if self._is_trust_url(url) and url.password:
keystone_client.delete_trust_id(url.username, auth_plugin) keystone_client.delete_trust_id(cfg.CONF,
url.username, auth_plugin)
Alarm.add_attributes(**{"%s_rule" % ext.name: ext.plugin Alarm.add_attributes(**{"%s_rule" % ext.name: ext.plugin

2
aodh/evaluator/gnocchi.py
View File

@ -44,7 +44,7 @@ class GnocchiThresholdEvaluator(threshold.ThresholdEvaluator):
@property @property
def ks_client(self): def ks_client(self):
if self._ks_client is None: if self._ks_client is None:
self._ks_client = keystone_client.get_client() self._ks_client = keystone_client.get_client(cfg.CONF)
return self._ks_client return self._ks_client
def _get_headers(self, content_type="application/json"): def _get_headers(self, content_type="application/json"):

55
aodh/keystone_client.py
View File

@ -19,28 +19,24 @@ from keystoneclient import exceptions as ks_exception
from keystoneclient import session as ks_session from keystoneclient import session as ks_session
from keystoneclient.v2_0 import client as ks_client from keystoneclient.v2_0 import client as ks_client
from keystoneclient.v3 import client as ks_client_v3 from keystoneclient.v3 import client as ks_client_v3
from oslo_config import cfg
cfg.CONF.import_group('service_credentials', 'aodh.service')
cfg.CONF.import_opt('http_timeout', 'aodh.service')
def get_client(): def get_client(conf):
return ks_client.Client( return ks_client.Client(
username=cfg.CONF.service_credentials.os_username, username=conf.service_credentials.os_username,
password=cfg.CONF.service_credentials.os_password, password=conf.service_credentials.os_password,
tenant_id=cfg.CONF.service_credentials.os_tenant_id, tenant_id=conf.service_credentials.os_tenant_id,
tenant_name=cfg.CONF.service_credentials.os_tenant_name, tenant_name=conf.service_credentials.os_tenant_name,
cacert=cfg.CONF.service_credentials.os_cacert, cacert=conf.service_credentials.os_cacert,
auth_url=cfg.CONF.service_credentials.os_auth_url, auth_url=conf.service_credentials.os_auth_url,
region_name=cfg.CONF.service_credentials.os_region_name, region_name=conf.service_credentials.os_region_name,
insecure=cfg.CONF.service_credentials.insecure, insecure=conf.service_credentials.insecure,
timeout=cfg.CONF.http_timeout,) timeout=conf.http_timeout,)
def get_v3_client(trust_id=None): def get_v3_client(conf, trust_id=None):
"""Return a client for keystone v3 endpoint, optionally using a trust.""" """Return a client for keystone v3 endpoint, optionally using a trust."""
auth_url = cfg.CONF.service_credentials.os_auth_url auth_url = conf.service_credentials.os_auth_url
try: try:
auth_url_noneversion = auth_url.replace('/v2.0', '/') auth_url_noneversion = auth_url.replace('/v2.0', '/')
discover = ks_discover.Discover(auth_url=auth_url_noneversion) discover = ks_discover.Discover(auth_url=auth_url_noneversion)
@ -52,25 +48,26 @@ def get_v3_client(trust_id=None):
except Exception: except Exception:
auth_url = auth_url.replace('/v2.0', '/v3') auth_url = auth_url.replace('/v2.0', '/v3')
return ks_client_v3.Client( return ks_client_v3.Client(
username=cfg.CONF.service_credentials.os_username, username=conf.service_credentials.os_username,
password=cfg.CONF.service_credentials.os_password, password=conf.service_credentials.os_password,
cacert=cfg.CONF.service_credentials.os_cacert, cacert=conf.service_credentials.os_cacert,
auth_url=auth_url, auth_url=auth_url,
region_name=cfg.CONF.service_credentials.os_region_name, region_name=conf.service_credentials.os_region_name,
insecure=cfg.CONF.service_credentials.insecure, insecure=conf.service_credentials.insecure,
timeout=cfg.CONF.http_timeout, timeout=conf.http_timeout,
trust_id=trust_id) trust_id=trust_id)
def create_trust_id(trustor_user_id, trustor_project_id, roles, auth_plugin): def create_trust_id(conf, trustor_user_id, trustor_project_id,
roles, auth_plugin):
"""Create a new trust using the aodh service user.""" """Create a new trust using the aodh service user."""
admin_client = get_v3_client() admin_client = get_v3_client(conf)
trustee_user_id = admin_client.auth_ref.user_id trustee_user_id = admin_client.auth_ref.user_id
session = ks_session.Session.construct({ session = ks_session.Session.construct({
'cacert': cfg.CONF.service_credentials.os_cacert, 'cacert': conf.service_credentials.os_cacert,
'insecure': cfg.CONF.service_credentials.insecure}) 'insecure': conf.service_credentials.insecure})
client = ks_client_v3.Client(session=session, auth=auth_plugin) client = ks_client_v3.Client(session=session, auth=auth_plugin)
@ -82,11 +79,11 @@ def create_trust_id(trustor_user_id, trustor_project_id, roles, auth_plugin):
return trust.id return trust.id
def delete_trust_id(trust_id, auth_plugin): def delete_trust_id(conf, trust_id, auth_plugin):
"""Delete a trust previously setup for the aodh user.""" """Delete a trust previously setup for the aodh user."""
session = ks_session.Session.construct({ session = ks_session.Session.construct({
'cacert': cfg.CONF.service_credentials.os_cacert, 'cacert': conf.service_credentials.os_cacert,
'insecure': cfg.CONF.service_credentials.insecure}) 'insecure': conf.service_credentials.insecure})
client = ks_client_v3.Client(session=session, auth=auth_plugin) client = ks_client_v3.Client(session=session, auth=auth_plugin)
try: try:

3
aodh/notifier/trust.py
View File

@ -14,6 +14,7 @@
# under the License. # under the License.
"""Rest alarm notifier with trusted authentication.""" """Rest alarm notifier with trusted authentication."""
from oslo_config import cfg
from six.moves.urllib import parse from six.moves.urllib import parse
from aodh import keystone_client from aodh import keystone_client
@ -35,7 +36,7 @@ class TrustRestAlarmNotifier(rest.RestAlarmNotifier):
reason, reason_data): reason, reason_data):
trust_id = action.username trust_id = action.username
client = keystone_client.get_v3_client(trust_id) client = keystone_client.get_v3_client(cfg.CONF, trust_id)
# Remove the fake user # Remove the fake user
netloc = action.netloc.split("@")[1] netloc = action.netloc.split("@")[1]