Keystone v3 support in VMTP

Change-Id: I13a0c757c199381b0c7501e080d37455843f708f
2016-08-13 20:03:05 -04:00 · 2016-08-13 20:03:05 -04:00 · 2317a76b37
commit 2317a76b37
parent 2ac7fbaec2
3 changed files with 72 additions and 48 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -14,7 +14,7 @@ python-glanceclient>=0.15.0
 python-neutronclient<3,>=2.3.6
 python-novaclient>=2.18.1
 python-openstackclient>=0.4.1
-python-keystoneclient>=1.0.0
+python-keystoneclient>=1.7.2
 pytz>=2016.4
 scp>=0.8.0
 tabulate>=0.7.3
--- a/vmtp/credentials.py
+++ b/vmtp/credentials.py
@ -27,25 +27,12 @@ class Credentials(object):
        dct['username'] = self.rc_username
        dct['password'] = self.rc_password
        dct['auth_url'] = self.rc_auth_url
-        dct['tenant_name'] = self.rc_tenant_name
-        dct['cacert'] = self.rc_cacert
-        dct['ca_cert'] = self.rc_cacert
-        dct['region_name'] = self.rc_region_name
-        return dct
-
-    def get_nova_credentials(self):
-        dct = {}
-        dct['username'] = self.rc_username
-        dct['api_key'] = self.rc_password
-        dct['auth_url'] = self.rc_auth_url
-        dct['project_id'] = self.rc_tenant_name
-        dct['cacert'] = self.rc_cacert
-        dct['region_name'] = self.rc_region_name
-        return dct
-
-    def get_nova_credentials_v2(self):
-        dct = self.get_nova_credentials()
-        dct['version'] = 2
+        if self.rc_identity_api_version == 3:
+            dct['project_name'] = self.rc_project_name
+            dct['project_domain_id'] = self.rc_project_domain_id
+            dct['user_domain_id'] = self.rc_user_domain_id
+        else:
+            dct['tenant_name'] = self.rc_tenant_name
        return dct

    #
@ -57,21 +44,23 @@ class Credentials(object):
        self.rc_username = None
        self.rc_tenant_name = None
        self.rc_auth_url = None
-        self.rc_cacert = None
+        self.rc_cacert = False
        self.rc_region_name = None
+        self.rc_project_name = None
+        self.rc_project_domain_id = None
+        self.rc_user_domain_id = None
+        self.rc_identity_api_version = 2
        success = True

        if openrc_file:
            if os.path.exists(openrc_file):
                export_re = re.compile('export OS_([A-Z_]*)="?(.*)')
                for line in open(openrc_file):
-                    line = line.strip()
-                    mstr = export_re.match(line)
+                    mstr = export_re.match(line.strip())
                    if mstr:
                        # get rif of posible trailing double quote
                        # the first one was removed by the re
-                        name = mstr.group(1)
-                        value = mstr.group(2)
+                        name, value = mstr.group(1), mstr.group(2)
                        if value.endswith('"'):
                            value = value[:-1]
                        # get rid of password assignment
@ -80,6 +69,11 @@ class Credentials(object):
                        # export OS_PASSWORD=$OS_PASSWORD_INPUT
                        if value.startswith('$'):
                            continue
+                        # Check if api version is provided
+                        # Default is keystone v2
+                        if name == 'IDENTITY_API_VERSION':
+                            self.rc_identity_api_version = int(value)
+
                        # now match against wanted variable names
                        if name == 'USERNAME':
                            self.rc_username = value
@ -93,6 +87,12 @@ class Credentials(object):
                            self.rc_region_name = value
                        elif name == "PASSWORD" and not pwd:
                            pwd = value
+                        elif name == "PROJECT_NAME":
+                            self.rc_project_name = value
+                        elif name == "PROJECT_DOMAIN_ID" or name == "PROJECT_DOMAIN_NAME":
+                            self.rc_project_domain_id = value
+                        elif name == "USER_DOMAIN_ID" or name == "USER_DOMAIN_ID":
+                            self.rc_user_domain_id = value
            else:
                LOG.error('Error: rc file does not exist %s', openrc_file)
                success = False
@ -100,18 +100,37 @@ class Credentials(object):
            # no openrc file passed - we assume the variables have been
            # sourced by the calling shell
            # just check that they are present
-            for varname in ['OS_USERNAME', 'OS_AUTH_URL', 'OS_TENANT_NAME']:
-                if varname not in os.environ:
-                    LOG.warning('%s is missing', varname)
-                    success = False
-            if success:
-                self.rc_username = os.environ['OS_USERNAME']
-                self.rc_auth_url = os.environ['OS_AUTH_URL']
-                self.rc_tenant_name = os.environ['OS_TENANT_NAME']
+            if 'OS_IDENTITY_API_VERSION' in os.environ:
+                self.rc_identity_api_version = int(os.environ['OS_IDENTITY_API_VERSION'])
+
+            if self.rc_identity_api_version == 2:
+                for varname in ['OS_USERNAME', 'OS_AUTH_URL', 'OS_TENANT_NAME']:
+                    if varname not in os.environ:
+                        LOG.warning('%s is missing', varname)
+                        success = False
+                if success:
+                    self.rc_username = os.environ['OS_USERNAME']
+                    self.rc_auth_url = os.environ['OS_AUTH_URL']
+                    self.rc_tenant_name = os.environ['OS_TENANT_NAME']
+
+                if 'OS_REGION_NAME' in os.environ:
+                    self.rc_region_name = os.environ['OS_REGION_NAME']
+
+            elif self.rc_identity_api_version == 3:
+                for varname in ['OS_USERNAME', 'OS_AUTH_URL', 'OS_PROJECT_NAME',
+                                'OS_PROJECT_DOMAIN_ID', 'OS_USER_DOMAIN_ID']:
+                    if varname not in os.environ:
+                        LOG.warning('%s is missing', varname)
+                        success = False
+                if success:
+                    self.rc_username = os.environ['OS_USERNAME']
+                    self.rc_auth_url = os.environ['OS_AUTH_URL']
+                    self.rc_project_name = os.environ['OS_PROJECT_NAME']
+                    self.rc_project_domain_id = os.environ['OS_PROJECT_DOMAIN_ID']
+                    self.rc_user_domain_id = os.environ['OS_USER_DOMAIN_ID']
+
            if 'OS_CACERT' in os.environ:
                self.rc_cacert = os.environ['OS_CACERT']
-            if 'OS_REGION_NAME' in os.environ:
-                self.rc_region_name = os.environ['OS_REGION_NAME']

        # always override with CLI argument if provided
        if pwd:
--- a/vmtp/vmtp.py
+++ b/vmtp/vmtp.py
@ -30,15 +30,18 @@ import compute
 from config import config_load
 from config import config_loads
 import credentials
-from glanceclient.v1 import client as glanceclient
+from glanceclient import client as glanceclient
 import iperf_tool
-from keystoneclient.v2_0 import client as keystoneclient
+from keystoneclient.auth.identity import v2 as keystone_v2
+from keystoneclient.auth.identity import v3 as keystone_v3
+from keystoneclient import client as keystoneclient
+from keystoneclient import session
 from log import CONLOG
 from log import FILELOG
 from log import LOG
 import network
-from neutronclient.v2_0 import client as neutronclient
-from novaclient.client import Client
+from neutronclient.neutron import client as neutronclient
+from novaclient import client as novaclient
 from novaclient.exceptions import ClientException
 import nuttcp_tool
 from perf_instance import PerfInstance as PerfInstance
@ -195,10 +198,15 @@ class VmtpTest(object):
        # If we need to reuse existing vms just return without setup
        if not self.config.reuse_existing_vm:
            creds = self.cred.get_credentials()
-            creds_nova = self.cred.get_nova_credentials_v2()
+            if self.cred.rc_identity_api_version == 3:
+                auth = keystone_v3.Password(**creds)
+            else:
+                auth = keystone_v2.Password(**creds)
+            sess = session.Session(auth=auth, verify=self.cred.rc_cacert)
+
            # Create the nova and neutron instances
-            nova_client = Client(**creds_nova)
-            neutron = neutronclient.Client(**creds)
+            nova_client = novaclient.Client('2', session=sess)
+            neutron = neutronclient.Client('2.0', session=sess)

            self.comp = compute.Compute(nova_client, self.config)

@ -210,12 +218,9 @@ class VmtpTest(object):
                if self.config.vm_image_url != "":
                    LOG.info('%s: image for VM not found, trying to upload it ...',
                             self.config.image_name)
-                    keystone = keystoneclient.Client(**creds)
-                    glance_endpoint = keystone.service_catalog.url_for(
-                        service_type='image', endpoint_type='publicURL')
-                    self.glance_client = glanceclient.Client(
-                        glance_endpoint, token=keystone.auth_token,
-                        cacert=creds['cacert'])
+                    keystoneclient.Client(self.cred.rc_identity_api_version,
+                                          session=sess, auth_url=creds['auth_url'])
+                    self.glance_client = glanceclient.Client('1', session=sess)
                    self.comp.upload_image_via_url(
                        self.glance_client,
                        self.config.image_name,