I think maybe we need to set the token expiration time be greater than the time the test run after having read the related code, looks all the logic are right. any thoughts ?
1, The non-admin user uses usename and password to invoke REST API to generate a token
1, when non-admin user request a REST API via WSGI, nova.api.auth:NovaKeystoneContext will get this token by name 'X_AUTH_TOKEN' from http header
3, The get_client method of $nova/network/neutronv2/__init__.py will use this token to Instantiate a neutron HTTPClient object.
def _get_client(token=None):
... other code ...
if token: params['token'] = token params['auth_strategy'] = None
else: params['username'] = CONF.neutron_admin_username
if CONF.neutron_admin_tenant_id: params['tenant_id'] = CONF.neutron_admin_tenant_id
else: params['tenant_name'] = CONF.neutron_admin_tenant_name LOG.warning(_("Using neutron_admin_tenant_name for authentication " "is deprecated and will be removed in the next " "release. Use neutron_admin_tenant_id instead.")) params['password'] = CONF.neutron_admin_password params['auth_url'] = CONF.neutron_admin_auth_url params['auth_strategy'] = CONF.neutron_auth_strategy
return clientv20.Client(**params)
def get_client(context, admin=False):
... other code ...
if context.auth_token:
token = context.auth_token
return _get_client(token=token)
... other code ...
4, do_request method of neutronclient will invoke authenticate method if the token is unauthorized we passed.
def do_request(self, url, method, **kwargs): self.authenticate_and_fetch_endpoint_url()
try: kwargs.setdefault('headers', {}) kwargs['headers']['X-Auth-Token'] = self.auth_token
resp, body = self._cs_request(self.endpoint_url + url, method, **kwargs)
return resp, body
except exceptions.Unauthorized: self.authenticate()
5, authenticate method throws the Unauthorized exception normally because this is a unauthorized token.
def authenticate(self):
if self.auth_strategy != 'keystone':
raise exceptions.Unauthorized(message=_('Unknown auth strategy'))
I think maybe we need to set the token expiration time be greater than the time the test run after having read the related code, looks all the logic are right. any thoughts ?
1, The non-admin user uses usename and password to invoke REST API to generate a token auth:NovaKeysto neContext will get this token by name 'X_AUTH_TOKEN' from http header neutronv2/ __init_ _.py will use this token to Instantiate a neutron HTTPClient object. token=None) :
params[ 'token' ] = token
params[ 'auth_strategy' ] = None
params[ 'username' ] = CONF.neutron_ admin_username admin_tenant_ id:
params[ 'tenant_ id'] = CONF.neutron_ admin_tenant_ id
params[ 'tenant_ name'] = CONF.neutron_ admin_tenant_ name
LOG. warning( _("Using neutron_ admin_tenant_ name for authentication "
"is deprecated and will be removed in the next "
"release. Use neutron_ admin_tenant_ id instead."))
params[ 'password' ] = CONF.neutron_ admin_password
params[ 'auth_url' ] = CONF.neutron_ admin_auth_ url
params[ 'auth_strategy' ] = CONF.neutron_ auth_strategy Client( **params)
1, when non-admin user request a REST API via WSGI, nova.api.
3, The get_client method of $nova/network/
def _get_client(
... other code ...
if token:
else:
if CONF.neutron_
else:
return clientv20.
def get_client(context, admin=False): token=token)
self.authentic ate_and_ fetch_endpoint_ url()
kwargs. setdefault( 'headers' , {})
kwargs[ 'headers' ]['X-Auth- Token'] = self.auth_token request( self.endpoint_ url + url, method,
**kwargs) Unauthorized:
self. authenticate( ) Unauthorized( message= _('Unknown auth strategy'))
... other code ...
if context.auth_token:
token = context.auth_token
return _get_client(
... other code ...
4, do_request method of neutronclient will invoke authenticate method if the token is unauthorized we passed.
def do_request(self, url, method, **kwargs):
try:
resp, body = self._cs_
return resp, body
except exceptions.
5, authenticate method throws the Unauthorized exception normally because this is a unauthorized token.
def authenticate(self):
if self.auth_strategy != 'keystone':
raise exceptions.