[openstack-dev] [neutron] How to look up a project name from Neutron server code?
neil at tigera.io
Tue Jul 17 16:28:57 UTC 2018
On Tue, Jul 17, 2018 at 3:55 PM Jay Pipes <jaypipes at gmail.com> wrote:
> On 07/17/2018 03:36 AM, Neil Jerram wrote:
> > Can someone help me with how to look up a project name (aka tenant name)
> > for a known project/tenant ID, from code (specifically a mechanism
> > driver) running in the Neutron server?
> > I believe that means I need to make a GET REST call as here:
> > https://developer.openstack.org/api-ref/identity/v3/index.html#projects.
> > I don't yet understand how a piece of Neutron server code can ensure
> > that it has the right credentials to do that. If someone happens to
> > have actual code for doing this, I'm sure that would be very helpful.
> > (I'm aware that whenever the Neutron server processes an API request,
> > the project name for the project that generated that request is added
> > into the request context. That is great when my code is running in an
> > API request context. But there are other times when the code isn't in a
> > request context and still needs to map from a project ID to project
> > name; hence the question here.)
> Hi Neil,
> You basically answered your own question above :) The neutron request
> context gets built from oslo.context's Context.from_environ()  which
> has this note in the implementation :
> # Load a new context object from the environment variables set by
> # auth_token middleware. See:
> So, basically, simply look at the HTTP headers for HTTP_X_PROJECT_NAME.
> If you don't have access to a HTTP headers, then you'll need to pass
> some context object/struct to the code you're referring to. Might as
> well pass the neutron RequestContext (derived from oslo_context.Context)
> to the code you're referring to and you get all this for free.
Many thanks for this reply, Jay.
If I'm understanding fully, I believe it all works beautifully so long as
the Neutron server is processing a specific API request, e.g. a port CRUD
operation. Then, as you say, the RequestContext includes the name of the
project/tenant that originated that request.
I have an additional requirement, though, to do a occasional audit of
standing resources in the Neutron DB, and to check that my mechanism
driver's programming for them is correct. To do that, I have an
independent eventlet thread that runs in admin context and occasionally
queries Neutron resources, e.g. all the ports. For each port, the Neutron
DB data includes the project_id, but not project_name, and I'd like at that
point to be able to map from the project_id for each port to project_name.
Do you have any thoughts on how I could do that? (E.g. perhaps there is
some way of generating and looping round a request with the project_id,
such that the middleware populates the project_name... but that sounds a
bit baroque; I would hope that there would be a way of doing a simpler
Keystone DB lookup.)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev