[openstack-dev] [neutron] How to look up a project name from Neutron server code?
neil at tigera.io
Tue Jul 17 18:17:50 UTC 2018
Thanks Aditya, that looks like just what I need.
On Tue, Jul 17, 2018 at 5:48 PM Aditya Vaja <wolverine.av at gmail.com> wrote:
> hey neil,
> neutron.conf has a section called '[keystone_authtoken]’ which has
> credentials to query keystone as neutron. you can read the config as you’d
> typically do from the mechanism driver for any other property using
> you could then use python-keystoneclient with those creds to query the
> mapping. a sample is given in the keystoneclient repo .
> via telegram
> On Tue, Jul 17, 2018 at 9:58 PM, Neil Jerram <neil at tigera.io> wrote:
> On Tue, Jul 17, 2018 at 3:55 PM Jay Pipes <jaypipes at gmail.com> wrote:
>> On 07/17/2018 03:36 AM, Neil Jerram wrote:
>> > Can someone help me with how to look up a project name (aka tenant
>> > for a known project/tenant ID, from code (specifically a mechanism
>> > driver) running in the Neutron server?
>> > I believe that means I need to make a GET REST call as here:
>> > https://developer.openstack.org/api-ref/identity/v3/index.html#projects.
>> > I don't yet understand how a piece of Neutron server code can ensure
>> > that it has the right credentials to do that. If someone happens to
>> > have actual code for doing this, I'm sure that would be very helpful.
>> > (I'm aware that whenever the Neutron server processes an API request,
>> > the project name for the project that generated that request is added
>> > into the request context. That is great when my code is running in an
>> > API request context. But there are other times when the code isn't in a
>> > request context and still needs to map from a project ID to project
>> > name; hence the question here.)
>> Hi Neil,
>> You basically answered your own question above :) The neutron request
>> context gets built from oslo.context's Context.from_environ()  which
>> has this note in the implementation :
>> # Load a new context object from the environment variables set by
>> # auth_token middleware. See:
>> So, basically, simply look at the HTTP headers for HTTP_X_PROJECT_NAME.
>> If you don't have access to a HTTP headers, then you'll need to pass
>> some context object/struct to the code you're referring to. Might as
>> well pass the neutron RequestContext (derived from oslo_context.Context)
>> to the code you're referring to and you get all this for free.
> Many thanks for this reply, Jay.
> If I'm understanding fully, I believe it all works beautifully so long as
> the Neutron server is processing a specific API request, e.g. a port CRUD
> operation. Then, as you say, the RequestContext includes the name of the
> project/tenant that originated that request.
> I have an additional requirement, though, to do a occasional audit of
> standing resources in the Neutron DB, and to check that my mechanism
> driver's programming for them is correct. To do that, I have an independent
> eventlet thread that runs in admin context and occasionally queries Neutron
> resources, e.g. all the ports. For each port, the Neutron DB data includes
> the project_id, but not project_name, and I'd like at that point to be able
> to map from the project_id for each port to project_name.
> Do you have any thoughts on how I could do that? (E.g. perhaps there is
> some way of generating and looping round a request with the project_id,
> such that the middleware populates the project_name... but that sounds a
> bit baroque; I would hope that there would be a way of doing a simpler
> Keystone DB lookup.)
> OpenStack Development Mailing List (not for usage questions) Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev