[openstack-dev] [nova] Consuming keystoneclient's Session object in novaclient
Monty Taylor
mordred at inaugust.com
Wed May 7 22:22:21 UTC 2014
On 05/07/2014 03:10 PM, Joe Gordon wrote:
>
>
>
> On Tue, May 6, 2014 at 3:22 PM, Jamie Lennox <jamielennox at redhat.com
> <mailto:jamielennox at redhat.com>> wrote:
>
> All,
>
> TL;DR: novaclient should be able to use the common transport/auth
> layers of keystoneclient. If it does there are going to be functions
> like client.authenticate() that won't operate the same way when a
> session object is passed. For most users who just use the CRUD
> operations there will be no difference.
>
>
> I'm hoping that at least some of the nova community has heard of the
> push for using keystoneclient's Session object across all the
> clients. For those unaware keystoneclient.session.Session is a
> common transport and authentication layer to remove the need for
> each python-*client having there own authentication configuration
> and disparate transport options.
>
> It offers:
> - a single place for updates to transport (eg fixing TLS or other
> transport issues in one place)
> - a way for all clients to immediately support the full range of
> keystone's authentication including v3 auth, SAML, kerberos etc
> - a common place to handle version discovery such that we support
> multiple version endpoints from the same service catalog endpoint.
>
> For information of how to interact with a session you can see:
> http://www.jamielennox.net/blog/2014/02/24/client-session-objects/
> This mentions the code is uncommitted however has since been
> committed with a few small details around parameter names being
> changed. The theory remains the same.
>
>
> To integrate this into novaclient means that if a session= object is
> passed then the standard HTTPClient code will be ignored in favour
> of using what was passed. This means that there are changes in the
> API of the client. In keystoneclient we have take the opinion that
> by passing a session object then you opt-in to the newer API and
> therefore accept that some functions are no longer available. For
> example client.authenticate() is no longer allowed because
> authentication is not the client's responsibility. It will have no
> impact on the standard novaclient CRUD operations and so be
> un-noticed by the vast majority of users.
>
> The review showing these changes is here:
> https://review.openstack.org/#/c/85920
>
> To enable this there are a series of test changes to mock client
> requests at the HTTP layer rather than in the client. This means
> that we can test that all client operations against the new and old
> client construction methods and ensure the same requests are being
> sent. The foundation of this to turn tests into fixtures can be
> found by following:
> https://blueprints.launchpad.net/python-novaclient/+spec/httpretty-testing
>
> IMO making these tests into fixtures is a good idea anyway, however
> I am only pursuing it so that we can transition to using a common
> Session.
>
> Regarding dependencies, novaclient will need a test-requirements.txt
> on keystoneclient so that it can construct Session objects to test
> with but it should not need a requirements.txt as the session object
> is constructed by the user of the client (eg openstackclient,
> horizon etc).
>
>
> Can we make novaclient use keystoneclient's session by default? And just
> add this to requirements.
++
Once it's supported, I would think that someone wanting to use
novaclient _without_ keystoneclient should be seen as the exception case
and not the normal case.
> If there are concerns with this process please respond here and/or
> on the review.
>
>
>
> Thanks,
>
> Jamie
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> <mailto:OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list