[openstack-dev] [neutron] How to look up a project name from Neutron server code?
Neil Jerram
neil at tigera.io
Tue Jul 17 16:28:57 UTC 2018
On Tue, Jul 17, 2018 at 3:55 PM Jay Pipes <jaypipes at gmail.com> wrote:
> On 07/17/2018 03:36 AM, Neil Jerram wrote:
> > Can someone help me with how to look up a project name (aka tenant name)
> > for a known project/tenant ID, from code (specifically a mechanism
> > driver) running in the Neutron server?
> >
> > I believe that means I need to make a GET REST call as here:
> > https://developer.openstack.org/api-ref/identity/v3/index.html#projects.
> But
> > I don't yet understand how a piece of Neutron server code can ensure
> > that it has the right credentials to do that. If someone happens to
> > have actual code for doing this, I'm sure that would be very helpful.
> >
> > (I'm aware that whenever the Neutron server processes an API request,
> > the project name for the project that generated that request is added
> > into the request context. That is great when my code is running in an
> > API request context. But there are other times when the code isn't in a
> > request context and still needs to map from a project ID to project
> > name; hence the question here.)
>
> Hi Neil,
>
> You basically answered your own question above :) The neutron request
> context gets built from oslo.context's Context.from_environ() [1] which
> has this note in the implementation [2]:
>
> # Load a new context object from the environment variables set by
> # auth_token middleware. See:
> #
>
> https://docs.openstack.org/keystonemiddleware/latest/api/keystonemiddleware.auth_token.html#what-auth-token-adds-to-the-request-for-use-by-the-openstack-service
>
> So, basically, simply look at the HTTP headers for HTTP_X_PROJECT_NAME.
> If you don't have access to a HTTP headers, then you'll need to pass
> some context object/struct to the code you're referring to. Might as
> well pass the neutron RequestContext (derived from oslo_context.Context)
> to the code you're referring to and you get all this for free.
>
> Best,
> -jay
>
> [1]
>
> https://github.com/openstack/oslo.context/blob/4abd5377e4d847102a4e87a528d689e31cc1713c/oslo_context/context.py#L424
>
> [2]
>
> https://github.com/openstack/oslo.context/blob/4abd5377e4d847102a4e87a528d689e31cc1713c/oslo_context/context.py#L433-L435
Many thanks for this reply, Jay.
If I'm understanding fully, I believe it all works beautifully so long as
the Neutron server is processing a specific API request, e.g. a port CRUD
operation. Then, as you say, the RequestContext includes the name of the
project/tenant that originated that request.
I have an additional requirement, though, to do a occasional audit of
standing resources in the Neutron DB, and to check that my mechanism
driver's programming for them is correct. To do that, I have an
independent eventlet thread that runs in admin context and occasionally
queries Neutron resources, e.g. all the ports. For each port, the Neutron
DB data includes the project_id, but not project_name, and I'd like at that
point to be able to map from the project_id for each port to project_name.
Do you have any thoughts on how I could do that? (E.g. perhaps there is
some way of generating and looping round a request with the project_id,
such that the middleware populates the project_name... but that sounds a
bit baroque; I would hope that there would be a way of doing a simpler
Keystone DB lookup.)
Regards,
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180717/2984c9f9/attachment.html>
More information about the OpenStack-dev
mailing list