Revert "Delegate authentication to quantumclient"

This reverts commit dd9c27f999221001bae9faa03571645824d2a681. When this patch was merged, we were suspicious about whether it was safe to cache the client object and have it used by multiple greenthreads. We decided it was safe and merged it. After thinking about it and discussing it further, it is really a bad idea. Sharing httplib2 connections is not considered thread-safe. quantumclient.client.HTTPClient inherits from httplib2.Http. The following page says sharing instances of this object between threads is not safe: https://developers.google.com/api-client-library/python/guide/thread_safety "The google-api-python-client library is built on top of the httplib2 library, which is not thread-safe. Therefore, if you are running as a multi-threaded application, each thread that you are making requests from must have its own instance of httplib2.Http()." Potentially fix bug 1192131. Even if it doesn't fix that bug, this needs to be reverted anyway. Change-Id: I2e4bf5e7b6458cd7b76e30847fe07f06b25c34f7
author: Russell Bryant <rbryant@redhat.com> 2013-06-18 14:33:29 -0400
committer: Russell Bryant <rbryant@redhat.com> 2013-06-18 14:44:15 -0400
commit: ee5d9ae8d376e41e852b06488e922400cf69b4ac (patch)
tree: 29a45d56c71db9db252955ef5069c88891ad884e
parent: 880ddfb124428116600ad66de06c817c9f9de486 (diff)
download: nova-ee5d9ae8d376e41e852b06488e922400cf69b4ac.tar.gz
nova-ee5d9ae8d376e41e852b06488e922400cf69b4ac.tar.xz
nova-ee5d9ae8d376e41e852b06488e922400cf69b4ac.zip
3 files changed, 25 insertions, 53 deletions
diff --git a/nova/network/quantumv2/__init__.py b/nova/network/quantumv2/__init__.py
index 89c08311f..6d6e7c7bc 100644
--- a/nova/network/quantumv2/__init__.py
+++ b/nova/network/quantumv2/__init__.py
@@ -16,7 +16,9 @@
 #    under the License.
 
 from oslo.config import cfg
-from quantumclient.v2_0 import client
+from quantumclient import client
+from quantumclient.common import exceptions
+from quantumclient.v2_0 import client as clientv20
 
 from nova.openstack.common import excutils
 from nova.openstack.common import log as logging
@@ -25,24 +27,27 @@ CONF = cfg.CONF
 LOG = logging.getLogger(__name__)
 
 
-cached_admin_client = None
-
-
-def _fill_admin_details(params):
-    params['username'] = CONF.quantum_admin_username
-    params['tenant_name'] = CONF.quantum_admin_tenant_name
-    params['region_name'] = CONF.quantum_region_name
-    params['password'] = CONF.quantum_admin_password
-    params['auth_url'] = CONF.quantum_admin_auth_url
-    params['timeout'] = CONF.quantum_url_timeout
-    params['auth_strategy'] = CONF.quantum_auth_strategy
-    params['insecure'] = CONF.quantum_api_insecure
+def _get_auth_token():
+    try:
+        httpclient = client.HTTPClient(
+            username=CONF.quantum_admin_username,
+            tenant_name=CONF.quantum_admin_tenant_name,
+            region_name=CONF.quantum_region_name,
+            password=CONF.quantum_admin_password,
+            auth_url=CONF.quantum_admin_auth_url,
+            timeout=CONF.quantum_url_timeout,
+            auth_strategy=CONF.quantum_auth_strategy,
+            insecure=CONF.quantum_api_insecure)
+        httpclient.authenticate()
+        return httpclient.auth_token
+    except exceptions.QuantumClientException as e:
+        with excutils.save_and_reraise_exception():
+            LOG.error(_('Quantum client authentication failed: %s'), e)
 
 
 def _get_client(token=None):
-    global cached_admin_client
-
-    should_cache = False
+    if not token and CONF.quantum_auth_strategy:
+        token = _get_auth_token()
     params = {
         'endpoint_url': CONF.quantum_url,
         'timeout': CONF.quantum_url_timeout,
@@ -51,30 +56,12 @@ def _get_client(token=None):
     if token:
         params['token'] = token
     else:
-        if CONF.quantum_auth_strategy:
-            should_cache = True
-            _fill_admin_details(params)
-        else:
-            params['auth_strategy'] = None
-
-    new_client = client.Client(**params)
-    if should_cache:
-        # in this case, we don't have the token yet
-        try:
-            new_client.httpclient.authenticate()
-        except Exception:
-            with excutils.save_and_reraise_exception():
-                LOG.exception(_("quantum authentication failed"))
-
-        cached_admin_client = new_client
-    return new_client
+        params['auth_strategy'] = None
+    return clientv20.Client(**params)
 
 
 def get_client(context, admin=False):
     if admin:
-        if cached_admin_client is not None:
-            return cached_admin_client
-
         token = None
     else:
         token = context.auth_token
diff --git a/nova/network/quantumv2/api.py b/nova/network/quantumv2/api.py
index 61995a344..e155f694a 100644
--- a/nova/network/quantumv2/api.py
+++ b/nova/network/quantumv2/api.py
@@ -33,8 +33,6 @@ from nova.openstack.common import excutils
 from nova.openstack.common import log as logging
 from nova.openstack.common import uuidutils
 
-import quantumclient.common.exceptions
-
 quantum_opts = [
     cfg.StrOpt('quantum_url',
                default='http://127.0.0.1:9696',
@@ -723,7 +721,7 @@ class API(base.Base):
                                            port_id=port)
         # If a quantum plugin does not implement the L3 API a 404 from
         # list_floatingips will be raised.
-        except quantumclient.common.exceptions.QuantumClientException as e:
+        except quantumv2.exceptions.QuantumClientException as e:
             if e.status_code == 404:
                 return []
             raise
diff --git a/nova/tests/network/test_quantumv2.py b/nova/tests/network/test_quantumv2.py
index 0b6f184ae..7f21a2aa9 100644
--- a/nova/tests/network/test_quantumv2.py
+++ b/nova/tests/network/test_quantumv2.py
@@ -19,8 +19,6 @@ import uuid
 
 import mox
 from oslo.config import cfg
-from quantumclient import client as quantum_client
-from quantumclient.common import exceptions as quantum_exceptions
 from quantumclient.v2_0 import client
 
 from nova.compute import flavors
@@ -104,17 +102,6 @@ class TestQuantumClient(test.TestCase):
         self.mox.ReplayAll()
         quantumv2.get_client(my_context)
 
-    def test_cached_admin_client(self):
-        self.mox.StubOutWithMock(quantum_client.HTTPClient, "authenticate")
-
-        # should be called one time only
-        quantum_client.HTTPClient.authenticate()
-        self.mox.ReplayAll()
-
-        admin1 = quantumv2.get_client(None, admin=True)
-        admin2 = quantumv2.get_client(None, admin=True)
-        self.assertIs(admin1, admin2)
-
     def test_withouttoken_keystone_connection_error(self):
         self.flags(quantum_auth_strategy='keystone')
         self.flags(quantum_url='http://anyhost/')
@@ -1236,7 +1223,7 @@ class TestQuantumv2(test.TestCase):
 
     def test_list_floating_ips_without_l3_support(self):
         api = quantumapi.API()
-        QuantumNotFound = quantum_exceptions.QuantumClientException(
+        QuantumNotFound = quantumv2.exceptions.QuantumClientException(
             status_code=404)
         self.moxed_client.list_floatingips(
             fixed_ip_address='1.1.1.1', port_id=1).AndRaise(QuantumNotFound)
author	Russell Bryant <rbryant@redhat.com>	2013-06-18 14:33:29 -0400
committer	Russell Bryant <rbryant@redhat.com>	2013-06-18 14:44:15 -0400
commit	ee5d9ae8d376e41e852b06488e922400cf69b4ac (patch)
tree	29a45d56c71db9db252955ef5069c88891ad884e
parent	880ddfb124428116600ad66de06c817c9f9de486 (diff)
download	nova-ee5d9ae8d376e41e852b06488e922400cf69b4ac.tar.gz nova-ee5d9ae8d376e41e852b06488e922400cf69b4ac.tar.xz nova-ee5d9ae8d376e41e852b06488e922400cf69b4ac.zip