Revert "Remove all usage of keystoneclient"

Erno Kuvaja · Erno Kuvaja · commit 7ce475ce11eb · 2021-07-08T20:19:56.000+01:00
This reverts commit 810417d. The Swift driver not being able to use Trusts had nothing to do about the store driver itself nor that keystoneauth1 would have broken the feature, but rather it not having the functionality in the first place and us not catching that on reviews. We should figure out how to test this before we try to replace this code again. Change-Id: If12a013404296486dc387b099477d1608b24ba63 Closes-Bug: #1916052 (cherry picked from commit 9b68367)
diff --git a/glance/common/auth.py b/glance/common/auth.py
@@ -32,7 +32,7 @@
 
 """
 import httplib2
-from keystoneauth1.access import service_catalog as ks_service_catalog
+from keystoneclient import service_catalog as ks_service_catalog
 from oslo_serialization import jsonutils
 from six.moves import http_client as http
 # NOTE(jokke): simplified transition to py3, behaves like py2 xrange
@@ -326,10 +326,11 @@ def get_endpoint(service_catalog, service_type='image', endpoint_region=None,
     otherwise we will raise an exception.
     """
     endpoints = ks_service_catalog.ServiceCatalogV2(
-        service_catalog).get_urls(interface=endpoint_type,
-                                  service_type=service_type,
-                                  region_name=endpoint_region)
-    if len(endpoints) == 0:
+        {'serviceCatalog': service_catalog}
+    ).get_urls(service_type=service_type,
+               region_name=endpoint_region,
+               endpoint_type=endpoint_type)
+    if endpoints is None:
         raise exception.NoServiceEndpoint()
     elif len(endpoints) == 1:
         return endpoints[0]
diff --git a/glance/common/trust_auth.py b/glance/common/trust_auth.py
@@ -14,6 +14,7 @@
 
 from keystoneauth1 import exceptions as ka_exceptions
 from keystoneauth1 import loading as ka_loading
+from keystoneclient.v3 import client as ks_client
 from oslo_config import cfg
 from oslo_log import log as logging
 
@@ -31,17 +32,17 @@ def __init__(self, user_plugin, user_project, user_roles):
         # step 1: create trust to ensure that we can always update token
 
         # trustor = user who made the request
-        trustor_client = self._load_session(user_plugin)
-        trustor_id = trustor_client.get_user_id()
+        trustor_client = self._load_client(user_plugin)
+        trustor_id = trustor_client.session.get_user_id()
 
         # get trustee user client that impersonates main user
         trustee_user_auth = ka_loading.load_auth_from_conf_options(
             CONF, 'keystone_authtoken')
         # save service user client because we need new service token
         # to refresh trust-scoped client later
-        self.trustee_user_client = self._load_session(trustee_user_auth)
+        self.trustee_user_client = self._load_client(trustee_user_auth)
 
-        trustee_id = self.trustee_user_client.get_user_id()
+        trustee_id = self.trustee_user_client.session.get_user_id()
 
         self.trust_id = trustor_client.trusts.create(trustor_user=trustor_id,
                                                      trustee_user=trustee_id,
@@ -63,12 +64,12 @@ def refresh_token(self):
         if self.trustee_client is None:
             self.trustee_client = self._refresh_trustee_client()
         try:
-            return self.trustee_client.get_token()
+            return self.trustee_client.session.get_token()
         except ka_exceptions.Unauthorized:
             # in case of Unauthorized exceptions try to refresh client because
             # service user token may expired
             self.trustee_client = self._refresh_trustee_client()
-            return self.trustee_client.get_token()
+            return self.trustee_client.session.get_token()
 
     def release_resources(self):
         """Release keystone resources required for refreshing"""
@@ -98,11 +99,11 @@ def _refresh_trustee_client(self):
         trustee_auth = ka_loading.load_auth_from_conf_options(
             CONF, 'keystone_authtoken', **kwargs)
 
-        return self._load_session(trustee_auth)
+        return self._load_client(trustee_auth)
 
     @staticmethod
-    def _load_session(plugin):
-        # load ksa session from auth settings and user plugin
+    def _load_client(plugin):
+        # load client from auth settings and user plugin
         sess = ka_loading.load_session_from_conf_options(
             CONF, 'keystone_authtoken', auth=plugin)
-        return sess
+        return ks_client.Client(session=sess)
diff --git a/requirements.txt b/requirements.txt
@@ -32,6 +32,7 @@ PrettyTable>=0.7.1 # BSD
 Paste>=2.0.2 # MIT
 
 jsonschema>=3.2.0 # MIT
+python-keystoneclient>=3.8.0 # Apache-2.0
 pyOpenSSL>=17.1.0 # Apache-2.0
 # Required by openstack.common libraries
 six>=1.11.0 # MIT
