Change authentication method for Mellanox sdn controller

Change sdn authentication from basic(username, password) to token
authentication, remove username and password parameters
and add a new parameter token

Change-Id: Ic54cc02c725105169919687d06fc9ece013da623

Author: wmousa

devstack/README.rst

@@ -35,9 +35,8 @@
 
     [[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
     [sdn]
-    url = http://<sdn_provider_ip>/neo
+    url = http://<sdn_provider_ip>/ufmRestV3
     domain = cloudx
-    username = admin
-    password = admin
+    token = abcdef
 
 5) run ``stack.sh``

etc/neutron/plugins/ml2/ml2_conf_sdn.ini

@@ -3,23 +3,18 @@
 [sdn]
 # (StrOpt) mandatory param: SDN REST URL
 # If this is not set then no HTTP requests will be made.
-# Example: url = http://10.209.25.201/neo/
+# Example: url = http://10.209.25.201/ufmRestV3/
 # url =
 
 # (StrOpt) mandatory param: Cloud domain name in SDN provider
 # This is an optional parameter, default value is cloudx
 # Example: domain = cloudx
 # domain =
 
-# (StrOpt) mandatory param: Username for HTTP basic authentication
+# (StrOpt) mandatory param: Token for HTTP basic authentication
 # to SDN Provider.
-# Example: username = admin
-# username =
-
-# (StrOpt) mandatory param: Password for HTTP basic authentication
-# to SDN Provider.
-# Example: password = admin
-# password =
+# Example: token = abcdef
+# token =
 
 # (IntOpt) Timeout in seconds to wait for SDN Provider HTTP request completion.
 # This is an optional parameter, default value is 10 seconds.
@@ -61,4 +56,4 @@
 # that it will send notification. * means all physical_networks
 #
 # physical_networks = *
-# Example: physical_networks = datacenter1, datacenter3
+# Example: physical_networks = datacenter1, datacenter3

networking_mlnx/journal/journal.py

@@ -126,7 +126,7 @@ def _sync_pending_rows(self, session, exit_after_run):
                      {'operation': row.operation, 'type': row.object_type,
                       'uuid': row.object_uuid})
 
-            # Add code to sync this to NEO
+            # Add code to sync this to SDN controller
             urlpath = sdn_utils.strings_to_url(row.object_type)
             if row.operation != sdn_const.POST:
                 urlpath = sdn_utils.strings_to_url(urlpath, row.object_uuid)
@@ -173,7 +173,7 @@ def _sync_pending_rows(self, session, exit_after_run):
             except (sdn_exc.SDNConnectionError, sdn_exc.SDNLoginError):
                 # Log an error and raise the retry count. If the retry count
                 # exceeds the limit, move it to the failed state.
-                LOG.error("Cannot connect to the NEO Controller")
+                LOG.error("Cannot connect to the SDN Controller")
                 db.update_pending_db_row_retry(session, row,
                                                self._row_retry_count)
                 # Break out of the loop and retry with the next
@@ -182,7 +182,7 @@ def _sync_pending_rows(self, session, exit_after_run):
 
     def _sync_progress_rows(self, session):
         # 1. get all progressed job
-        # 2. get status for NEO
+        # 2. get status for SDN Controller
         # 3. Update status if completed/failed
         LOG.debug("sync_progress_rows operation walking database")
         rows = db.get_all_monitoring_db_row_by_oldest(session)
@@ -204,13 +204,13 @@ def _sync_progress_rows(self, session):
                                 session, row, sdn_const.COMPLETED)
                             continue
                         if job_status in ("Pending", "Running"):
-                            LOG.debug("NEO Job id %(job_id)s is %(status)s "
-                                      "continue monitoring",
+                            LOG.debug("SDN Controller Job id %(job_id)s is "
+                                      "%(status)s continue monitoring",
                                       {'job_id': row.job_id,
                                        'status': job_status})
                             continue
-                        LOG.error("NEO Job id %(job_id)s, failed with"
-                                  " %(status)s",
+                        LOG.error("SDN Controller Job id %(job_id)s, "
+                                  "failed with %(status)s",
                                   {'job_id': row.job_id,
                                   'status': job_status})
                         db.update_db_row_state(
@@ -219,14 +219,14 @@ def _sync_progress_rows(self, session):
                         LOG.error("failed to extract response for job"
                                   "id %s", row.job_id)
                 else:
-                    LOG.error("NEO Job id %(job_id)s, failed with "
+                    LOG.error("SDN Controller Job id %(job_id)s, failed with "
                               "%(status)s",
                               {'job_id': row.job_id, 'status': job_status})
                     db.update_db_row_state(session, row, sdn_const.PENDING)
 
             except (sdn_exc.SDNConnectionError, sdn_exc.SDNLoginError):
                 # Don't raise the retry count, just log an error
-                LOG.error("Cannot connect to the NEO Controller")
+                LOG.error("Cannot connect to the SDN Controller")
                 db.update_db_row_state(session, row, sdn_const.PENDING)
                 # Break out of the loop and retry with the next
                 # timer interval

networking_mlnx/plugins/ml2/drivers/sdn/client.py

@@ -31,29 +31,29 @@
 
 class SdnRestClient(object):
 
-    MANDATORY_ARGS = ('url', 'username', 'password')
+    MANDATORY_ARGS = ('url', 'token')
 
     @classmethod
     def create_client(cls):
         return cls(
             cfg.CONF.sdn.url,
             cfg.CONF.sdn.domain,
-            cfg.CONF.sdn.username,
-            cfg.CONF.sdn.password,
             cfg.CONF.sdn.timeout,
             cfg.CONF.sdn.cert_verify,
-            cfg.CONF.sdn.cert_path)
+            cfg.CONF.sdn.cert_path,
+            cfg.CONF.sdn.token)
 
-    def __init__(self, url, domain, username, password, timeout,
-                 verify, cert_path):
+    def __init__(self, url, domain, timeout,
+                 verify, cert_path, token):
         self.url = url
         self.domain = domain
         self.timeout = timeout
-        self.username = username
-        self.password = password
+        self.token = token
         self._validate_mandatory_params_exist()
         self.url.rstrip("/")
         self.verify = verify
+        self.headers = {"Authorization": "Basic {0}".format(self.token),
+                        **sdn_const.JSON_HTTP_HEADER}
         if verify:
             self.verify = self._get_cert(cert_path)
 
@@ -73,24 +73,6 @@ def _validate_mandatory_params_exist(self):
                 raise cfg.RequiredOptError(
                     arg, cfg.OptGroup(sdn_const.GROUP_OPT))
 
-    def _get_session(self):
-        login_url = sdn_utils.strings_to_url(str(self.url), "login")
-        login_data = "username=%s&password=%s" % (self.username,
-                                                  self.password)
-        login_headers = sdn_const.LOGIN_HTTP_HEADER
-        try:
-            session = requests.session()
-            session.verify = self.verify
-            LOG.debug("Login to SDN Provider. Login URL %(url)s",
-                    {'url': login_url})
-            r = session.request(sdn_const.POST, login_url, data=login_data,
-                                headers=login_headers, timeout=self.timeout)
-            LOG.debug("request status: %d", r.status_code)
-            r.raise_for_status()
-        except Exception as e:
-            raise sdn_exc.SDNLoginError(login_url=login_url, msg=e)
-        return session
-
     def get(self, urlpath='', data=None):
         urlpath = sdn_utils.strings_to_url(self.url, urlpath)
         return self.request(sdn_const.GET, urlpath, data)
@@ -109,13 +91,12 @@ def delete(self, urlpath='', data=None):
 
     def request(self, method, urlpath='', data=None):
         data = jsonutils.dumps(data, indent=2) if data else None
-        session = self._get_session()
-
         LOG.debug("Sending METHOD %(method)s URL %(url)s JSON %(data)s",
                   {'method': method, 'url': urlpath, 'data': data})
-        return self._check_response(session.request(
-                method, url=str(urlpath), headers=sdn_const.JSON_HTTP_HEADER,
-                data=data, timeout=self.timeout), method)
+
+        return self._check_response(requests.request(
+                method, url=str(urlpath), headers=self.headers,
+                data=data, verify=self.verify, timeout=self.timeout), method)
 
     def _check_response(self, response, method):
         try:

networking_mlnx/plugins/ml2/drivers/sdn/config.py

@@ -30,13 +30,10 @@
                           "(for example: cloudx)"),
                    default='cloudx'
                    ),
-        cfg.StrOpt('username',
-                   help=_("HTTP username for authentication."),
-                   ),
-        cfg.StrOpt('password',
-                   help=_("HTTP password for authentication."),
+        cfg.StrOpt('token',
+                   help=_("HTTPS token for authentication."),
                    secret=True,
-                   default='123456'
+                   default="abcdef",
                    ),
         cfg.IntOpt('timeout',
                    help=_("HTTP timeout in seconds."),
@@ -81,7 +78,7 @@
                            "conjuction with bind_normal_ports. "
                            "The list must be a subset of physical_networks")),
         cfg.BoolOpt('cert_verify',
-                    default="True",
+                    default="False",
                     help=_("Use certificates to verify connections.")),
         cfg.StrOpt('cert_path',
                    default="",

networking_mlnx/plugins/ml2/drivers/sdn/sdn_mech_driver.py

@@ -256,7 +256,7 @@ def update_port_precommit(self, context):
 
         vnic_type = port_dic[portbindings.VNIC_TYPE]
         # Check if we get a client id after binding the bare metal port,
-        # and report the port to neo
+        # and report the port to sdn controller
         if vnic_type == portbindings.VNIC_BAREMETAL:
             # Ethernet Case
             link__info = self._get_local_link_information(port_dic)

networking_mlnx/tests/unit/ml2/drivers/sdn/test_client.py

@@ -56,7 +56,7 @@ def test_mandatory_args(self):
 
     def test_cert_verify_default(self):
         test_client = client.SdnRestClient.create_client()
-        self.assertEqual(True, test_client.verify)
+        self.assertEqual(False, test_client.verify)
 
     def test_cert_verify_true(self):
         self.conf_fixture.config(cert_verify=True,
@@ -171,10 +171,7 @@ def test_delete(self, mocked_request):
                                                expected_url,
                                                None)
 
-    @mock.patch('networking_mlnx.plugins.ml2.drivers.'
-                'sdn.client.SdnRestClient._get_session',
-                return_value=mock.Mock())
-    def test_request_bad_data(self, mocked_get_session):
+    def test_request_bad_data(self):
         # non serialized json data
         data = self
         self.assertRaises(ValueError,