protected static final String CREATE_STACK = "CreateStack";
- // Cache Heat Clients statically. Since there is just one MSO user, there is no
- // benefit to re-authentication on every request (or across different flows). The
- // token will be used until it expires.
- //
- // The cache key is "tenantId:cloudId"
- private static Map <String, HeatCacheEntry> heatClientCache = new HashMap <> ();
-
// Fetch cloud configuration each time (may be cached in CloudConfig class)
@Autowired
protected CloudConfig cloudConfig;
String cloudId = cloudSite.getId();
// For DCP/LCP, the region should be the cloudId.
String region = cloudSite.getRegionId ();
-
- // Check first in the cache of previously authorized clients
- String cacheKey = cloudId + ":" + tenantId;
- if (heatClientCache.containsKey (cacheKey)) {
- if (!heatClientCache.get (cacheKey).isExpired ()) {
- LOGGER.debug ("Using Cached HEAT Client for " + cacheKey);
- return heatClientCache.get (cacheKey).getHeatClient ();
- } else {
- // Token is expired. Remove it from cache.
- heatClientCache.remove (cacheKey);
- LOGGER.debug ("Expired Cached HEAT Client for " + cacheKey);
- }
- }
// Obtain an MSO token for the tenant
CloudIdentity cloudIdentity = cloudSite.getIdentityService();
// Catch-all
throw runtimeExceptionToMsoException (e, TOKEN_AUTH);
}
-
Heat heatClient = new Heat (heatUrl);
heatClient.token (tokenId);
-
- heatClientCache.put (cacheKey,
- new HeatCacheEntry (heatUrl,
- tokenId,
- expiration));
- LOGGER.debug ("Caching HEAT Client for " + cacheKey);
-
return heatClient;
}
- /**
- * Forcibly expire a HEAT client from the cache. This call is for use by
- * the KeystoneClient in case where a tenant is deleted. In that case,
- * all cached credentials must be purged so that fresh authentication is
- * done if a similarly named tenant is re-created.
- * <p>
- * Note: This is probably only applicable to dev/test environments where
- * the same Tenant Name is repeatedly used for creation/deletion.
- * <p>
- *
- */
- public void expireHeatClient (String tenantId, String cloudId) {
- String cacheKey = cloudId + ":" + tenantId;
- if (heatClientCache.containsKey (cacheKey)) {
- heatClientCache.remove (cacheKey);
- LOGGER.debug ("Deleted Cached HEAT Client for " + cacheKey);
- }
- }
-
/*
* Query for a Heat Stack. This function is needed in several places, so
* a common method is useful. This method takes an authenticated Heat Client
@Component
public class MsoKeystoneUtils extends MsoTenantUtils {
- // Cache the Keystone Clients statically. Since there is just one MSO user, there is no
- // benefit to re-authentication on every request (or across different flows). The
- // token will be used until it expires.
- //
- // The cache key is "cloudId"
- private static Map <String, KeystoneCacheEntry> adminClientCache = new HashMap<>();
private static MsoLogger LOGGER = MsoLogger.getMsoLogger (MsoLogger.Catalog.RA, MsoKeystoneUtils.class);
OpenStackRequest <Void> request = keystoneAdminClient.tenants ().delete (tenant.getId ());
executeAndRecordOpenstackRequest (request);
LOGGER.debug ("Deleted Tenant " + tenant.getId () + " (" + tenant.getName () + ")");
-
- // Clear any cached clients. Not really needed, ID will not be reused.
- msoHeatUtils.expireHeatClient (tenant.getId (), cloudSiteId);
- msoNeutronUtils.expireNeutronClient (tenant.getId (), cloudSiteId);
} catch (OpenStackBaseException e) {
// Convert Keystone OpenStackResponseException to MsoOpenstackException
throw keystoneErrorToMsoException (e, "Delete Tenant");
LOGGER.debug ("Deleted Tenant " + tenant.getId () + " (" + tenant.getName () + ")");
- // Clear any cached clients. Not really needed, ID will not be reused.
- msoHeatUtils.expireHeatClient (tenant.getId (), cloudSiteId);
- msoNeutronUtils.expireNeutronClient (tenant.getId (), cloudSiteId);
} catch (OpenStackBaseException e) {
// Note: It doesn't seem to matter if tenant doesn't exist, no exception is thrown.
// Convert Keystone OpenStackResponseException to MsoOpenstackException
String adminTenantName = cloudIdentity.getAdminTenant ();
String region = cloudSite.getRegionId ();
- // Check first in the cache of previously authorized clients
- KeystoneCacheEntry entry = adminClientCache.get (cloudId);
- if (entry != null) {
- if (!entry.isExpired ()) {
- return entry.getKeystoneClient ();
- } else {
- // Token is expired. Remove it from cache.
- adminClientCache.remove (cloudId);
- }
- }
MsoTenantUtils tenantUtils = tenantUtilsFactory.getTenantUtilsByServerType(cloudIdentity.getIdentityServerType());
final String keystoneUrl = tenantUtils.getKeystoneUrl(region, cloudIdentity);
Keystone keystone = new Keystone(keystoneUrl);
// Note: this doesn't go back to Openstack, it's just a local object.
keystone = new Keystone (adminUrl);
keystone.token (token);
-
- // Cache to avoid re-authentication for every call.
- KeystoneCacheEntry cacheEntry = new KeystoneCacheEntry (adminUrl, token, access.getToken ().getExpires ());
- adminClientCache.put (cloudId, cacheEntry);
-
return keystone;
}
return null;
}
- private static class KeystoneCacheEntry implements Serializable {
-
- private static final long serialVersionUID = 1L;
-
- private String keystoneUrl;
- private String token;
- private Calendar expires;
-
- public KeystoneCacheEntry (String url, String token, Calendar expires) {
- this.keystoneUrl = url;
- this.token = token;
- this.expires = expires;
- }
-
- public Keystone getKeystoneClient () {
- Keystone keystone = new Keystone (keystoneUrl);
- keystone.token (token);
- return keystone;
- }
-
- public boolean isExpired () {
- // adding arbitrary guard timer of 5 minutes
- return expires == null || System.currentTimeMillis() > (expires.getTimeInMillis() - 1800000);
- }
- }
-
@Override
public String getKeystoneUrl(String regionId, CloudIdentity cloudIdentity) throws MsoException {
return cloudIdentity.getIdentityUrl();
@Component
public class MsoNeutronUtils extends MsoCommonUtils
{
- // Cache Neutron Clients statically. Since there is just one MSO user, there is no
- // benefit to re-authentication on every request (or across different flows). The
- // token will be used until it expires.
- //
- // The cache key is "tenantId:cloudId"
- private static Map<String,NeutronCacheEntry> neutronClientCache = new HashMap<>();
// Fetch cloud configuration each time (may be cached in CloudConfig class)
@Autowired
private Quantum getNeutronClient(CloudSite cloudSite, String tenantId) throws MsoException
{
String cloudId = cloudSite.getId();
- String region = cloudSite.getRegionId();
-
- // Check first in the cache of previously authorized clients
- String cacheKey = cloudId + ":" + tenantId;
- if (neutronClientCache.containsKey(cacheKey)) {
- if (! neutronClientCache.get(cacheKey).isExpired()) {
- LOGGER.debug ("Using Cached HEAT Client for " + cacheKey);
- NeutronCacheEntry cacheEntry = neutronClientCache.get(cacheKey);
- Quantum neutronClient = new Quantum(cacheEntry.getNeutronUrl());
- neutronClient.token(cacheEntry.getToken());
- return neutronClient;
- }
- else {
- // Token is expired. Remove it from cache.
- neutronClientCache.remove(cacheKey);
- LOGGER.debug ("Expired Cached Neutron Client for " + cacheKey);
- }
- }
+ String region = cloudSite.getRegionId();
+
// Obtain an MSO token for the tenant from the identity service
CloudIdentity cloudIdentity = cloudSite.getIdentityService();
Quantum neutronClient = new Quantum(neutronUrl);
neutronClient.token(tokenId);
-
- neutronClientCache.put(cacheKey, new NeutronCacheEntry(neutronUrl, tokenId, expiration));
- LOGGER.debug ("Caching Neutron Client for " + cacheKey);
-
return neutronClient;
}
- /**
- * Forcibly expire a Neutron client from the cache. This call is for use by
- * the KeystoneClient in case where a tenant is deleted. In that case,
- * all cached credentials must be purged so that fresh authentication is
- * done on subsequent calls.
- * <p>
- * @param tenantName
- * @param cloudId
- */
- public void expireNeutronClient (String tenantId, String cloudId) {
- String cacheKey = cloudId + ":" + tenantId;
- if (neutronClientCache.containsKey(cacheKey)) {
- neutronClientCache.remove(cacheKey);
- LOGGER.debug ("Deleted Cached Neutron Client for " + cacheKey);
- }
- }
-
-
/*
* Find a tenant (or query its existence) by its Name or Id. Check first against the
* ID. If that fails, then try by name.
Code Review / so.git / commitdiff