On Tue, Jul 17, 2018 at 3:55 PM Jay Pipes <jaypi...@gmail.com> wrote:
> On 07/17/2018 03:36 AM, Neil Jerram wrote: > > Can someone help me with how to look up a project name (aka tenant name) > > for a known project/tenant ID, from code (specifically a mechanism > > driver) running in the Neutron server? > > > > I believe that means I need to make a GET REST call as here: > > https://developer.openstack.org/api-ref/identity/v3/index.html#projects. > But > > I don't yet understand how a piece of Neutron server code can ensure > > that it has the right credentials to do that. If someone happens to > > have actual code for doing this, I'm sure that would be very helpful. > > > > (I'm aware that whenever the Neutron server processes an API request, > > the project name for the project that generated that request is added > > into the request context. That is great when my code is running in an > > API request context. But there are other times when the code isn't in a > > request context and still needs to map from a project ID to project > > name; hence the question here.) > > Hi Neil, > > You basically answered your own question above :) The neutron request > context gets built from oslo.context's Context.from_environ() [1] which > has this note in the implementation [2]: > > # Load a new context object from the environment variables set by > # auth_token middleware. See: > # > > https://docs.openstack.org/keystonemiddleware/latest/api/keystonemiddleware.auth_token.html#what-auth-token-adds-to-the-request-for-use-by-the-openstack-service > > So, basically, simply look at the HTTP headers for HTTP_X_PROJECT_NAME. > If you don't have access to a HTTP headers, then you'll need to pass > some context object/struct to the code you're referring to. Might as > well pass the neutron RequestContext (derived from oslo_context.Context) > to the code you're referring to and you get all this for free. > > Best, > -jay > > [1] > > https://github.com/openstack/oslo.context/blob/4abd5377e4d847102a4e87a528d689e31cc1713c/oslo_context/context.py#L424 > > [2] > > https://github.com/openstack/oslo.context/blob/4abd5377e4d847102a4e87a528d689e31cc1713c/oslo_context/context.py#L433-L435 Many thanks for this reply, Jay. If I'm understanding fully, I believe it all works beautifully so long as the Neutron server is processing a specific API request, e.g. a port CRUD operation. Then, as you say, the RequestContext includes the name of the project/tenant that originated that request. I have an additional requirement, though, to do a occasional audit of standing resources in the Neutron DB, and to check that my mechanism driver's programming for them is correct. To do that, I have an independent eventlet thread that runs in admin context and occasionally queries Neutron resources, e.g. all the ports. For each port, the Neutron DB data includes the project_id, but not project_name, and I'd like at that point to be able to map from the project_id for each port to project_name. Do you have any thoughts on how I could do that? (E.g. perhaps there is some way of generating and looping round a request with the project_id, such that the middleware populates the project_name... but that sounds a bit baroque; I would hope that there would be a way of doing a simpler Keystone DB lookup.) Regards, Neil
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev