Add default_domain config option.

This commit adds the default-domain config option to limit the login page to only the specifed domain. For use with a single domain environment where users are only given a login. When considering a single domain usecase for users (admin_domain for administration, then example_domain for all other users), it would be handy for users not to input their domain name, but only username and password to login. By setting two lines below, we can create a separate dashboard instance for non-admin users only. OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=False OPENSTACK_KEYSTONE_DEFAULT_DOMAIN=example_domain However, the current local_settings.py template does not allow that. This change adds the 'default-domain' configuration option which modifies local_policy.py to set the two configuration flags outlined in the bug. If the config option is not set the charm will behave as before, enabling the user to specify the domain at login. This does no validation to ensure the domain exists, so it is up to the user to supply a valid domain name. Closes-Bug: 1712999 Change-Id: I316372ae305a4ba10e4d8ba047f23a317836b960
2017-09-21 11:19:18 -04:00 · 2017-09-21 11:19:18 -04:00 · 780381e6c4
parent a69fb96634
commit 780381e6c4
6 changed files with 60 additions and 8 deletions
--- a/config.yaml
+++ b/config.yaml
@ -79,6 +79,12 @@ options:
    description: |
      Default role for Horizon operations that will be created in
      Keystone upon introduction of an identity-service relation.
+  default-domain:
+    type: string
+    default:
+    description: |
+      Default domain when authenticating with Horizon. Disables the domain
+      field in the login page.
  dns-ha:
    type: boolean
    default: False
--- a/hooks/horizon_contexts.py
+++ b/hooks/horizon_contexts.py
@ -138,8 +138,9 @@ class IdentityServiceContext(OSContextGenerator):
                # If using keystone v3 the context is incomplete without the
                # admin domain id
                if local_ctxt['api_version'] == '3':
-                    local_ctxt['admin_domain_id'] = rdata.get(
-                        'admin_domain_id')
+                    if not config('default_domain'):
+                        local_ctxt['admin_domain_id'] = rdata.get(
+                            'admin_domain_id')
                if not context_complete(local_ctxt):
                    continue

@ -201,6 +202,8 @@ class HorizonContext(OSContextGenerator):
            "password_retrieve": config("password-retrieve"),
            'virtualenv': git_pip_venv_dir(projects_yaml)
            if config('openstack-origin-git') else None,
+            'default_domain': config('default-domain'),
+            'multi_domain': False if config('default-domain') else True
        }

        return ctxt
--- a/templates/mitaka/local_settings.py
+++ b/templates/mitaka/local_settings.py
@ -193,8 +193,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ default_role }}"
 {% if api_version == "3" -%}
 OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v3" % OPENSTACK_HOST
 OPENSTACK_API_VERSIONS = { "identity": 3, }
-OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
-OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ admin_domain_id }}"
+OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = "{{ multi_domain }}"
+OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ default_domain or admin_domain_id }}"
 {% else -%}
 OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v2.0" % OPENSTACK_HOST
 {% endif -%}
--- a/templates/newton/local_settings.py
+++ b/templates/newton/local_settings.py
@ -193,8 +193,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ default_role }}"
 {% if api_version == "3" -%}
 OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v3" % OPENSTACK_HOST
 OPENSTACK_API_VERSIONS = { "identity": 3, }
-OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
-OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ admin_domain_id }}"
+OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = "{{ multi_domain }}"
+OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ default_domain or admin_domain_id }}"
 {% else -%}
 OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v2.0" % OPENSTACK_HOST
 {% endif -%}
--- a/templates/ocata/local_settings.py
+++ b/templates/ocata/local_settings.py
@ -193,8 +193,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ default_role }}"
 {% if api_version == "3" -%}
 OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v3" % OPENSTACK_HOST
 OPENSTACK_API_VERSIONS = { "identity": 3, }
-OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
-OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ admin_domain_id }}"
+OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = "{{ multi_domain }}"
+OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ default_domain or admin_domain_id }}"
 {% else -%}
 OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v2.0" % OPENSTACK_HOST
 {% endif -%}
--- a/unit_tests/test_horizon_contexts.py
+++ b/unit_tests/test_horizon_contexts.py
@ -116,6 +116,31 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
+                          }
+                         )
+
+    def test_HorizonContext_default_domain(self):
+        self.test_config.set('default-domain', 'example_domain')
+        self.assertEqual(horizon_contexts.HorizonContext()(),
+                         {'compress_offline': True, 'debug': False,
+                          'customization_module': '',
+                          'default_role': 'Member', 'webroot': '/horizon',
+                          'ubuntu_theme': True,
+                          'default_theme': None,
+                          'virtualenv': None,
+                          'secret': 'secret',
+                          'support_profile': None,
+                          "neutron_network_dvr": False,
+                          "neutron_network_l3ha": False,
+                          "neutron_network_lb": False,
+                          "neutron_network_firewall": False,
+                          "neutron_network_vpn": False,
+                          "cinder_backup": False,
+                          "password_retrieve": False,
+                          "default_domain": "example_domain",
+                          "multi_domain": False
                          }
                         )

@ -137,6 +162,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -158,6 +185,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -180,6 +209,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -205,6 +236,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -226,6 +259,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -247,6 +282,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -273,6 +310,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": True,
                          "cinder_backup": True,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -294,6 +333,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": True,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )

@ -315,6 +356,8 @@ class TestHorizonContexts(CharmTestCase):
                          "neutron_network_vpn": False,
                          "cinder_backup": False,
                          "password_retrieve": False,
+                          "default_domain": None,
+                          "multi_domain": True
                          }
                         )