From 93db837330229f5d30c40a8302f7ac758faa9be7 Mon Sep 17 00:00:00 2001 From: Nikolay Starodubtsev Date: Mon, 8 Feb 2016 17:14:00 +0300 Subject: [PATCH] Support unversioned keystone endpoints As far as keystone v2 will be deprecated soon murano will support unversioned keystone endpoints. Additional work and final switch to Identity API v3 in devstack should be done when all components will switch to it. Change-Id: I062f1b3b3372f502f20a976cde432f22c2489480 --- devstack/plugin.sh | 8 ++++---- murano/api/middleware/ext_context.py | 16 +++++++++++----- murano/tests/functional/engine/config.py | 2 +- murano_tempest_tests/config.py | 10 ---------- .../tests/api/application_catalog/base.py | 3 +-- .../tests/api/service_broker/base.py | 2 +- .../notes/fix-1528452-0e3bcee9bba89ffa.yaml | 3 +++ 7 files changed, 21 insertions(+), 23 deletions(-) create mode 100644 releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 492f0ac9f..5d7a85df3 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -136,7 +136,7 @@ function configure_murano { #------------------------- # Setup keystone_authtoken section - iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000/v2.0" + iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000" iniset $MURANO_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST iniset $MURANO_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT iniset $MURANO_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL @@ -154,7 +154,7 @@ function configure_murano { iniset $MURANO_CONF_FILE database connection `database_connection_url murano` # Configure keystone auth url - iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0" + iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000" # Configure Murano API URL iniset $MURANO_CONF_FILE murano url "http://127.0.0.1:8082" @@ -179,7 +179,7 @@ function install_murano_apps() { murano --os-username $OS_USERNAME \ --os-password $OS_PASSWORD \ --os-tenant-name $OS_PROJECT_NAME \ - --os-auth-url http://$KEYSTONE_AUTH_HOST:5000/v2.0 \ + --os-auth-url http://$KEYSTONE_AUTH_HOST:5000 \ --murano-url http://127.0.0.1:8082 \ package-import \ --is-public \ @@ -198,7 +198,7 @@ function configure_service_broker { iniset $MURANO_CONF_FILE cfapi tenant "$MURANO_CFAPI_DEFAULT_TENANT" iniset $MURANO_CONF_FILE cfapi bind_host "$MURANO_SERVICE_HOST" iniset $MURANO_CONF_FILE cfapi bind_port "$MURANO_CFAPI_SERVICE_PORT" - iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0" + iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000" } diff --git a/murano/api/middleware/ext_context.py b/murano/api/middleware/ext_context.py index c40d4a56a..788c09c47 100644 --- a/murano/api/middleware/ext_context.py +++ b/murano/api/middleware/ext_context.py @@ -14,7 +14,9 @@ import base64 +from keystoneclient.auth.identity import v3 from keystoneclient import exceptions +from keystoneclient import session as ks_session from keystoneclient.v3 import client from oslo_config import cfg from oslo_log import log @@ -33,11 +35,15 @@ class ExternalContextMiddleware(wsgi.Middleware): # section related to Cloud Foundry service broker is probably a duct # tape and should be rewritten as soon as we get more non-OpenStack # services as murano recipients. - keystone = client.Client(username=user, - password=password, - project_name=CONF.cfapi.tenant, - auth_url=CONF.cfapi.auth_url.replace( - 'v2.0', 'v3')) + + kwargs = {'auth_url': CONF.cfapi.auth_url.replace('v2.0', 'v3'), + 'username': user, + 'password': password, + 'project_name': CONF.cfapi.tenant} + password_auth = v3.Password(**kwargs) + session = ks_session.Session(auth=password_auth) + keystone = client.Client(session=session) + return keystone.auth_token def process_request(self, req): diff --git a/murano/tests/functional/engine/config.py b/murano/tests/functional/engine/config.py index 36222b515..a086c6bac 100644 --- a/murano/tests/functional/engine/config.py +++ b/murano/tests/functional/engine/config.py @@ -21,7 +21,7 @@ murano_group = cfg.OptGroup(name='murano', title="murano") MuranoGroup = [ cfg.StrOpt('auth_url', - default='http://127.0.0.1:5000/v2.0/', + default='http://127.0.0.1:5000', help="keystone url"), cfg.StrOpt('user', default='admin', diff --git a/murano_tempest_tests/config.py b/murano_tempest_tests/config.py index 012d1dadf..bfa1041ed 100644 --- a/murano_tempest_tests/config.py +++ b/murano_tempest_tests/config.py @@ -43,11 +43,6 @@ ApplicationCatalogGroup = [ "If no such region is found in the service catalog, " "the first found one is used."), - cfg.StrOpt("identity_version", - default="v2", - help="Default identity version for " - "REST client authentication."), - cfg.StrOpt("catalog_type", default="application-catalog", help="Catalog type of Application Catalog."), @@ -74,11 +69,6 @@ ServiceBrokerGroup = [ default=False, help="Defines whether run service broker api tests or not"), - cfg.StrOpt("identity_version", - default="v2", - help="Default identity version for " - "REST client authentication."), - cfg.StrOpt("catalog_type", default="service-broker", help="Catalog type of Service Broker API"), diff --git a/murano_tempest_tests/tests/api/application_catalog/base.py b/murano_tempest_tests/tests/api/application_catalog/base.py index c11536906..79721dea5 100644 --- a/murano_tempest_tests/tests/api/application_catalog/base.py +++ b/murano_tempest_tests/tests/api/application_catalog/base.py @@ -39,14 +39,13 @@ class BaseApplicationCatalogTest(test.BaseTestCase): @classmethod def get_configured_isolated_creds(cls, type_of_creds='admin'): - identity_version = cls.get_identity_version() if identity_version == 'v3': cls.admin_role = CONF.identity.admin_role else: cls.admin_role = 'admin' cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider( - identity_version=CONF.application_catalog.identity_version, + identity_version=CONF.identity.auth_version, name=cls.__name__, admin_role=cls.admin_role, admin_creds=common_creds.get_configured_credentials( 'identity_admin')) diff --git a/murano_tempest_tests/tests/api/service_broker/base.py b/murano_tempest_tests/tests/api/service_broker/base.py index cbc2c50d5..0ac1d7b9d 100644 --- a/murano_tempest_tests/tests/api/service_broker/base.py +++ b/murano_tempest_tests/tests/api/service_broker/base.py @@ -34,7 +34,7 @@ class BaseServiceBrokerTest(test.BaseTestCase): type_of_creds="admin"): cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider( - identity_version=CONF.service_broker.identity_version, + identity_version=CONF.identity.auth_version, name=cls.__name__) if "admin" in type_of_creds: creds = cls.dynamic_cred.get_admin_creds() diff --git a/releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml b/releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml new file mode 100644 index 000000000..baf700509 --- /dev/null +++ b/releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml @@ -0,0 +1,3 @@ +fixes: + -Fixed incorrect murano behaviour if deployed on devstack with keystone v3 by + default.