Fix to read correct options of keystone_authtoken

Reading the correct option names from keystone_authtoken group for authentication. Change-Id: If3d05592b67f9e75f34f14864e564084c991b9e7 Closes-Bug: 1678732
2017-04-03 11:33:52 +05:30 · 2017-04-03 11:33:52 +05:30 · ff5f14043f
parent 4cc688b2f5
commit ff5f14043f
9 changed files with 80 additions and 35 deletions
--- a/devstack/lib/nfp
+++ b/devstack/lib/nfp
@ -428,9 +428,9 @@ function copy_nfp_files_and_start_process {

    source $DEVSTACK_DIR/inc/ini-config

-    admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user`
-    admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password`
-    admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name`
+    admin_user=`iniget $NEUTRON_CONF keystone_authtoken username`
+    admin_password=`iniget $NEUTRON_CONF keystone_authtoken password`
+    admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken project_name`
    auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri`
    auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
    auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -28,9 +28,9 @@ function gbp_configure_neutron {

 function nfp_configure_neutron {
    NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
-    iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service"
-    iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron"
-    iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD
+    iniset $NEUTRON_CONF keystone_authtoken project_name "service"
+    iniset $NEUTRON_CONF keystone_authtoken username "neutron"
+    iniset $NEUTRON_CONF keystone_authtoken password $ADMIN_PASSWORD
    iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
    iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
    iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
@ -39,7 +39,7 @@ function nfp_configure_neutron {
    if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then
        iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default"
    fi
-    iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "True"
+    iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "False"
    iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
    #extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers)
    #if [[ -n $extn_drivers ]];then
--- a/gbpservice/common/utils.py
+++ b/gbpservice/common/utils.py
@ -65,9 +65,9 @@ class DictClass(dict):

 def get_keystone_creds():
    keystone_conf = cfg.CONF.keystone_authtoken
-    user = keystone_conf.admin_user
-    pw = keystone_conf.admin_password
-    tenant = keystone_conf.admin_tenant_name
+    user = keystone_conf.username
+    pw = keystone_conf.password
+    tenant = keystone_conf.project_name
    if keystone_conf.get('auth_uri'):
        auth_url = keystone_conf.auth_uri.rstrip('/')
        if not auth_url.endswith('/v2.0'):
--- a/gbpservice/contrib/nfp/tools/setup_nfp.py
+++ b/gbpservice/contrib/nfp/tools/setup_nfp.py
@ -78,9 +78,9 @@ def check_if_apic_sys():
 def set_keystone_authtoken_section():
    global NEUTRON_CONF
    nfp_conf = '/etc/nfp.ini'
-    admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user")
-    admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password")
-    admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name")
+    admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken username")
+    admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken password")
+    admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken project_name")
    auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
    auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1")
    auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1")
@ -168,14 +168,14 @@ def configure_nfp():

    # Configure service owner
    subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' '))
-    admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password")
+    admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken password")
    subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password])
    subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' '))

    # Configure NFP drivers
    subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' '))
    subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' '))
-    subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' '))
+    subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned False".split(' '))
    subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' '))

    # Enable ML2 port security
@ -638,9 +638,9 @@ def create_proxy_agent_ctl():
 def get_openstack_creds():
    CONFIG.read(NEUTRON_CONF)
    AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri')
-    AUTH_USER = CONFIG.get('keystone_authtoken', 'admin_user')
-    AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'admin_password')
-    AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'admin_tenant_name')
+    AUTH_USER = CONFIG.get('keystone_authtoken', 'username')
+    AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'password')
+    AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'project_name')
    os.environ["OS_USERNAME"] = AUTH_USER
    os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME
    os.environ["OS_PASSWORD"] = AUTH_PASSWORD
--- a/gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py
+++ b/gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py
@ -88,7 +88,10 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,

    @staticmethod
    def chain_tenant_id(reraise=False):
-        keystone = ChainMappingDriver.chain_tenant_keystone_client()
+        try:
+            keystone = ChainMappingDriver.chain_tenant_keystone_client()
+        except cfg.NoSuchOptError:
+            return None
        if keystone:
            tenant = cfg.CONF.chain_mapping.chain_owner_tenant_name
            try:
@ -655,6 +658,8 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
                ctx.session, servicechain_instance_id=instance_id)
            if cmap:
                ctx.tenant_id = cmap[0].tenant_id
+        if not self.chain_owner:
+            self.chain_owner = ChainMappingDriver.chain_tenant_id(reraise=True)
        if not ctx.tenant_id:
            ctx.tenant_id = tenant_id or self.chain_owner or provider_tenant_id
        if self.chain_owner == ctx.tenant_id:
--- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
+++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
@ -99,6 +99,25 @@ class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase):
        self.saved_keystone_client = resource_mapping.k_client.Client
        resource_mapping.k_client.Client = mock.Mock()

+        try:
+            config.cfg.CONF.keystone_authtoken.username
+        except config.cfg.NoSuchOptError:
+            config.cfg.CONF.register_opt(
+                config.cfg.StrOpt('username'),
+                'keystone_authtoken')
+        try:
+            config.cfg.CONF.keystone_authtoken.password
+        except config.cfg.NoSuchOptError:
+            config.cfg.CONF.register_opt(
+                config.cfg.StrOpt('password'),
+                'keystone_authtoken')
+        try:
+            config.cfg.CONF.keystone_authtoken.project_name
+        except config.cfg.NoSuchOptError:
+            config.cfg.CONF.register_opt(
+                config.cfg.StrOpt('project_name'),
+                'keystone_authtoken')
+
    def tearDown(self):
        resource_mapping.k_client.Client = self.saved_keystone_client
        super(ResourceMappingTestCase, self).tearDown()
@ -2390,11 +2409,11 @@ class TestServiceChain(ResourceMappingTestCase):
            self.assertEqual(sc_instance['classifier_id'], classifier_id)

    def _override_keystone_creds(self, usr, pwd, tenant, uri):
-        config.cfg.CONF.set_override('admin_user', usr,
+        config.cfg.CONF.set_override('username', usr,
                                     group='keystone_authtoken')
-        config.cfg.CONF.set_override('admin_password', pwd,
+        config.cfg.CONF.set_override('password', pwd,
                                     group='keystone_authtoken')
-        config.cfg.CONF.set_override('admin_tenant_name', tenant,
+        config.cfg.CONF.set_override('project_name', tenant,
                                     group='keystone_authtoken')
        config.cfg.CONF.set_override('auth_uri', uri,
                                     group='keystone_authtoken')
--- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py
+++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py
@ -27,12 +27,33 @@ class AdminOwnedResourcesTscpTestCase(
        password = 'password'
        tenant_name = 'tenant_name',
        uri = 'http://127.0.0.1:35357/v2.0/'
-        config.cfg.CONF.set_override('admin_user', user,
-                                     group='keystone_authtoken')
-        config.cfg.CONF.set_override('admin_password', password,
-                                     group='keystone_authtoken')
-        config.cfg.CONF.set_override('admin_tenant_name', tenant_name,
-                                     group='keystone_authtoken')
+        try:
+            config.cfg.CONF.keystone_authtoken.username
+        except config.cfg.NoSuchOptError:
+            config.cfg.CONF.register_opt(
+                config.cfg.StrOpt('username', default=user),
+                'keystone_authtoken')
+        else:
+            config.cfg.CONF.set_override('username', user,
+                                         group='keystone_authtoken')
+        try:
+            config.cfg.CONF.keystone_authtoken.password
+        except config.cfg.NoSuchOptError:
+            config.cfg.CONF.register_opt(
+                config.cfg.StrOpt('password', default=password),
+                'keystone_authtoken')
+        else:
+            config.cfg.CONF.set_override('password', password,
+                                         group='keystone_authtoken')
+        try:
+            config.cfg.CONF.keystone_authtoken.project_name
+        except config.cfg.NoSuchOptError:
+            config.cfg.CONF.register_opt(
+                config.cfg.StrOpt('project_name', default=tenant_name),
+                'keystone_authtoken')
+        else:
+            config.cfg.CONF.set_override('project_name', tenant_name,
+                                         group='keystone_authtoken')
        config.cfg.CONF.set_override('auth_uri', uri,
                                     group='keystone_authtoken')
        super(AdminOwnedResourcesTscpTestCase, self).setUp(
--- a/gbpservice/tests/contrib/devstack/local-nfp.conf
+++ b/gbpservice/tests/contrib/devstack/local-nfp.conf
@ -85,9 +85,9 @@ allow_duplicate_networks = True

 [[post-config|/etc/neutron/neutron.conf]]
 [keystone_authtoken]
-admin_tenant_name = service
-admin_user = neutron
-admin_password = abc123
+project_name = service
+username = neutron
+password = abc123

 [group_policy]
 policy_drivers=implicit_policy,resource_mapping,chain_mapping
@ -112,7 +112,7 @@ default_proxy_ip_pool = 192.169.0.0/16
 default_external_segment_name = default

 [nfp_node_driver]
-is_service_admin_owned = True
+is_service_admin_owned = False
 svc_management_ptg_name = svc_management_ptg

 [quotas]
--- a/gbpservice/tests/contrib/devstack/nfp
+++ b/gbpservice/tests/contrib/devstack/nfp
@ -199,9 +199,9 @@ function copy_nfp_files_and_start_process {

    source $TOP_DIR/inc/ini-config

-    admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user`
-    admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password`
-    admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name`
+    admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username`
+    admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password`
+    admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name`
    auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
    auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
    auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')