From ff5f14043f05b3ce278059ca444665adaa25f4ca Mon Sep 17 00:00:00 2001 From: Rajendra Machani Date: Mon, 3 Apr 2017 11:33:52 +0530 Subject: [PATCH] Fix to read correct options of keystone_authtoken Reading the correct option names from keystone_authtoken group for authentication. Change-Id: If3d05592b67f9e75f34f14864e564084c991b9e7 Closes-Bug: 1678732 --- devstack/lib/nfp | 6 ++-- devstack/plugin.sh | 8 ++--- gbpservice/common/utils.py | 6 ++-- gbpservice/contrib/nfp/tools/setup_nfp.py | 16 ++++----- .../grouppolicy/drivers/chain_mapping.py | 7 +++- .../grouppolicy/test_resource_mapping.py | 25 ++++++++++++-- .../test_admin_owned_resources_apic_tscp.py | 33 +++++++++++++++---- .../tests/contrib/devstack/local-nfp.conf | 8 ++--- gbpservice/tests/contrib/devstack/nfp | 6 ++-- 9 files changed, 80 insertions(+), 35 deletions(-) diff --git a/devstack/lib/nfp b/devstack/lib/nfp index 7d7c2b3ab..6c907b801 100644 --- a/devstack/lib/nfp +++ b/devstack/lib/nfp @@ -428,9 +428,9 @@ function copy_nfp_files_and_start_process { source $DEVSTACK_DIR/inc/ini-config - admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user` - admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password` - admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name` + admin_user=`iniget $NEUTRON_CONF keystone_authtoken username` + admin_password=`iniget $NEUTRON_CONF keystone_authtoken password` + admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken project_name` auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri` auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}') auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}') diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 600a5573c..839bce2a8 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -28,9 +28,9 @@ function gbp_configure_neutron { function nfp_configure_neutron { NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" - iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service" - iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron" - iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD + iniset $NEUTRON_CONF keystone_authtoken project_name "service" + iniset $NEUTRON_CONF keystone_authtoken username "neutron" + iniset $NEUTRON_CONF keystone_authtoken password $ADMIN_PASSWORD iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber" iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver" iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron" @@ -39,7 +39,7 @@ function nfp_configure_neutron { if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default" fi - iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "True" + iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "False" iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg" #extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers) #if [[ -n $extn_drivers ]];then diff --git a/gbpservice/common/utils.py b/gbpservice/common/utils.py index 8ff3c81f4..2a0dc511f 100644 --- a/gbpservice/common/utils.py +++ b/gbpservice/common/utils.py @@ -65,9 +65,9 @@ class DictClass(dict): def get_keystone_creds(): keystone_conf = cfg.CONF.keystone_authtoken - user = keystone_conf.admin_user - pw = keystone_conf.admin_password - tenant = keystone_conf.admin_tenant_name + user = keystone_conf.username + pw = keystone_conf.password + tenant = keystone_conf.project_name if keystone_conf.get('auth_uri'): auth_url = keystone_conf.auth_uri.rstrip('/') if not auth_url.endswith('/v2.0'): diff --git a/gbpservice/contrib/nfp/tools/setup_nfp.py b/gbpservice/contrib/nfp/tools/setup_nfp.py index 2bf54c331..7c03590b7 100755 --- a/gbpservice/contrib/nfp/tools/setup_nfp.py +++ b/gbpservice/contrib/nfp/tools/setup_nfp.py @@ -78,9 +78,9 @@ def check_if_apic_sys(): def set_keystone_authtoken_section(): global NEUTRON_CONF nfp_conf = '/etc/nfp.ini' - admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user") - admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password") - admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name") + admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken username") + admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken password") + admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken project_name") auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri") auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1") auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1") @@ -168,14 +168,14 @@ def configure_nfp(): # Configure service owner subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' ')) - admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password") + admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken password") subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password]) subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' ')) # Configure NFP drivers subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' ')) - subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' ')) + subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned False".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' ')) # Enable ML2 port security @@ -638,9 +638,9 @@ def create_proxy_agent_ctl(): def get_openstack_creds(): CONFIG.read(NEUTRON_CONF) AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri') - AUTH_USER = CONFIG.get('keystone_authtoken', 'admin_user') - AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'admin_password') - AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'admin_tenant_name') + AUTH_USER = CONFIG.get('keystone_authtoken', 'username') + AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'password') + AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'project_name') os.environ["OS_USERNAME"] = AUTH_USER os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME os.environ["OS_PASSWORD"] = AUTH_PASSWORD diff --git a/gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py b/gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py index cbf21c68c..f7caef0e3 100644 --- a/gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py +++ b/gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py @@ -88,7 +88,10 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI, @staticmethod def chain_tenant_id(reraise=False): - keystone = ChainMappingDriver.chain_tenant_keystone_client() + try: + keystone = ChainMappingDriver.chain_tenant_keystone_client() + except cfg.NoSuchOptError: + return None if keystone: tenant = cfg.CONF.chain_mapping.chain_owner_tenant_name try: @@ -655,6 +658,8 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI, ctx.session, servicechain_instance_id=instance_id) if cmap: ctx.tenant_id = cmap[0].tenant_id + if not self.chain_owner: + self.chain_owner = ChainMappingDriver.chain_tenant_id(reraise=True) if not ctx.tenant_id: ctx.tenant_id = tenant_id or self.chain_owner or provider_tenant_id if self.chain_owner == ctx.tenant_id: diff --git a/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py b/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py index 0fe922da6..8543843e0 100644 --- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py +++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py @@ -99,6 +99,25 @@ class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase): self.saved_keystone_client = resource_mapping.k_client.Client resource_mapping.k_client.Client = mock.Mock() + try: + config.cfg.CONF.keystone_authtoken.username + except config.cfg.NoSuchOptError: + config.cfg.CONF.register_opt( + config.cfg.StrOpt('username'), + 'keystone_authtoken') + try: + config.cfg.CONF.keystone_authtoken.password + except config.cfg.NoSuchOptError: + config.cfg.CONF.register_opt( + config.cfg.StrOpt('password'), + 'keystone_authtoken') + try: + config.cfg.CONF.keystone_authtoken.project_name + except config.cfg.NoSuchOptError: + config.cfg.CONF.register_opt( + config.cfg.StrOpt('project_name'), + 'keystone_authtoken') + def tearDown(self): resource_mapping.k_client.Client = self.saved_keystone_client super(ResourceMappingTestCase, self).tearDown() @@ -2390,11 +2409,11 @@ class TestServiceChain(ResourceMappingTestCase): self.assertEqual(sc_instance['classifier_id'], classifier_id) def _override_keystone_creds(self, usr, pwd, tenant, uri): - config.cfg.CONF.set_override('admin_user', usr, + config.cfg.CONF.set_override('username', usr, group='keystone_authtoken') - config.cfg.CONF.set_override('admin_password', pwd, + config.cfg.CONF.set_override('password', pwd, group='keystone_authtoken') - config.cfg.CONF.set_override('admin_tenant_name', tenant, + config.cfg.CONF.set_override('project_name', tenant, group='keystone_authtoken') config.cfg.CONF.set_override('auth_uri', uri, group='keystone_authtoken') diff --git a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py index 0509f4bba..c340b0a57 100644 --- a/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py +++ b/gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py @@ -27,12 +27,33 @@ class AdminOwnedResourcesTscpTestCase( password = 'password' tenant_name = 'tenant_name', uri = 'http://127.0.0.1:35357/v2.0/' - config.cfg.CONF.set_override('admin_user', user, - group='keystone_authtoken') - config.cfg.CONF.set_override('admin_password', password, - group='keystone_authtoken') - config.cfg.CONF.set_override('admin_tenant_name', tenant_name, - group='keystone_authtoken') + try: + config.cfg.CONF.keystone_authtoken.username + except config.cfg.NoSuchOptError: + config.cfg.CONF.register_opt( + config.cfg.StrOpt('username', default=user), + 'keystone_authtoken') + else: + config.cfg.CONF.set_override('username', user, + group='keystone_authtoken') + try: + config.cfg.CONF.keystone_authtoken.password + except config.cfg.NoSuchOptError: + config.cfg.CONF.register_opt( + config.cfg.StrOpt('password', default=password), + 'keystone_authtoken') + else: + config.cfg.CONF.set_override('password', password, + group='keystone_authtoken') + try: + config.cfg.CONF.keystone_authtoken.project_name + except config.cfg.NoSuchOptError: + config.cfg.CONF.register_opt( + config.cfg.StrOpt('project_name', default=tenant_name), + 'keystone_authtoken') + else: + config.cfg.CONF.set_override('project_name', tenant_name, + group='keystone_authtoken') config.cfg.CONF.set_override('auth_uri', uri, group='keystone_authtoken') super(AdminOwnedResourcesTscpTestCase, self).setUp( diff --git a/gbpservice/tests/contrib/devstack/local-nfp.conf b/gbpservice/tests/contrib/devstack/local-nfp.conf index 5ef1a907a..33c34ca15 100644 --- a/gbpservice/tests/contrib/devstack/local-nfp.conf +++ b/gbpservice/tests/contrib/devstack/local-nfp.conf @@ -85,9 +85,9 @@ allow_duplicate_networks = True [[post-config|/etc/neutron/neutron.conf]] [keystone_authtoken] -admin_tenant_name = service -admin_user = neutron -admin_password = abc123 +project_name = service +username = neutron +password = abc123 [group_policy] policy_drivers=implicit_policy,resource_mapping,chain_mapping @@ -112,7 +112,7 @@ default_proxy_ip_pool = 192.169.0.0/16 default_external_segment_name = default [nfp_node_driver] -is_service_admin_owned = True +is_service_admin_owned = False svc_management_ptg_name = svc_management_ptg [quotas] diff --git a/gbpservice/tests/contrib/devstack/nfp b/gbpservice/tests/contrib/devstack/nfp index 8937aae67..97182b4a0 100644 --- a/gbpservice/tests/contrib/devstack/nfp +++ b/gbpservice/tests/contrib/devstack/nfp @@ -199,9 +199,9 @@ function copy_nfp_files_and_start_process { source $TOP_DIR/inc/ini-config - admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user` - admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password` - admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name` + admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username` + admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password` + admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name` auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri` auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}') auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')