x
/
group-based-policy
Code Issues Proposed changes

Fix to read correct options of keystone_authtoken 

Reading the correct option names from keystone_authtoken group for authentication.

Change-Id: If3d05592b67f9e75f34f14864e564084c991b9e7
Closes-Bug: 1678732
This commit is contained in:
Rajendra Machani 2017-04-03 11:33:52 +05:30 committed by Subrahmanyam Ongole
parent 4cc688b2f5
commit ff5f14043f
9 changed files with 80 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
devstack/lib/nfp
View File

@ -428,9 +428,9 @@ function copy_nfp_files_and_start_process {
source $DEVSTACK_DIR/inc/ini-config source $DEVSTACK_DIR/inc/ini-config
admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user` admin_user=`iniget $NEUTRON_CONF keystone_authtoken username`
admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password` admin_password=`iniget $NEUTRON_CONF keystone_authtoken password`
admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name` admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken project_name`
auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri` auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri`
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}') auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}') auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')

8
devstack/plugin.sh
View File

@ -28,9 +28,9 @@ function gbp_configure_neutron {
function nfp_configure_neutron { function nfp_configure_neutron {
NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service" iniset $NEUTRON_CONF keystone_authtoken project_name "service"
iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron" iniset $NEUTRON_CONF keystone_authtoken username "neutron"
iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD iniset $NEUTRON_CONF keystone_authtoken password $ADMIN_PASSWORD
iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber" iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver" iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron" iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
@ -39,7 +39,7 @@ function nfp_configure_neutron {
if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then
iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default" iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default"
fi fi
iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "True" iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "False"
iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg" iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
#extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers) #extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers)
#if [[ -n $extn_drivers ]];then #if [[ -n $extn_drivers ]];then

6
gbpservice/common/utils.py
View File

@ -65,9 +65,9 @@ class DictClass(dict):
def get_keystone_creds(): def get_keystone_creds():
keystone_conf = cfg.CONF.keystone_authtoken keystone_conf = cfg.CONF.keystone_authtoken
user = keystone_conf.admin_user user = keystone_conf.username
pw = keystone_conf.admin_password pw = keystone_conf.password
tenant = keystone_conf.admin_tenant_name tenant = keystone_conf.project_name
if keystone_conf.get('auth_uri'): if keystone_conf.get('auth_uri'):
auth_url = keystone_conf.auth_uri.rstrip('/') auth_url = keystone_conf.auth_uri.rstrip('/')
if not auth_url.endswith('/v2.0'): if not auth_url.endswith('/v2.0'):

16
gbpservice/contrib/nfp/tools/setup_nfp.py
View File

@ -78,9 +78,9 @@ def check_if_apic_sys():
def set_keystone_authtoken_section(): def set_keystone_authtoken_section():
global NEUTRON_CONF global NEUTRON_CONF
nfp_conf = '/etc/nfp.ini' nfp_conf = '/etc/nfp.ini'
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user") admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken username")
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password") admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken password")
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name") admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken project_name")
auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri") auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1") auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1")
auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1") auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1")
@ -168,14 +168,14 @@ def configure_nfp():
# Configure service owner # Configure service owner
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' '))
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password") admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken password")
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password]) subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password])
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' '))
# Configure NFP drivers # Configure NFP drivers
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned False".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' ')) subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' '))
# Enable ML2 port security # Enable ML2 port security
@ -638,9 +638,9 @@ def create_proxy_agent_ctl():
def get_openstack_creds(): def get_openstack_creds():
CONFIG.read(NEUTRON_CONF) CONFIG.read(NEUTRON_CONF)
AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri') AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri')
AUTH_USER = CONFIG.get('keystone_authtoken', 'admin_user') AUTH_USER = CONFIG.get('keystone_authtoken', 'username')
AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'admin_password') AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'password')
AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'admin_tenant_name') AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'project_name')
os.environ["OS_USERNAME"] = AUTH_USER os.environ["OS_USERNAME"] = AUTH_USER
os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME
os.environ["OS_PASSWORD"] = AUTH_PASSWORD os.environ["OS_PASSWORD"] = AUTH_PASSWORD

7
gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py
View File

@ -88,7 +88,10 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
@staticmethod @staticmethod
def chain_tenant_id(reraise=False): def chain_tenant_id(reraise=False):
keystone = ChainMappingDriver.chain_tenant_keystone_client() try:
keystone = ChainMappingDriver.chain_tenant_keystone_client()
except cfg.NoSuchOptError:
return None
if keystone: if keystone:
tenant = cfg.CONF.chain_mapping.chain_owner_tenant_name tenant = cfg.CONF.chain_mapping.chain_owner_tenant_name
try: try:
@ -655,6 +658,8 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
ctx.session, servicechain_instance_id=instance_id) ctx.session, servicechain_instance_id=instance_id)
if cmap: if cmap:
ctx.tenant_id = cmap[0].tenant_id ctx.tenant_id = cmap[0].tenant_id
if not self.chain_owner:
self.chain_owner = ChainMappingDriver.chain_tenant_id(reraise=True)
if not ctx.tenant_id: if not ctx.tenant_id:
ctx.tenant_id = tenant_id or self.chain_owner or provider_tenant_id ctx.tenant_id = tenant_id or self.chain_owner or provider_tenant_id
if self.chain_owner == ctx.tenant_id: if self.chain_owner == ctx.tenant_id:

25
gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
View File

@ -99,6 +99,25 @@ class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase):
self.saved_keystone_client = resource_mapping.k_client.Client self.saved_keystone_client = resource_mapping.k_client.Client
resource_mapping.k_client.Client = mock.Mock() resource_mapping.k_client.Client = mock.Mock()
try:
config.cfg.CONF.keystone_authtoken.username
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('username'),
'keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.password
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('password'),
'keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.project_name
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('project_name'),
'keystone_authtoken')
def tearDown(self): def tearDown(self):
resource_mapping.k_client.Client = self.saved_keystone_client resource_mapping.k_client.Client = self.saved_keystone_client
super(ResourceMappingTestCase, self).tearDown() super(ResourceMappingTestCase, self).tearDown()
@ -2390,11 +2409,11 @@ class TestServiceChain(ResourceMappingTestCase):
self.assertEqual(sc_instance['classifier_id'], classifier_id) self.assertEqual(sc_instance['classifier_id'], classifier_id)
def _override_keystone_creds(self, usr, pwd, tenant, uri): def _override_keystone_creds(self, usr, pwd, tenant, uri):
config.cfg.CONF.set_override('admin_user', usr, config.cfg.CONF.set_override('username', usr,
group='keystone_authtoken') group='keystone_authtoken')
config.cfg.CONF.set_override('admin_password', pwd, config.cfg.CONF.set_override('password', pwd,
group='keystone_authtoken') group='keystone_authtoken')
config.cfg.CONF.set_override('admin_tenant_name', tenant, config.cfg.CONF.set_override('project_name', tenant,
group='keystone_authtoken') group='keystone_authtoken')
config.cfg.CONF.set_override('auth_uri', uri, config.cfg.CONF.set_override('auth_uri', uri,
group='keystone_authtoken') group='keystone_authtoken')

33
gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py
View File

@ -27,12 +27,33 @@ class AdminOwnedResourcesTscpTestCase(
password = 'password' password = 'password'
tenant_name = 'tenant_name', tenant_name = 'tenant_name',
uri = 'http://127.0.0.1:35357/v2.0/' uri = 'http://127.0.0.1:35357/v2.0/'
config.cfg.CONF.set_override('admin_user', user, try:
group='keystone_authtoken') config.cfg.CONF.keystone_authtoken.username
config.cfg.CONF.set_override('admin_password', password, except config.cfg.NoSuchOptError:
group='keystone_authtoken') config.cfg.CONF.register_opt(
config.cfg.CONF.set_override('admin_tenant_name', tenant_name, config.cfg.StrOpt('username', default=user),
group='keystone_authtoken') 'keystone_authtoken')
else:
config.cfg.CONF.set_override('username', user,
group='keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.password
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('password', default=password),
'keystone_authtoken')
else:
config.cfg.CONF.set_override('password', password,
group='keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.project_name
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('project_name', default=tenant_name),
'keystone_authtoken')
else:
config.cfg.CONF.set_override('project_name', tenant_name,
group='keystone_authtoken')
config.cfg.CONF.set_override('auth_uri', uri, config.cfg.CONF.set_override('auth_uri', uri,
group='keystone_authtoken') group='keystone_authtoken')
super(AdminOwnedResourcesTscpTestCase, self).setUp( super(AdminOwnedResourcesTscpTestCase, self).setUp(

8
gbpservice/tests/contrib/devstack/local-nfp.conf
View File

@ -85,9 +85,9 @@ allow_duplicate_networks = True
[[post-config|/etc/neutron/neutron.conf]] [[post-config|/etc/neutron/neutron.conf]]
[keystone_authtoken] [keystone_authtoken]
admin_tenant_name = service project_name = service
admin_user = neutron username = neutron
admin_password = abc123 password = abc123
[group_policy] [group_policy]
policy_drivers=implicit_policy,resource_mapping,chain_mapping policy_drivers=implicit_policy,resource_mapping,chain_mapping
@ -112,7 +112,7 @@ default_proxy_ip_pool = 192.169.0.0/16
default_external_segment_name = default default_external_segment_name = default
[nfp_node_driver] [nfp_node_driver]
is_service_admin_owned = True is_service_admin_owned = False
svc_management_ptg_name = svc_management_ptg svc_management_ptg_name = svc_management_ptg
[quotas] [quotas]

6
gbpservice/tests/contrib/devstack/nfp
View File

@ -199,9 +199,9 @@ function copy_nfp_files_and_start_process {
source $TOP_DIR/inc/ini-config source $TOP_DIR/inc/ini-config
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user` admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username`
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password` admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password`
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name` admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name`
auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri` auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}') auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}') auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')