Pickup the region name passed in from heatclient

For standalone heat operation, middleware will need to set the region
from the X-Region-Name header. Then the keystoneclient will use this
region_name instead of the heat_region_name config option.

Closes-Bug: 1223068
Change-Id: Ia859e67cf8c6e0d1ed9d9e7f5eab2d138c6421ef

heat/common/context.py

@@ -34,7 +34,8 @@ class RequestContext(context.RequestContext):
                  tenant_id=None, auth_url=None, roles=None, is_admin=None,
                  read_only=False, show_deleted=False,
                  overwrite=True, trust_id=None, trustor_user_id=None,
-                 request_id=None, auth_token_info=None, **kwargs):
+                 request_id=None, auth_token_info=None, region_name=None,
+                 **kwargs):
         """
         :param overwrite: Set to False to ensure that the greenthread local
             copy of the index is not overwritten.
@@ -52,6 +53,7 @@ class RequestContext(context.RequestContext):
         self.username = username
         self.user_id = user_id
         self.password = password
+        self.region_name = region_name
         self.aws_creds = aws_creds
         self.tenant_id = tenant_id
         self.auth_token_info = auth_token_info
@@ -101,7 +103,8 @@ class RequestContext(context.RequestContext):
                 'is_admin': self.is_admin,
                 'user': self.user,
                 'request_id': self.request_id,
-                'show_deleted': self.show_deleted}
+                'show_deleted': self.show_deleted,
+                'region_name': self.region_name}
 
     @classmethod
     def from_dict(cls, values):
@@ -151,6 +154,7 @@ class ContextMiddleware(wsgi.Middleware):
             token = headers.get('X-Auth-Token')
             tenant = headers.get('X-Tenant-Name')
             tenant_id = headers.get('X-Tenant-Id')
+            region_name = headers.get('X-Region-Name')
             auth_url = headers.get('X-Auth-Url')
             roles = headers.get('X-Roles')
             if roles is not None:
@@ -170,7 +174,8 @@ class ContextMiddleware(wsgi.Middleware):
                                         auth_url=auth_url,
                                         roles=roles,
                                         request_id=req_id,
-                                        auth_token_info=token_info)
+                                        auth_token_info=token_info,
+                                        region_name=region_name)
 
 
 def ContextMiddleware_filter_factory(global_conf, **local_conf):

heat/common/heat_keystoneclient.py

@@ -401,8 +401,8 @@ class KeystoneClientV3(object):
         body = {'auth': {'scope':
                          {'project': {'id': project_id}},
                          'identity': {'password': {'user': {
-                         'domain': domain,
-                         'password': password, 'name': username}},
+                             'domain': domain,
+                             'password': password, 'name': username}},
                              'methods': ['password']}}}
         t = sess.post(token_url, headers=headers, json=body,
                       authenticated=False)
@@ -656,7 +656,8 @@ class KeystoneClientV3(object):
         self.domain_admin_client.users.update(user=user_id, enabled=True)
 
     def url_for(self, **kwargs):
-        default_region_name = cfg.CONF.region_name_for_services
+        default_region_name = (self.context.region_name or
+                               cfg.CONF.region_name_for_services)
         kwargs.setdefault('region_name', default_region_name)
         return self.client.service_catalog.url_for(**kwargs)
 

heat/db/sqlalchemy/migrate_repo/versions/049_user_creds_region_name.py

@@ -0,0 +1,31 @@
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import sqlalchemy
+
+
+def upgrade(migrate_engine):
+    meta = sqlalchemy.MetaData(bind=migrate_engine)
+
+    user_creds = sqlalchemy.Table('user_creds', meta, autoload=True)
+
+    region_name = sqlalchemy.Column('region_name',
+                                    sqlalchemy.String(length=255))
+    region_name.create(user_creds)
+
+
+def downgrade(migrate_engine):
+    meta = sqlalchemy.MetaData(bind=migrate_engine)
+
+    user_creds = sqlalchemy.Table('user_creds', meta, autoload=True)
+    user_creds.c.region_name.drop()

heat/db/sqlalchemy/models.py

@@ -164,6 +164,7 @@ class UserCreds(BASE, HeatBase):
     id = sqlalchemy.Column(sqlalchemy.Integer, primary_key=True)
     username = sqlalchemy.Column(sqlalchemy.String(255))
     password = sqlalchemy.Column(sqlalchemy.String(255))
+    region_name = sqlalchemy.Column(sqlalchemy.String(255))
     decrypt_method = sqlalchemy.Column(sqlalchemy.String(64))
     tenant = sqlalchemy.Column(sqlalchemy.String(1024))
     auth_url = sqlalchemy.Column(sqlalchemy.Text)

heat/tests/db/test_migrations.py

@@ -306,6 +306,9 @@ class HeatMigrationsCheckers(test_migrations.WalkVersionsMixin,
         self.assertEqual(3, n_depth('1e9deba9-a305-5f29-84d3-c8165647c47e'))
         self.assertEqual(0, n_depth('1a4bd1ec-8b21-56cd-964a-f66cb1cfa2f9'))
 
+    def _check_049(self, engine, data):
+        self.assertColumnExists(engine, 'user_creds', 'region_name')
+
 
 class TestHeatMigrationsMySQL(HeatMigrationsCheckers,
                               test_base.MySQLOpportunisticTestCase):

heat/tests/test_common_context.py

@@ -42,7 +42,8 @@ class TestRequestContext(common.HeatTestCase):
                     'user_id': 'fooUser',
                     'tenant': 'atenant',
                     'auth_url': 'http://xyz',
-                    'aws_creds': 'blah'}
+                    'aws_creds': 'blah',
+                    'region_name': 'regionOne'}
 
         super(TestRequestContext, self).setUp()
 
@@ -59,7 +60,11 @@ class TestRequestContext(common.HeatTestCase):
             roles=self.ctx.get('roles'),
             show_deleted=self.ctx.get('show_deleted'),
             is_admin=self.ctx.get('is_admin'),
-            auth_token_info=self.ctx.get('auth_token_info'))
+            auth_token_info=self.ctx.get('auth_token_info'),
+            trustor_user_id=self.ctx.get('trustor_user_id'),
+            trust_id=self.ctx.get('trust_id'),
+            user=self.ctx.get('user'),
+            region_name=self.ctx.get('region_name'))
         ctx_dict = ctx.to_dict()
         del(ctx_dict['request_id'])
         self.assertEqual(self.ctx, ctx_dict)

heat/tests/test_heatclient.py

@@ -1413,7 +1413,7 @@ class KeystoneClientTest(common.HeatTestCase):
         self.assertIsNone(heat_ks_client.delete_stack_domain_project(
             project_id='aprojectid'))
 
-    def _test_url_for(self, service_url, expected_kwargs, **kwargs):
+    def _test_url_for(self, service_url, expected_kwargs, ctx=None, **kwargs):
         """
         Helper function for testing url_for depending on different ways to
         pass region name.
@@ -1424,7 +1424,7 @@ class KeystoneClientTest(common.HeatTestCase):
             .AndReturn(service_url)
 
         self.m.ReplayAll()
-        ctx = utils.dummy_context()
+        ctx = ctx or utils.dummy_context()
         heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
         self.assertEqual(heat_ks_client.url_for(**kwargs), service_url)
         self.m.VerifyAll()
@@ -1451,7 +1451,7 @@ class KeystoneClientTest(common.HeatTestCase):
         kwargs = {
             'region_name': 'RegionTwo'
         }
-        self._test_url_for(service_url, kwargs, **kwargs)
+        self._test_url_for(service_url, kwargs, None, **kwargs)
 
     def test_url_for_with_region_name_from_config(self):
         """
@@ -1467,6 +1467,26 @@ class KeystoneClientTest(common.HeatTestCase):
         service_url = 'http://regionone.example.com:1234/v1'
         self._test_url_for(service_url, kwargs)
 
+    def test_url_for_with_region_name_from_context(self):
+        """
+        Test that default region name for services from context is passed
+        if region name is not specified in arguments.
+        """
+        cfg.CONF.set_override('region_name_for_services', 'RegionOne')
+        service_url = 'http://regiontwo.example.com:1234/v1'
+        region_name_for_services = 'RegionTwo'
+        expected_kwargs = {
+            'region_name': region_name_for_services
+        }
+        ctx = utils.dummy_context('test_username',
+                                  'test_tenant_id',
+                                  'password',
+                                  None,
+                                  None,
+                                  None,
+                                  region_name_for_services)
+        self._test_url_for(service_url, expected_kwargs, ctx)
+
 
 class KeystoneClientTestDomainName(KeystoneClientTest):
     def setUp(self):

heat/tests/test_sqlalchemy_api.py

@@ -742,6 +742,7 @@ class SqlAlchemyTest(common.HeatTestCase):
 
     def test_user_creds_password(self):
         self.ctx.trust_id = None
+        self.ctx.region_name = 'regionOne'
         db_creds = db_api.user_creds_create(self.ctx)
         load_creds = db_api.user_creds_get(db_creds.id)
 
@@ -749,6 +750,7 @@ class SqlAlchemyTest(common.HeatTestCase):
         self.assertEqual('password', load_creds.get('password'))
         self.assertEqual('test_tenant', load_creds.get('tenant'))
         self.assertEqual('test_tenant_id', load_creds.get('tenant_id'))
+        self.assertEqual('regionOne', load_creds.get('region_name'))
         self.assertIsNotNone(load_creds.get('created_at'))
         self.assertIsNone(load_creds.get('updated_at'))
         self.assertEqual('http://server.test:5000/v2.0',
@@ -780,12 +782,14 @@ class SqlAlchemyTest(common.HeatTestCase):
         self.ctx.username = None
         self.ctx.password = None
         self.ctx.trust_id = None
+        self.ctx.region_name = None
         db_creds = db_api.user_creds_create(self.ctx)
         load_creds = db_api.user_creds_get(db_creds.id)
 
         self.assertIsNone(load_creds.get('username'))
         self.assertIsNone(load_creds.get('password'))
         self.assertIsNone(load_creds.get('trust_id'))
+        self.assertIsNone(load_creds.get('region_name'))
 
     def test_software_config_create(self):
         tenant_id = self.ctx.tenant_id

heat/tests/utils.py

@@ -68,7 +68,7 @@ def reset_dummy_db():
 
 def dummy_context(user='test_username', tenant_id='test_tenant_id',
                   password='password', roles=None, user_id=None,
-                  trust_id=None):
+                  trust_id=None, region_name=None):
     roles = roles or []
     return context.RequestContext.from_dict({
         'tenant_id': tenant_id,
@@ -80,7 +80,8 @@ def dummy_context(user='test_username', tenant_id='test_tenant_id',
         'is_admin': False,
         'auth_url': 'http://server.test:5000/v2.0',
         'auth_token': 'abcd1234',
-        'trust_id': trust_id
+        'trust_id': trust_id,
+        'region_name': region_name
     })