Never specify project_name in keystone v3 auth

All of our middlewares populate the context with both the tenant name and the tenant_id. The tenant_id, is unique across domains which means you can do lookups without having to know what domain the project is in. When project_id and project_name are both specified, it seems that project_name takes precedence, which will fail when the credentials are from the stack domain since we cannot lookup by project names when the domain is not specified. It looks like specifying project_name is never the right thing to do, and we should assume that the context always has a tenant_id. Change-Id: Ifea21e13be482a6347438d6baaca3111caad4a97 Closes-Bug: #1290621
2014-03-17 10:07:22 +13:00 · 2014-03-17 10:07:22 +13:00 · 42a9e22ae5
parent 6a7fd79ae1
commit 42a9e22ae5
2 changed files with 2 additions and 4 deletions
--- a/heat/common/heat_keystoneclient.py
+++ b/heat/common/heat_keystoneclient.py
@ -151,12 +151,11 @@ class KeystoneClientV3(object):
            kwargs['trust_id'] = self.context.trust_id
            kwargs.pop('project_name')
        elif self.context.auth_token is not None:
-            kwargs['project_name'] = self.context.tenant
            kwargs['token'] = self.context.auth_token
+            kwargs['project_id'] = self.context.tenant_id
        elif self.context.password is not None:
            kwargs['username'] = self.context.username
            kwargs['password'] = self.context.password
-            kwargs['project_name'] = self.context.tenant
            kwargs['project_id'] = self.context.tenant_id
        else:
            logger.error(_("Keystone v3 API connection failed, no password "
--- a/heat/tests/test_heatclient.py
+++ b/heat/tests/test_heatclient.py
@ -91,7 +91,7 @@ class KeystoneClientTest(HeatTestCase):

        if method == 'token':
            kc_v3.Client(
-                token='abcd1234', project_name='test_tenant',
+                token='abcd1234', project_id='test_tenant_id',
                auth_url='http://server.test:5000/v3',
                endpoint='http://server.test:5000/v3',
                cacert=None,
@ -102,7 +102,6 @@ class KeystoneClientTest(HeatTestCase):
            kc_v3.Client(
                username='test_username',
                password='password',
-                project_name='test_tenant',
                project_id='test_tenant_id',
                auth_url='http://server.test:5000/v3',
                endpoint='http://server.test:5000/v3',