Fixed cinder check for non-admin user
It could happen that user doesn't have privileges to perform
list_services. Sahara should use admin user for that.
Refactored keystone client creation to give admin user
access to keystone via API v2.
Change-Id: I275fa07a02f4729f2fc20fcd1f0ea65f3c4d50b2
Closes-Bug: #1375806
Closes-Bug: #1376336
(cherry picked from commit 46ab3f5bfe)
This commit is contained in:
Andrew Lazarev
parent
23904d0bc2
commit
3ec1f6fc22
|
|
@ -346,7 +346,7 @@ def check_add_node_groups(cluster, add_node_groups):
|
|||
|
||||
def check_cinder_exists():
|
||||
services = [service.name for service in
|
||||
keystone.client().services.list()]
|
||||
keystone.client_for_admin().services.list()]
|
||||
if 'cinder' not in services:
|
||||
raise ex.InvalidException(_("Cinder is not supported"))
|
||||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ def start_patch(patch_templates=True):
|
|||
get_cl_template_p = mock.patch(
|
||||
"sahara.service.api.get_cluster_template")
|
||||
nova_p = mock.patch("sahara.utils.openstack.nova.client")
|
||||
keystone_p = mock.patch("sahara.utils.openstack.keystone.client")
|
||||
keystone_p = mock.patch("sahara.utils.openstack.keystone._client")
|
||||
heat_p = mock.patch("sahara.utils.openstack.heat.client")
|
||||
get_image_p = mock.patch("sahara.service.api.get_image")
|
||||
|
||||
|
|
|
|||
|
|
@ -37,46 +37,44 @@ CONF.register_opts(opts)
|
|||
def client():
|
||||
'''Return the current context client.'''
|
||||
ctx = context.current()
|
||||
|
||||
return _client(username=ctx.username, token=ctx.token,
|
||||
tenant_id=ctx.tenant_id)
|
||||
|
||||
|
||||
def _client(username, password=None, token=None, tenant_name=None,
|
||||
tenant_id=None, trust_id=None, domain_name=None):
|
||||
|
||||
if trust_id and not CONF.use_identity_api_v3:
|
||||
raise Exception("Trusts aren't implemented in keystone api"
|
||||
" less than v3")
|
||||
|
||||
auth_url = base.retrieve_auth_url()
|
||||
|
||||
client_kwargs = {'username': username,
|
||||
'password': password,
|
||||
'token': token,
|
||||
'tenant_name': tenant_name,
|
||||
'tenant_id': tenant_id,
|
||||
'trust_id': trust_id,
|
||||
'user_domain_name': domain_name,
|
||||
'auth_url': auth_url}
|
||||
|
||||
if CONF.use_identity_api_v3:
|
||||
keystone = keystone_client_v3.Client(username=ctx.username,
|
||||
token=ctx.token,
|
||||
tenant_id=ctx.tenant_id,
|
||||
auth_url=auth_url)
|
||||
keystone = keystone_client_v3.Client(**client_kwargs)
|
||||
keystone.management_url = auth_url
|
||||
else:
|
||||
keystone = keystone_client.Client(username=ctx.username,
|
||||
token=ctx.token,
|
||||
tenant_id=ctx.tenant_id,
|
||||
auth_url=auth_url)
|
||||
keystone = keystone_client.Client(**client_kwargs)
|
||||
|
||||
return keystone
|
||||
|
||||
|
||||
def _client(username, password, project_name=None, trust_id=None,
|
||||
domain_name=None):
|
||||
if not CONF.use_identity_api_v3:
|
||||
raise Exception('Trusts aren\'t implemented in keystone api'
|
||||
' less than v3')
|
||||
|
||||
auth_url = base.retrieve_auth_url()
|
||||
keystone = keystone_client_v3.Client(username=username,
|
||||
password=password,
|
||||
project_name=project_name,
|
||||
user_domain_name=domain_name,
|
||||
auth_url=auth_url,
|
||||
trust_id=trust_id)
|
||||
keystone.management_url = auth_url
|
||||
return keystone
|
||||
|
||||
|
||||
def _admin_client(project_name=None, trust_id=None):
|
||||
username = CONF.keystone_authtoken.admin_user
|
||||
password = CONF.keystone_authtoken.admin_password
|
||||
keystone = _client(username=username,
|
||||
password=password,
|
||||
project_name=project_name,
|
||||
tenant_name=project_name,
|
||||
trust_id=trust_id)
|
||||
return keystone
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue