From 780381e6c4fffddbe5c7e4a43d213c63f687de82 Mon Sep 17 00:00:00 2001 From: Michael Skalka Date: Thu, 21 Sep 2017 11:19:18 -0400 Subject: [PATCH] Add default_domain config option. This commit adds the default-domain config option to limit the login page to only the specifed domain. For use with a single domain environment where users are only given a login. When considering a single domain usecase for users (admin_domain for administration, then example_domain for all other users), it would be handy for users not to input their domain name, but only username and password to login. By setting two lines below, we can create a separate dashboard instance for non-admin users only. OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=False OPENSTACK_KEYSTONE_DEFAULT_DOMAIN=example_domain However, the current local_settings.py template does not allow that. This change adds the 'default-domain' configuration option which modifies local_policy.py to set the two configuration flags outlined in the bug. If the config option is not set the charm will behave as before, enabling the user to specify the domain at login. This does no validation to ensure the domain exists, so it is up to the user to supply a valid domain name. Closes-Bug: 1712999 Change-Id: I316372ae305a4ba10e4d8ba047f23a317836b960 --- config.yaml | 6 ++++ hooks/horizon_contexts.py | 7 +++-- templates/mitaka/local_settings.py | 4 +-- templates/newton/local_settings.py | 4 +-- templates/ocata/local_settings.py | 4 +-- unit_tests/test_horizon_contexts.py | 43 +++++++++++++++++++++++++++++ 6 files changed, 60 insertions(+), 8 deletions(-) diff --git a/config.yaml b/config.yaml index 690a44a8..6844a862 100644 --- a/config.yaml +++ b/config.yaml @@ -79,6 +79,12 @@ options: description: | Default role for Horizon operations that will be created in Keystone upon introduction of an identity-service relation. + default-domain: + type: string + default: + description: | + Default domain when authenticating with Horizon. Disables the domain + field in the login page. dns-ha: type: boolean default: False diff --git a/hooks/horizon_contexts.py b/hooks/horizon_contexts.py index ff3ec29a..34fc538a 100644 --- a/hooks/horizon_contexts.py +++ b/hooks/horizon_contexts.py @@ -138,8 +138,9 @@ class IdentityServiceContext(OSContextGenerator): # If using keystone v3 the context is incomplete without the # admin domain id if local_ctxt['api_version'] == '3': - local_ctxt['admin_domain_id'] = rdata.get( - 'admin_domain_id') + if not config('default_domain'): + local_ctxt['admin_domain_id'] = rdata.get( + 'admin_domain_id') if not context_complete(local_ctxt): continue @@ -201,6 +202,8 @@ class HorizonContext(OSContextGenerator): "password_retrieve": config("password-retrieve"), 'virtualenv': git_pip_venv_dir(projects_yaml) if config('openstack-origin-git') else None, + 'default_domain': config('default-domain'), + 'multi_domain': False if config('default-domain') else True } return ctxt diff --git a/templates/mitaka/local_settings.py b/templates/mitaka/local_settings.py index 0c5e6716..2a5c5220 100644 --- a/templates/mitaka/local_settings.py +++ b/templates/mitaka/local_settings.py @@ -193,8 +193,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ default_role }}" {% if api_version == "3" -%} OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v3" % OPENSTACK_HOST OPENSTACK_API_VERSIONS = { "identity": 3, } -OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True -OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ admin_domain_id }}" +OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = "{{ multi_domain }}" +OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ default_domain or admin_domain_id }}" {% else -%} OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v2.0" % OPENSTACK_HOST {% endif -%} diff --git a/templates/newton/local_settings.py b/templates/newton/local_settings.py index 45125cac..0039f6f4 100644 --- a/templates/newton/local_settings.py +++ b/templates/newton/local_settings.py @@ -193,8 +193,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ default_role }}" {% if api_version == "3" -%} OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v3" % OPENSTACK_HOST OPENSTACK_API_VERSIONS = { "identity": 3, } -OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True -OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ admin_domain_id }}" +OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = "{{ multi_domain }}" +OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ default_domain or admin_domain_id }}" {% else -%} OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v2.0" % OPENSTACK_HOST {% endif -%} diff --git a/templates/ocata/local_settings.py b/templates/ocata/local_settings.py index 86a0faf6..1f1f5334 100644 --- a/templates/ocata/local_settings.py +++ b/templates/ocata/local_settings.py @@ -193,8 +193,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ default_role }}" {% if api_version == "3" -%} OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v3" % OPENSTACK_HOST OPENSTACK_API_VERSIONS = { "identity": 3, } -OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True -OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ admin_domain_id }}" +OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = "{{ multi_domain }}" +OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ default_domain or admin_domain_id }}" {% else -%} OPENSTACK_KEYSTONE_URL = "{{ service_protocol }}://%s:{{ service_port }}/v2.0" % OPENSTACK_HOST {% endif -%} diff --git a/unit_tests/test_horizon_contexts.py b/unit_tests/test_horizon_contexts.py index ab4bb60d..41de8115 100644 --- a/unit_tests/test_horizon_contexts.py +++ b/unit_tests/test_horizon_contexts.py @@ -116,6 +116,31 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True + } + ) + + def test_HorizonContext_default_domain(self): + self.test_config.set('default-domain', 'example_domain') + self.assertEqual(horizon_contexts.HorizonContext()(), + {'compress_offline': True, 'debug': False, + 'customization_module': '', + 'default_role': 'Member', 'webroot': '/horizon', + 'ubuntu_theme': True, + 'default_theme': None, + 'virtualenv': None, + 'secret': 'secret', + 'support_profile': None, + "neutron_network_dvr": False, + "neutron_network_l3ha": False, + "neutron_network_lb": False, + "neutron_network_firewall": False, + "neutron_network_vpn": False, + "cinder_backup": False, + "password_retrieve": False, + "default_domain": "example_domain", + "multi_domain": False } ) @@ -137,6 +162,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -158,6 +185,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -180,6 +209,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -205,6 +236,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -226,6 +259,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -247,6 +282,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -273,6 +310,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": True, "cinder_backup": True, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } ) @@ -294,6 +333,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": True, + "default_domain": None, + "multi_domain": True } ) @@ -315,6 +356,8 @@ class TestHorizonContexts(CharmTestCase): "neutron_network_vpn": False, "cinder_backup": False, "password_retrieve": False, + "default_domain": None, + "multi_domain": True } )