From 2a2c8e733bd77ba6f12cdf84b7cdc6bbab99a523 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Tue, 9 May 2017 04:06:33 +0000
Subject: [PATCH] Revert "Support transition to keystone auth plugin"

This patch broke Ironic introspection workflow:
https://bugs.launchpad.net/tripleo/+bug/1688767

This reverts commit 1c485867c456df32cf0401a47d177b2478a51313.
Related-Bug: #1688767

Change-Id: I86d4b40e19b3b0b3cfe0d30e2c5a588e29af6d98
---
 devstack/plugin.sh                  | 15 +++++------
 mistral/context.py                  | 29 ++++----------------
 mistral/services/security.py        |  7 ++---
 mistral/utils/openstack/keystone.py | 41 +++++++----------------------
 4 files changed, 24 insertions(+), 68 deletions(-)

diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 844dedf90..09f654089 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -75,15 +75,14 @@ function configure_mistral {
     #-------------------------
 
     # Setup keystone_authtoken section
-    iniset $MISTRAL_CONF_FILE keystone_authtoken project_name $SERVICE_TENANT_NAME
-    iniset $MISTRAL_CONF_FILE keystone_authtoken username $MISTRAL_ADMIN_USER
-    iniset $MISTRAL_CONF_FILE keystone_authtoken password $SERVICE_PASSWORD
+    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
+    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
+    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+    iniset $MISTRAL_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $MISTRAL_CONF_FILE keystone_authtoken admin_user $MISTRAL_ADMIN_USER
+    iniset $MISTRAL_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
     iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3
-    iniset $MISTRAL_CONF_FILE keystone_authtoken service_token_roles_required True
-    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_type password
-    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_url $KEYSTONE_SERVICE_URI
-    iniset $MISTRAL_CONF_FILE keystone_authtoken user_domain_name Default
-    iniset $MISTRAL_CONF_FILE keystone_authtoken project_domain_name Default
+    iniset $MISTRAL_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
 
     # Setup RabbitMQ credentials
     iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
diff --git a/mistral/context.py b/mistral/context.py
index 0cd2fed03..cc93a32be 100644
--- a/mistral/context.py
+++ b/mistral/context.py
@@ -88,8 +88,6 @@ class MistralContext(BaseContext):
         "expires_at",
         "trust_id",
         "is_target",
-        "user_domain_name",
-        "project_domain_name",
     ])
 
     def __repr__(self):
@@ -208,25 +206,10 @@ def _extract_service_catalog_from_headers(headers):
 
 
 def context_from_config():
-    username = (
-        CONF.keystone_authtoken.username or
-        CONF.keystone_authtoken.admin_user)
-    password = (
-        CONF.keystone_authtoken.password or
-        CONF.keystone_authtoken.admin_password)
-    project_name = (
-        CONF.keystone_authtoken.project_name or
-        CONF.keystone_authtoken.admin_tenant_name)
-    user_domain_name = (
-        CONF.keystone_authtoken.user_domain_name or 'Default')
-    project_domain_name = (
-        CONF.keystone_authtoken.project_domain_name or 'Default')
     keystone = keystone_client.Client(
-        username=username,
-        password=password,
-        project_name=project_name,
-        user_domain_name=user_domain_name,
-        project_domain_name=project_domain_name,
+        username=CONF.keystone_authtoken.admin_user,
+        password=CONF.keystone_authtoken.admin_password,
+        tenant_name=CONF.keystone_authtoken.admin_tenant_name,
         auth_url=CONF.keystone_authtoken.auth_uri,
         is_trust_scoped=False,
     )
@@ -237,10 +220,8 @@ def context_from_config():
         user_id=keystone.user_id,
         project_id=keystone.project_id,
         auth_token=keystone.auth_token,
-        project_name=project_name,
-        user_name=username,
-        user_domain_name=user_domain_name,
-        project_domain_name=project_domain_name,
+        project_name=CONF.keystone_authtoken.admin_tenant_name,
+        user_name=CONF.keystone_authtoken.admin_user,
         is_trust_scoped=False,
     )
 
diff --git a/mistral/services/security.py b/mistral/services/security.py
index bb67e6760..4e4c53f97 100644
--- a/mistral/services/security.py
+++ b/mistral/services/security.py
@@ -40,11 +40,8 @@ def create_trust():
 
     ctx = auth_ctx.ctx()
 
-    project_name = (
-        CONF.keystone_authtoken.project_name or
-        CONF.keystone_authtoken.admin_tenant_name)
-
-    trustee_id = keystone.client_for_admin(project_name).user_id
+    trustee_id = keystone.client_for_admin(
+        CONF.keystone_authtoken.admin_tenant_name).user_id
 
     return client.trusts.create(
         trustor_user=client.user_id,
diff --git a/mistral/utils/openstack/keystone.py b/mistral/utils/openstack/keystone.py
index 120e4e897..7baaf8665 100644
--- a/mistral/utils/openstack/keystone.py
+++ b/mistral/utils/openstack/keystone.py
@@ -47,16 +47,9 @@ def client():
 def _admin_client(trust_id=None, project_name=None):
     auth_url = CONF.keystone_authtoken.auth_uri
 
-    username = (
-        CONF.keystone_authtoken.admin_user or
-        CONF.keystone_authtoken.username)
-    password = (
-        CONF.keystone_authtoken.admin_password or
-        CONF.keystone_authtoken.password)
-
     cl = ks_client.Client(
-        username=username,
-        password=password,
+        username=CONF.keystone_authtoken.admin_user,
+        password=CONF.keystone_authtoken.admin_password,
         project_name=project_name,
         auth_url=auth_url,
         trust_id=trust_id
@@ -175,9 +168,7 @@ def format_url(url_template, values):
 
 
 def is_token_trust_scoped(auth_token):
-    admin_project_name = (
-        CONF.keystone_authtoken.admin_tenant_name or
-        CONF.keystone_authtoken.project_name)
+    admin_project_name = CONF.keystone_authtoken.admin_tenant_name
     keystone_client = _admin_client(project_name=admin_project_name)
 
     token_info = keystone_client.tokens.validate(auth_token)
@@ -188,27 +179,15 @@ def is_token_trust_scoped(auth_token):
 def get_admin_session():
     """Returns a keystone session from Mistral's service credentials."""
 
-    username = (
-        CONF.keystone_authtoken.username or
-        CONF.keystone_authtoken.admin_user)
-    password = (
-        CONF.keystone_authtoken.password or
-        CONF.keystone_authtoken.admin_password)
-    project_name = (
-        CONF.keystone_authtoken.project_name or
-        CONF.keystone_authtoken.admin_tenant_name)
-    user_domain_name = (
-        CONF.keystone_authtoken.user_domain_name or 'Default')
-    project_domain_name = (
-        CONF.keystone_authtoken.project_domain_name or 'Default')
-
     auth = auth_plugins.Password(
         CONF.keystone_authtoken.auth_uri,
-        username=username,
-        password=password,
-        project_name=project_name,
-        user_domain_name=user_domain_name,
-        project_domain_name=project_domain_name)
+        username=CONF.keystone_authtoken.admin_user,
+        password=CONF.keystone_authtoken.admin_password,
+        project_name=CONF.keystone_authtoken.admin_tenant_name,
+        # NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
+        # fetch the following values from the configuration.
+        user_domain_name='Default',
+        project_domain_name='Default')
 
     return ks_session.Session(auth=auth)