Fix support for Keystone v3 domain auth
When using v3 authentication and authorization Ceilometer must authenticate to services project in service_domain. Change-Id: Ibb19fa8476cf712ccb4bc524a48d3501f42fc62c Closes-Bug: 1636098
This commit is contained in:
parent
3ad0b4d8e0
commit
a904456fe3
@ -66,6 +66,11 @@ class CeilometerServiceContext(OSContextGenerator):
|
||||
for attr in self.keys:
|
||||
conf[attr] = relation_get(
|
||||
attr, unit=unit, rid=relid)
|
||||
if (conf['api_version'] is not None and
|
||||
float(conf['api_version']) > 2):
|
||||
self.keys.append('admin_domain_name')
|
||||
conf['admin_domain_name'] = relation_get(
|
||||
'admin_domain_name', unit=unit, rid=relid)
|
||||
if context_complete(conf):
|
||||
for attr in self.optional_keys:
|
||||
conf[attr] = relation_get(attr, unit=unit, rid=relid)
|
||||
|
@ -19,8 +19,13 @@ auth_url = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
|
||||
project_name = {{ admin_tenant_name }}
|
||||
username = {{ admin_user }}
|
||||
password = {{ admin_password }}
|
||||
{% if api_version == "3" -%}
|
||||
project_domain_name = {{ admin_domain_name }}
|
||||
user_domain_name = {{ admin_domain_name }}
|
||||
{% else -%}
|
||||
project_domain_name = default
|
||||
user_domain_name = default
|
||||
{% endif -%}
|
||||
auth_type = password
|
||||
{% endif -%}
|
||||
|
||||
|
@ -534,14 +534,30 @@ class CeiloAgentBasicDeployment(OpenStackAmuletDeployment):
|
||||
ks_rel['service_port'])
|
||||
# NOTE(dosaboy): os_ prefix is deprecated and no longer used as
|
||||
# of Mitaka.
|
||||
project_domain_name = 'default'
|
||||
user_domain_name = 'default'
|
||||
if 'api_version' in ks_rel and float(ks_rel['api_version']) > 2:
|
||||
project_domain_name = 'service_domain'
|
||||
user_domain_name = 'service_domain'
|
||||
expected['service_credentials'] = {'auth_url': auth_uri,
|
||||
'project_name': 'services',
|
||||
'project_domain_name':
|
||||
'default',
|
||||
'user_domain_name': 'default',
|
||||
project_domain_name,
|
||||
'user_domain_name':
|
||||
user_domain_name,
|
||||
'username': 'ceilometer',
|
||||
'password':
|
||||
ks_rel['service_password']}
|
||||
expected['keystone_authtoken'] = {'auth_uri': auth_uri,
|
||||
'auth_type': 'password',
|
||||
'project_domain_name':
|
||||
project_domain_name,
|
||||
'user_domain_name':
|
||||
user_domain_name,
|
||||
'project_name': 'services',
|
||||
'username': 'ceilometer',
|
||||
'password':
|
||||
ks_rel['service_password']}
|
||||
|
||||
for section, pairs in expected.iteritems():
|
||||
ret = u.validate_config_data(unit, conf, section, pairs)
|
||||
|
@ -51,6 +51,7 @@ class CeilometerContextsTest(CharmTestCase):
|
||||
'service_host': 'keystone',
|
||||
'service_port': '80',
|
||||
'signing_dir': '/var/lib/ceilometer',
|
||||
'admin_domain_name': 'admin_domain',
|
||||
'admin_tenant_name': 'admin',
|
||||
'admin_user': 'admin',
|
||||
'admin_password': 'password',
|
||||
|
Loading…
Reference in New Issue
Block a user