openstack/charm-keystone
Code Issues Proposed changes

Use AuthMethod context

Browse Source 
Rather than use hard coded auth methods, use the protocal named passed
over the keystone-fid-service-provider relation.

Also, when using federation do not allow the "external" method as they
are mutually exclusive.

Change-Id: I08f0632630d7f0e8d2d7ddb057e02f9febf9ad6f
Closes-Bug: #1828015
Closes-Bug: #1828018
This commit is contained in:
David Ames 2019-05-15 14:53:48 -07:00
parent 275029da51
commit a103c15e40
5 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
hooks/keystone_context.py
View File

@ -343,3 +343,26 @@ class WebSSOTrustedDashboardContext(context.OSContextGenerator):
ctxt = ({'trusted_dashboards': trusted_dashboards} ctxt = ({'trusted_dashboards': trusted_dashboards}
if trusted_dashboards else {}) if trusted_dashboards else {})
return ctxt return ctxt
class AuthMethods(context.OSContextGenerator):
auth_methods = ["external", "password", "token", "oauth1",
"openid", "totp", "application_credential"]
def __call__(self):
_external = "external"
_protocol_name = ""
for rid in relation_ids("keystone-fid-service-provider"):
for unit in related_units(rid):
rdata = relation_get(unit=unit, rid=rid)
_protocol_name = rdata.get('protocol-name').strip('"')
if _protocol_name and _protocol_name not in self.auth_methods:
self.auth_methods.append(_protocol_name)
# We are federated so remove the external method
if _external in self.auth_methods:
self.auth_methods.remove(_external)
ctxt = {"auth_methods": ",".join(self.auth_methods)}
return ctxt

3
hooks/keystone_utils.py
View File

@ -239,7 +239,8 @@ BASE_RESOURCE_MAP = OrderedDict([
interface=['keystone-middleware'], interface=['keystone-middleware'],
service='keystone', service='keystone',
config_file=KEYSTONE_CONF), config_file=KEYSTONE_CONF),
keystone_context.MiddlewareContext()] keystone_context.MiddlewareContext(),
keystone_context.AuthMethods()]
}), }),
(KEYSTONE_LOGGER_CONF, { (KEYSTONE_LOGGER_CONF, {
'contexts': [keystone_context.KeystoneLoggingContext()], 'contexts': [keystone_context.KeystoneLoggingContext()],

2
templates/queens/keystone.conf
View File

@ -73,7 +73,7 @@ driver = {{ assignment_backend }}
{% include "parts/section-middleware" %} {% include "parts/section-middleware" %}
{% else %} {% else %}
[auth] [auth]
methods = external,password,token,oauth1,mapped,openid,totp,application_credential methods = {{ auth_methods }}
password = keystone.auth.plugins.password.Password password = keystone.auth.plugins.password.Password
token = keystone.auth.plugins.token.Token token = keystone.auth.plugins.token.Token
oauth1 = keystone.auth.plugins.oauth1.OAuth oauth1 = keystone.auth.plugins.oauth1.OAuth

2
templates/rocky/keystone.conf
View File

@ -58,7 +58,7 @@ driver = sql
driver = {{ assignment_backend }} driver = {{ assignment_backend }}
[auth] [auth]
methods = external,password,token,oauth1,mapped,openid,totp,application_credential methods = {{ auth_methods }}
[paste_deploy] [paste_deploy]
config_file = {{ paste_config_file }} config_file = {{ paste_config_file }}