Add support for using service tokens
This patch configures Nova to send a service token along with the
received user token on requests to other services. This can allow those
other services to accept the request even if the user token has been
invalidated since received by Nova. Also with this patch Nova will
accept request from other services with invalid user tokens but valid
service tokens. Service tokens exist since Openstack Queens.
Closes-Bug: #1992840
Change-Id: I78b43ef77dc1d7b5976ec81ecddf63c9e6c8b6c1
(cherry picked from commit 3c53110282
)
This commit is contained in:
parent
8df5e9356f
commit
d9dc048a51
|
@ -647,6 +647,7 @@ class CloudComputeContext(context.OSContextGenerator):
|
|||
'api_version', **rel) or '2.0',
|
||||
'neutron_plugin': _neutron_plugin(),
|
||||
'neutron_url': url,
|
||||
'admin_role': relation_get('admin_role', **rel) or 'Admin',
|
||||
}
|
||||
# DNS domain is optional
|
||||
dns_domain = relation_get('dns_domain', **rel)
|
||||
|
@ -765,6 +766,7 @@ class CloudComputeContext(context.OSContextGenerator):
|
|||
ctxt['admin_user'] = net_manager.get('neutron_admin_username')
|
||||
ctxt['admin_password'] = net_manager.get(
|
||||
'neutron_admin_password')
|
||||
ctxt['admin_role'] = net_manager.get('admin_role')
|
||||
ctxt['auth_protocol'] = net_manager.get('auth_protocol')
|
||||
ctxt['auth_host'] = net_manager.get('keystone_host')
|
||||
ctxt['auth_port'] = net_manager.get('auth_port')
|
||||
|
|
|
@ -206,6 +206,8 @@ service_metadata_proxy=True
|
|||
|
||||
{% include "section-keystone-authtoken-mitaka" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
{% if glance_api_servers -%}
|
||||
[glance]
|
||||
api_servers = {{ glance_api_servers }}
|
||||
|
|
|
@ -224,6 +224,8 @@ numa_nodes = {{ network_manager_config.neutron_tunnel }}
|
|||
|
||||
{% include "section-keystone-authtoken-mitaka" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
{% if glance_api_servers -%}
|
||||
[glance]
|
||||
api_servers = {{ glance_api_servers }}
|
||||
|
|
|
@ -237,6 +237,8 @@ numa_nodes = {{ network_manager_config.neutron_tunnel }}
|
|||
|
||||
{% include "section-keystone-authtoken-mitaka" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
{% if glance_api_servers -%}
|
||||
[glance]
|
||||
api_servers = {{ glance_api_servers }}
|
||||
|
|
|
@ -251,6 +251,8 @@ numa_nodes = {{ network_manager_config.neutron_tunnel }}
|
|||
|
||||
{% include "section-keystone-authtoken-mitaka" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
{% if glance_api_servers -%}
|
||||
[glance]
|
||||
api_servers = {{ glance_api_servers }}
|
||||
|
|
|
@ -234,6 +234,8 @@ numa_nodes = {{ network_manager_config.neutron_tunnel }}
|
|||
|
||||
{% include "section-keystone-authtoken-mitaka" %}
|
||||
|
||||
{% include "section-service-user" %}
|
||||
|
||||
{% if glance_api_servers -%}
|
||||
[glance]
|
||||
api_servers = {{ glance_api_servers }}
|
||||
|
|
|
@ -232,6 +232,7 @@ class NovaComputeContextTests(CharmTestCase):
|
|||
'network_manager': 'neutron',
|
||||
'network_manager_config': {
|
||||
'api_version': '2.0',
|
||||
'admin_role': 'Admin',
|
||||
'auth_protocol': 'https',
|
||||
'service_protocol': 'http',
|
||||
'auth_port': '5000',
|
||||
|
@ -252,6 +253,7 @@ class NovaComputeContextTests(CharmTestCase):
|
|||
'admin_tenant_name': 'admin',
|
||||
'admin_user': 'admin',
|
||||
'admin_password': 'openstack',
|
||||
'admin_role': 'Admin',
|
||||
'admin_domain_name': 'admin_domain',
|
||||
'auth_port': '5000',
|
||||
'auth_protocol': 'https',
|
||||
|
@ -281,6 +283,7 @@ class NovaComputeContextTests(CharmTestCase):
|
|||
'network_manager': 'neutron',
|
||||
'network_manager_config': {
|
||||
'api_version': '2.0',
|
||||
'admin_role': 'Admin',
|
||||
'auth_protocol': 'https',
|
||||
'service_protocol': 'http',
|
||||
'auth_port': '5000',
|
||||
|
@ -302,6 +305,7 @@ class NovaComputeContextTests(CharmTestCase):
|
|||
'admin_tenant_name': 'admin',
|
||||
'admin_user': 'admin',
|
||||
'admin_password': 'openstack',
|
||||
'admin_role': 'Admin',
|
||||
'admin_domain_name': 'admin_domain',
|
||||
'auth_port': '5000',
|
||||
'auth_protocol': 'https',
|
||||
|
@ -330,6 +334,7 @@ class NovaComputeContextTests(CharmTestCase):
|
|||
cloud_compute = context.CloudComputeContext()
|
||||
ex_ctxt = {
|
||||
'api_version': '2.0',
|
||||
'admin_role': 'Admin',
|
||||
'auth_protocol': 'https',
|
||||
'service_protocol': 'http',
|
||||
'auth_port': '5000',
|
||||
|
|
Loading…
Reference in New Issue