Make sure create ceilometer alarm successful

If enable re-auth, we will use the stored context
instead of request context, then we can't create
ceilometer alarm resource. There are two problems
when create ceilometer client:
1. the stored context has no domain info, an error
raised from keystone: BadRequest: Expecting to find
domain in project. So this patch will retrive the
user/project domain ids from the auth_ref.
2. after fix the first problem, then another error
raised from keystone: Forbidden: You are not authorized
to perform the requested action. Due keystone doesn't
allow to create a token by a trust-scoped token when
get aodh endpoint. So this patch will pass 'aodh_endpoint'
to ceilometer client to avoid this.

Change-Id: I44ed5c10b6dec6f39714f4f74cf51a10ef6104a6
Closes-Bug: #1531406
This commit is contained in:
huangtianhua 2016-01-07 11:04:54 +08:00
parent 3bbfb3e69d
commit 20214477c8
3 changed files with 27 additions and 5 deletions

View File

@ -24,7 +24,7 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
exceptions_module = [exc, api_exc] exceptions_module = [exc, api_exc]
service_types = [METERING] = ['metering'] service_types = [METERING, ALARMING] = ['metering', 'alarming']
def _create(self): def _create(self):
@ -32,6 +32,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type') endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
endpoint = self.url_for(service_type=self.METERING, endpoint = self.url_for(service_type=self.METERING,
endpoint_type=endpoint_type) endpoint_type=endpoint_type)
aodh_endpoint = self.url_for(service_type=self.ALARMING,
endpoint_type=endpoint_type)
args = { args = {
'auth_url': con.auth_url, 'auth_url': con.auth_url,
'service_type': self.METERING, 'service_type': self.METERING,
@ -44,7 +46,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
'cacert': self._get_client_option(CLIENT_NAME, 'ca_file'), 'cacert': self._get_client_option(CLIENT_NAME, 'ca_file'),
'cert_file': self._get_client_option(CLIENT_NAME, 'cert_file'), 'cert_file': self._get_client_option(CLIENT_NAME, 'cert_file'),
'key_file': self._get_client_option(CLIENT_NAME, 'key_file'), 'key_file': self._get_client_option(CLIENT_NAME, 'key_file'),
'insecure': self._get_client_option(CLIENT_NAME, 'insecure') 'insecure': self._get_client_option(CLIENT_NAME, 'insecure'),
'aodh_endpoint': aodh_endpoint
} }
return cc.get_client('2', **args) return cc.get_client('2', **args)

View File

@ -205,6 +205,10 @@ class Stack(collections.Mapping):
self.context = self.stored_context() self.context = self.stored_context()
self.context.roles = self.context.clients.client( self.context.roles = self.context.clients.client(
'keystone').auth_ref.role_names 'keystone').auth_ref.role_names
self.context.user_domain = self.context.clients.client(
'keystone').auth_ref.user_domain_id
self.context.project_domain = self.context.clients.client(
'keystone').auth_ref.project_domain_id
self.clients = self.context.clients self.clients = self.context.clients

View File

@ -94,7 +94,8 @@ class FakeKeystoneClient(object):
def __init__(self, username='test_username', password='password', def __init__(self, username='test_username', password='password',
user_id='1234', access='4567', secret='8901', user_id='1234', access='4567', secret='8901',
credential_id='abcdxyz', auth_token='abcd1234', credential_id='abcdxyz', auth_token='abcd1234',
context=None, stack_domain_id='4321', roles=None): context=None, stack_domain_id='4321', roles=None,
user_domain_id=None, project_domain_id=None):
self.username = username self.username = username
self.password = password self.password = password
self.user_id = user_id self.user_id = user_id
@ -107,6 +108,8 @@ class FakeKeystoneClient(object):
self.v3_endpoint = 'http://localhost:5000/v3' self.v3_endpoint = 'http://localhost:5000/v3'
self.stack_domain_id = stack_domain_id self.stack_domain_id = stack_domain_id
self.roles = roles or [] self.roles = roles or []
self.user_domain_id = user_domain_id
self.project_domain_id = project_domain_id
class FakeCred(object): class FakeCred(object):
id = self.credential_id id = self.credential_id
@ -194,17 +197,29 @@ class FakeKeystoneClient(object):
@property @property
def auth_ref(self): def auth_ref(self):
return FakeAccessInfo(roles=self.roles) return FakeAccessInfo(roles=self.roles,
user_domain=self.user_domain_id,
project_domain=self.project_domain_id)
class FakeAccessInfo(object): class FakeAccessInfo(object):
def __init__(self, roles): def __init__(self, roles, user_domain, project_domain):
self.roles = roles self.roles = roles
self.user_domain = user_domain
self.project_domain = project_domain
@property @property
def role_names(self): def role_names(self):
return self.roles return self.roles
@property
def user_domain_id(self):
return self.user_domain
@property
def project_domain_id(self):
return self.project_domain
class FakeEventSink(object): class FakeEventSink(object):