From 2105d1e3a28cde093edb7836ba716539cbb62f34 Mon Sep 17 00:00:00 2001 From: QI ZHANG Date: Wed, 19 Nov 2014 14:50:31 +0800 Subject: [PATCH] Pickup the region name passed in from heatclient For standalone heat operation, middleware will need to set the region from the X-Region-Name header. Then the keystoneclient will use this region_name instead of the heat_region_name config option. Closes-Bug: 1223068 Change-Id: Ia859e67cf8c6e0d1ed9d9e7f5eab2d138c6421ef --- heat/common/context.py | 11 +++++-- heat/common/heat_keystoneclient.py | 7 +++-- .../versions/049_user_creds_region_name.py | 31 +++++++++++++++++++ heat/db/sqlalchemy/models.py | 1 + heat/tests/db/test_migrations.py | 3 ++ heat/tests/test_common_context.py | 9 ++++-- heat/tests/test_heatclient.py | 26 ++++++++++++++-- heat/tests/test_sqlalchemy_api.py | 4 +++ heat/tests/utils.py | 5 +-- 9 files changed, 84 insertions(+), 13 deletions(-) create mode 100644 heat/db/sqlalchemy/migrate_repo/versions/049_user_creds_region_name.py diff --git a/heat/common/context.py b/heat/common/context.py index f612d2c45..c6df51c97 100644 --- a/heat/common/context.py +++ b/heat/common/context.py @@ -34,7 +34,8 @@ class RequestContext(context.RequestContext): tenant_id=None, auth_url=None, roles=None, is_admin=None, read_only=False, show_deleted=False, overwrite=True, trust_id=None, trustor_user_id=None, - request_id=None, auth_token_info=None, **kwargs): + request_id=None, auth_token_info=None, region_name=None, + **kwargs): """ :param overwrite: Set to False to ensure that the greenthread local copy of the index is not overwritten. @@ -52,6 +53,7 @@ class RequestContext(context.RequestContext): self.username = username self.user_id = user_id self.password = password + self.region_name = region_name self.aws_creds = aws_creds self.tenant_id = tenant_id self.auth_token_info = auth_token_info @@ -101,7 +103,8 @@ class RequestContext(context.RequestContext): 'is_admin': self.is_admin, 'user': self.user, 'request_id': self.request_id, - 'show_deleted': self.show_deleted} + 'show_deleted': self.show_deleted, + 'region_name': self.region_name} @classmethod def from_dict(cls, values): @@ -151,6 +154,7 @@ class ContextMiddleware(wsgi.Middleware): token = headers.get('X-Auth-Token') tenant = headers.get('X-Tenant-Name') tenant_id = headers.get('X-Tenant-Id') + region_name = headers.get('X-Region-Name') auth_url = headers.get('X-Auth-Url') roles = headers.get('X-Roles') if roles is not None: @@ -170,7 +174,8 @@ class ContextMiddleware(wsgi.Middleware): auth_url=auth_url, roles=roles, request_id=req_id, - auth_token_info=token_info) + auth_token_info=token_info, + region_name=region_name) def ContextMiddleware_filter_factory(global_conf, **local_conf): diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py index ba1bf5e16..5713043b7 100644 --- a/heat/common/heat_keystoneclient.py +++ b/heat/common/heat_keystoneclient.py @@ -401,8 +401,8 @@ class KeystoneClientV3(object): body = {'auth': {'scope': {'project': {'id': project_id}}, 'identity': {'password': {'user': { - 'domain': domain, - 'password': password, 'name': username}}, + 'domain': domain, + 'password': password, 'name': username}}, 'methods': ['password']}}} t = sess.post(token_url, headers=headers, json=body, authenticated=False) @@ -656,7 +656,8 @@ class KeystoneClientV3(object): self.domain_admin_client.users.update(user=user_id, enabled=True) def url_for(self, **kwargs): - default_region_name = cfg.CONF.region_name_for_services + default_region_name = (self.context.region_name or + cfg.CONF.region_name_for_services) kwargs.setdefault('region_name', default_region_name) return self.client.service_catalog.url_for(**kwargs) diff --git a/heat/db/sqlalchemy/migrate_repo/versions/049_user_creds_region_name.py b/heat/db/sqlalchemy/migrate_repo/versions/049_user_creds_region_name.py new file mode 100644 index 000000000..6b030e1f9 --- /dev/null +++ b/heat/db/sqlalchemy/migrate_repo/versions/049_user_creds_region_name.py @@ -0,0 +1,31 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import sqlalchemy + + +def upgrade(migrate_engine): + meta = sqlalchemy.MetaData(bind=migrate_engine) + + user_creds = sqlalchemy.Table('user_creds', meta, autoload=True) + + region_name = sqlalchemy.Column('region_name', + sqlalchemy.String(length=255)) + region_name.create(user_creds) + + +def downgrade(migrate_engine): + meta = sqlalchemy.MetaData(bind=migrate_engine) + + user_creds = sqlalchemy.Table('user_creds', meta, autoload=True) + user_creds.c.region_name.drop() diff --git a/heat/db/sqlalchemy/models.py b/heat/db/sqlalchemy/models.py index 65e00c79d..877c54a1b 100644 --- a/heat/db/sqlalchemy/models.py +++ b/heat/db/sqlalchemy/models.py @@ -164,6 +164,7 @@ class UserCreds(BASE, HeatBase): id = sqlalchemy.Column(sqlalchemy.Integer, primary_key=True) username = sqlalchemy.Column(sqlalchemy.String(255)) password = sqlalchemy.Column(sqlalchemy.String(255)) + region_name = sqlalchemy.Column(sqlalchemy.String(255)) decrypt_method = sqlalchemy.Column(sqlalchemy.String(64)) tenant = sqlalchemy.Column(sqlalchemy.String(1024)) auth_url = sqlalchemy.Column(sqlalchemy.Text) diff --git a/heat/tests/db/test_migrations.py b/heat/tests/db/test_migrations.py index 7a6eeda85..ddb70a5af 100644 --- a/heat/tests/db/test_migrations.py +++ b/heat/tests/db/test_migrations.py @@ -306,6 +306,9 @@ class HeatMigrationsCheckers(test_migrations.WalkVersionsMixin, self.assertEqual(3, n_depth('1e9deba9-a305-5f29-84d3-c8165647c47e')) self.assertEqual(0, n_depth('1a4bd1ec-8b21-56cd-964a-f66cb1cfa2f9')) + def _check_049(self, engine, data): + self.assertColumnExists(engine, 'user_creds', 'region_name') + class TestHeatMigrationsMySQL(HeatMigrationsCheckers, test_base.MySQLOpportunisticTestCase): diff --git a/heat/tests/test_common_context.py b/heat/tests/test_common_context.py index 666346577..00101528a 100644 --- a/heat/tests/test_common_context.py +++ b/heat/tests/test_common_context.py @@ -42,7 +42,8 @@ class TestRequestContext(common.HeatTestCase): 'user_id': 'fooUser', 'tenant': 'atenant', 'auth_url': 'http://xyz', - 'aws_creds': 'blah'} + 'aws_creds': 'blah', + 'region_name': 'regionOne'} super(TestRequestContext, self).setUp() @@ -59,7 +60,11 @@ class TestRequestContext(common.HeatTestCase): roles=self.ctx.get('roles'), show_deleted=self.ctx.get('show_deleted'), is_admin=self.ctx.get('is_admin'), - auth_token_info=self.ctx.get('auth_token_info')) + auth_token_info=self.ctx.get('auth_token_info'), + trustor_user_id=self.ctx.get('trustor_user_id'), + trust_id=self.ctx.get('trust_id'), + user=self.ctx.get('user'), + region_name=self.ctx.get('region_name')) ctx_dict = ctx.to_dict() del(ctx_dict['request_id']) self.assertEqual(self.ctx, ctx_dict) diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py index 3cd522639..76a9d0e5f 100644 --- a/heat/tests/test_heatclient.py +++ b/heat/tests/test_heatclient.py @@ -1413,7 +1413,7 @@ class KeystoneClientTest(common.HeatTestCase): self.assertIsNone(heat_ks_client.delete_stack_domain_project( project_id='aprojectid')) - def _test_url_for(self, service_url, expected_kwargs, **kwargs): + def _test_url_for(self, service_url, expected_kwargs, ctx=None, **kwargs): """ Helper function for testing url_for depending on different ways to pass region name. @@ -1424,7 +1424,7 @@ class KeystoneClientTest(common.HeatTestCase): .AndReturn(service_url) self.m.ReplayAll() - ctx = utils.dummy_context() + ctx = ctx or utils.dummy_context() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertEqual(heat_ks_client.url_for(**kwargs), service_url) self.m.VerifyAll() @@ -1451,7 +1451,7 @@ class KeystoneClientTest(common.HeatTestCase): kwargs = { 'region_name': 'RegionTwo' } - self._test_url_for(service_url, kwargs, **kwargs) + self._test_url_for(service_url, kwargs, None, **kwargs) def test_url_for_with_region_name_from_config(self): """ @@ -1467,6 +1467,26 @@ class KeystoneClientTest(common.HeatTestCase): service_url = 'http://regionone.example.com:1234/v1' self._test_url_for(service_url, kwargs) + def test_url_for_with_region_name_from_context(self): + """ + Test that default region name for services from context is passed + if region name is not specified in arguments. + """ + cfg.CONF.set_override('region_name_for_services', 'RegionOne') + service_url = 'http://regiontwo.example.com:1234/v1' + region_name_for_services = 'RegionTwo' + expected_kwargs = { + 'region_name': region_name_for_services + } + ctx = utils.dummy_context('test_username', + 'test_tenant_id', + 'password', + None, + None, + None, + region_name_for_services) + self._test_url_for(service_url, expected_kwargs, ctx) + class KeystoneClientTestDomainName(KeystoneClientTest): def setUp(self): diff --git a/heat/tests/test_sqlalchemy_api.py b/heat/tests/test_sqlalchemy_api.py index 449a01e4f..ebdbcc0d4 100644 --- a/heat/tests/test_sqlalchemy_api.py +++ b/heat/tests/test_sqlalchemy_api.py @@ -742,6 +742,7 @@ class SqlAlchemyTest(common.HeatTestCase): def test_user_creds_password(self): self.ctx.trust_id = None + self.ctx.region_name = 'regionOne' db_creds = db_api.user_creds_create(self.ctx) load_creds = db_api.user_creds_get(db_creds.id) @@ -749,6 +750,7 @@ class SqlAlchemyTest(common.HeatTestCase): self.assertEqual('password', load_creds.get('password')) self.assertEqual('test_tenant', load_creds.get('tenant')) self.assertEqual('test_tenant_id', load_creds.get('tenant_id')) + self.assertEqual('regionOne', load_creds.get('region_name')) self.assertIsNotNone(load_creds.get('created_at')) self.assertIsNone(load_creds.get('updated_at')) self.assertEqual('http://server.test:5000/v2.0', @@ -780,12 +782,14 @@ class SqlAlchemyTest(common.HeatTestCase): self.ctx.username = None self.ctx.password = None self.ctx.trust_id = None + self.ctx.region_name = None db_creds = db_api.user_creds_create(self.ctx) load_creds = db_api.user_creds_get(db_creds.id) self.assertIsNone(load_creds.get('username')) self.assertIsNone(load_creds.get('password')) self.assertIsNone(load_creds.get('trust_id')) + self.assertIsNone(load_creds.get('region_name')) def test_software_config_create(self): tenant_id = self.ctx.tenant_id diff --git a/heat/tests/utils.py b/heat/tests/utils.py index 494b2e764..b7a071f39 100644 --- a/heat/tests/utils.py +++ b/heat/tests/utils.py @@ -68,7 +68,7 @@ def reset_dummy_db(): def dummy_context(user='test_username', tenant_id='test_tenant_id', password='password', roles=None, user_id=None, - trust_id=None): + trust_id=None, region_name=None): roles = roles or [] return context.RequestContext.from_dict({ 'tenant_id': tenant_id, @@ -80,7 +80,8 @@ def dummy_context(user='test_username', tenant_id='test_tenant_id', 'is_admin': False, 'auth_url': 'http://server.test:5000/v2.0', 'auth_token': 'abcd1234', - 'trust_id': trust_id + 'trust_id': trust_id, + 'region_name': region_name })