From b36b5350589f9a8e56229e98d5dbc89cc354dc91 Mon Sep 17 00:00:00 2001 From: Rabi Mishra Date: Tue, 5 Jan 2016 09:50:28 +0530 Subject: [PATCH] Use user_domain for password auth_plugin Use available user_domain for password auth_plugin. Change-Id: Ibb15367f7ac54a565319c6097e4d6f12b07ebd7e --- heat/common/auth_password.py | 3 ++- heat/common/context.py | 4 ++-- heat/tests/clients/test_heat_client.py | 3 ++- heat/tests/test_auth_password.py | 9 ++++++--- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/heat/common/auth_password.py b/heat/common/auth_password.py index 6cfa66580..3e25dd7a1 100644 --- a/heat/common/auth_password.py +++ b/heat/common/auth_password.py @@ -43,12 +43,13 @@ class KeystonePasswordAuthProtocol(object): # Determine tenant id from path. tenant = env.get('PATH_INFO').split('/')[1] auth_url = env.get('HTTP_X_AUTH_URL') - + user_domain_id = env.get('HTTP_X_USER_DOMAIN_ID') if not tenant: return self._reject_request(env, start_response, auth_url) try: ctx = context.RequestContext(username=username, password=password, tenant_id=tenant, auth_url=auth_url, + user_domain_id=user_domain_id, is_admin=False) auth_ref = ctx.auth_plugin.get_access(self.session) except (keystone_exceptions.Unauthorized, diff --git a/heat/common/context.py b/heat/common/context.py index 4901d0602..6863b86f1 100644 --- a/heat/common/context.py +++ b/heat/common/context.py @@ -188,7 +188,7 @@ class RequestContext(context.RequestContext): self._trusts_auth_plugin = v3.Password( username=cfg.CONF.keystone_authtoken.admin_user, password=cfg.CONF.keystone_authtoken.admin_password, - user_domain_id='default', + user_domain_id=self.user_domain, auth_url=self.keystone_v3_endpoint, trust_id=self.trust_id) return self._trusts_auth_plugin @@ -213,7 +213,7 @@ class RequestContext(context.RequestContext): return v3.Password(username=self.username, password=self.password, project_id=self.tenant_id, - user_domain_id='default', + user_domain_id=self.user_domain, auth_url=self.keystone_v3_endpoint) LOG.error(_LE("Keystone v3 API connection failed, no password " diff --git a/heat/tests/clients/test_heat_client.py b/heat/tests/clients/test_heat_client.py index c32bf5392..4e39f6aac 100644 --- a/heat/tests/clients/test_heat_client.py +++ b/heat/tests/clients/test_heat_client.py @@ -115,7 +115,7 @@ class KeystoneClientTest(common.HeatTestCase): username='test_username', password='password', project_id=project_id or 'test_tenant_id', - user_domain_id='default') + user_domain_id='adomain123') elif method == 'trust': p = ks_auth.load_from_conf_options(cfg.CONF, @@ -459,6 +459,7 @@ class KeystoneClientTest(common.HeatTestCase): ctx = utils.dummy_context() ctx.auth_token = None ctx.trust_id = None + ctx.user_domain = 'adomain123' heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) client = heat_ks_client.client self.assertIsNotNone(client) diff --git a/heat/tests/test_auth_password.py b/heat/tests/test_auth_password.py index 31cddeb31..044c23e0c 100644 --- a/heat/tests/test_auth_password.py +++ b/heat/tests/test_auth_password.py @@ -126,7 +126,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): auth_url=self.config['auth_uri'], password='goodpassword', project_id='tenant_id1', - user_domain_id='default', + user_domain_id='domain1', username='user_name1').AndReturn(mock_auth) m = mock_auth.get_access(mox.IsA(ks_session.Session)) @@ -138,6 +138,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): req.headers['X_AUTH_USER'] = 'user_name1' req.headers['X_AUTH_KEY'] = 'goodpassword' req.headers['X_AUTH_URL'] = self.config['auth_uri'] + req.headers['X_USER_DOMAIN_ID'] = 'domain1' self.middleware(req.environ, self._start_fake_response) self.m.VerifyAll() @@ -148,7 +149,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): ks_v3_auth.Password(auth_url=self.config['auth_uri'], password='goodpassword', project_id='tenant_id1', - user_domain_id='default', + user_domain_id='domain1', username='user_name1').AndReturn(mock_auth) m = mock_auth.get_access(mox.IsA(ks_session.Session)) @@ -162,6 +163,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): req.headers['X_AUTH_USER'] = 'user_name1' req.headers['X_AUTH_KEY'] = 'goodpassword' req.headers['X_AUTH_URL'] = self.config['auth_uri'] + req.headers['X_USER_DOMAIN_ID'] = 'domain1' self.middleware(req.environ, self._start_fake_response) self.m.VerifyAll() @@ -171,7 +173,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): m = ks_v3_auth.Password(auth_url=self.config['auth_uri'], password='badpassword', project_id='tenant_id1', - user_domain_id='default', + user_domain_id='domain1', username='user_name1') m.AndRaise(keystone_exc.Unauthorized(401)) @@ -180,6 +182,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): req.headers['X_AUTH_USER'] = 'user_name1' req.headers['X_AUTH_KEY'] = 'badpassword' req.headers['X_AUTH_URL'] = self.config['auth_uri'] + req.headers['X_USER_DOMAIN_ID'] = 'domain1' self.middleware(req.environ, self._start_fake_response) self.m.VerifyAll() self.assertEqual(401, self.response_status)