Use user_domain for password auth_plugin
Use available user_domain for password auth_plugin. Change-Id: Ibb15367f7ac54a565319c6097e4d6f12b07ebd7e
This commit is contained in:
parent
8e818e8823
commit
b36b535058
@ -43,12 +43,13 @@ class KeystonePasswordAuthProtocol(object):
|
|||||||
# Determine tenant id from path.
|
# Determine tenant id from path.
|
||||||
tenant = env.get('PATH_INFO').split('/')[1]
|
tenant = env.get('PATH_INFO').split('/')[1]
|
||||||
auth_url = env.get('HTTP_X_AUTH_URL')
|
auth_url = env.get('HTTP_X_AUTH_URL')
|
||||||
|
user_domain_id = env.get('HTTP_X_USER_DOMAIN_ID')
|
||||||
if not tenant:
|
if not tenant:
|
||||||
return self._reject_request(env, start_response, auth_url)
|
return self._reject_request(env, start_response, auth_url)
|
||||||
try:
|
try:
|
||||||
ctx = context.RequestContext(username=username, password=password,
|
ctx = context.RequestContext(username=username, password=password,
|
||||||
tenant_id=tenant, auth_url=auth_url,
|
tenant_id=tenant, auth_url=auth_url,
|
||||||
|
user_domain_id=user_domain_id,
|
||||||
is_admin=False)
|
is_admin=False)
|
||||||
auth_ref = ctx.auth_plugin.get_access(self.session)
|
auth_ref = ctx.auth_plugin.get_access(self.session)
|
||||||
except (keystone_exceptions.Unauthorized,
|
except (keystone_exceptions.Unauthorized,
|
||||||
|
@ -188,7 +188,7 @@ class RequestContext(context.RequestContext):
|
|||||||
self._trusts_auth_plugin = v3.Password(
|
self._trusts_auth_plugin = v3.Password(
|
||||||
username=cfg.CONF.keystone_authtoken.admin_user,
|
username=cfg.CONF.keystone_authtoken.admin_user,
|
||||||
password=cfg.CONF.keystone_authtoken.admin_password,
|
password=cfg.CONF.keystone_authtoken.admin_password,
|
||||||
user_domain_id='default',
|
user_domain_id=self.user_domain,
|
||||||
auth_url=self.keystone_v3_endpoint,
|
auth_url=self.keystone_v3_endpoint,
|
||||||
trust_id=self.trust_id)
|
trust_id=self.trust_id)
|
||||||
return self._trusts_auth_plugin
|
return self._trusts_auth_plugin
|
||||||
@ -213,7 +213,7 @@ class RequestContext(context.RequestContext):
|
|||||||
return v3.Password(username=self.username,
|
return v3.Password(username=self.username,
|
||||||
password=self.password,
|
password=self.password,
|
||||||
project_id=self.tenant_id,
|
project_id=self.tenant_id,
|
||||||
user_domain_id='default',
|
user_domain_id=self.user_domain,
|
||||||
auth_url=self.keystone_v3_endpoint)
|
auth_url=self.keystone_v3_endpoint)
|
||||||
|
|
||||||
LOG.error(_LE("Keystone v3 API connection failed, no password "
|
LOG.error(_LE("Keystone v3 API connection failed, no password "
|
||||||
|
@ -115,7 +115,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
|||||||
username='test_username',
|
username='test_username',
|
||||||
password='password',
|
password='password',
|
||||||
project_id=project_id or 'test_tenant_id',
|
project_id=project_id or 'test_tenant_id',
|
||||||
user_domain_id='default')
|
user_domain_id='adomain123')
|
||||||
|
|
||||||
elif method == 'trust':
|
elif method == 'trust':
|
||||||
p = ks_auth.load_from_conf_options(cfg.CONF,
|
p = ks_auth.load_from_conf_options(cfg.CONF,
|
||||||
@ -459,6 +459,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
|||||||
ctx = utils.dummy_context()
|
ctx = utils.dummy_context()
|
||||||
ctx.auth_token = None
|
ctx.auth_token = None
|
||||||
ctx.trust_id = None
|
ctx.trust_id = None
|
||||||
|
ctx.user_domain = 'adomain123'
|
||||||
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
|
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
|
||||||
client = heat_ks_client.client
|
client = heat_ks_client.client
|
||||||
self.assertIsNotNone(client)
|
self.assertIsNotNone(client)
|
||||||
|
@ -126,7 +126,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
|||||||
auth_url=self.config['auth_uri'],
|
auth_url=self.config['auth_uri'],
|
||||||
password='goodpassword',
|
password='goodpassword',
|
||||||
project_id='tenant_id1',
|
project_id='tenant_id1',
|
||||||
user_domain_id='default',
|
user_domain_id='domain1',
|
||||||
username='user_name1').AndReturn(mock_auth)
|
username='user_name1').AndReturn(mock_auth)
|
||||||
|
|
||||||
m = mock_auth.get_access(mox.IsA(ks_session.Session))
|
m = mock_auth.get_access(mox.IsA(ks_session.Session))
|
||||||
@ -138,6 +138,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
|||||||
req.headers['X_AUTH_USER'] = 'user_name1'
|
req.headers['X_AUTH_USER'] = 'user_name1'
|
||||||
req.headers['X_AUTH_KEY'] = 'goodpassword'
|
req.headers['X_AUTH_KEY'] = 'goodpassword'
|
||||||
req.headers['X_AUTH_URL'] = self.config['auth_uri']
|
req.headers['X_AUTH_URL'] = self.config['auth_uri']
|
||||||
|
req.headers['X_USER_DOMAIN_ID'] = 'domain1'
|
||||||
self.middleware(req.environ, self._start_fake_response)
|
self.middleware(req.environ, self._start_fake_response)
|
||||||
self.m.VerifyAll()
|
self.m.VerifyAll()
|
||||||
|
|
||||||
@ -148,7 +149,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
|||||||
ks_v3_auth.Password(auth_url=self.config['auth_uri'],
|
ks_v3_auth.Password(auth_url=self.config['auth_uri'],
|
||||||
password='goodpassword',
|
password='goodpassword',
|
||||||
project_id='tenant_id1',
|
project_id='tenant_id1',
|
||||||
user_domain_id='default',
|
user_domain_id='domain1',
|
||||||
username='user_name1').AndReturn(mock_auth)
|
username='user_name1').AndReturn(mock_auth)
|
||||||
|
|
||||||
m = mock_auth.get_access(mox.IsA(ks_session.Session))
|
m = mock_auth.get_access(mox.IsA(ks_session.Session))
|
||||||
@ -162,6 +163,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
|||||||
req.headers['X_AUTH_USER'] = 'user_name1'
|
req.headers['X_AUTH_USER'] = 'user_name1'
|
||||||
req.headers['X_AUTH_KEY'] = 'goodpassword'
|
req.headers['X_AUTH_KEY'] = 'goodpassword'
|
||||||
req.headers['X_AUTH_URL'] = self.config['auth_uri']
|
req.headers['X_AUTH_URL'] = self.config['auth_uri']
|
||||||
|
req.headers['X_USER_DOMAIN_ID'] = 'domain1'
|
||||||
self.middleware(req.environ, self._start_fake_response)
|
self.middleware(req.environ, self._start_fake_response)
|
||||||
self.m.VerifyAll()
|
self.m.VerifyAll()
|
||||||
|
|
||||||
@ -171,7 +173,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
|||||||
m = ks_v3_auth.Password(auth_url=self.config['auth_uri'],
|
m = ks_v3_auth.Password(auth_url=self.config['auth_uri'],
|
||||||
password='badpassword',
|
password='badpassword',
|
||||||
project_id='tenant_id1',
|
project_id='tenant_id1',
|
||||||
user_domain_id='default',
|
user_domain_id='domain1',
|
||||||
username='user_name1')
|
username='user_name1')
|
||||||
m.AndRaise(keystone_exc.Unauthorized(401))
|
m.AndRaise(keystone_exc.Unauthorized(401))
|
||||||
|
|
||||||
@ -180,6 +182,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
|||||||
req.headers['X_AUTH_USER'] = 'user_name1'
|
req.headers['X_AUTH_USER'] = 'user_name1'
|
||||||
req.headers['X_AUTH_KEY'] = 'badpassword'
|
req.headers['X_AUTH_KEY'] = 'badpassword'
|
||||||
req.headers['X_AUTH_URL'] = self.config['auth_uri']
|
req.headers['X_AUTH_URL'] = self.config['auth_uri']
|
||||||
|
req.headers['X_USER_DOMAIN_ID'] = 'domain1'
|
||||||
self.middleware(req.environ, self._start_fake_response)
|
self.middleware(req.environ, self._start_fake_response)
|
||||||
self.m.VerifyAll()
|
self.m.VerifyAll()
|
||||||
self.assertEqual(401, self.response_status)
|
self.assertEqual(401, self.response_status)
|
||||||
|
Loading…
Reference in New Issue
Block a user