Support unversioned keystone endpoints
As far as keystone v2 will be deprecated soon murano will support unversioned keystone endpoints. Additional work and final switch to Identity API v3 in devstack should be done when all components will switch to it. Change-Id: I062f1b3b3372f502f20a976cde432f22c2489480
This commit is contained in:
parent
25416ac6d4
commit
93db837330
devstack
murano
murano_tempest_tests
releasenotes/notes
@ -136,7 +136,7 @@ function configure_murano {
|
||||
#-------------------------
|
||||
|
||||
# Setup keystone_authtoken section
|
||||
iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
|
||||
iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000"
|
||||
iniset $MURANO_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $MURANO_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $MURANO_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
@ -154,7 +154,7 @@ function configure_murano {
|
||||
iniset $MURANO_CONF_FILE database connection `database_connection_url murano`
|
||||
|
||||
# Configure keystone auth url
|
||||
iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
|
||||
iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000"
|
||||
|
||||
# Configure Murano API URL
|
||||
iniset $MURANO_CONF_FILE murano url "http://127.0.0.1:8082"
|
||||
@ -179,7 +179,7 @@ function install_murano_apps() {
|
||||
murano --os-username $OS_USERNAME \
|
||||
--os-password $OS_PASSWORD \
|
||||
--os-tenant-name $OS_PROJECT_NAME \
|
||||
--os-auth-url http://$KEYSTONE_AUTH_HOST:5000/v2.0 \
|
||||
--os-auth-url http://$KEYSTONE_AUTH_HOST:5000 \
|
||||
--murano-url http://127.0.0.1:8082 \
|
||||
package-import \
|
||||
--is-public \
|
||||
@ -198,7 +198,7 @@ function configure_service_broker {
|
||||
iniset $MURANO_CONF_FILE cfapi tenant "$MURANO_CFAPI_DEFAULT_TENANT"
|
||||
iniset $MURANO_CONF_FILE cfapi bind_host "$MURANO_SERVICE_HOST"
|
||||
iniset $MURANO_CONF_FILE cfapi bind_port "$MURANO_CFAPI_SERVICE_PORT"
|
||||
iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
|
||||
iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000"
|
||||
}
|
||||
|
||||
|
||||
|
@ -14,7 +14,9 @@
|
||||
|
||||
import base64
|
||||
|
||||
from keystoneclient.auth.identity import v3
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import session as ks_session
|
||||
from keystoneclient.v3 import client
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
@ -33,11 +35,15 @@ class ExternalContextMiddleware(wsgi.Middleware):
|
||||
# section related to Cloud Foundry service broker is probably a duct
|
||||
# tape and should be rewritten as soon as we get more non-OpenStack
|
||||
# services as murano recipients.
|
||||
keystone = client.Client(username=user,
|
||||
password=password,
|
||||
project_name=CONF.cfapi.tenant,
|
||||
auth_url=CONF.cfapi.auth_url.replace(
|
||||
'v2.0', 'v3'))
|
||||
|
||||
kwargs = {'auth_url': CONF.cfapi.auth_url.replace('v2.0', 'v3'),
|
||||
'username': user,
|
||||
'password': password,
|
||||
'project_name': CONF.cfapi.tenant}
|
||||
password_auth = v3.Password(**kwargs)
|
||||
session = ks_session.Session(auth=password_auth)
|
||||
keystone = client.Client(session=session)
|
||||
|
||||
return keystone.auth_token
|
||||
|
||||
def process_request(self, req):
|
||||
|
@ -21,7 +21,7 @@ murano_group = cfg.OptGroup(name='murano', title="murano")
|
||||
|
||||
MuranoGroup = [
|
||||
cfg.StrOpt('auth_url',
|
||||
default='http://127.0.0.1:5000/v2.0/',
|
||||
default='http://127.0.0.1:5000',
|
||||
help="keystone url"),
|
||||
cfg.StrOpt('user',
|
||||
default='admin',
|
||||
|
@ -43,11 +43,6 @@ ApplicationCatalogGroup = [
|
||||
"If no such region is found in the service catalog, "
|
||||
"the first found one is used."),
|
||||
|
||||
cfg.StrOpt("identity_version",
|
||||
default="v2",
|
||||
help="Default identity version for "
|
||||
"REST client authentication."),
|
||||
|
||||
cfg.StrOpt("catalog_type",
|
||||
default="application-catalog",
|
||||
help="Catalog type of Application Catalog."),
|
||||
@ -74,11 +69,6 @@ ServiceBrokerGroup = [
|
||||
default=False,
|
||||
help="Defines whether run service broker api tests or not"),
|
||||
|
||||
cfg.StrOpt("identity_version",
|
||||
default="v2",
|
||||
help="Default identity version for "
|
||||
"REST client authentication."),
|
||||
|
||||
cfg.StrOpt("catalog_type",
|
||||
default="service-broker",
|
||||
help="Catalog type of Service Broker API"),
|
||||
|
@ -39,14 +39,13 @@ class BaseApplicationCatalogTest(test.BaseTestCase):
|
||||
|
||||
@classmethod
|
||||
def get_configured_isolated_creds(cls, type_of_creds='admin'):
|
||||
|
||||
identity_version = cls.get_identity_version()
|
||||
if identity_version == 'v3':
|
||||
cls.admin_role = CONF.identity.admin_role
|
||||
else:
|
||||
cls.admin_role = 'admin'
|
||||
cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
|
||||
identity_version=CONF.application_catalog.identity_version,
|
||||
identity_version=CONF.identity.auth_version,
|
||||
name=cls.__name__, admin_role=cls.admin_role,
|
||||
admin_creds=common_creds.get_configured_credentials(
|
||||
'identity_admin'))
|
||||
|
@ -34,7 +34,7 @@ class BaseServiceBrokerTest(test.BaseTestCase):
|
||||
type_of_creds="admin"):
|
||||
|
||||
cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
|
||||
identity_version=CONF.service_broker.identity_version,
|
||||
identity_version=CONF.identity.auth_version,
|
||||
name=cls.__name__)
|
||||
if "admin" in type_of_creds:
|
||||
creds = cls.dynamic_cred.get_admin_creds()
|
||||
|
3
releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml
Normal file
3
releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
fixes:
|
||||
-Fixed incorrect murano behaviour if deployed on devstack with keystone v3 by
|
||||
default.
|
Loading…
x
Reference in New Issue
Block a user