openstack/deb-murano
Code Issues Proposed changes

Support unversioned keystone endpoints

Browse Source 
As far as keystone v2 will be deprecated soon murano will support
unversioned keystone endpoints.

Additional work and final switch to Identity API v3 in devstack should
be done when all components will switch to it.

Change-Id: I062f1b3b3372f502f20a976cde432f22c2489480
This commit is contained in:
Nikolay Starodubtsev 2016-02-08 17:14:00 +03:00
parent 25416ac6d4
commit 93db837330
7 changed files with 21 additions and 23 deletions
devstack
plugin.sh
murano
api/middleware
ext_context.py
tests/functional/engine
config.py
murano_tempest_tests
config.py
tests/api
application_catalog
base.py
service_broker
base.py
releasenotes/notes
fix-1528452-0e3bcee9bba89ffa.yaml

8
devstack/plugin.sh

@ -136,7 +136,7 @@ function configure_murano {
#-------------------------
# Setup keystone_authtoken section
iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000"
iniset $MURANO_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
iniset $MURANO_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
iniset $MURANO_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
@ -154,7 +154,7 @@ function configure_murano {
iniset $MURANO_CONF_FILE database connection `database_connection_url murano`
# Configure keystone auth url
iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000"
# Configure Murano API URL
iniset $MURANO_CONF_FILE murano url "http://127.0.0.1:8082"
@ -179,7 +179,7 @@ function install_murano_apps() {
murano --os-username $OS_USERNAME \
--os-password $OS_PASSWORD \
--os-tenant-name $OS_PROJECT_NAME \
--os-auth-url http://$KEYSTONE_AUTH_HOST:5000/v2.0 \
--os-auth-url http://$KEYSTONE_AUTH_HOST:5000 \
--murano-url http://127.0.0.1:8082 \
package-import \
--is-public \
@ -198,7 +198,7 @@ function configure_service_broker {
iniset $MURANO_CONF_FILE cfapi tenant "$MURANO_CFAPI_DEFAULT_TENANT"
iniset $MURANO_CONF_FILE cfapi bind_host "$MURANO_SERVICE_HOST"
iniset $MURANO_CONF_FILE cfapi bind_port "$MURANO_CFAPI_SERVICE_PORT"
iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
iniset $MURANO_CONF_FILE cfapi auth_url "http://${KEYSTONE_AUTH_HOST}:5000"
}

16
murano/api/middleware/ext_context.py

@ -14,7 +14,9 @@
import base64
from keystoneclient.auth.identity import v3
from keystoneclient import exceptions
from keystoneclient import session as ks_session
from keystoneclient.v3 import client
from oslo_config import cfg
from oslo_log import log
@ -33,11 +35,15 @@ class ExternalContextMiddleware(wsgi.Middleware):
# section related to Cloud Foundry service broker is probably a duct
# tape and should be rewritten as soon as we get more non-OpenStack
# services as murano recipients.
keystone = client.Client(username=user,
password=password,
project_name=CONF.cfapi.tenant,
auth_url=CONF.cfapi.auth_url.replace(
'v2.0', 'v3'))
kwargs = {'auth_url': CONF.cfapi.auth_url.replace('v2.0', 'v3'),
'username': user,
'password': password,
'project_name': CONF.cfapi.tenant}
password_auth = v3.Password(**kwargs)
session = ks_session.Session(auth=password_auth)
keystone = client.Client(session=session)
return keystone.auth_token
def process_request(self, req):

2
murano/tests/functional/engine/config.py

@ -21,7 +21,7 @@ murano_group = cfg.OptGroup(name='murano', title="murano")
MuranoGroup = [
cfg.StrOpt('auth_url',
default='http://127.0.0.1:5000/v2.0/',
default='http://127.0.0.1:5000',
help="keystone url"),
cfg.StrOpt('user',
default='admin',

10
murano_tempest_tests/config.py

@ -43,11 +43,6 @@ ApplicationCatalogGroup = [
"If no such region is found in the service catalog, "
"the first found one is used."),
cfg.StrOpt("identity_version",
default="v2",
help="Default identity version for "
"REST client authentication."),
cfg.StrOpt("catalog_type",
default="application-catalog",
help="Catalog type of Application Catalog."),
@ -74,11 +69,6 @@ ServiceBrokerGroup = [
default=False,
help="Defines whether run service broker api tests or not"),
cfg.StrOpt("identity_version",
default="v2",
help="Default identity version for "
"REST client authentication."),
cfg.StrOpt("catalog_type",
default="service-broker",
help="Catalog type of Service Broker API"),

3
murano_tempest_tests/tests/api/application_catalog/base.py

@ -39,14 +39,13 @@ class BaseApplicationCatalogTest(test.BaseTestCase):
@classmethod
def get_configured_isolated_creds(cls, type_of_creds='admin'):
identity_version = cls.get_identity_version()
if identity_version == 'v3':
cls.admin_role = CONF.identity.admin_role
else:
cls.admin_role = 'admin'
cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
identity_version=CONF.application_catalog.identity_version,
identity_version=CONF.identity.auth_version,
name=cls.__name__, admin_role=cls.admin_role,
admin_creds=common_creds.get_configured_credentials(
'identity_admin'))

2
murano_tempest_tests/tests/api/service_broker/base.py

@ -34,7 +34,7 @@ class BaseServiceBrokerTest(test.BaseTestCase):
type_of_creds="admin"):
cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
identity_version=CONF.service_broker.identity_version,
identity_version=CONF.identity.auth_version,
name=cls.__name__)
if "admin" in type_of_creds:
creds = cls.dynamic_cred.get_admin_creds()

3
releasenotes/notes/fix-1528452-0e3bcee9bba89ffa.yaml Normal file

@ -0,0 +1,3 @@
fixes:
-Fixed incorrect murano behaviour if deployed on devstack with keystone v3 by
default.