56651f1fdd
this patch adds several things to attempt (on best effort basis) to use incoming user token in the quota set request to ask Keystone if the project id the quota being set on is actualy valid: - added new [keystone] config section to hold session- and adapter-realated options for accessing Keystone enndpoint - added a token- and service catalog-based user auth plugin to the request context - use the above to construct a keystoneauth adapter for Identity service and attempt to GET on projects/{project_id} - only if the Keystone v3 catalog endpoint is not found, or the request returns 404 NotFound, we raise an error and return it as 400 BadRequest to client when attempting to change quotas for project. This behavior is enabled by setting a new [service:api]quotas-verify-project-id config option to True (default is False for backward compatibility). Change-Id: Ib14ee5b5628509b6a93be8b7bd10e734ab19ffee Depends-On: https://review.openstack.org/580142 Closes-Bug: #1760822 |
||
---|---|---|
.. | ||
designate_plugins | ||
gate | ||
upgrade | ||
exercise.sh | ||
networking_test_monitor_tc.sh | ||
networking_test.py | ||
plugin.sh | ||
README.rst | ||
settings | ||
statsd_mock_server.py |
Enabling in Devstack
WARNING: the stack.sh script must be run in a disposable VM that is not being created automatically, see the README.md file in the "devstack" repository. See contrib/vagrant to create a vagrant VM.
Download DevStack:
git clone https://git.openstack.org/openstack-dev/devstack.git cd devstack
Add this repo as an external repository:
> cat local.conf [[local|localrc]] enable_plugin designate https://git.openstack.org/openstack/designate
run
stack.sh