Make sure create ceilometer alarm successful
If enable re-auth, we will use the stored context instead of request context, then we can't create ceilometer alarm resource. There are two problems when create ceilometer client: 1. the stored context has no domain info, an error raised from keystone: BadRequest: Expecting to find domain in project. So this patch will retrive the user/project domain ids from the auth_ref. 2. after fix the first problem, then another error raised from keystone: Forbidden: You are not authorized to perform the requested action. Due keystone doesn't allow to create a token by a trust-scoped token when get aodh endpoint. So this patch will pass 'aodh_endpoint' to ceilometer client to avoid this. Change-Id: I44ed5c10b6dec6f39714f4f74cf51a10ef6104a6 Closes-Bug: #1531406
This commit is contained in:
parent
3bbfb3e69d
commit
20214477c8
@ -24,7 +24,7 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
|
|||||||
|
|
||||||
exceptions_module = [exc, api_exc]
|
exceptions_module = [exc, api_exc]
|
||||||
|
|
||||||
service_types = [METERING] = ['metering']
|
service_types = [METERING, ALARMING] = ['metering', 'alarming']
|
||||||
|
|
||||||
def _create(self):
|
def _create(self):
|
||||||
|
|
||||||
@ -32,6 +32,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
|
|||||||
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
|
endpoint_type = self._get_client_option(CLIENT_NAME, 'endpoint_type')
|
||||||
endpoint = self.url_for(service_type=self.METERING,
|
endpoint = self.url_for(service_type=self.METERING,
|
||||||
endpoint_type=endpoint_type)
|
endpoint_type=endpoint_type)
|
||||||
|
aodh_endpoint = self.url_for(service_type=self.ALARMING,
|
||||||
|
endpoint_type=endpoint_type)
|
||||||
args = {
|
args = {
|
||||||
'auth_url': con.auth_url,
|
'auth_url': con.auth_url,
|
||||||
'service_type': self.METERING,
|
'service_type': self.METERING,
|
||||||
@ -44,7 +46,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
|
|||||||
'cacert': self._get_client_option(CLIENT_NAME, 'ca_file'),
|
'cacert': self._get_client_option(CLIENT_NAME, 'ca_file'),
|
||||||
'cert_file': self._get_client_option(CLIENT_NAME, 'cert_file'),
|
'cert_file': self._get_client_option(CLIENT_NAME, 'cert_file'),
|
||||||
'key_file': self._get_client_option(CLIENT_NAME, 'key_file'),
|
'key_file': self._get_client_option(CLIENT_NAME, 'key_file'),
|
||||||
'insecure': self._get_client_option(CLIENT_NAME, 'insecure')
|
'insecure': self._get_client_option(CLIENT_NAME, 'insecure'),
|
||||||
|
'aodh_endpoint': aodh_endpoint
|
||||||
}
|
}
|
||||||
|
|
||||||
return cc.get_client('2', **args)
|
return cc.get_client('2', **args)
|
||||||
|
@ -205,6 +205,10 @@ class Stack(collections.Mapping):
|
|||||||
self.context = self.stored_context()
|
self.context = self.stored_context()
|
||||||
self.context.roles = self.context.clients.client(
|
self.context.roles = self.context.clients.client(
|
||||||
'keystone').auth_ref.role_names
|
'keystone').auth_ref.role_names
|
||||||
|
self.context.user_domain = self.context.clients.client(
|
||||||
|
'keystone').auth_ref.user_domain_id
|
||||||
|
self.context.project_domain = self.context.clients.client(
|
||||||
|
'keystone').auth_ref.project_domain_id
|
||||||
|
|
||||||
self.clients = self.context.clients
|
self.clients = self.context.clients
|
||||||
|
|
||||||
|
@ -94,7 +94,8 @@ class FakeKeystoneClient(object):
|
|||||||
def __init__(self, username='test_username', password='password',
|
def __init__(self, username='test_username', password='password',
|
||||||
user_id='1234', access='4567', secret='8901',
|
user_id='1234', access='4567', secret='8901',
|
||||||
credential_id='abcdxyz', auth_token='abcd1234',
|
credential_id='abcdxyz', auth_token='abcd1234',
|
||||||
context=None, stack_domain_id='4321', roles=None):
|
context=None, stack_domain_id='4321', roles=None,
|
||||||
|
user_domain_id=None, project_domain_id=None):
|
||||||
self.username = username
|
self.username = username
|
||||||
self.password = password
|
self.password = password
|
||||||
self.user_id = user_id
|
self.user_id = user_id
|
||||||
@ -107,6 +108,8 @@ class FakeKeystoneClient(object):
|
|||||||
self.v3_endpoint = 'http://localhost:5000/v3'
|
self.v3_endpoint = 'http://localhost:5000/v3'
|
||||||
self.stack_domain_id = stack_domain_id
|
self.stack_domain_id = stack_domain_id
|
||||||
self.roles = roles or []
|
self.roles = roles or []
|
||||||
|
self.user_domain_id = user_domain_id
|
||||||
|
self.project_domain_id = project_domain_id
|
||||||
|
|
||||||
class FakeCred(object):
|
class FakeCred(object):
|
||||||
id = self.credential_id
|
id = self.credential_id
|
||||||
@ -194,17 +197,29 @@ class FakeKeystoneClient(object):
|
|||||||
|
|
||||||
@property
|
@property
|
||||||
def auth_ref(self):
|
def auth_ref(self):
|
||||||
return FakeAccessInfo(roles=self.roles)
|
return FakeAccessInfo(roles=self.roles,
|
||||||
|
user_domain=self.user_domain_id,
|
||||||
|
project_domain=self.project_domain_id)
|
||||||
|
|
||||||
|
|
||||||
class FakeAccessInfo(object):
|
class FakeAccessInfo(object):
|
||||||
def __init__(self, roles):
|
def __init__(self, roles, user_domain, project_domain):
|
||||||
self.roles = roles
|
self.roles = roles
|
||||||
|
self.user_domain = user_domain
|
||||||
|
self.project_domain = project_domain
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def role_names(self):
|
def role_names(self):
|
||||||
return self.roles
|
return self.roles
|
||||||
|
|
||||||
|
@property
|
||||||
|
def user_domain_id(self):
|
||||||
|
return self.user_domain
|
||||||
|
|
||||||
|
@property
|
||||||
|
def project_domain_id(self):
|
||||||
|
return self.project_domain
|
||||||
|
|
||||||
|
|
||||||
class FakeEventSink(object):
|
class FakeEventSink(object):
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user