Merge "Use user_domain for password auth_plugin"

2016-01-12 14:16:40 +00:00 · 2016-01-12 14:16:40 +00:00 · f03483c582
parent a3fd611536 b36b535058
commit f03483c582
4 changed files with 12 additions and 7 deletions
--- a/heat/common/auth_password.py
+++ b/heat/common/auth_password.py
@ -43,12 +43,13 @@ class KeystonePasswordAuthProtocol(object):
        # Determine tenant id from path.
        tenant = env.get('PATH_INFO').split('/')[1]
        auth_url = env.get('HTTP_X_AUTH_URL')
-
+        user_domain_id = env.get('HTTP_X_USER_DOMAIN_ID')
        if not tenant:
            return self._reject_request(env, start_response, auth_url)
        try:
            ctx = context.RequestContext(username=username, password=password,
                                         tenant_id=tenant, auth_url=auth_url,
+                                         user_domain_id=user_domain_id,
                                         is_admin=False)
            auth_ref = ctx.auth_plugin.get_access(self.session)
        except (keystone_exceptions.Unauthorized,
--- a/heat/common/context.py
+++ b/heat/common/context.py
@ -187,7 +187,7 @@ class RequestContext(context.RequestContext):
        self._trusts_auth_plugin = v3.Password(
            username=cfg.CONF.keystone_authtoken.admin_user,
            password=cfg.CONF.keystone_authtoken.admin_password,
-            user_domain_id='default',
+            user_domain_id=self.user_domain,
            auth_url=self.keystone_v3_endpoint,
            trust_id=self.trust_id)
        return self._trusts_auth_plugin
@ -212,7 +212,7 @@ class RequestContext(context.RequestContext):
            return v3.Password(username=self.username,
                               password=self.password,
                               project_id=self.tenant_id,
-                               user_domain_id='default',
+                               user_domain_id=self.user_domain,
                               auth_url=self.keystone_v3_endpoint)

        LOG.error(_LE("Keystone v3 API connection failed, no password "
--- a/heat/tests/clients/test_heat_client.py
+++ b/heat/tests/clients/test_heat_client.py
@ -115,7 +115,7 @@ class KeystoneClientTest(common.HeatTestCase):
                                    username='test_username',
                                    password='password',
                                    project_id=project_id or 'test_tenant_id',
-                                    user_domain_id='default')
+                                    user_domain_id='adomain123')

        elif method == 'trust':
            p = ks_auth.load_from_conf_options(cfg.CONF,
@ -459,6 +459,7 @@ class KeystoneClientTest(common.HeatTestCase):
        ctx = utils.dummy_context()
        ctx.auth_token = None
        ctx.trust_id = None
+        ctx.user_domain = 'adomain123'
        heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
        client = heat_ks_client.client
        self.assertIsNotNone(client)
--- a/heat/tests/test_auth_password.py
+++ b/heat/tests/test_auth_password.py
@ -126,7 +126,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
            auth_url=self.config['auth_uri'],
            password='goodpassword',
            project_id='tenant_id1',
-            user_domain_id='default',
+            user_domain_id='domain1',
            username='user_name1').AndReturn(mock_auth)

        m = mock_auth.get_access(mox.IsA(ks_session.Session))
@ -138,6 +138,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
        req.headers['X_AUTH_USER'] = 'user_name1'
        req.headers['X_AUTH_KEY'] = 'goodpassword'
        req.headers['X_AUTH_URL'] = self.config['auth_uri']
+        req.headers['X_USER_DOMAIN_ID'] = 'domain1'
        self.middleware(req.environ, self._start_fake_response)
        self.m.VerifyAll()

@ -148,7 +149,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
        ks_v3_auth.Password(auth_url=self.config['auth_uri'],
                            password='goodpassword',
                            project_id='tenant_id1',
-                            user_domain_id='default',
+                            user_domain_id='domain1',
                            username='user_name1').AndReturn(mock_auth)

        m = mock_auth.get_access(mox.IsA(ks_session.Session))
@ -162,6 +163,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
        req.headers['X_AUTH_USER'] = 'user_name1'
        req.headers['X_AUTH_KEY'] = 'goodpassword'
        req.headers['X_AUTH_URL'] = self.config['auth_uri']
+        req.headers['X_USER_DOMAIN_ID'] = 'domain1'
        self.middleware(req.environ, self._start_fake_response)
        self.m.VerifyAll()

@ -171,7 +173,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
        m = ks_v3_auth.Password(auth_url=self.config['auth_uri'],
                                password='badpassword',
                                project_id='tenant_id1',
-                                user_domain_id='default',
+                                user_domain_id='domain1',
                                username='user_name1')
        m.AndRaise(keystone_exc.Unauthorized(401))

@ -180,6 +182,7 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
        req.headers['X_AUTH_USER'] = 'user_name1'
        req.headers['X_AUTH_KEY'] = 'badpassword'
        req.headers['X_AUTH_URL'] = self.config['auth_uri']
+        req.headers['X_USER_DOMAIN_ID'] = 'domain1'
        self.middleware(req.environ, self._start_fake_response)
        self.m.VerifyAll()
        self.assertEqual(401, self.response_status)