Fixes login failure to Horizon dashboard

This is a temporary workaround to fix a Django error preventing the Kolla Horizon login, while waiting for a fix upstream. It is part of a patch created by Matthias Runge <mrunge@redhat.com> https://review.openstack.org/gitweb?p=openstack%2Fdjango_openstack_auth.git;a=commitdiff;h=adfc494ec17ee43847d7c0c833dad9c178f29358 I've just used the patch for openstack_auth/user.py Change-Id: I2c2ad0042f9c60a839d8ee9bca904465bee9361f Closes-bug: #1469284
2015-07-13 11:05:55 +00:00 · 2015-07-13 11:05:55 +00:00 · a8cc61efcf
commit a8cc61efcf
parent adc8bc11df
3 changed files with 95 additions and 1 deletions
--- a/docker/centos/binary/horizon/Dockerfile
+++ b/docker/centos/binary/horizon/Dockerfile
@ -5,13 +5,18 @@ RUN yum -y install \
    openstack-dashboard \
    httpd \
    httpd-mod-wsgi \
+    patch \
    && yum clean all \
    && chown -R apache:apache /usr/share/openstack-dashboard/static

 # The chown is required because of this packaging bug:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1219006

+COPY config-internal.sh config-external.sh horizon-bug-1469284.patch /opt/kolla/
+# TODO(mduggan): Need to remove this patch once a fix for
+# https://bugs.launchpad.net/kolla/+bug/1469284 becomes available upstream.
+# Review for this bug is at https://review.openstack.org/#/c/167981/
+RUN patch /usr/lib/python2.7/site-packages/openstack_auth/user.py < /opt/kolla/horizon-bug-1469284.patch
 ADD ./start.sh /start.sh
-COPY config-internal.sh config-external.sh /opt/kolla/

 CMD ["/start.sh"]
--- a/docker/centos/binary/horizon/horizon-bug-1469284.patch
+++ b/docker/centos/binary/horizon/horizon-bug-1469284.patch
@ -0,0 +1 @@
+../../../common/horizon/horizon-bug-1469284.patch
--- a/docker/common/horizon/horizon-bug-1469284.patch
+++ b/docker/common/horizon/horizon-bug-1469284.patch
@ -0,0 +1,88 @@
+--- /usr/lib/python2.7/site-packages/openstack_auth/user.py
+++ /usr/lib/python2.7/site-packages/openstack_auth/user.py
+@@ -16,6 +16,7 @@ import logging
+
+ from django.conf import settings
+ from django.contrib.auth import models
+from django.db import models as dbmodels
+ from keystoneclient.common import cms as keystone_cms
+ from keystoneclient import exceptions as keystone_exceptions
+
+@@ -117,7 +118,7 @@ class Token(object):
+         self.serviceCatalog = auth_ref.service_catalog.get_data()
+
+
+-class User(models.AnonymousUser):
+class User(models.AbstractBaseUser, models.PermissionsMixin):
+     """A User class with some extra special sauce for Keystone.
+
+     In addition to the standard Django user attributes, this class also has
+@@ -185,13 +186,17 @@ class User(models.AnonymousUser):
+         Unscoped Keystone token.
+
+     """
+
+    USERNAME_FIELD = 'id'
+    id = dbmodels.CharField(max_length=240, primary_key=True)
+
+     def __init__(self, id=None, token=None, user=None, tenant_id=None,
+                  service_catalog=None, tenant_name=None, roles=None,
+                  authorized_tenants=None, endpoint=None, enabled=False,
+                  services_region=None, user_domain_id=None,
+                  user_domain_name=None, domain_id=None, domain_name=None,
+                  project_id=None, project_name=None,
+-                 is_federated=False, unscoped_token=None):
+                 is_federated=False, unscoped_token=None, password=None):
+         self.id = id
+         self.pk = id
+         self.token = token
+@@ -216,11 +221,14 @@ class User(models.AnonymousUser):
+         # Unscoped token is used for listing user's project that works
+         # for both federated and keystone user.
+         self.unscoped_token = unscoped_token
+        self.password = None
+
+         # List of variables to be deprecated.
+         self.tenant_id = self.project_id
+         self.tenant_name = self.project_name
+
+        self.USERNAME_FIELD = self.username
+
+     def __unicode__(self):
+         return self.username
+
+@@ -382,6 +390,23 @@ class User(models.AnonymousUser):
+         the user has a permissions matching one of the elements of
+         that tuple
+         """
+
+        def check_service_enabled(perm):
+            """Permission check for enabled services.
+
+            Check should return false, if service disabled
+            """
+            enabled_service = perm.split("openstack.services.")[1:]
+            if enabled_service:
+                if isinstance(enabled_service, list):
+                    enabled_service = enabled_service[0]
+                for service in self.service_catalog:
+                    service_type = service.get('type', '')
+                    if service_type == enabled_service:
+                        return True
+                return False
+            return True
+
+         # If there are no permissions to check, just return true
+         if not perm_list:
+             return True
+@@ -394,4 +419,10 @@ class User(models.AnonymousUser):
+                 # check that a permission in the tuple matches
+                 if not self.has_a_matching_perm(perm, obj):
+                     return False
+            # check if service disabled
+            if isinstance(perm, basestring):
+                return check_service_enabled(perm)
+            else:
+                for p in perm:
+                    return check_service_enabled(p)
+         return True
				`@ -0,0 +1 @@`
				`../../../common/horizon/horizon-bug-1469284.patch`