Trustee: provide region_name to auth_url searching

Add "trustee_keystone_region_name" optional configuration parameter
that allows Magnum to specify a region when searching for auth_url
in the Identity service.
This parameter is useful for multi-regional OpenStack installations
with different Identity service for every region.

Task: 22990
Story: 2002981
Change-Id: I5dd70ac0fdcbc19761833ccae3f5496c154f0804
This commit is contained in:
Andrei Ozerov 2018-07-17 20:16:28 +03:00
parent 0bf72ba164
commit a127c66957
3 changed files with 20 additions and 5 deletions

View File

@ -53,7 +53,10 @@ trust_opts = [
'by the trustor')),
cfg.StrOpt('trustee_keystone_interface',
default='public',
help=_('Auth interface used by instances/trustee'))
help=_('Auth interface used by instances/trustee')),
cfg.StrOpt('trustee_keystone_region_name',
help=_('Region in Identity service catalog to use for '
'communication with the OpenStack service.'))
]

View File

@ -255,10 +255,14 @@ class BaseTemplateDefinition(TemplateDefinition):
else:
extra_params['trust_id'] = ""
extra_params['auth_url'] = osc.url_for(
service_type='identity',
interface=CONF.trust.trustee_keystone_interface,
version=3)
kwargs = {
'service_type': 'identity',
'interface': CONF.trust.trustee_keystone_interface,
'version': 3
}
if CONF.trust.trustee_keystone_region_name:
kwargs['region_name'] = CONF.trust.trustee_keystone_region_name
extra_params['auth_url'] = osc.url_for(**kwargs)
return super(BaseTemplateDefinition,
self).get_params(context, cluster_template, cluster,

View File

@ -0,0 +1,8 @@
---
fixes:
- |
Add `trustee_keystone_region_name` optional parameter to the `trust`
section. This parameter is useful for multi-regional OpenStack
installations with different Identity service for every region.
In such installation it is necessary to specify a region when searching
for `auth_url` to authenticate a trustee user.