From a127c669574fb5ce1aa586d96296f481cd88c790 Mon Sep 17 00:00:00 2001 From: Andrei Ozerov Date: Tue, 17 Jul 2018 20:16:28 +0300 Subject: [PATCH] Trustee: provide region_name to auth_url searching Add "trustee_keystone_region_name" optional configuration parameter that allows Magnum to specify a region when searching for auth_url in the Identity service. This parameter is useful for multi-regional OpenStack installations with different Identity service for every region. Task: 22990 Story: 2002981 Change-Id: I5dd70ac0fdcbc19761833ccae3f5496c154f0804 --- magnum/conf/trust.py | 5 ++++- magnum/drivers/heat/template_def.py | 12 ++++++++---- ...81-trustee-auth-region-name-37796a4e6a274fb8.yaml | 8 ++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml diff --git a/magnum/conf/trust.py b/magnum/conf/trust.py index eb5c826e8b..07e174da8a 100644 --- a/magnum/conf/trust.py +++ b/magnum/conf/trust.py @@ -53,7 +53,10 @@ trust_opts = [ 'by the trustor')), cfg.StrOpt('trustee_keystone_interface', default='public', - help=_('Auth interface used by instances/trustee')) + help=_('Auth interface used by instances/trustee')), + cfg.StrOpt('trustee_keystone_region_name', + help=_('Region in Identity service catalog to use for ' + 'communication with the OpenStack service.')) ] diff --git a/magnum/drivers/heat/template_def.py b/magnum/drivers/heat/template_def.py index 0511a5faa7..397b53c45c 100755 --- a/magnum/drivers/heat/template_def.py +++ b/magnum/drivers/heat/template_def.py @@ -255,10 +255,14 @@ class BaseTemplateDefinition(TemplateDefinition): else: extra_params['trust_id'] = "" - extra_params['auth_url'] = osc.url_for( - service_type='identity', - interface=CONF.trust.trustee_keystone_interface, - version=3) + kwargs = { + 'service_type': 'identity', + 'interface': CONF.trust.trustee_keystone_interface, + 'version': 3 + } + if CONF.trust.trustee_keystone_region_name: + kwargs['region_name'] = CONF.trust.trustee_keystone_region_name + extra_params['auth_url'] = osc.url_for(**kwargs) return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, diff --git a/releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml b/releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml new file mode 100644 index 0000000000..f465caee19 --- /dev/null +++ b/releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Add `trustee_keystone_region_name` optional parameter to the `trust` + section. This parameter is useful for multi-regional OpenStack + installations with different Identity service for every region. + In such installation it is necessary to specify a region when searching + for `auth_url` to authenticate a trustee user.