Revert "Support transition to keystone auth plugin"
This patch broke Ironic introspection workflow: https://bugs.launchpad.net/tripleo/+bug/1688767 This reverts commit 1c485867c456df32cf0401a47d177b2478a51313. Related-Bug: #1688767 Change-Id: I86d4b40e19b3b0b3cfe0d30e2c5a588e29af6d98
This commit is contained in:
parent
bffc72df4a
commit
2a2c8e733b
@ -75,15 +75,14 @@ function configure_mistral {
|
|||||||
#-------------------------
|
#-------------------------
|
||||||
|
|
||||||
# Setup keystone_authtoken section
|
# Setup keystone_authtoken section
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken project_name $SERVICE_TENANT_NAME
|
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken username $MISTRAL_ADMIN_USER
|
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken password $SERVICE_PASSWORD
|
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||||
|
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||||
|
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_user $MISTRAL_ADMIN_USER
|
||||||
|
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3
|
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken service_token_roles_required True
|
iniset $MISTRAL_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_type password
|
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_url $KEYSTONE_SERVICE_URI
|
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken user_domain_name Default
|
|
||||||
iniset $MISTRAL_CONF_FILE keystone_authtoken project_domain_name Default
|
|
||||||
|
|
||||||
# Setup RabbitMQ credentials
|
# Setup RabbitMQ credentials
|
||||||
iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
|
iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
|
||||||
|
@ -88,8 +88,6 @@ class MistralContext(BaseContext):
|
|||||||
"expires_at",
|
"expires_at",
|
||||||
"trust_id",
|
"trust_id",
|
||||||
"is_target",
|
"is_target",
|
||||||
"user_domain_name",
|
|
||||||
"project_domain_name",
|
|
||||||
])
|
])
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
@ -208,25 +206,10 @@ def _extract_service_catalog_from_headers(headers):
|
|||||||
|
|
||||||
|
|
||||||
def context_from_config():
|
def context_from_config():
|
||||||
username = (
|
|
||||||
CONF.keystone_authtoken.username or
|
|
||||||
CONF.keystone_authtoken.admin_user)
|
|
||||||
password = (
|
|
||||||
CONF.keystone_authtoken.password or
|
|
||||||
CONF.keystone_authtoken.admin_password)
|
|
||||||
project_name = (
|
|
||||||
CONF.keystone_authtoken.project_name or
|
|
||||||
CONF.keystone_authtoken.admin_tenant_name)
|
|
||||||
user_domain_name = (
|
|
||||||
CONF.keystone_authtoken.user_domain_name or 'Default')
|
|
||||||
project_domain_name = (
|
|
||||||
CONF.keystone_authtoken.project_domain_name or 'Default')
|
|
||||||
keystone = keystone_client.Client(
|
keystone = keystone_client.Client(
|
||||||
username=username,
|
username=CONF.keystone_authtoken.admin_user,
|
||||||
password=password,
|
password=CONF.keystone_authtoken.admin_password,
|
||||||
project_name=project_name,
|
tenant_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||||
user_domain_name=user_domain_name,
|
|
||||||
project_domain_name=project_domain_name,
|
|
||||||
auth_url=CONF.keystone_authtoken.auth_uri,
|
auth_url=CONF.keystone_authtoken.auth_uri,
|
||||||
is_trust_scoped=False,
|
is_trust_scoped=False,
|
||||||
)
|
)
|
||||||
@ -237,10 +220,8 @@ def context_from_config():
|
|||||||
user_id=keystone.user_id,
|
user_id=keystone.user_id,
|
||||||
project_id=keystone.project_id,
|
project_id=keystone.project_id,
|
||||||
auth_token=keystone.auth_token,
|
auth_token=keystone.auth_token,
|
||||||
project_name=project_name,
|
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||||
user_name=username,
|
user_name=CONF.keystone_authtoken.admin_user,
|
||||||
user_domain_name=user_domain_name,
|
|
||||||
project_domain_name=project_domain_name,
|
|
||||||
is_trust_scoped=False,
|
is_trust_scoped=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -40,11 +40,8 @@ def create_trust():
|
|||||||
|
|
||||||
ctx = auth_ctx.ctx()
|
ctx = auth_ctx.ctx()
|
||||||
|
|
||||||
project_name = (
|
trustee_id = keystone.client_for_admin(
|
||||||
CONF.keystone_authtoken.project_name or
|
CONF.keystone_authtoken.admin_tenant_name).user_id
|
||||||
CONF.keystone_authtoken.admin_tenant_name)
|
|
||||||
|
|
||||||
trustee_id = keystone.client_for_admin(project_name).user_id
|
|
||||||
|
|
||||||
return client.trusts.create(
|
return client.trusts.create(
|
||||||
trustor_user=client.user_id,
|
trustor_user=client.user_id,
|
||||||
|
@ -47,16 +47,9 @@ def client():
|
|||||||
def _admin_client(trust_id=None, project_name=None):
|
def _admin_client(trust_id=None, project_name=None):
|
||||||
auth_url = CONF.keystone_authtoken.auth_uri
|
auth_url = CONF.keystone_authtoken.auth_uri
|
||||||
|
|
||||||
username = (
|
|
||||||
CONF.keystone_authtoken.admin_user or
|
|
||||||
CONF.keystone_authtoken.username)
|
|
||||||
password = (
|
|
||||||
CONF.keystone_authtoken.admin_password or
|
|
||||||
CONF.keystone_authtoken.password)
|
|
||||||
|
|
||||||
cl = ks_client.Client(
|
cl = ks_client.Client(
|
||||||
username=username,
|
username=CONF.keystone_authtoken.admin_user,
|
||||||
password=password,
|
password=CONF.keystone_authtoken.admin_password,
|
||||||
project_name=project_name,
|
project_name=project_name,
|
||||||
auth_url=auth_url,
|
auth_url=auth_url,
|
||||||
trust_id=trust_id
|
trust_id=trust_id
|
||||||
@ -175,9 +168,7 @@ def format_url(url_template, values):
|
|||||||
|
|
||||||
|
|
||||||
def is_token_trust_scoped(auth_token):
|
def is_token_trust_scoped(auth_token):
|
||||||
admin_project_name = (
|
admin_project_name = CONF.keystone_authtoken.admin_tenant_name
|
||||||
CONF.keystone_authtoken.admin_tenant_name or
|
|
||||||
CONF.keystone_authtoken.project_name)
|
|
||||||
keystone_client = _admin_client(project_name=admin_project_name)
|
keystone_client = _admin_client(project_name=admin_project_name)
|
||||||
|
|
||||||
token_info = keystone_client.tokens.validate(auth_token)
|
token_info = keystone_client.tokens.validate(auth_token)
|
||||||
@ -188,27 +179,15 @@ def is_token_trust_scoped(auth_token):
|
|||||||
def get_admin_session():
|
def get_admin_session():
|
||||||
"""Returns a keystone session from Mistral's service credentials."""
|
"""Returns a keystone session from Mistral's service credentials."""
|
||||||
|
|
||||||
username = (
|
|
||||||
CONF.keystone_authtoken.username or
|
|
||||||
CONF.keystone_authtoken.admin_user)
|
|
||||||
password = (
|
|
||||||
CONF.keystone_authtoken.password or
|
|
||||||
CONF.keystone_authtoken.admin_password)
|
|
||||||
project_name = (
|
|
||||||
CONF.keystone_authtoken.project_name or
|
|
||||||
CONF.keystone_authtoken.admin_tenant_name)
|
|
||||||
user_domain_name = (
|
|
||||||
CONF.keystone_authtoken.user_domain_name or 'Default')
|
|
||||||
project_domain_name = (
|
|
||||||
CONF.keystone_authtoken.project_domain_name or 'Default')
|
|
||||||
|
|
||||||
auth = auth_plugins.Password(
|
auth = auth_plugins.Password(
|
||||||
CONF.keystone_authtoken.auth_uri,
|
CONF.keystone_authtoken.auth_uri,
|
||||||
username=username,
|
username=CONF.keystone_authtoken.admin_user,
|
||||||
password=password,
|
password=CONF.keystone_authtoken.admin_password,
|
||||||
project_name=project_name,
|
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||||
user_domain_name=user_domain_name,
|
# NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
|
||||||
project_domain_name=project_domain_name)
|
# fetch the following values from the configuration.
|
||||||
|
user_domain_name='Default',
|
||||||
|
project_domain_name='Default')
|
||||||
|
|
||||||
return ks_session.Session(auth=auth)
|
return ks_session.Session(auth=auth)
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user