openstack/mistral
Code Issues Proposed changes

Revert "Support transition to keystone auth plugin"

Browse Source 
This patch broke Ironic introspection workflow:
https://bugs.launchpad.net/tripleo/+bug/1688767

This reverts commit 1c485867c4.
Related-Bug: #1688767

Change-Id: I86d4b40e19b3b0b3cfe0d30e2c5a588e29af6d98
This commit is contained in:
Emilien Macchi 2017-05-09 04:06:33 +00:00
parent bffc72df4a
commit 2a2c8e733b
4 changed files with 24 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
devstack/plugin.sh
View File

@ -75,15 +75,14 @@ function configure_mistral {
#------------------------- #-------------------------
# Setup keystone_authtoken section # Setup keystone_authtoken section
iniset $MISTRAL_CONF_FILE keystone_authtoken project_name $SERVICE_TENANT_NAME iniset $MISTRAL_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
iniset $MISTRAL_CONF_FILE keystone_authtoken username $MISTRAL_ADMIN_USER iniset $MISTRAL_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
iniset $MISTRAL_CONF_FILE keystone_authtoken password $SERVICE_PASSWORD iniset $MISTRAL_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_user $MISTRAL_ADMIN_USER
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3 iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3
iniset $MISTRAL_CONF_FILE keystone_authtoken service_token_roles_required True iniset $MISTRAL_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_type password
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_url $KEYSTONE_SERVICE_URI
iniset $MISTRAL_CONF_FILE keystone_authtoken user_domain_name Default
iniset $MISTRAL_CONF_FILE keystone_authtoken project_domain_name Default
# Setup RabbitMQ credentials # Setup RabbitMQ credentials
iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID

29
mistral/context.py
View File

@ -88,8 +88,6 @@ class MistralContext(BaseContext):
"expires_at", "expires_at",
"trust_id", "trust_id",
"is_target", "is_target",
"user_domain_name",
"project_domain_name",
]) ])
def __repr__(self): def __repr__(self):
@ -208,25 +206,10 @@ def _extract_service_catalog_from_headers(headers):
def context_from_config(): def context_from_config():
username = (
CONF.keystone_authtoken.username or
CONF.keystone_authtoken.admin_user)
password = (
CONF.keystone_authtoken.password or
CONF.keystone_authtoken.admin_password)
project_name = (
CONF.keystone_authtoken.project_name or
CONF.keystone_authtoken.admin_tenant_name)
user_domain_name = (
CONF.keystone_authtoken.user_domain_name or 'Default')
project_domain_name = (
CONF.keystone_authtoken.project_domain_name or 'Default')
keystone = keystone_client.Client( keystone = keystone_client.Client(
username=username, username=CONF.keystone_authtoken.admin_user,
password=password, password=CONF.keystone_authtoken.admin_password,
project_name=project_name, tenant_name=CONF.keystone_authtoken.admin_tenant_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
auth_url=CONF.keystone_authtoken.auth_uri, auth_url=CONF.keystone_authtoken.auth_uri,
is_trust_scoped=False, is_trust_scoped=False,
) )
@ -237,10 +220,8 @@ def context_from_config():
user_id=keystone.user_id, user_id=keystone.user_id,
project_id=keystone.project_id, project_id=keystone.project_id,
auth_token=keystone.auth_token, auth_token=keystone.auth_token,
project_name=project_name, project_name=CONF.keystone_authtoken.admin_tenant_name,
user_name=username, user_name=CONF.keystone_authtoken.admin_user,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name,
is_trust_scoped=False, is_trust_scoped=False,
) )

7
mistral/services/security.py
View File

@ -40,11 +40,8 @@ def create_trust():
ctx = auth_ctx.ctx() ctx = auth_ctx.ctx()
project_name = ( trustee_id = keystone.client_for_admin(
CONF.keystone_authtoken.project_name or CONF.keystone_authtoken.admin_tenant_name).user_id
CONF.keystone_authtoken.admin_tenant_name)
trustee_id = keystone.client_for_admin(project_name).user_id
return client.trusts.create( return client.trusts.create(
trustor_user=client.user_id, trustor_user=client.user_id,

41
mistral/utils/openstack/keystone.py
View File

@ -47,16 +47,9 @@ def client():
def _admin_client(trust_id=None, project_name=None): def _admin_client(trust_id=None, project_name=None):
auth_url = CONF.keystone_authtoken.auth_uri auth_url = CONF.keystone_authtoken.auth_uri
username = (
CONF.keystone_authtoken.admin_user or
CONF.keystone_authtoken.username)
password = (
CONF.keystone_authtoken.admin_password or
CONF.keystone_authtoken.password)
cl = ks_client.Client( cl = ks_client.Client(
username=username, username=CONF.keystone_authtoken.admin_user,
password=password, password=CONF.keystone_authtoken.admin_password,
project_name=project_name, project_name=project_name,
auth_url=auth_url, auth_url=auth_url,
trust_id=trust_id trust_id=trust_id
@ -175,9 +168,7 @@ def format_url(url_template, values):
def is_token_trust_scoped(auth_token): def is_token_trust_scoped(auth_token):
admin_project_name = ( admin_project_name = CONF.keystone_authtoken.admin_tenant_name
CONF.keystone_authtoken.admin_tenant_name or
CONF.keystone_authtoken.project_name)
keystone_client = _admin_client(project_name=admin_project_name) keystone_client = _admin_client(project_name=admin_project_name)
token_info = keystone_client.tokens.validate(auth_token) token_info = keystone_client.tokens.validate(auth_token)
@ -188,27 +179,15 @@ def is_token_trust_scoped(auth_token):
def get_admin_session(): def get_admin_session():
"""Returns a keystone session from Mistral's service credentials.""" """Returns a keystone session from Mistral's service credentials."""
username = (
CONF.keystone_authtoken.username or
CONF.keystone_authtoken.admin_user)
password = (
CONF.keystone_authtoken.password or
CONF.keystone_authtoken.admin_password)
project_name = (
CONF.keystone_authtoken.project_name or
CONF.keystone_authtoken.admin_tenant_name)
user_domain_name = (
CONF.keystone_authtoken.user_domain_name or 'Default')
project_domain_name = (
CONF.keystone_authtoken.project_domain_name or 'Default')
auth = auth_plugins.Password( auth = auth_plugins.Password(
CONF.keystone_authtoken.auth_uri, CONF.keystone_authtoken.auth_uri,
username=username, username=CONF.keystone_authtoken.admin_user,
password=password, password=CONF.keystone_authtoken.admin_password,
project_name=project_name, project_name=CONF.keystone_authtoken.admin_tenant_name,
user_domain_name=user_domain_name, # NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
project_domain_name=project_domain_name) # fetch the following values from the configuration.
user_domain_name='Default',
project_domain_name='Default')
return ks_session.Session(auth=auth) return ks_session.Session(auth=auth)