Revert "Support transition to keystone auth plugin"
This patch broke Ironic introspection workflow:
https://bugs.launchpad.net/tripleo/+bug/1688767
This reverts commit 1c485867c4
.
Related-Bug: #1688767
Change-Id: I86d4b40e19b3b0b3cfe0d30e2c5a588e29af6d98
This commit is contained in:
parent
bffc72df4a
commit
2a2c8e733b
@ -75,15 +75,14 @@ function configure_mistral {
|
||||
#-------------------------
|
||||
|
||||
# Setup keystone_authtoken section
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken project_name $SERVICE_TENANT_NAME
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken username $MISTRAL_ADMIN_USER
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken password $SERVICE_PASSWORD
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_user $MISTRAL_ADMIN_USER
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken service_token_roles_required True
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_type password
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken auth_url $KEYSTONE_SERVICE_URI
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken user_domain_name Default
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken project_domain_name Default
|
||||
iniset $MISTRAL_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
|
||||
# Setup RabbitMQ credentials
|
||||
iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
|
||||
|
@ -88,8 +88,6 @@ class MistralContext(BaseContext):
|
||||
"expires_at",
|
||||
"trust_id",
|
||||
"is_target",
|
||||
"user_domain_name",
|
||||
"project_domain_name",
|
||||
])
|
||||
|
||||
def __repr__(self):
|
||||
@ -208,25 +206,10 @@ def _extract_service_catalog_from_headers(headers):
|
||||
|
||||
|
||||
def context_from_config():
|
||||
username = (
|
||||
CONF.keystone_authtoken.username or
|
||||
CONF.keystone_authtoken.admin_user)
|
||||
password = (
|
||||
CONF.keystone_authtoken.password or
|
||||
CONF.keystone_authtoken.admin_password)
|
||||
project_name = (
|
||||
CONF.keystone_authtoken.project_name or
|
||||
CONF.keystone_authtoken.admin_tenant_name)
|
||||
user_domain_name = (
|
||||
CONF.keystone_authtoken.user_domain_name or 'Default')
|
||||
project_domain_name = (
|
||||
CONF.keystone_authtoken.project_domain_name or 'Default')
|
||||
keystone = keystone_client.Client(
|
||||
username=username,
|
||||
password=password,
|
||||
project_name=project_name,
|
||||
user_domain_name=user_domain_name,
|
||||
project_domain_name=project_domain_name,
|
||||
username=CONF.keystone_authtoken.admin_user,
|
||||
password=CONF.keystone_authtoken.admin_password,
|
||||
tenant_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||
auth_url=CONF.keystone_authtoken.auth_uri,
|
||||
is_trust_scoped=False,
|
||||
)
|
||||
@ -237,10 +220,8 @@ def context_from_config():
|
||||
user_id=keystone.user_id,
|
||||
project_id=keystone.project_id,
|
||||
auth_token=keystone.auth_token,
|
||||
project_name=project_name,
|
||||
user_name=username,
|
||||
user_domain_name=user_domain_name,
|
||||
project_domain_name=project_domain_name,
|
||||
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||
user_name=CONF.keystone_authtoken.admin_user,
|
||||
is_trust_scoped=False,
|
||||
)
|
||||
|
||||
|
@ -40,11 +40,8 @@ def create_trust():
|
||||
|
||||
ctx = auth_ctx.ctx()
|
||||
|
||||
project_name = (
|
||||
CONF.keystone_authtoken.project_name or
|
||||
CONF.keystone_authtoken.admin_tenant_name)
|
||||
|
||||
trustee_id = keystone.client_for_admin(project_name).user_id
|
||||
trustee_id = keystone.client_for_admin(
|
||||
CONF.keystone_authtoken.admin_tenant_name).user_id
|
||||
|
||||
return client.trusts.create(
|
||||
trustor_user=client.user_id,
|
||||
|
@ -47,16 +47,9 @@ def client():
|
||||
def _admin_client(trust_id=None, project_name=None):
|
||||
auth_url = CONF.keystone_authtoken.auth_uri
|
||||
|
||||
username = (
|
||||
CONF.keystone_authtoken.admin_user or
|
||||
CONF.keystone_authtoken.username)
|
||||
password = (
|
||||
CONF.keystone_authtoken.admin_password or
|
||||
CONF.keystone_authtoken.password)
|
||||
|
||||
cl = ks_client.Client(
|
||||
username=username,
|
||||
password=password,
|
||||
username=CONF.keystone_authtoken.admin_user,
|
||||
password=CONF.keystone_authtoken.admin_password,
|
||||
project_name=project_name,
|
||||
auth_url=auth_url,
|
||||
trust_id=trust_id
|
||||
@ -175,9 +168,7 @@ def format_url(url_template, values):
|
||||
|
||||
|
||||
def is_token_trust_scoped(auth_token):
|
||||
admin_project_name = (
|
||||
CONF.keystone_authtoken.admin_tenant_name or
|
||||
CONF.keystone_authtoken.project_name)
|
||||
admin_project_name = CONF.keystone_authtoken.admin_tenant_name
|
||||
keystone_client = _admin_client(project_name=admin_project_name)
|
||||
|
||||
token_info = keystone_client.tokens.validate(auth_token)
|
||||
@ -188,27 +179,15 @@ def is_token_trust_scoped(auth_token):
|
||||
def get_admin_session():
|
||||
"""Returns a keystone session from Mistral's service credentials."""
|
||||
|
||||
username = (
|
||||
CONF.keystone_authtoken.username or
|
||||
CONF.keystone_authtoken.admin_user)
|
||||
password = (
|
||||
CONF.keystone_authtoken.password or
|
||||
CONF.keystone_authtoken.admin_password)
|
||||
project_name = (
|
||||
CONF.keystone_authtoken.project_name or
|
||||
CONF.keystone_authtoken.admin_tenant_name)
|
||||
user_domain_name = (
|
||||
CONF.keystone_authtoken.user_domain_name or 'Default')
|
||||
project_domain_name = (
|
||||
CONF.keystone_authtoken.project_domain_name or 'Default')
|
||||
|
||||
auth = auth_plugins.Password(
|
||||
CONF.keystone_authtoken.auth_uri,
|
||||
username=username,
|
||||
password=password,
|
||||
project_name=project_name,
|
||||
user_domain_name=user_domain_name,
|
||||
project_domain_name=project_domain_name)
|
||||
username=CONF.keystone_authtoken.admin_user,
|
||||
password=CONF.keystone_authtoken.admin_password,
|
||||
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||
# NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
|
||||
# fetch the following values from the configuration.
|
||||
user_domain_name='Default',
|
||||
project_domain_name='Default')
|
||||
|
||||
return ks_session.Session(auth=auth)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user