Merge "Fix OS action client initialization"
This commit is contained in:
commit
32d09b5aca
@ -44,6 +44,7 @@ class NovaAction(base.OpenStackAction):
|
|||||||
LOG.debug("Nova action security context: %s" % ctx)
|
LOG.debug("Nova action security context: %s" % ctx)
|
||||||
|
|
||||||
keystone_endpoint = keystone_utils.get_keystone_endpoint_v2()
|
keystone_endpoint = keystone_utils.get_keystone_endpoint_v2()
|
||||||
|
nova_endpoint = keystone_utils.get_endpoint_for_project('nova')
|
||||||
|
|
||||||
client = self._client_class(
|
client = self._client_class(
|
||||||
username=None,
|
username=None,
|
||||||
@ -56,6 +57,11 @@ class NovaAction(base.OpenStackAction):
|
|||||||
auth_url=keystone_endpoint.url
|
auth_url=keystone_endpoint.url
|
||||||
)
|
)
|
||||||
|
|
||||||
|
client.client.management_url = keystone_utils.format_url(
|
||||||
|
nova_endpoint.url,
|
||||||
|
{'tenant_id': ctx.project_id}
|
||||||
|
)
|
||||||
|
|
||||||
return client
|
return client
|
||||||
|
|
||||||
|
|
||||||
@ -88,12 +94,23 @@ class KeystoneAction(base.OpenStackAction):
|
|||||||
|
|
||||||
LOG.debug("Keystone action security context: %s" % ctx)
|
LOG.debug("Keystone action security context: %s" % ctx)
|
||||||
|
|
||||||
return self._client_class(
|
kwargs = {
|
||||||
token=ctx.auth_token,
|
'token': ctx.auth_token,
|
||||||
auth_url=CONF.keystone_authtoken.auth_uri,
|
'auth_url': CONF.keystone_authtoken.auth_uri,
|
||||||
project_id=ctx.project_id,
|
'project_id': ctx.project_id,
|
||||||
cacert=CONF.keystone_authtoken.cafile
|
'cacert': CONF.keystone_authtoken.cafile,
|
||||||
)
|
}
|
||||||
|
|
||||||
|
# In case of trust-scoped token explicitly pass endpoint parameter.
|
||||||
|
if (ctx.is_trust_scoped
|
||||||
|
or keystone_utils.is_token_trust_scoped(ctx.auth_token)):
|
||||||
|
kwargs['endpoint'] = CONF.keystone_authtoken.auth_uri
|
||||||
|
|
||||||
|
client = self._client_class(**kwargs)
|
||||||
|
|
||||||
|
client.management_url = CONF.keystone_authtoken.auth_uri
|
||||||
|
|
||||||
|
return client
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _get_fake_client(cls):
|
def _get_fake_client(cls):
|
||||||
|
@ -76,6 +76,7 @@ class MistralContext(BaseContext):
|
|||||||
"project_name",
|
"project_name",
|
||||||
"roles",
|
"roles",
|
||||||
"is_admin",
|
"is_admin",
|
||||||
|
"is_trust_scoped",
|
||||||
])
|
])
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
@ -127,7 +128,8 @@ def context_from_headers(headers):
|
|||||||
service_catalog=headers.get('X-Service-Catalog'),
|
service_catalog=headers.get('X-Service-Catalog'),
|
||||||
user_name=headers.get('X-User-Name'),
|
user_name=headers.get('X-User-Name'),
|
||||||
project_name=headers.get('X-Project-Name'),
|
project_name=headers.get('X-Project-Name'),
|
||||||
roles=headers.get('X-Roles', "").split(",")
|
roles=headers.get('X-Roles', "").split(","),
|
||||||
|
is_trust_scoped=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@ -136,7 +138,8 @@ def context_from_config():
|
|||||||
username=CONF.keystone_authtoken.admin_user,
|
username=CONF.keystone_authtoken.admin_user,
|
||||||
password=CONF.keystone_authtoken.admin_password,
|
password=CONF.keystone_authtoken.admin_password,
|
||||||
tenant_name=CONF.keystone_authtoken.admin_tenant_name,
|
tenant_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||||
auth_url=CONF.keystone_authtoken.auth_uri
|
auth_url=CONF.keystone_authtoken.auth_uri,
|
||||||
|
is_trust_scoped=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
keystone.authenticate()
|
keystone.authenticate()
|
||||||
@ -146,7 +149,8 @@ def context_from_config():
|
|||||||
project_id=keystone.project_id,
|
project_id=keystone.project_id,
|
||||||
auth_token=keystone.auth_token,
|
auth_token=keystone.auth_token,
|
||||||
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||||
user_name=CONF.keystone_authtoken.admin_user
|
user_name=CONF.keystone_authtoken.admin_user,
|
||||||
|
is_trust_scoped=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -70,7 +70,8 @@ def create_context(trust_id, project_id):
|
|||||||
return auth_ctx.MistralContext(
|
return auth_ctx.MistralContext(
|
||||||
user_id=client.user_id,
|
user_id=client.user_id,
|
||||||
project_id=project_id,
|
project_id=project_id,
|
||||||
auth_token=client.auth_token
|
auth_token=client.auth_token,
|
||||||
|
is_trust_scoped=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
return auth_ctx.MistralContext(
|
return auth_ctx.MistralContext(
|
||||||
|
@ -104,3 +104,12 @@ def format_url(url_template, values):
|
|||||||
# see https://github.com/openstack/keystone/blob/master/keystone/
|
# see https://github.com/openstack/keystone/blob/master/keystone/
|
||||||
# catalog/core.py#L42-L60
|
# catalog/core.py#L42-L60
|
||||||
return url_template.replace('$(', '%(') % values
|
return url_template.replace('$(', '%(') % values
|
||||||
|
|
||||||
|
|
||||||
|
def is_token_trust_scoped(auth_token):
|
||||||
|
admin_project_name = CONF.keystone_authtoken.admin_tenant_name
|
||||||
|
keystone_client = _admin_client(project_name=admin_project_name)
|
||||||
|
|
||||||
|
token_info = keystone_client.tokens.validate(auth_token)
|
||||||
|
|
||||||
|
return 'OS-TRUST:trust' in token_info
|
||||||
|
Loading…
Reference in New Issue
Block a user