From ffa5ce49a00ee1fc0d901ca6ffb1727fe1de4358 Mon Sep 17 00:00:00 2001
From: Alfredo Moralejo <amoralej@redhat.com>
Date: Fri, 7 Jul 2017 09:18:03 +0000
Subject: [PATCH] Revert "Use recommended function to setup auth middleware in
 devstack"

It's breaking introspection in tripleo jobs.

This reverts commit fe922eacdbeb6032ab6038def56a1d02c2a64c3a.

Change-Id: I502e92ed1dcd8f9dd293b768f5d0d93026960463
---
 devstack/plugin.sh                  | 15 +++----
 devstack/settings                   |  1 -
 mistral/services/security.py        |  3 +-
 mistral/utils/openstack/keystone.py | 63 ++++++++++++++---------------
 4 files changed, 40 insertions(+), 42 deletions(-)

diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 2fd75c9e6..09f654089 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -59,11 +59,6 @@ function mkdir_chown_stack {
 
 # configure_mistral - Set config files, create data dirs, etc
 function configure_mistral {
-
-    # create and clean up auth cache dir
-    mkdir_chown_stack "$MISTRAL_AUTH_CACHE_DIR"
-    rm -f "$MISTRAL_AUTH_CACHE_DIR"/*
-
     mkdir_chown_stack "$MISTRAL_CONF_DIR"
 
     # Generate Mistral configuration file and configure common parameters.
@@ -80,8 +75,14 @@ function configure_mistral {
     #-------------------------
 
     # Setup keystone_authtoken section
-    configure_auth_token_middleware $MISTRAL_CONF_FILE mistral $MISTRAL_AUTH_CACHE_DIR
+    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
+    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
+    iniset $MISTRAL_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+    iniset $MISTRAL_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $MISTRAL_CONF_FILE keystone_authtoken admin_user $MISTRAL_ADMIN_USER
+    iniset $MISTRAL_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
     iniset $MISTRAL_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_AUTH_URI_V3
+    iniset $MISTRAL_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
 
     # Setup RabbitMQ credentials
     iniset $MISTRAL_CONF_FILE oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
@@ -249,8 +250,8 @@ if is_service_enabled mistral; then
         install_mistral_pythonclient
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         echo_summary "Configuring mistral"
-        create_mistral_accounts
         configure_mistral
+        create_mistral_accounts
     elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
         echo_summary "Initializing mistral"
         init_mistral
diff --git a/devstack/settings b/devstack/settings
index b120d0f9f..9cddc9e33 100644
--- a/devstack/settings
+++ b/devstack/settings
@@ -29,7 +29,6 @@ MISTRAL_DASHBOARD_DIR=$DEST/mistral-dashboard
 MISTRAL_CONF_DIR=${MISTRAL_CONF_DIR:-/etc/mistral}
 MISTRAL_CONF_FILE=${MISTRAL_CONF_DIR}/mistral.conf
 MISTRAL_DEBUG=${MISTRAL_DEBUG:-True}
-MISTRAL_AUTH_CACHE_DIR=${MISTRAL_AUTH_CACHE_DIR:-/var/cache/mistral}
 
 MISTRAL_SERVICE_HOST=${MISTRAL_SERVICE_HOST:-$SERVICE_HOST}
 MISTRAL_SERVICE_PORT=${MISTRAL_SERVICE_PORT:-8989}
diff --git a/mistral/services/security.py b/mistral/services/security.py
index 30e018b8c..497e638bb 100644
--- a/mistral/services/security.py
+++ b/mistral/services/security.py
@@ -42,7 +42,8 @@ def create_trust():
 
     ctx = auth_ctx.ctx()
 
-    trustee_id = keystone.client_for_admin().session.get_user_id()
+    trustee_id = keystone.client_for_admin(
+        CONF.keystone_authtoken.admin_tenant_name).user_id
 
     return client.trusts.create(
         trustor_user=client.user_id,
diff --git a/mistral/utils/openstack/keystone.py b/mistral/utils/openstack/keystone.py
index e54907a07..cdb3a5cae 100644
--- a/mistral/utils/openstack/keystone.py
+++ b/mistral/utils/openstack/keystone.py
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from keystoneauth1 import loading
+import keystoneauth1.identity.generic as auth_plugins
 from keystoneauth1 import session as ks_session
 from keystoneauth1.token_endpoint import Token
 from keystoneclient import service_catalog as ks_service_catalog
@@ -27,7 +27,6 @@ from mistral import context
 from mistral import exceptions
 
 CONF = cfg.CONF
-CONF.register_opt(cfg.IntOpt('timeout'), group='keystone_authtoken')
 
 
 def client():
@@ -93,32 +92,23 @@ def get_session_and_auth(context, **kwargs):
 
 
 def _admin_client(trust_id=None, project_name=None):
-    kwargs = {}
+    auth_url = CONF.keystone_authtoken.auth_uri
 
-    if trust_id:
-        # Remove project_name and project_id, since we need a trust scoped
-        # auth object
-        kwargs['project_name'] = None
-        kwargs['project_domain_name'] = None
-        kwargs['project_id'] = None
-        kwargs['trust_id'] = trust_id
-
-    auth = loading.load_auth_from_conf_options(
-        CONF,
-        'keystone_authtoken',
-        **kwargs
-    )
-    sess = loading.load_session_from_conf_options(
-        CONF,
-        'keystone_authtoken',
-        auth=auth
+    cl = ks_client.Client(
+        username=CONF.keystone_authtoken.admin_user,
+        password=CONF.keystone_authtoken.admin_password,
+        project_name=project_name,
+        auth_url=auth_url,
+        trust_id=trust_id
     )
 
-    return ks_client.Client(session=sess)
+    cl.management_url = auth_url
+
+    return cl
 
 
-def client_for_admin():
-    return _admin_client()
+def client_for_admin(project_name):
+    return _admin_client(project_name=project_name)
 
 
 def client_for_trusts(trust_id):
@@ -240,21 +230,28 @@ def format_url(url_template, values):
 
 
 def is_token_trust_scoped(auth_token):
-    return 'OS-TRUST:trust' in client_for_admin().tokens.validate(auth_token)
+    admin_project_name = CONF.keystone_authtoken.admin_tenant_name
+    keystone_client = _admin_client(project_name=admin_project_name)
+
+    token_info = keystone_client.tokens.validate(auth_token)
+
+    return 'OS-TRUST:trust' in token_info
 
 
 def get_admin_session():
     """Returns a keystone session from Mistral's service credentials."""
-    auth = loading.load_auth_from_conf_options(
-        CONF,
-        'keystone_authtoken'
-    )
 
-    return loading.load_session_from_conf_options(
-        CONF,
-        'keystone_authtoken',
-        auth=auth
-    )
+    auth = auth_plugins.Password(
+        CONF.keystone_authtoken.auth_uri,
+        username=CONF.keystone_authtoken.admin_user,
+        password=CONF.keystone_authtoken.admin_password,
+        project_name=CONF.keystone_authtoken.admin_tenant_name,
+        # NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
+        # fetch the following values from the configuration.
+        user_domain_name='Default',
+        project_domain_name='Default')
+
+    return ks_session.Session(auth=auth)
 
 
 def will_expire_soon(expires_at):