Browse Source

Fix auth url for Barbican client

This patch fixes up the auth url if an invalid or no version prefix is
set in OPENSTACK_KEYSTONE_URL. An invalid prefix could be /v2.0 endpoint
when running Keystone v3.

keystoneclient.auth.token_endpoint is deprecated as of the 2.1.0 release
in favor of keystoneauth1.token_endpoint.Token. Reason why it is being
used here is because keystoneauth1 is not in our requirements.txt
(although it is a dependency pulled by required libraries) making this
patch not backportable if we were to add it now. A follow up patch
should handle this deprecation.

Change-Id: I060826fab5067a816297d01d5de20457fd78a742
Story: 2007238
Task: 38576
Task: 29724
(cherry picked from commit fdc34d2087c55bf59c8a20eb2dae13df04157773)
(cherry picked from commit 32c9501d6b960c56237be889ddf611ff0f4d9bf5)
changes/11/705011/1
Carlos Goncalves 5 months ago
parent
commit
16919a9f5e
2 changed files with 8 additions and 14 deletions
  1. +5
    -14
      neutron_lbaas_dashboard/api/rest/barbican.py
  2. +3
    -0
      releasenotes/notes/fix-auth-url-barbican-client-87530b5626810544.yaml

+ 5
- 14
neutron_lbaas_dashboard/api/rest/barbican.py View File

@@ -17,33 +17,24 @@
from barbicanclient import client as barbican_client
from django.conf import settings
from django.views import generic
from keystoneclient.auth.identity import v2 as auth_v2
from keystoneclient.auth.identity import v3 as auth_v3
from keystoneclient.auth import token_endpoint
from keystoneclient import session

from horizon.utils.memoized import memoized # noqa
from openstack_auth import utils as auth_utils

from openstack_dashboard.api import base
from openstack_dashboard.api import keystone
from openstack_dashboard.api.rest import urls
from openstack_dashboard.api.rest import utils as rest_utils


@memoized
def barbicanclient(request):
project_id = request.user.project_id
region = request.user.services_region
endpoint = base.url_for(request, 'key-manager')
if keystone.get_version() < 3:
auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL,
request.user.token.id,
tenant_id=project_id)
else:
domain_id = request.session.get('domain_context')
auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL,
request.user.token.id,
project_id=project_id,
project_domain_id=domain_id)
auth_url, _ = auth_utils.fix_auth_url_version_prefix(
settings.OPENSTACK_KEYSTONE_URL)
auth = token_endpoint.Token(auth_url, request.user.token.id)
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
# If 'insecure' is True, 'verify' is False in all cases; otherwise


+ 3
- 0
releasenotes/notes/fix-auth-url-barbican-client-87530b5626810544.yaml View File

@@ -0,0 +1,3 @@
---
fixes:
- Fixed an issue where TERMINATED_HTTPS listener type was greyed out.

Loading…
Cancel
Save