From 16919a9f5e1ebae36c7ba8e5c6d9889bf44bf37f Mon Sep 17 00:00:00 2001 From: Carlos Goncalves Date: Thu, 30 Jan 2020 14:37:35 +0100 Subject: [PATCH] Fix auth url for Barbican client This patch fixes up the auth url if an invalid or no version prefix is set in OPENSTACK_KEYSTONE_URL. An invalid prefix could be /v2.0 endpoint when running Keystone v3. keystoneclient.auth.token_endpoint is deprecated as of the 2.1.0 release in favor of keystoneauth1.token_endpoint.Token. Reason why it is being used here is because keystoneauth1 is not in our requirements.txt (although it is a dependency pulled by required libraries) making this patch not backportable if we were to add it now. A follow up patch should handle this deprecation. Change-Id: I060826fab5067a816297d01d5de20457fd78a742 Story: 2007238 Task: 38576 Task: 29724 (cherry picked from commit fdc34d2087c55bf59c8a20eb2dae13df04157773) (cherry picked from commit 32c9501d6b960c56237be889ddf611ff0f4d9bf5) --- neutron_lbaas_dashboard/api/rest/barbican.py | 19 +++++-------------- ...-url-barbican-client-87530b5626810544.yaml | 3 +++ 2 files changed, 8 insertions(+), 14 deletions(-) create mode 100644 releasenotes/notes/fix-auth-url-barbican-client-87530b5626810544.yaml diff --git a/neutron_lbaas_dashboard/api/rest/barbican.py b/neutron_lbaas_dashboard/api/rest/barbican.py index 0615623..553eccd 100644 --- a/neutron_lbaas_dashboard/api/rest/barbican.py +++ b/neutron_lbaas_dashboard/api/rest/barbican.py @@ -17,33 +17,24 @@ from barbicanclient import client as barbican_client from django.conf import settings from django.views import generic -from keystoneclient.auth.identity import v2 as auth_v2 -from keystoneclient.auth.identity import v3 as auth_v3 +from keystoneclient.auth import token_endpoint from keystoneclient import session from horizon.utils.memoized import memoized # noqa +from openstack_auth import utils as auth_utils from openstack_dashboard.api import base -from openstack_dashboard.api import keystone from openstack_dashboard.api.rest import urls from openstack_dashboard.api.rest import utils as rest_utils @memoized def barbicanclient(request): - project_id = request.user.project_id region = request.user.services_region endpoint = base.url_for(request, 'key-manager') - if keystone.get_version() < 3: - auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL, - request.user.token.id, - tenant_id=project_id) - else: - domain_id = request.session.get('domain_context') - auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL, - request.user.token.id, - project_id=project_id, - project_domain_id=domain_id) + auth_url, _ = auth_utils.fix_auth_url_version_prefix( + settings.OPENSTACK_KEYSTONE_URL) + auth = token_endpoint.Token(auth_url, request.user.token.id) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) # If 'insecure' is True, 'verify' is False in all cases; otherwise diff --git a/releasenotes/notes/fix-auth-url-barbican-client-87530b5626810544.yaml b/releasenotes/notes/fix-auth-url-barbican-client-87530b5626810544.yaml new file mode 100644 index 0000000..5ad9d79 --- /dev/null +++ b/releasenotes/notes/fix-auth-url-barbican-client-87530b5626810544.yaml @@ -0,0 +1,3 @@ +--- +fixes: + - Fixed an issue where TERMINATED_HTTPS listener type was greyed out.