Fix auth url for Barbican client
This patch fixes up the auth url if an invalid or no version prefix is set in OPENSTACK_KEYSTONE_URL. An invalid prefix could be /v2.0 endpoint when running Keystone v3. keystoneclient.auth.token_endpoint is deprecated as of the 2.1.0 release in favor of keystoneauth1.token_endpoint.Token. Reason why it is being used here is because keystoneauth1 is not in our requirements.txt (although it is a dependency pulled by required libraries) making this patch not backportable if we were to add it now. A follow up patch should handle this deprecation. Change-Id: I060826fab5067a816297d01d5de20457fd78a742 Story: 2007238 Task: 38576 Task: 29724 (cherry picked from commitfdc34d2087) (cherry picked from commit32c9501d6b)
This commit is contained in:
Carlos Goncalves
parent
ccf86210e5
commit
16919a9f5e
|
|
@ -17,33 +17,24 @@
|
||||||
from barbicanclient import client as barbican_client
|
from barbicanclient import client as barbican_client
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.views import generic
|
from django.views import generic
|
||||||
from keystoneclient.auth.identity import v2 as auth_v2
|
from keystoneclient.auth import token_endpoint
|
||||||
from keystoneclient.auth.identity import v3 as auth_v3
|
|
||||||
from keystoneclient import session
|
from keystoneclient import session
|
||||||
|
|
||||||
from horizon.utils.memoized import memoized # noqa
|
from horizon.utils.memoized import memoized # noqa
|
||||||
|
from openstack_auth import utils as auth_utils
|
||||||
|
|
||||||
from openstack_dashboard.api import base
|
from openstack_dashboard.api import base
|
||||||
from openstack_dashboard.api import keystone
|
|
||||||
from openstack_dashboard.api.rest import urls
|
from openstack_dashboard.api.rest import urls
|
||||||
from openstack_dashboard.api.rest import utils as rest_utils
|
from openstack_dashboard.api.rest import utils as rest_utils
|
||||||
|
|
||||||
|
|
||||||
@memoized
|
@memoized
|
||||||
def barbicanclient(request):
|
def barbicanclient(request):
|
||||||
project_id = request.user.project_id
|
|
||||||
region = request.user.services_region
|
region = request.user.services_region
|
||||||
endpoint = base.url_for(request, 'key-manager')
|
endpoint = base.url_for(request, 'key-manager')
|
||||||
if keystone.get_version() < 3:
|
auth_url, _ = auth_utils.fix_auth_url_version_prefix(
|
||||||
auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL,
|
settings.OPENSTACK_KEYSTONE_URL)
|
||||||
request.user.token.id,
|
auth = token_endpoint.Token(auth_url, request.user.token.id)
|
||||||
tenant_id=project_id)
|
|
||||||
else:
|
|
||||||
domain_id = request.session.get('domain_context')
|
|
||||||
auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL,
|
|
||||||
request.user.token.id,
|
|
||||||
project_id=project_id,
|
|
||||||
project_domain_id=domain_id)
|
|
||||||
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
||||||
# If 'insecure' is True, 'verify' is False in all cases; otherwise
|
# If 'insecure' is True, 'verify' is False in all cases; otherwise
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- Fixed an issue where TERMINATED_HTTPS listener type was greyed out.
|
||||||
Loading…
Reference in New Issue