Merge "Backport scope defaults fix (bug 1582774)"
This commit is contained in:
commit
76f314ab21
|
@ -107,10 +107,14 @@ def select_auth_plugin(options):
|
||||||
|
|
||||||
def build_auth_params(auth_plugin_name, cmd_options):
|
def build_auth_params(auth_plugin_name, cmd_options):
|
||||||
|
|
||||||
auth_params = dict(cmd_options.auth)
|
|
||||||
if auth_plugin_name:
|
if auth_plugin_name:
|
||||||
LOG.debug('auth_type: %s', auth_plugin_name)
|
LOG.debug('auth_type: %s', auth_plugin_name)
|
||||||
auth_plugin_loader = base.get_plugin_loader(auth_plugin_name)
|
auth_plugin_loader = base.get_plugin_loader(auth_plugin_name)
|
||||||
|
auth_params = {
|
||||||
|
opt.dest: opt.default
|
||||||
|
for opt in base.get_plugin_options(auth_plugin_name)
|
||||||
|
}
|
||||||
|
auth_params.update(dict(cmd_options.auth))
|
||||||
# grab tenant from project for v2.0 API compatibility
|
# grab tenant from project for v2.0 API compatibility
|
||||||
if auth_plugin_name.startswith("v2"):
|
if auth_plugin_name.startswith("v2"):
|
||||||
if 'project_id' in auth_params:
|
if 'project_id' in auth_params:
|
||||||
|
@ -123,6 +127,7 @@ def build_auth_params(auth_plugin_name, cmd_options):
|
||||||
LOG.debug('no auth_type')
|
LOG.debug('no auth_type')
|
||||||
# delay the plugin choice, grab every option
|
# delay the plugin choice, grab every option
|
||||||
auth_plugin_loader = None
|
auth_plugin_loader = None
|
||||||
|
auth_params = dict(cmd_options.auth)
|
||||||
plugin_options = set([o.replace('-', '_') for o in get_options_list()])
|
plugin_options = set([o.replace('-', '_') for o in get_options_list()])
|
||||||
for option in plugin_options:
|
for option in plugin_options:
|
||||||
LOG.debug('fetching option %s', option)
|
LOG.debug('fetching option %s', option)
|
||||||
|
|
|
@ -140,6 +140,51 @@ class ClientManager(object):
|
||||||
# prior to dereferrencing auth_ref.
|
# prior to dereferrencing auth_ref.
|
||||||
self._auth_setup_completed = False
|
self._auth_setup_completed = False
|
||||||
|
|
||||||
|
def _set_default_scope_options(self):
|
||||||
|
# TODO(mordred): This is a usability improvement that's broadly useful
|
||||||
|
# We should port it back up into os-client-config.
|
||||||
|
default_domain = self._cli_options.default_domain
|
||||||
|
|
||||||
|
# NOTE(hieulq): If USER_DOMAIN_NAME, USER_DOMAIN_ID, PROJECT_DOMAIN_ID
|
||||||
|
# or PROJECT_DOMAIN_NAME is present and API_VERSION is 2.0, then
|
||||||
|
# ignore all domain related configs.
|
||||||
|
if (self._api_version.get('identity') == '2.0' and
|
||||||
|
self.auth_plugin_name.endswith('password')):
|
||||||
|
domain_props = [
|
||||||
|
'project_domain_name',
|
||||||
|
'project_domain_id',
|
||||||
|
'user_domain_name',
|
||||||
|
'user_domain_id',
|
||||||
|
]
|
||||||
|
for prop in domain_props:
|
||||||
|
if self._auth_params.pop(prop, None) is not None:
|
||||||
|
LOG.warning("Ignoring domain related configs " +
|
||||||
|
prop + " because identity API version is 2.0")
|
||||||
|
return
|
||||||
|
|
||||||
|
# NOTE(aloga): The scope parameters below only apply to v3 and v3
|
||||||
|
# related auth plugins, so we stop the parameter checking if v2 is
|
||||||
|
# being used.
|
||||||
|
if (self._api_version.get('identity') != '3' or
|
||||||
|
self.auth_plugin_name.startswith('v2')):
|
||||||
|
return
|
||||||
|
|
||||||
|
# NOTE(stevemar): If PROJECT_DOMAIN_ID or PROJECT_DOMAIN_NAME is
|
||||||
|
# present, then do not change the behaviour. Otherwise, set the
|
||||||
|
# PROJECT_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
|
||||||
|
if ('project_domain_id' in self._auth_params and
|
||||||
|
not self._auth_params.get('project_domain_id') and
|
||||||
|
not self._auth_params.get('project_domain_name')):
|
||||||
|
self._auth_params['project_domain_id'] = default_domain
|
||||||
|
|
||||||
|
# NOTE(stevemar): If USER_DOMAIN_ID or USER_DOMAIN_NAME is present,
|
||||||
|
# then do not change the behaviour. Otherwise, set the
|
||||||
|
# USER_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
|
||||||
|
if ('user_domain_id' in self._auth_params and
|
||||||
|
not self._auth_params.get('user_domain_id') and
|
||||||
|
not self._auth_params.get('user_domain_name')):
|
||||||
|
self._auth_params['user_domain_id'] = default_domain
|
||||||
|
|
||||||
def setup_auth(self):
|
def setup_auth(self):
|
||||||
"""Set up authentication
|
"""Set up authentication
|
||||||
|
|
||||||
|
@ -173,40 +218,7 @@ class ClientManager(object):
|
||||||
self._cli_options,
|
self._cli_options,
|
||||||
)
|
)
|
||||||
|
|
||||||
# TODO(mordred): This is a usability improvement that's broadly useful
|
self._set_default_scope_options()
|
||||||
# We should port it back up into os-client-config.
|
|
||||||
default_domain = self._cli_options.default_domain
|
|
||||||
# NOTE(stevemar): If PROJECT_DOMAIN_ID or PROJECT_DOMAIN_NAME is
|
|
||||||
# present, then do not change the behaviour. Otherwise, set the
|
|
||||||
# PROJECT_DOMAIN_ID to 'OS_DEFAULT_DOMAIN' for better usability.
|
|
||||||
if (self._api_version.get('identity') == '3' and
|
|
||||||
self.auth_plugin_name.endswith('password') and
|
|
||||||
not self._auth_params.get('project_domain_id') and
|
|
||||||
not self.auth_plugin_name.startswith('v2') and
|
|
||||||
not self._auth_params.get('project_domain_name')):
|
|
||||||
self._auth_params['project_domain_id'] = default_domain
|
|
||||||
|
|
||||||
# NOTE(stevemar): If USER_DOMAIN_ID or USER_DOMAIN_NAME is present,
|
|
||||||
# then do not change the behaviour. Otherwise, set the USER_DOMAIN_ID
|
|
||||||
# to 'OS_DEFAULT_DOMAIN' for better usability.
|
|
||||||
if (self._api_version.get('identity') == '3' and
|
|
||||||
self.auth_plugin_name.endswith('password') and
|
|
||||||
not self.auth_plugin_name.startswith('v2') and
|
|
||||||
not self._auth_params.get('user_domain_id') and
|
|
||||||
not self._auth_params.get('user_domain_name')):
|
|
||||||
self._auth_params['user_domain_id'] = default_domain
|
|
||||||
|
|
||||||
# NOTE(hieulq): If USER_DOMAIN_NAME, USER_DOMAIN_ID, PROJECT_DOMAIN_ID
|
|
||||||
# or PROJECT_DOMAIN_NAME is present and API_VERSION is 2.0, then
|
|
||||||
# ignore all domain related configs.
|
|
||||||
if (self._api_version.get('identity') == '2.0' and
|
|
||||||
self.auth_plugin_name.endswith('password')):
|
|
||||||
domain_props = ['project_domain_name', 'project_domain_id',
|
|
||||||
'user_domain_name', 'user_domain_id']
|
|
||||||
for prop in domain_props:
|
|
||||||
if self._auth_params.pop(prop, None) is not None:
|
|
||||||
LOG.warning("Ignoring domain related configs " +
|
|
||||||
prop + " because identity API version is 2.0")
|
|
||||||
|
|
||||||
# For compatibility until all clients can be updated
|
# For compatibility until all clients can be updated
|
||||||
if 'project_name' in self._auth_params:
|
if 'project_name' in self._auth_params:
|
||||||
|
|
|
@ -101,42 +101,6 @@ class TestClientManager(utils.TestCase):
|
||||||
url=fakes.AUTH_URL,
|
url=fakes.AUTH_URL,
|
||||||
verb='GET')
|
verb='GET')
|
||||||
|
|
||||||
def test_client_manager_token(self):
|
|
||||||
|
|
||||||
client_manager = clientmanager.ClientManager(
|
|
||||||
cli_options=FakeOptions(
|
|
||||||
auth=dict(
|
|
||||||
token=fakes.AUTH_TOKEN,
|
|
||||||
auth_url=fakes.AUTH_URL,
|
|
||||||
),
|
|
||||||
auth_type='v2token',
|
|
||||||
interface=fakes.INTERFACE,
|
|
||||||
region_name=fakes.REGION_NAME,
|
|
||||||
),
|
|
||||||
api_version=API_VERSION,
|
|
||||||
)
|
|
||||||
client_manager.setup_auth()
|
|
||||||
client_manager.auth_ref
|
|
||||||
|
|
||||||
self.assertEqual(
|
|
||||||
fakes.AUTH_URL,
|
|
||||||
client_manager._auth_url,
|
|
||||||
)
|
|
||||||
self.assertIsInstance(
|
|
||||||
client_manager.auth,
|
|
||||||
auth_v2.Token,
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
fakes.INTERFACE,
|
|
||||||
client_manager.interface,
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
fakes.REGION_NAME,
|
|
||||||
client_manager.region_name,
|
|
||||||
)
|
|
||||||
self.assertTrue(client_manager.verify)
|
|
||||||
self.assertTrue(client_manager.is_service_available('network'))
|
|
||||||
|
|
||||||
def test_client_manager_password(self):
|
def test_client_manager_password(self):
|
||||||
|
|
||||||
client_manager = clientmanager.ClientManager(
|
client_manager = clientmanager.ClientManager(
|
||||||
|
@ -334,6 +298,7 @@ class TestClientManager(utils.TestCase):
|
||||||
def _select_auth_plugin(self, auth_params, api_version, auth_plugin_name):
|
def _select_auth_plugin(self, auth_params, api_version, auth_plugin_name):
|
||||||
auth_params['auth_type'] = auth_plugin_name
|
auth_params['auth_type'] = auth_plugin_name
|
||||||
auth_params['identity_api_version'] = api_version
|
auth_params['identity_api_version'] = api_version
|
||||||
|
|
||||||
client_manager = clientmanager.ClientManager(
|
client_manager = clientmanager.ClientManager(
|
||||||
cli_options=FakeOptions(**auth_params),
|
cli_options=FakeOptions(**auth_params),
|
||||||
api_version={"identity": api_version},
|
api_version={"identity": api_version},
|
||||||
|
|
Loading…
Reference in New Issue