Fully switch to keystone authtoken parameters

The old v2 parameters are not set anymore by puppet-sahara: https://review.openstack.org/#/c/441223/ and trust (which means cluster operations) is broken. Because puppet-sahara is used by TripleO and Packstack, we consider this a critical issue. We now switch to the "new" v3 parameters from keystone_authtoken, as incentivized by that puppet-sahara change. We no longer use the custom options admin_user_domain_name and admin_project_domain_name, as [keystone_authtoken] can provide them. Note 1: A workaround is needed to access some of the configs in [keystone_authtoken], as they are considered private for keystonemiddleware. In sahara-api, it would have been possible to grab these configs with only a slight bit of magic, as sahara-api is a keystonemiddleware-enabled WSGI application. However, with sahara-engine it is not as straightforward, since keystonemiddleware is not integrated there. Therefore, to access these private configs we use a very sneaky workaround inspired by [0]. This should be removed in Queens: we should add a separate, non-private [clients_keystone] section in sahara.conf. That is the standard way to grab service user credentials when excluded from access to [keystone_authtoken]. Unfortunately we could not have done that in Pike as it was too late to have a new puppet-sahara release. Note 2: tools/get_auth_token.py was not changed as it probably requires other changes to work with Identity v3. [0] Ibbc738ee4c90392af47f1b6d69aee3c8dbbf3c17 Closes-Bug: #1709091 Co-Authored-By: Jeremy Freudberg <jeremyfreudberg@gmail.com> Change-Id: I930e544b16f0871f5e8dc1a42aae34518ff25bcd
2017-07-20 13:19:58 +02:00
parent fae4540354
commit 5abae32028
6 changed files with 35 additions and 25 deletions
--- a/sahara/tests/unit/service/test_trusts.py
+++ b/sahara/tests/unit/service/test_trusts.py
@@ -70,15 +70,16 @@ class TestTrusts(base.SaharaTestCase):
                                                allow_redelegation=False)
        self.assertEqual("trust_id", trust_id)

+    @mock.patch('sahara.utils.openstack.keystone.get_keystoneauth_cfg')
    @mock.patch('sahara.conductor.API.cluster_get')
    @mock.patch('sahara.conductor.API.cluster_update')
    @mock.patch('sahara.service.trusts.create_trust')
    @mock.patch('sahara.utils.openstack.keystone.auth_for_admin')
    @mock.patch('sahara.context.current')
    def test_create_trust_for_cluster(self, context_current, auth_for_admin,
-                                      create_trust, cluster_update, cl_get):
-        self.override_config('admin_tenant_name', 'admin_project',
-                             group='keystone_authtoken')
+                                      create_trust, cluster_update, cl_get,
+                                      config_get):
+        config_get.return_value = "admin_project"
        trustor_auth = mock.Mock()
        fake_cluster = mock.Mock(trust_id=None)
        cl_get.return_value = fake_cluster