Merge "Fully switch to keystone authtoken parameters"
This commit is contained in:
commit
a197ec5c48
@ -98,10 +98,10 @@ function configure_sahara {
|
||||
|
||||
# Set admin user parameters needed for trusts creation
|
||||
iniset $SAHARA_CONF_FILE \
|
||||
keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken admin_user sahara
|
||||
keystone_authtoken project_name $SERVICE_TENANT_NAME
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken username sahara
|
||||
iniset $SAHARA_CONF_FILE \
|
||||
keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
keystone_authtoken password $SERVICE_PASSWORD
|
||||
|
||||
iniset_rpc_backend sahara $SAHARA_CONF_FILE DEFAULT
|
||||
|
||||
|
@ -43,7 +43,7 @@ should point to the admin Identity API endpoint. For example:
|
||||
auth_uri=http://127.0.0.1:5000/v2.0/
|
||||
identity_uri=http://127.0.0.1:35357/
|
||||
|
||||
Specify the ``admin_user``, ``admin_password`` and ``admin_tenant_name``.
|
||||
Specify the ``username``, ``password`` and ``project_name``.
|
||||
These parameters must specify an Identity user who has the ``admin`` role
|
||||
in the given project. These credentials allow sahara to authenticate and
|
||||
authorize its users.
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
deprecations:
|
||||
- The custom admin_user_domain_name and admin_project_domain_name
|
||||
configuration options have been removed; they are provided
|
||||
by keystone_authtoken as user_domain_name and
|
||||
project_domain_name respectively.
|
@ -87,7 +87,7 @@ def create_trust_for_cluster(cluster, expires=True):
|
||||
if CONF.use_identity_api_v3 and not cluster.trust_id:
|
||||
trustor = keystone.auth()
|
||||
trustee = keystone.auth_for_admin(
|
||||
project_name=CONF.keystone_authtoken.admin_tenant_name)
|
||||
project_name=keystone.get_keystoneauth_cfg(CONF, 'project_name'))
|
||||
|
||||
trust_id = create_trust(trustor=trustor,
|
||||
trustee=trustee,
|
||||
@ -153,7 +153,7 @@ def use_os_admin_auth_token(cluster):
|
||||
ctx = context.current()
|
||||
cluster = conductor.cluster_get(ctx, cluster)
|
||||
if CONF.use_identity_api_v3 and cluster.trust_id:
|
||||
ctx.username = CONF.keystone_authtoken.admin_user
|
||||
ctx.username = keystone.get_keystoneauth_cfg(CONF, 'username')
|
||||
ctx.tenant_id = cluster.tenant_id
|
||||
ctx.auth_plugin = keystone.auth_for_admin(
|
||||
trust_id=cluster.trust_id)
|
||||
|
@ -70,15 +70,16 @@ class TestTrusts(base.SaharaTestCase):
|
||||
allow_redelegation=False)
|
||||
self.assertEqual("trust_id", trust_id)
|
||||
|
||||
@mock.patch('sahara.utils.openstack.keystone.get_keystoneauth_cfg')
|
||||
@mock.patch('sahara.conductor.API.cluster_get')
|
||||
@mock.patch('sahara.conductor.API.cluster_update')
|
||||
@mock.patch('sahara.service.trusts.create_trust')
|
||||
@mock.patch('sahara.utils.openstack.keystone.auth_for_admin')
|
||||
@mock.patch('sahara.context.current')
|
||||
def test_create_trust_for_cluster(self, context_current, auth_for_admin,
|
||||
create_trust, cluster_update, cl_get):
|
||||
self.override_config('admin_tenant_name', 'admin_project',
|
||||
group='keystone_authtoken')
|
||||
create_trust, cluster_update, cl_get,
|
||||
config_get):
|
||||
config_get.return_value = "admin_project"
|
||||
trustor_auth = mock.Mock()
|
||||
fake_cluster = mock.Mock(trust_id=None)
|
||||
cl_get.return_value = fake_cluster
|
||||
|
@ -23,6 +23,19 @@ from sahara.service import sessions
|
||||
from sahara.utils.openstack import base
|
||||
|
||||
|
||||
def get_keystoneauth_cfg(conf, name):
|
||||
"""get the keystone auth cfg
|
||||
|
||||
Fetch value of keystone_authtoken group from config file when not
|
||||
available as part of GroupAttr.
|
||||
:rtype: String
|
||||
:param conf: oslo config cfg.CONF
|
||||
:param name: property name to be retrieved
|
||||
"""
|
||||
value_list = conf._namespace._get_file_value([('keystone_authtoken',
|
||||
name)])
|
||||
return value_list[0]
|
||||
|
||||
opts = [
|
||||
# TODO(alazarev) Move to [keystone] section
|
||||
cfg.BoolOpt('use_identity_api_v3',
|
||||
@ -30,17 +43,7 @@ opts = [
|
||||
help='Enables Sahara to use Keystone API v3. '
|
||||
'If that flag is disabled, '
|
||||
'per-job clusters will not be terminated '
|
||||
'automatically.'),
|
||||
# TODO(mimccune) The following should be integrated into a custom
|
||||
# auth section
|
||||
cfg.StrOpt('admin_user_domain_name',
|
||||
default='default',
|
||||
help='The name of the domain to which the admin user '
|
||||
'belongs.'),
|
||||
cfg.StrOpt('admin_project_domain_name',
|
||||
default='default',
|
||||
help='The name of the domain for the service '
|
||||
'project(ex. tenant).')
|
||||
'automatically.')
|
||||
]
|
||||
|
||||
ssl_opts = [
|
||||
@ -84,11 +87,11 @@ def auth_for_admin(project_name=None, trust_id=None):
|
||||
# into federated authentication. it will need to match the domain that
|
||||
# the project_name exists in.
|
||||
auth = _password_auth(
|
||||
username=CONF.keystone_authtoken.admin_user,
|
||||
password=CONF.keystone_authtoken.admin_password,
|
||||
username=get_keystoneauth_cfg(CONF, 'username'),
|
||||
password=get_keystoneauth_cfg(CONF, 'password'),
|
||||
project_name=project_name,
|
||||
user_domain_name=CONF.admin_user_domain_name,
|
||||
project_domain_name=CONF.admin_project_domain_name,
|
||||
user_domain_name=get_keystoneauth_cfg(CONF, 'user_domain_name'),
|
||||
project_domain_name=get_keystoneauth_cfg(CONF, 'project_domain_name'),
|
||||
trust_id=trust_id)
|
||||
return auth
|
||||
|
||||
@ -120,7 +123,7 @@ def client():
|
||||
def client_for_admin():
|
||||
'''Return the Sahara admin user client.'''
|
||||
auth = auth_for_admin(
|
||||
project_name=CONF.keystone_authtoken.admin_tenant_name)
|
||||
project_name=get_keystoneauth_cfg(CONF, 'project_name'))
|
||||
return client_from_auth(auth)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user