Add domain name info into auth for keystone v3
domain name information should be in VIM configure, which is different from keystone configuration in tacker.conf. Also domain name is prefered to domain id. Change-Id: Iec492e55ff763f92304c129d2373e544269f6271 Partial-bug: #1603851
This commit is contained in:
parent
df9eb366f3
commit
52073b010f
|
@ -2,3 +2,5 @@ auth_url: 'http://localhost:5000'
|
|||
username: 'nfv_user'
|
||||
password: 'devstack'
|
||||
project_name: 'nfv'
|
||||
project_domain_name: 'Default'
|
||||
user_domain_name: 'Default'
|
||||
|
|
|
@ -42,8 +42,8 @@ To register a new OpenStack VIM inside Tacker
|
|||
+----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Field | Value |
|
||||
+----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| auth_cred | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_id": "default", "auth_url": |
|
||||
| | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_id": "default"} |
|
||||
| auth_cred | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_name": "default", "auth_url": |
|
||||
| | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_name": "default"} |
|
||||
| auth_url | http://10.18.161.165:5000/v3 |
|
||||
| description | OpenStack Liberty |
|
||||
| id | 3f3c51c5-8bda-4bd3-adb3-5ae62eae65c3 |
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- Fixes bug 1603851, VIM registry should not use keystone
|
||||
information from tacker.conf. This fixed the VIM keystone
|
||||
v3 support.
|
|
@ -2,3 +2,5 @@ auth_url: 'http://10.18.112.10:5000'
|
|||
username: 'nfv_user'
|
||||
password: 'mySecretPW'
|
||||
project_name: 'nfv'
|
||||
project_domain_name: 'Default'
|
||||
user_domain_name: 'Default'
|
||||
|
|
|
@ -72,6 +72,15 @@ class VimDuplicateUrlException(exceptions.TackerException):
|
|||
message = _("VIM with specified auth URL already exists. Cannot register "
|
||||
"duplicate VIM")
|
||||
|
||||
|
||||
class VimPorjectDomainNameMissingException(exceptions.TackerException):
|
||||
message = _("'project_domain_name' is missing")
|
||||
|
||||
|
||||
class VimUserDomainNameMissingException(exceptions.TackerException):
|
||||
message = _("'user_domain_name' is missing")
|
||||
|
||||
|
||||
RESOURCE_ATTRIBUTE_MAP = {
|
||||
|
||||
'vims': {
|
||||
|
|
|
@ -88,18 +88,19 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver):
|
|||
if keystone_version == 'v3':
|
||||
auth_cred['project_id'] = vim_project.get('id')
|
||||
auth_cred['project_name'] = vim_project.get('name')
|
||||
if 'project_domain_id' not in auth_cred:
|
||||
auth_cred[
|
||||
'project_domain_id'
|
||||
] = CONF.keystone_authtoken.project_domain_id
|
||||
if 'user_domain_id' not in auth_cred:
|
||||
auth_cred[
|
||||
'user_domain_id'
|
||||
] = CONF.keystone_authtoken.user_domain_id
|
||||
if not vim_project.get('project_domain_name'):
|
||||
LOG.error(_("'project_domain_name' is missing."))
|
||||
raise nfvo.VimPorjectDomainNameMissingException()
|
||||
auth_cred['project_domain_name'] = vim_project.get(
|
||||
'project_domain_name')
|
||||
if not auth_cred.get('user_domain_name'):
|
||||
LOG.error(_("'user_domain_name' is missing."))
|
||||
raise nfvo.VimUserDomainNameMissingException()
|
||||
else:
|
||||
auth_cred['tenant_id'] = vim_project.get('id')
|
||||
auth_cred['tenant_name'] = vim_project.get('name')
|
||||
# user_id is not supported in keystone v2
|
||||
# pop stuff not supported in keystone v2
|
||||
auth_cred.pop('user_domain_name', None)
|
||||
auth_cred.pop('user_id', None)
|
||||
auth_cred['auth_url'] = vim_obj['auth_url']
|
||||
return self._initialize_keystone(keystone_version, auth_cred)
|
||||
|
|
|
@ -2,3 +2,4 @@ auth_url: http://127.0.0.1:5000
|
|||
username: nfv_user
|
||||
password: devstack
|
||||
project_name: nfv
|
||||
domain_name: Default
|
|
@ -30,13 +30,16 @@ class VimTestCreate(base.BaseTackerTest):
|
|||
username = data['username']
|
||||
project_name = data['project_name']
|
||||
auth_url = data['auth_url']
|
||||
|
||||
domain_name = data.get('domain_name', None)
|
||||
vim_arg = {'vim': {'name': name, 'description': description,
|
||||
'type': vim_type,
|
||||
'auth_url': auth_url,
|
||||
'auth_cred': {'username': username,
|
||||
'password': password},
|
||||
'vim_project': {'name': project_name},
|
||||
'password': password,
|
||||
'user_domain_name': domain_name},
|
||||
'vim_project': {'name': project_name,
|
||||
'project_domain_name':
|
||||
domain_name},
|
||||
'is_default': False}}
|
||||
|
||||
# Register vim
|
||||
|
|
|
@ -156,7 +156,10 @@ def get_dummy_device_obj_userdata_attr():
|
|||
|
||||
|
||||
def get_vim_auth_obj():
|
||||
return {'username': 'test_user', 'password': 'test_password',
|
||||
'project_id': None, 'project_name': 'test_project',
|
||||
'auth_url': 'http://localhost:5000/v3', 'user_domain_id':
|
||||
'default', 'project_domain_id': 'default'}
|
||||
return {'username': 'test_user',
|
||||
'password': 'test_password',
|
||||
'project_id': None,
|
||||
'project_name': 'test_project',
|
||||
'auth_url': 'http://localhost:5000/v3',
|
||||
'user_domain_name': 'default',
|
||||
'project_domain_name': 'default'}
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
|
||||
from keystoneclient import exceptions
|
||||
import mock
|
||||
from mock import sentinel
|
||||
from oslo_config import cfg
|
||||
|
||||
from tacker.extensions import nfvo
|
||||
|
@ -62,9 +63,12 @@ class TestOpenstack_Driver(base.TestCase):
|
|||
def get_vim_obj(self):
|
||||
return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type':
|
||||
'openstack', 'auth_url': 'http://localhost:5000',
|
||||
'auth_cred': {'username': 'test_user', 'password':
|
||||
'test_password'}, 'name': 'VIM0',
|
||||
'vim_project': {'name': 'test_project'}}
|
||||
'auth_cred': {'username': 'test_user',
|
||||
'password': 'test_password',
|
||||
'user_domain_name': 'default'},
|
||||
'name': 'VIM0',
|
||||
'vim_project': {'name': 'test_project',
|
||||
'project_domain_name': 'default'}}
|
||||
|
||||
def test_register_keystone_v3(self):
|
||||
regions = [mock_dict({'id': 'RegionOne'})]
|
||||
|
@ -129,3 +133,34 @@ class TestOpenstack_Driver(base.TestCase):
|
|||
mock_ks_client.regions.list.assert_called_once_with()
|
||||
self.keystone.initialize_client.assert_called_once_with(
|
||||
version=keystone_version, **self.auth_obj)
|
||||
|
||||
def test_auth_vim_missing_project_domain_name(self):
|
||||
keystone_version = 'v3'
|
||||
self.keystone.get_version.return_value = keystone_version
|
||||
auth_cred = {'username': sentinel.usrname1,
|
||||
'password': sentinel.password1,
|
||||
'user_domain_name': sentinel.user_domain.name,
|
||||
'user_id': sentinel.usrid1}
|
||||
vim_obj = {'auth_url': "http://xxx",
|
||||
'auth_cred': auth_cred,
|
||||
'vim_project': {'id': sentinel.prj_id1,
|
||||
'name': sentinel.prj_name1}}
|
||||
self.assertRaises(nfvo.VimPorjectDomainNameMissingException,
|
||||
self.openstack_driver.authenticate_vim,
|
||||
vim_obj)
|
||||
|
||||
def test_auth_vim_missing_user_domain_name(self):
|
||||
keystone_version = 'v3'
|
||||
self.keystone.get_version.return_value = keystone_version
|
||||
auth_cred = {'username': sentinel.usrname1,
|
||||
'password': sentinel.password1,
|
||||
'user_id': sentinel.usrid1}
|
||||
vim_obj = {'auth_url': "http://xxx",
|
||||
'auth_cred': auth_cred,
|
||||
'vim_project': {'id': sentinel.prj_id1,
|
||||
'project_domain_name':
|
||||
sentinel.prj_domain_name1,
|
||||
'name': sentinel.prj_name1}}
|
||||
self.assertRaises(nfvo.VimUserDomainNameMissingException,
|
||||
self.openstack_driver.authenticate_vim,
|
||||
vim_obj)
|
||||
|
|
Loading…
Reference in New Issue