Add domain name info into auth for keystone v3

domain name information should be in VIM configure, which is
different from keystone configuration in tacker.conf.

Also domain name is prefered to domain id.

Change-Id: Iec492e55ff763f92304c129d2373e544269f6271
Partial-bug: #1603851

devstack/vim_config.yaml

@@ -2,3 +2,5 @@ auth_url: 'http://localhost:5000'
 username: 'nfv_user'
 password: 'devstack'
 project_name: 'nfv'
+project_domain_name: 'Default'
+user_domain_name: 'Default'

doc/source/devref/multisite_vim_usage_guide.rst

@@ -42,8 +42,8 @@ To register a new OpenStack VIM inside Tacker
  +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field          | Value                                                                                                                                                    |
  +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
- | auth_cred      | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_id": "default", "auth_url":                               |
- |                | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_id": "default"}                                                                        |
+ | auth_cred      | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_name": "default", "auth_url":                               |
+ |                | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_name": "default"}                                                                        |
  | auth_url       | http://10.18.161.165:5000/v3                                                                                                                             |
  | description    | OpenStack Liberty                                                                                                                                        |
  | id             | 3f3c51c5-8bda-4bd3-adb3-5ae62eae65c3                                                                                                                     |

releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - Fixes bug 1603851, VIM registry should not use keystone
+    information from tacker.conf. This fixed the VIM keystone
+    v3 support.

samples/vim/vim_config.yaml

@@ -2,3 +2,5 @@ auth_url: 'http://10.18.112.10:5000'
 username: 'nfv_user'
 password: 'mySecretPW'
 project_name: 'nfv'
+project_domain_name: 'Default'
+user_domain_name: 'Default'

tacker/extensions/nfvo.py

@@ -72,6 +72,15 @@ class VimDuplicateUrlException(exceptions.TackerException):
     message = _("VIM with specified auth URL already exists. Cannot register "
                 "duplicate VIM")
 
+
+class VimPorjectDomainNameMissingException(exceptions.TackerException):
+    message = _("'project_domain_name' is missing")
+
+
+class VimUserDomainNameMissingException(exceptions.TackerException):
+    message = _("'user_domain_name' is missing")
+
+
 RESOURCE_ATTRIBUTE_MAP = {
 
     'vims': {

tacker/nfvo/drivers/vim/openstack_driver.py

@@ -88,18 +88,19 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver):
         if keystone_version == 'v3':
             auth_cred['project_id'] = vim_project.get('id')
             auth_cred['project_name'] = vim_project.get('name')
-            if 'project_domain_id' not in auth_cred:
-                auth_cred[
-                    'project_domain_id'
-                ] = CONF.keystone_authtoken.project_domain_id
-            if 'user_domain_id' not in auth_cred:
-                auth_cred[
-                    'user_domain_id'
-                ] = CONF.keystone_authtoken.user_domain_id
+            if not vim_project.get('project_domain_name'):
+                LOG.error(_("'project_domain_name' is missing."))
+                raise nfvo.VimPorjectDomainNameMissingException()
+            auth_cred['project_domain_name'] = vim_project.get(
+                'project_domain_name')
+            if not auth_cred.get('user_domain_name'):
+                LOG.error(_("'user_domain_name' is missing."))
+                raise nfvo.VimUserDomainNameMissingException()
         else:
             auth_cred['tenant_id'] = vim_project.get('id')
             auth_cred['tenant_name'] = vim_project.get('name')
-            # user_id is not supported in keystone v2
+            # pop stuff not supported in keystone v2
+            auth_cred.pop('user_domain_name', None)
             auth_cred.pop('user_id', None)
         auth_cred['auth_url'] = vim_obj['auth_url']
         return self._initialize_keystone(keystone_version, auth_cred)

tacker/tests/etc/samples/local-vim.yaml

@@ -2,3 +2,4 @@ auth_url: http://127.0.0.1:5000
 username: nfv_user
 password: devstack
 project_name: nfv
+domain_name: Default

tacker/tests/functional/nfvo/test_vim.py

@@ -30,13 +30,16 @@ class VimTestCreate(base.BaseTackerTest):
         username = data['username']
         project_name = data['project_name']
         auth_url = data['auth_url']
-
+        domain_name = data.get('domain_name', None)
         vim_arg = {'vim': {'name': name, 'description': description,
                            'type': vim_type,
                            'auth_url': auth_url,
                            'auth_cred': {'username': username,
-                                         'password': password},
-                           'vim_project': {'name': project_name},
+                                         'password': password,
+                                         'user_domain_name': domain_name},
+                           'vim_project': {'name': project_name,
+                                           'project_domain_name':
+                                               domain_name},
                            'is_default': False}}
 
         # Register vim

tacker/tests/unit/db/utils.py

@@ -156,7 +156,10 @@ def get_dummy_device_obj_userdata_attr():
 
 
 def get_vim_auth_obj():
-    return {'username': 'test_user', 'password': 'test_password',
-            'project_id': None, 'project_name': 'test_project',
-            'auth_url': 'http://localhost:5000/v3', 'user_domain_id':
-                'default', 'project_domain_id': 'default'}
+    return {'username': 'test_user',
+            'password': 'test_password',
+            'project_id': None,
+            'project_name': 'test_project',
+            'auth_url': 'http://localhost:5000/v3',
+            'user_domain_name': 'default',
+            'project_domain_name': 'default'}

tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py

@@ -15,6 +15,7 @@
 
 from keystoneclient import exceptions
 import mock
+from mock import sentinel
 from oslo_config import cfg
 
 from tacker.extensions import nfvo
@@ -62,9 +63,12 @@ class TestOpenstack_Driver(base.TestCase):
     def get_vim_obj(self):
         return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type':
                 'openstack', 'auth_url': 'http://localhost:5000',
-                'auth_cred': {'username': 'test_user', 'password':
-                    'test_password'}, 'name': 'VIM0',
-                'vim_project': {'name': 'test_project'}}
+                'auth_cred': {'username': 'test_user',
+                              'password': 'test_password',
+                              'user_domain_name': 'default'},
+                'name': 'VIM0',
+                'vim_project': {'name': 'test_project',
+                                'project_domain_name': 'default'}}
 
     def test_register_keystone_v3(self):
         regions = [mock_dict({'id': 'RegionOne'})]
@@ -129,3 +133,34 @@ class TestOpenstack_Driver(base.TestCase):
         mock_ks_client.regions.list.assert_called_once_with()
         self.keystone.initialize_client.assert_called_once_with(
             version=keystone_version, **self.auth_obj)
+
+    def test_auth_vim_missing_project_domain_name(self):
+        keystone_version = 'v3'
+        self.keystone.get_version.return_value = keystone_version
+        auth_cred = {'username': sentinel.usrname1,
+                     'password': sentinel.password1,
+                     'user_domain_name': sentinel.user_domain.name,
+                     'user_id': sentinel.usrid1}
+        vim_obj = {'auth_url': "http://xxx",
+                   'auth_cred': auth_cred,
+                   'vim_project': {'id': sentinel.prj_id1,
+                                   'name': sentinel.prj_name1}}
+        self.assertRaises(nfvo.VimPorjectDomainNameMissingException,
+                          self.openstack_driver.authenticate_vim,
+                          vim_obj)
+
+    def test_auth_vim_missing_user_domain_name(self):
+        keystone_version = 'v3'
+        self.keystone.get_version.return_value = keystone_version
+        auth_cred = {'username': sentinel.usrname1,
+                     'password': sentinel.password1,
+                     'user_id': sentinel.usrid1}
+        vim_obj = {'auth_url': "http://xxx",
+                   'auth_cred': auth_cred,
+                   'vim_project': {'id': sentinel.prj_id1,
+                                   'project_domain_name':
+                                       sentinel.prj_domain_name1,
+                                   'name': sentinel.prj_name1}}
+        self.assertRaises(nfvo.VimUserDomainNameMissingException,
+                          self.openstack_driver.authenticate_vim,
+                          vim_obj)