Add domain name info into auth for keystone v3

domain name information should be in VIM configure, which is different from keystone configuration in tacker.conf. Also domain name is prefered to domain id. Depends-On: Ieb5612c966b2110930faac0401f5dabde064ffc1 Change-Id: Iec492e55ff763f92304c129d2373e544269f6271 Partial-bug: #1603851
2016-07-18 14:22:57 +08:00 · 2016-07-18 14:22:57 +08:00 · 7d3e2de6e0
parent 345f1a4948
commit 7d3e2de6e0
8 changed files with 75 additions and 18 deletions
--- a/devstack/vim_config.yaml
+++ b/devstack/vim_config.yaml
@ -2,3 +2,5 @@ auth_url: 'http://localhost:5000'
 username: 'nfv_user'
 password: 'devstack'
 project_name: 'nfv'
+project_domain_name: 'Default'
+user_domain_name: 'Default'
--- a/doc/source/devref/multisite_vim_usage_guide.rst
+++ b/doc/source/devref/multisite_vim_usage_guide.rst
@ -42,8 +42,8 @@ To register a new OpenStack VIM inside Tacker
 +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
 | Field          | Value                                                                                                                                                    |
 +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
- | auth_cred      | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_id": "default", "auth_url":                               |
- |                | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_id": "default"}                                                                        |
+ | auth_cred      | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_name": "default", "auth_url":                               |
+ |                | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_name": "default"}                                                                        |
 | auth_url       | http://10.18.161.165:5000/v3                                                                                                                             |
 | description    | OpenStack Liberty                                                                                                                                        |
 | id             | 3f3c51c5-8bda-4bd3-adb3-5ae62eae65c3                                                                                                                     |
--- a/releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml
+++ b/releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - Fixes bug 1603851, VIM registry should not use keystone
+    information from tacker.conf. This fixed the VIM keystone
+    v3 support.
--- a/samples/vim/vim_config.yaml
+++ b/samples/vim/vim_config.yaml
@ -2,3 +2,5 @@ auth_url: 'http://10.18.112.10:5000'
 username: 'nfv_user'
 password: 'mySecretPW'
 project_name: 'nfv'
+project_domain_name: 'Default'
+user_domain_name: 'Default'
--- a/tacker/extensions/nfvo.py
+++ b/tacker/extensions/nfvo.py
@ -66,6 +66,15 @@ class VimDuplicateUrlException(exceptions.TackerException):
    message = _("VIM with specified auth URL already exists. Cannot register "
                "duplicate VIM")

+
+class VimPorjectDomainNameMissingException(exceptions.TackerException):
+    message = _("'project_domain_name' is missing")
+
+
+class VimUserDomainNameMissingException(exceptions.TackerException):
+    message = _("'user_domain_name' is missing")
+
+
 RESOURCE_ATTRIBUTE_MAP = {

    'vims': {
--- a/tacker/nfvo/drivers/vim/openstack_driver.py
+++ b/tacker/nfvo/drivers/vim/openstack_driver.py
@ -88,18 +88,19 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver):
        if keystone_version == 'v3':
            auth_cred['project_id'] = vim_project.get('id')
            auth_cred['project_name'] = vim_project.get('name')
-            if 'project_domain_id' not in auth_cred:
-                auth_cred[
-                    'project_domain_id'
-                ] = CONF.keystone_authtoken.project_domain_id
-            if 'user_domain_id' not in auth_cred:
-                auth_cred[
-                    'user_domain_id'
-                ] = CONF.keystone_authtoken.user_domain_id
+            if not vim_project.get('project_domain_name'):
+                LOG.error(_("'project_domain_name' is missing."))
+                raise nfvo.VimPorjectDomainNameMissingException()
+            auth_cred['project_domain_name'] = vim_project.get(
+                'project_domain_name')
+            if not auth_cred.get('user_domain_name'):
+                LOG.error(_("'user_domain_name' is missing."))
+                raise nfvo.VimUserDomainNameMissingException()
        else:
            auth_cred['tenant_id'] = vim_project.get('id')
            auth_cred['tenant_name'] = vim_project.get('name')
-            # user_id is not supported in keystone v2
+            # pop stuff not supported in keystone v2
+            auth_cred.pop('user_domain_name', None)
            auth_cred.pop('user_id', None)
        auth_cred['auth_url'] = vim_obj['auth_url']
        return self._initialize_keystone(keystone_version, auth_cred)
--- a/tacker/tests/unit/db/utils.py
+++ b/tacker/tests/unit/db/utils.py
@ -156,7 +156,10 @@ def get_dummy_device_obj_userdata_attr():


 def get_vim_auth_obj():
-    return {'username': 'test_user', 'password': 'test_password',
-            'project_id': None, 'project_name': 'test_project',
-            'auth_url': 'http://localhost:5000/v3', 'user_domain_id':
-                'default', 'project_domain_id': 'default'}
+    return {'username': 'test_user',
+            'password': 'test_password',
+            'project_id': None,
+            'project_name': 'test_project',
+            'auth_url': 'http://localhost:5000/v3',
+            'user_domain_name': 'default',
+            'project_domain_name': 'default'}
--- a/tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py
+++ b/tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py
@ -15,6 +15,7 @@

 from keystoneclient import exceptions
 import mock
+from mock import sentinel
 from oslo_config import cfg

 from tacker.extensions import nfvo
@ -62,9 +63,12 @@ class TestOpenstack_Driver(base.TestCase):
    def get_vim_obj(self):
        return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type':
                'openstack', 'auth_url': 'http://localhost:5000',
-                'auth_cred': {'username': 'test_user', 'password':
-                    'test_password'}, 'name': 'VIM0',
-                'vim_project': {'name': 'test_project'}}
+                'auth_cred': {'username': 'test_user',
+                              'password': 'test_password',
+                              'user_domain_name': 'default'},
+                'name': 'VIM0',
+                'vim_project': {'name': 'test_project',
+                                'project_domain_name': 'default'}}

    def test_register_keystone_v3(self):
        regions = [mock_dict({'id': 'RegionOne'})]
@ -129,3 +133,34 @@ class TestOpenstack_Driver(base.TestCase):
        mock_ks_client.regions.list.assert_called_once_with()
        self.keystone.initialize_client.assert_called_once_with(
            version=keystone_version, **self.auth_obj)
+
+    def test_auth_vim_missing_project_domain_name(self):
+        keystone_version = 'v3'
+        self.keystone.get_version.return_value = keystone_version
+        auth_cred = {'username': sentinel.usrname1,
+                     'password': sentinel.password1,
+                     'user_domain_name': sentinel.user_domain.name,
+                     'user_id': sentinel.usrid1}
+        vim_obj = {'auth_url': "http://xxx",
+                   'auth_cred': auth_cred,
+                   'vim_project': {'id': sentinel.prj_id1,
+                                   'name': sentinel.prj_name1}}
+        self.assertRaises(nfvo.VimPorjectDomainNameMissingException,
+                          self.openstack_driver.authenticate_vim,
+                          vim_obj)
+
+    def test_auth_vim_missing_user_domain_name(self):
+        keystone_version = 'v3'
+        self.keystone.get_version.return_value = keystone_version
+        auth_cred = {'username': sentinel.usrname1,
+                     'password': sentinel.password1,
+                     'user_id': sentinel.usrid1}
+        vim_obj = {'auth_url': "http://xxx",
+                   'auth_cred': auth_cred,
+                   'vim_project': {'id': sentinel.prj_id1,
+                                   'project_domain_name':
+                                       sentinel.prj_domain_name1,
+                                   'name': sentinel.prj_name1}}
+        self.assertRaises(nfvo.VimUserDomainNameMissingException,
+                          self.openstack_driver.authenticate_vim,
+                          vim_obj)