diff --git a/devstack/vim_config.yaml b/devstack/vim_config.yaml index 054f1fe1a..d058cb7eb 100644 --- a/devstack/vim_config.yaml +++ b/devstack/vim_config.yaml @@ -2,3 +2,5 @@ auth_url: 'http://localhost:5000' username: 'nfv_user' password: 'devstack' project_name: 'nfv' +project_domain_name: 'Default' +user_domain_name: 'Default' diff --git a/doc/source/devref/multisite_vim_usage_guide.rst b/doc/source/devref/multisite_vim_usage_guide.rst index d22ea9c83..c51294f2f 100644 --- a/doc/source/devref/multisite_vim_usage_guide.rst +++ b/doc/source/devref/multisite_vim_usage_guide.rst @@ -42,8 +42,8 @@ To register a new OpenStack VIM inside Tacker +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - | auth_cred | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_id": "default", "auth_url": | - | | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_id": "default"} | + | auth_cred | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_name": "default", "auth_url": | + | | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_name": "default"} | | auth_url | http://10.18.161.165:5000/v3 | | description | OpenStack Liberty | | id | 3f3c51c5-8bda-4bd3-adb3-5ae62eae65c3 | diff --git a/releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml b/releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml new file mode 100644 index 000000000..df0634949 --- /dev/null +++ b/releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Fixes bug 1603851, VIM registry should not use keystone + information from tacker.conf. This fixed the VIM keystone + v3 support. diff --git a/samples/vim/vim_config.yaml b/samples/vim/vim_config.yaml index b9b28d6c9..fe2bd65a7 100644 --- a/samples/vim/vim_config.yaml +++ b/samples/vim/vim_config.yaml @@ -2,3 +2,5 @@ auth_url: 'http://10.18.112.10:5000' username: 'nfv_user' password: 'mySecretPW' project_name: 'nfv' +project_domain_name: 'Default' +user_domain_name: 'Default' diff --git a/tacker/extensions/nfvo.py b/tacker/extensions/nfvo.py index 9801df6ab..f81995610 100644 --- a/tacker/extensions/nfvo.py +++ b/tacker/extensions/nfvo.py @@ -66,6 +66,15 @@ class VimDuplicateUrlException(exceptions.TackerException): message = _("VIM with specified auth URL already exists. Cannot register " "duplicate VIM") + +class VimPorjectDomainNameMissingException(exceptions.TackerException): + message = _("'project_domain_name' is missing") + + +class VimUserDomainNameMissingException(exceptions.TackerException): + message = _("'user_domain_name' is missing") + + RESOURCE_ATTRIBUTE_MAP = { 'vims': { diff --git a/tacker/nfvo/drivers/vim/openstack_driver.py b/tacker/nfvo/drivers/vim/openstack_driver.py index 7b4904b8a..0dc878c02 100644 --- a/tacker/nfvo/drivers/vim/openstack_driver.py +++ b/tacker/nfvo/drivers/vim/openstack_driver.py @@ -88,18 +88,19 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver): if keystone_version == 'v3': auth_cred['project_id'] = vim_project.get('id') auth_cred['project_name'] = vim_project.get('name') - if 'project_domain_id' not in auth_cred: - auth_cred[ - 'project_domain_id' - ] = CONF.keystone_authtoken.project_domain_id - if 'user_domain_id' not in auth_cred: - auth_cred[ - 'user_domain_id' - ] = CONF.keystone_authtoken.user_domain_id + if not vim_project.get('project_domain_name'): + LOG.error(_("'project_domain_name' is missing.")) + raise nfvo.VimPorjectDomainNameMissingException() + auth_cred['project_domain_name'] = vim_project.get( + 'project_domain_name') + if not auth_cred.get('user_domain_name'): + LOG.error(_("'user_domain_name' is missing.")) + raise nfvo.VimUserDomainNameMissingException() else: auth_cred['tenant_id'] = vim_project.get('id') auth_cred['tenant_name'] = vim_project.get('name') - # user_id is not supported in keystone v2 + # pop stuff not supported in keystone v2 + auth_cred.pop('user_domain_name', None) auth_cred.pop('user_id', None) auth_cred['auth_url'] = vim_obj['auth_url'] return self._initialize_keystone(keystone_version, auth_cred) diff --git a/tacker/tests/unit/db/utils.py b/tacker/tests/unit/db/utils.py index af701418c..6c31293cf 100644 --- a/tacker/tests/unit/db/utils.py +++ b/tacker/tests/unit/db/utils.py @@ -156,7 +156,10 @@ def get_dummy_device_obj_userdata_attr(): def get_vim_auth_obj(): - return {'username': 'test_user', 'password': 'test_password', - 'project_id': None, 'project_name': 'test_project', - 'auth_url': 'http://localhost:5000/v3', 'user_domain_id': - 'default', 'project_domain_id': 'default'} + return {'username': 'test_user', + 'password': 'test_password', + 'project_id': None, + 'project_name': 'test_project', + 'auth_url': 'http://localhost:5000/v3', + 'user_domain_name': 'default', + 'project_domain_name': 'default'} diff --git a/tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py b/tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py index 815a3d520..92698d1d4 100644 --- a/tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py +++ b/tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py @@ -15,6 +15,7 @@ from keystoneclient import exceptions import mock +from mock import sentinel from oslo_config import cfg from tacker.extensions import nfvo @@ -62,9 +63,12 @@ class TestOpenstack_Driver(base.TestCase): def get_vim_obj(self): return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type': 'openstack', 'auth_url': 'http://localhost:5000', - 'auth_cred': {'username': 'test_user', 'password': - 'test_password'}, 'name': 'VIM0', - 'vim_project': {'name': 'test_project'}} + 'auth_cred': {'username': 'test_user', + 'password': 'test_password', + 'user_domain_name': 'default'}, + 'name': 'VIM0', + 'vim_project': {'name': 'test_project', + 'project_domain_name': 'default'}} def test_register_keystone_v3(self): regions = [mock_dict({'id': 'RegionOne'})] @@ -129,3 +133,34 @@ class TestOpenstack_Driver(base.TestCase): mock_ks_client.regions.list.assert_called_once_with() self.keystone.initialize_client.assert_called_once_with( version=keystone_version, **self.auth_obj) + + def test_auth_vim_missing_project_domain_name(self): + keystone_version = 'v3' + self.keystone.get_version.return_value = keystone_version + auth_cred = {'username': sentinel.usrname1, + 'password': sentinel.password1, + 'user_domain_name': sentinel.user_domain.name, + 'user_id': sentinel.usrid1} + vim_obj = {'auth_url': "http://xxx", + 'auth_cred': auth_cred, + 'vim_project': {'id': sentinel.prj_id1, + 'name': sentinel.prj_name1}} + self.assertRaises(nfvo.VimPorjectDomainNameMissingException, + self.openstack_driver.authenticate_vim, + vim_obj) + + def test_auth_vim_missing_user_domain_name(self): + keystone_version = 'v3' + self.keystone.get_version.return_value = keystone_version + auth_cred = {'username': sentinel.usrname1, + 'password': sentinel.password1, + 'user_id': sentinel.usrid1} + vim_obj = {'auth_url': "http://xxx", + 'auth_cred': auth_cred, + 'vim_project': {'id': sentinel.prj_id1, + 'project_domain_name': + sentinel.prj_domain_name1, + 'name': sentinel.prj_name1}} + self.assertRaises(nfvo.VimUserDomainNameMissingException, + self.openstack_driver.authenticate_vim, + vim_obj)