Merge "Add domain name info into auth for keystone v3"

devstack/vim_config.yaml

@@ -2,3 +2,5 @@ auth_url: 'http://localhost:5000'
 username: 'nfv_user'
 password: 'devstack'
 project_name: 'nfv'
+project_domain_name: 'Default'
+user_domain_name: 'Default'

doc/source/devref/multisite_vim_usage_guide.rst

@@ -42,8 +42,8 @@ To register a new OpenStack VIM inside Tacker
  +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field          | Value                                                                                                                                                    |
  +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
- | auth_cred      | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_id": "default", "auth_url":                               |
- |                | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_id": "default"}                                                                        |
+ | auth_cred      | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_name": "default", "auth_url":                               |
+ |                | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_name": "default"}                                                                        |
  | auth_url       | http://10.18.161.165:5000/v3                                                                                                                             |
  | description    | OpenStack Liberty                                                                                                                                        |
  | id             | 3f3c51c5-8bda-4bd3-adb3-5ae62eae65c3                                                                                                                     |

releasenotes/notes/fix-keystone-v3-support-in-vim-6d841e28b3e5bb78.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - Fixes bug 1603851, VIM registry should not use keystone
+    information from tacker.conf. This fixed the VIM keystone
+    v3 support.

samples/vim/vim_config.yaml

@@ -2,3 +2,5 @@ auth_url: 'http://10.18.112.10:5000'
 username: 'nfv_user'
 password: 'mySecretPW'
 project_name: 'nfv'
+project_domain_name: 'Default'
+user_domain_name: 'Default'

tacker/extensions/nfvo.py

@@ -72,6 +72,15 @@ class VimDuplicateUrlException(exceptions.TackerException):
     message = _("VIM with specified auth URL already exists. Cannot register "
                 "duplicate VIM")
 
+
+class VimPorjectDomainNameMissingException(exceptions.TackerException):
+    message = _("'project_domain_name' is missing")
+
+
+class VimUserDomainNameMissingException(exceptions.TackerException):
+    message = _("'user_domain_name' is missing")
+
+
 RESOURCE_ATTRIBUTE_MAP = {
 
     'vims': {

tacker/nfvo/drivers/vim/openstack_driver.py

@@ -88,18 +88,19 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver):
         if keystone_version == 'v3':
             auth_cred['project_id'] = vim_project.get('id')
             auth_cred['project_name'] = vim_project.get('name')
-            if 'project_domain_id' not in auth_cred:
-                auth_cred[
-                    'project_domain_id'
-                ] = CONF.keystone_authtoken.project_domain_id
-            if 'user_domain_id' not in auth_cred:
-                auth_cred[
-                    'user_domain_id'
-                ] = CONF.keystone_authtoken.user_domain_id
+            if not vim_project.get('project_domain_name'):
+                LOG.error(_("'project_domain_name' is missing."))
+                raise nfvo.VimPorjectDomainNameMissingException()
+            auth_cred['project_domain_name'] = vim_project.get(
+                'project_domain_name')
+            if not auth_cred.get('user_domain_name'):
+                LOG.error(_("'user_domain_name' is missing."))
+                raise nfvo.VimUserDomainNameMissingException()
         else:
             auth_cred['tenant_id'] = vim_project.get('id')
             auth_cred['tenant_name'] = vim_project.get('name')
-            # user_id is not supported in keystone v2
+            # pop stuff not supported in keystone v2
+            auth_cred.pop('user_domain_name', None)
             auth_cred.pop('user_id', None)
         auth_cred['auth_url'] = vim_obj['auth_url']
         return self._initialize_keystone(keystone_version, auth_cred)

tacker/tests/etc/samples/local-vim.yaml

@@ -2,3 +2,4 @@ auth_url: http://127.0.0.1:5000
 username: nfv_user
 password: devstack
 project_name: nfv
+domain_name: Default

tacker/tests/functional/nfvo/test_vim.py

@@ -30,13 +30,16 @@ class VimTestCreate(base.BaseTackerTest):
         username = data['username']
         project_name = data['project_name']
         auth_url = data['auth_url']
-
+        domain_name = data.get('domain_name', None)
         vim_arg = {'vim': {'name': name, 'description': description,
                            'type': vim_type,
                            'auth_url': auth_url,
                            'auth_cred': {'username': username,
-                                         'password': password},
-                           'vim_project': {'name': project_name},
+                                         'password': password,
+                                         'user_domain_name': domain_name},
+                           'vim_project': {'name': project_name,
+                                           'project_domain_name':
+                                               domain_name},
                            'is_default': False}}
 
         # Register vim

tacker/tests/unit/db/utils.py

@@ -156,7 +156,10 @@ def get_dummy_device_obj_userdata_attr():
 
 
 def get_vim_auth_obj():
-    return {'username': 'test_user', 'password': 'test_password',
-            'project_id': None, 'project_name': 'test_project',
-            'auth_url': 'http://localhost:5000/v3', 'user_domain_id':
-                'default', 'project_domain_id': 'default'}
+    return {'username': 'test_user',
+            'password': 'test_password',
+            'project_id': None,
+            'project_name': 'test_project',
+            'auth_url': 'http://localhost:5000/v3',
+            'user_domain_name': 'default',
+            'project_domain_name': 'default'}

tacker/tests/unit/vm/nfvo/drivers/vim/test_openstack_driver.py

@@ -15,6 +15,7 @@
 
 from keystoneclient import exceptions
 import mock
+from mock import sentinel
 from oslo_config import cfg
 
 from tacker.extensions import nfvo
@@ -62,9 +63,12 @@ class TestOpenstack_Driver(base.TestCase):
     def get_vim_obj(self):
         return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type':
                 'openstack', 'auth_url': 'http://localhost:5000',
-                'auth_cred': {'username': 'test_user', 'password':
-                    'test_password'}, 'name': 'VIM0',
-                'vim_project': {'name': 'test_project'}}
+                'auth_cred': {'username': 'test_user',
+                              'password': 'test_password',
+                              'user_domain_name': 'default'},
+                'name': 'VIM0',
+                'vim_project': {'name': 'test_project',
+                                'project_domain_name': 'default'}}
 
     def test_register_keystone_v3(self):
         regions = [mock_dict({'id': 'RegionOne'})]
@@ -129,3 +133,34 @@ class TestOpenstack_Driver(base.TestCase):
         mock_ks_client.regions.list.assert_called_once_with()
         self.keystone.initialize_client.assert_called_once_with(
             version=keystone_version, **self.auth_obj)
+
+    def test_auth_vim_missing_project_domain_name(self):
+        keystone_version = 'v3'
+        self.keystone.get_version.return_value = keystone_version
+        auth_cred = {'username': sentinel.usrname1,
+                     'password': sentinel.password1,
+                     'user_domain_name': sentinel.user_domain.name,
+                     'user_id': sentinel.usrid1}
+        vim_obj = {'auth_url': "http://xxx",
+                   'auth_cred': auth_cred,
+                   'vim_project': {'id': sentinel.prj_id1,
+                                   'name': sentinel.prj_name1}}
+        self.assertRaises(nfvo.VimPorjectDomainNameMissingException,
+                          self.openstack_driver.authenticate_vim,
+                          vim_obj)
+
+    def test_auth_vim_missing_user_domain_name(self):
+        keystone_version = 'v3'
+        self.keystone.get_version.return_value = keystone_version
+        auth_cred = {'username': sentinel.usrname1,
+                     'password': sentinel.password1,
+                     'user_id': sentinel.usrid1}
+        vim_obj = {'auth_url': "http://xxx",
+                   'auth_cred': auth_cred,
+                   'vim_project': {'id': sentinel.prj_id1,
+                                   'project_domain_name':
+                                       sentinel.prj_domain_name1,
+                                   'name': sentinel.prj_name1}}
+        self.assertRaises(nfvo.VimUserDomainNameMissingException,
+                          self.openstack_driver.authenticate_vim,
+                          vim_obj)