Align OS_AUTH_URL in admin-openrc.sh

The admin-openrc.sh can be downloaded from Horizon. This file can be used for authentication as sysadmin in system controllers. However, as the keystone public endpoint of region SystemController differs from the RegionOne. If a user download an RC file of SystemController and use the OS_AUTH_URL to authenticate, a HTTP 401 Error(The request you have made requires authentication) will be produced. In the upstream project, the OS_AUTH_URL is got according to the "Central Cloud Region" and shown in the view. This commit overwrites the openrc template, aligns the OS_AUTH_URL in the admin-openrc.sh of region SystemController with the RegionOne by port replacement. As it is a specific usage for starlingx rather than a generic usage, it will not go to the Horizon project. Test: 1. Choose the "Central Cloud Region" in Horizon as "SystemController" 2. Download the admin-openrc.sh via API Access -> Download OpenStack RC File 3. Check the OS_AUTH_URL is pointing to then keystone pulic endpoint of RegionOne 4. Check the keystone pulic endpoint is still correct in the web page Change-Id: I1f43f79364f5cc7bff382c1ae90a7f8f801abedb Closes-Bug: 1892090 Signed-off-by: Yuxing Jiang <yuxing.jiang@windriver.com>
2020-08-28 21:36:27 -04:00 · 2020-08-28 21:36:27 -04:00 · ed99d3960c
parent f18c0eaa83
commit ed99d3960c
3 changed files with 72 additions and 0 deletions
--- a/starlingx-dashboard/starlingx-dashboard/starlingx_dashboard/local/local_settings.d/_30_stx_local_settings.py
+++ b/starlingx-dashboard/starlingx-dashboard/starlingx_dashboard/local/local_settings.d/_30_stx_local_settings.py
@ -141,6 +141,7 @@ for root, _dirs, files in os.walk('/opt/branding/applied'):
 ADD_TEMPLATE_DIRS = [os.path.join(ROOT_PATH, 'starlingx_templates')]
 TEMPLATES[0]['DIRS'] = ADD_TEMPLATE_DIRS + TEMPLATES[0]['DIRS']

+OPENRC_CUSTOM_TEMPLATE = 'starlingx-openrc.sh.template'

 STATIC_ROOT = "/www/pages/static"
 COMPRESS_OFFLINE = True
--- a/starlingx-dashboard/starlingx-dashboard/starlingx_dashboard/starlingx_templates/starlingx-openrc.sh.template
+++ b/starlingx-dashboard/starlingx-dashboard/starlingx_dashboard/starlingx_templates/starlingx-openrc.sh.template
@ -0,0 +1,55 @@
+{% load shellfilter %}#!/usr/bin/env bash
+{% load align_auth_url %}
+
+#
+# Copyright (c) 2020 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# To use an OpenStack cloud you need to authenticate against the Identity
+# service named keystone, which returns a **Token** and **Service Catalog**.
+# The catalog contains the endpoints for all services the user/tenant has
+# access to - such as Compute, Image Service, Identity, Object Storage, Block
+# Storage, and Networking (code-named nova, glance, keystone, swift,
+# cinder, and neutron).
+#
+# *NOTE*: Using the 3 *Identity API* does not necessarily mean any other
+# OpenStack API is version 3. For example, your cloud provider may implement
+# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is
+# only for the Identity API served through keystone.
+{% if region == 'SystemController' %}
+export OS_AUTH_URL={{ auth_url|align_auth_url }}
+{% else %}
+export OS_AUTH_URL={{ auth_url }}
+{% endif %}
+
+# With the addition of Keystone we have standardized on the term **project**
+# as the entity that owns the resources.
+export OS_PROJECT_ID={{ tenant_id }}
+export OS_PROJECT_NAME="{{ tenant_name|shellfilter }}"
+export OS_USER_DOMAIN_NAME="{{ user_domain_name|shellfilter }}"
+if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
+export OS_PROJECT_DOMAIN_ID="{{ project_domain_id|shellfilter }}"
+if [ -z "$OS_PROJECT_DOMAIN_ID" ]; then unset OS_PROJECT_DOMAIN_ID; fi
+
+# unset v2.0 items in case set
+unset OS_TENANT_ID
+unset OS_TENANT_NAME
+
+# In addition to the owning entity (tenant), OpenStack stores the entity
+# performing the action as the **user**.
+export OS_USERNAME="{{ user.username|shellfilter }}"
+
+# With Keystone you pass the keystone password.
+echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
+read -sr OS_PASSWORD_INPUT
+export OS_PASSWORD=$OS_PASSWORD_INPUT
+
+# If your configuration has multiple regions, we set that information here.
+# OS_REGION_NAME is optional and only valid in certain environments.
+export OS_REGION_NAME="{{ region|shellfilter }}"
+# Don't leave a blank variable, unset it if it was empty
+if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
+
+export OS_INTERFACE={{ interface }}
+export OS_IDENTITY_API_VERSION={{ os_identity_api_version }}
--- a/starlingx-dashboard/starlingx-dashboard/starlingx_dashboard/templatetags/align_auth_url.py
+++ b/starlingx-dashboard/starlingx-dashboard/starlingx_dashboard/templatetags/align_auth_url.py
@ -0,0 +1,16 @@
+#
+# Copyright (c) 2020 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from django import template
+
+register = template.Library()
+
+
+@register.filter(name="align_auth_url")
+def align_auth_url(url):
+    url_list = url.split(':')
+    url_list[-1] = '5000/v3'
+    return ':'.join(url_list)