diff --git a/openstack/python-django-openstack-auth/centos/build_srpm.data b/openstack/python-django-openstack-auth/centos/build_srpm.data index d3f64f33..0eac83bb 100755 --- a/openstack/python-django-openstack-auth/centos/build_srpm.data +++ b/openstack/python-django-openstack-auth/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=3 +TIS_PATCH_VER=4 diff --git a/openstack/python-django-openstack-auth/centos/meta_patches/0007-meta-patch-for-distributed-keystone-fix.patch b/openstack/python-django-openstack-auth/centos/meta_patches/0007-meta-patch-for-distributed-keystone-fix.patch new file mode 100644 index 00000000..2889725e --- /dev/null +++ b/openstack/python-django-openstack-auth/centos/meta_patches/0007-meta-patch-for-distributed-keystone-fix.patch @@ -0,0 +1,24 @@ +From 4aafd598ace7fc1bf4c5aaf3591b8880e7642d69 Mon Sep 17 00:00:00 2001 +From: Tyler Smith +Date: Fri, 29 Jun 2018 20:07:09 -0500 +Subject: [PATCH 1/1] [PATCH] meta patch for distributed keystone fix + +--- + SPECS/python-django-openstack-auth.spec | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/SPECS/python-django-openstack-auth.spec b/SPECS/python-django-openstack-auth.spec +index 9e5aacb..73b87b5 100644 +--- a/SPECS/python-django-openstack-auth.spec ++++ b/SPECS/python-django-openstack-auth.spec +@@ -20,6 +20,7 @@ Patch0002: 0002-disable-token-validation-per-auth-request.patch + Patch0003: 0003-cache-authorized-tenants-in-cookie-to-improve-performance.patch + Patch0004: 0004-US112170-Distributed-Keystone.patch + Patch0005: fix_for_session_timeout.patch ++Patch0006: fix_for_dc_region_switching.patch + + BuildArch: noarch + +-- +1.8.3.1 + diff --git a/openstack/python-django-openstack-auth/centos/meta_patches/PATCH_ORDER b/openstack/python-django-openstack-auth/centos/meta_patches/PATCH_ORDER index 8f513bdf..a15d1983 100644 --- a/openstack/python-django-openstack-auth/centos/meta_patches/PATCH_ORDER +++ b/openstack/python-django-openstack-auth/centos/meta_patches/PATCH_ORDER @@ -5,3 +5,4 @@ 0005-meta-cache-authorized-tenants-in-cookie-to-improve-performance.patch 0006-meta-Distributed-Keystone.patch spec-include-fix_for_session_timeout.patch +0007-meta-patch-for-distributed-keystone-fix.patch diff --git a/openstack/python-django-openstack-auth/centos/patches/fix_for_dc_region_switching.patch b/openstack/python-django-openstack-auth/centos/patches/fix_for_dc_region_switching.patch new file mode 100644 index 00000000..cb0b9ab0 --- /dev/null +++ b/openstack/python-django-openstack-auth/centos/patches/fix_for_dc_region_switching.patch @@ -0,0 +1,100 @@ +From d7f75aa87d7b476509b21f9c29162763a73a65af Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 29 Jun 2018 19:51:32 -0500 +Subject: [PATCH 1/1] Horizon Distributed Cloud subcloud switching + is broken + +-Fixed switching from RegionOne to SystemController +-Fixed tenant list not being displayed on login +--- + openstack_auth/backend.py | 2 +- + openstack_auth/forms.py | 14 +++++++++++++- + openstack_auth/views.py | 21 ++++++++++++--------- + 3 files changed, 26 insertions(+), 11 deletions(-) + +diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py +index cd15ca8..4fa7129 100644 +--- a/openstack_auth/backend.py ++++ b/openstack_auth/backend.py +@@ -162,7 +162,7 @@ class KeystoneBackend(object): + # We want to try to use the same region we just logged into + # which may or may not be the default depending upon the order + # keystone uses +- region_name = None ++ region_name = kwargs.get('force_region', None) + id_endpoints = scoped_auth_ref.service_catalog.\ + get_endpoints(service_type='identity') + for id_endpoint in [cat for cat in id_endpoints['identity']]: +diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py +index 4834ab2..49b8d8b 100644 +--- a/openstack_auth/forms.py ++++ b/openstack_auth/forms.py +@@ -138,11 +138,24 @@ class Login(django_auth_forms.AuthenticationForm): + if lockedout: + raise forms.ValidationError("user currently locked out.") + ++ # when logging in in DC mode we will force the region to ++ # be system controller since authenticate can't map our ++ # hostname to an endpoint/regionname. Changing the hostname ++ # in settings to ip will work but will break region switching ++ # from RegionOne to SystemController since SystemController ++ # region maps back to RegionOne (same keystone) ++ force_region = None ++ if getattr(settings, 'DC_MODE', False) and \ ++ region == getattr(settings, 'OPENSTACK_KEYSTONE_URL', None): ++ force_region = utils.DC_SYSTEMCONTROLLER_REGION ++ + self.user_cache = authenticate(request=self.request, + username=username, + password=password, + user_domain_name=domain, +- auth_url=region) ++ auth_url=region, ++ force_region=force_region) ++ + msg = 'Login successful for user "%(username)s", remote address '\ + '%(remote_ip)s.' % { + 'username': username, +diff --git a/openstack_auth/views.py b/openstack_auth/views.py +index a680abf..0b1351d 100644 +--- a/openstack_auth/views.py ++++ b/openstack_auth/views.py +@@ -293,15 +293,17 @@ def switch_region(request, region_name, + endpoint_dict = utils.get_internal_identity_endpoints( + request.user.service_catalog, region_filter=region_name) + +- try: ++ # If we were on a subcloud, then the SystemController Identity ++ # endpoint will not be functional, therefore retrieve the ++ # RegionOne endpoint from the session (cached at login) ++ force_region = None ++ if region_name == utils.DC_SYSTEMCONTROLLER_REGION: ++ force_region = utils.DC_SYSTEMCONTROLLER_REGION ++ region_auth_url = request.session.get( ++ 'SystemController_endpoint', None) ++ else: + region_auth_url = endpoint_dict[region_name] +- except KeyError as e: +- # If we were on a subcloud, then the SystemController Identity +- # endpoint will not be available, therefore retrieve it from +- # the session (cached at login) +- if region_name == utils.DC_SYSTEMCONTROLLER_REGION: +- region_auth_url = request.session.get( +- 'SystemController_endpoint', None) ++ + + if not region_auth_url: + msg = _('Cannot switch to subcloud %s, no Identity available ' +@@ -324,7 +326,8 @@ def switch_region(request, region_name, + try: + request.user = auth.authenticate( + request=request, auth_url=unscoped_auth.auth_url, +- token=unscoped_auth_ref.auth_token) ++ token=unscoped_auth_ref.auth_token, ++ force_region=force_region) + except exceptions.KeystoneAuthException as exc: + msg = 'Switching to Subcloud failed: %s' % six.text_type(exc) + res = django_http.HttpResponseRedirect(settings.LOGIN_URL) +-- +1.8.3.1 +