Fix for Horizon Distributed Cloud subcloud switching

-Fixed switching from RegionOne to SystemController -Fixed tenant list not being displayed on login Change-Id: I5cdd96744898637df393afaf2631ef4fa438e3b7 Signed-off-by: Tyler Smith <tyler.smith@windriver.com> Story: 2002984 Task: 22994
2018-08-15 15:52:55 -04:00 · 2018-08-15 15:52:55 -04:00 · 3a32084658
commit 3a32084658
parent 9677c88ef4
4 changed files with 126 additions and 1 deletions
--- a/openstack/python-django-openstack-auth/centos/build_srpm.data
+++ b/openstack/python-django-openstack-auth/centos/build_srpm.data
@ -1 +1 @@
-TIS_PATCH_VER=3
+TIS_PATCH_VER=4
--- a/openstack/python-django-openstack-auth/centos/meta_patches/0007-meta-patch-for-distributed-keystone-fix.patch
+++ b/openstack/python-django-openstack-auth/centos/meta_patches/0007-meta-patch-for-distributed-keystone-fix.patch
@ -0,0 +1,24 @@
+From 4aafd598ace7fc1bf4c5aaf3591b8880e7642d69 Mon Sep 17 00:00:00 2001
+From: Tyler Smith <tyler.smith@windriver.com>
+Date: Fri, 29 Jun 2018 20:07:09 -0500
+Subject: [PATCH 1/1] [PATCH] meta patch for distributed keystone fix
+
+---
+ SPECS/python-django-openstack-auth.spec | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/SPECS/python-django-openstack-auth.spec b/SPECS/python-django-openstack-auth.spec
+index 9e5aacb..73b87b5 100644
+--- a/SPECS/python-django-openstack-auth.spec
+++ b/SPECS/python-django-openstack-auth.spec
+@@ -20,6 +20,7 @@ Patch0002: 0002-disable-token-validation-per-auth-request.patch
+ Patch0003: 0003-cache-authorized-tenants-in-cookie-to-improve-performance.patch
+ Patch0004: 0004-US112170-Distributed-Keystone.patch
+ Patch0005: fix_for_session_timeout.patch
+Patch0006: fix_for_dc_region_switching.patch
+ 
+ BuildArch:      noarch
+ 
+-- 
+1.8.3.1
+
--- a/openstack/python-django-openstack-auth/centos/meta_patches/PATCH_ORDER
+++ b/openstack/python-django-openstack-auth/centos/meta_patches/PATCH_ORDER
@ -5,3 +5,4 @@
 0005-meta-cache-authorized-tenants-in-cookie-to-improve-performance.patch
 0006-meta-Distributed-Keystone.patch
 spec-include-fix_for_session_timeout.patch
+0007-meta-patch-for-distributed-keystone-fix.patch
--- a/openstack/python-django-openstack-auth/centos/patches/fix_for_dc_region_switching.patch
+++ b/openstack/python-django-openstack-auth/centos/patches/fix_for_dc_region_switching.patch
@ -0,0 +1,100 @@
+From d7f75aa87d7b476509b21f9c29162763a73a65af Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 29 Jun 2018 19:51:32 -0500
+Subject: [PATCH 1/1] Horizon Distributed Cloud subcloud switching
+ is broken
+
+-Fixed switching from RegionOne to SystemController
+-Fixed tenant list not being displayed on login
+---
+ openstack_auth/backend.py |  2 +-
+ openstack_auth/forms.py   | 14 +++++++++++++-
+ openstack_auth/views.py   | 21 ++++++++++++---------
+ 3 files changed, 26 insertions(+), 11 deletions(-)
+
+diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
+index cd15ca8..4fa7129 100644
+--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
+@@ -162,7 +162,7 @@ class KeystoneBackend(object):
+         # We want to try to use the same region we just logged into
+         # which may or may not be the default depending upon the order
+         # keystone uses
+-        region_name = None
+        region_name = kwargs.get('force_region', None)
+         id_endpoints = scoped_auth_ref.service_catalog.\
+             get_endpoints(service_type='identity')
+         for id_endpoint in [cat for cat in id_endpoints['identity']]:
+diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
+index 4834ab2..49b8d8b 100644
+--- a/openstack_auth/forms.py
+++ b/openstack_auth/forms.py
+@@ -138,11 +138,24 @@ class Login(django_auth_forms.AuthenticationForm):
+             if lockedout:
+                 raise forms.ValidationError("user currently locked out.")
+ 
+            # when logging in in DC mode we will force the region to
+            # be system controller since authenticate can't map our
+            # hostname to an endpoint/regionname.  Changing the hostname
+            # in settings to ip will work but will break region switching
+            # from RegionOne to SystemController since SystemController
+            # region maps back to RegionOne (same keystone)
+            force_region = None
+            if getattr(settings, 'DC_MODE', False) and \
+                  region == getattr(settings, 'OPENSTACK_KEYSTONE_URL', None):
+                force_region = utils.DC_SYSTEMCONTROLLER_REGION
+
+             self.user_cache = authenticate(request=self.request,
+                                            username=username,
+                                            password=password,
+                                            user_domain_name=domain,
+-                                           auth_url=region)
+                                           auth_url=region,
+                                           force_region=force_region)
+
+             msg = 'Login successful for user "%(username)s", remote address '\
+                 '%(remote_ip)s.' % {
+                     'username': username,
+diff --git a/openstack_auth/views.py b/openstack_auth/views.py
+index a680abf..0b1351d 100644
+--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
+@@ -293,15 +293,17 @@ def switch_region(request, region_name,
+         endpoint_dict = utils.get_internal_identity_endpoints(
+             request.user.service_catalog, region_filter=region_name)
+ 
+-        try:
+        # If we were on a subcloud, then the SystemController Identity
+        # endpoint will not be functional, therefore retrieve the
+        # RegionOne endpoint from the session (cached at login)
+        force_region = None
+        if region_name == utils.DC_SYSTEMCONTROLLER_REGION:
+            force_region = utils.DC_SYSTEMCONTROLLER_REGION
+            region_auth_url = request.session.get(
+                    'SystemController_endpoint', None)
+        else:
+             region_auth_url = endpoint_dict[region_name]
+-        except KeyError as e:
+-            # If we were on a subcloud, then the SystemController Identity
+-            # endpoint will not be available, therefore retrieve it from
+-            # the session (cached at login)
+-            if region_name == utils.DC_SYSTEMCONTROLLER_REGION:
+-                region_auth_url = request.session.get(
+-                        'SystemController_endpoint', None)
+
+ 
+         if not region_auth_url:
+             msg = _('Cannot switch to subcloud %s, no Identity available '
+@@ -324,7 +326,8 @@ def switch_region(request, region_name,
+         try:
+             request.user = auth.authenticate(
+                 request=request, auth_url=unscoped_auth.auth_url,
+-                token=unscoped_auth_ref.auth_token)
+                token=unscoped_auth_ref.auth_token,
+                force_region=force_region)
+         except exceptions.KeystoneAuthException as exc:
+             msg = 'Switching to Subcloud failed: %s' % six.text_type(exc)
+             res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
+-- 
+1.8.3.1
+