x/group-based-policy
Code Issues Proposed changes

Fix to read correct options of keystone_authtoken

Browse Source 
Reading the correct option names from keystone_authtoken group for authentication.

Change-Id: If3d05592b67f9e75f34f14864e564084c991b9e7
Closes-Bug: 1678732
This commit is contained in:
Rajendra Machani
2017-04-03 11:33:52 +05:30
parent 9e42e6958a
commit 8cdf47d158
9 changed files with 80 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
devstack/lib/nfp
View File

@@ -433,9 +433,9 @@ function copy_nfp_files_and_start_process {
source $DEVSTACK_DIR/inc/ini-config
admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user`
admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password`
admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name`
admin_user=`iniget $NEUTRON_CONF keystone_authtoken username`
admin_password=`iniget $NEUTRON_CONF keystone_authtoken password`
admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken project_name`
auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri`
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')

8
devstack/plugin.sh
View File

@@ -29,9 +29,9 @@ function gbp_configure_neutron {
function nfp_configure_neutron {
NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service"
iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron"
iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD
iniset $NEUTRON_CONF keystone_authtoken project_name "service"
iniset $NEUTRON_CONF keystone_authtoken username "neutron"
iniset $NEUTRON_CONF keystone_authtoken password $ADMIN_PASSWORD
iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
@@ -40,7 +40,7 @@ function nfp_configure_neutron {
if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then
iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default"
fi
iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "True"
iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "False"
iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers)
if [[ -n $extn_drivers ]];then

6
gbpservice/common/utils.py
View File

@@ -65,9 +65,9 @@ class DictClass(dict):
def get_keystone_creds():
keystone_conf = cfg.CONF.keystone_authtoken
user = keystone_conf.admin_user
pw = keystone_conf.admin_password
tenant = keystone_conf.admin_tenant_name
user = keystone_conf.username
pw = keystone_conf.password
tenant = keystone_conf.project_name
if keystone_conf.get('auth_uri'):
auth_url = keystone_conf.auth_uri.rstrip('/')
if not auth_url.endswith('/v2.0'):

16
gbpservice/contrib/nfp/tools/setup_nfp.py
View File

@@ -78,9 +78,9 @@ def check_if_apic_sys():
def set_keystone_authtoken_section():
global NEUTRON_CONF
nfp_conf = '/etc/nfp.ini'
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user")
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password")
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name")
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken username")
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken password")
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken project_name")
auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1")
auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1")
@@ -171,14 +171,14 @@ def configure_nfp():
# Configure service owner
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' '))
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password")
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken password")
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password])
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' '))
# Configure NFP drivers
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned False".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' '))
# Enable ML2 port security
@@ -641,9 +641,9 @@ def create_proxy_agent_ctl():
def get_openstack_creds():
CONFIG.read(NEUTRON_CONF)
AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri')
AUTH_USER = CONFIG.get('keystone_authtoken', 'admin_user')
AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'admin_password')
AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'admin_tenant_name')
AUTH_USER = CONFIG.get('keystone_authtoken', 'username')
AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'password')
AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'project_name')
os.environ["OS_USERNAME"] = AUTH_USER
os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME
os.environ["OS_PASSWORD"] = AUTH_PASSWORD

7
gbpservice/neutron/services/grouppolicy/drivers/chain_mapping.py
View File

@@ -88,7 +88,10 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
@staticmethod
def chain_tenant_id(reraise=False):
keystone = ChainMappingDriver.chain_tenant_keystone_client()
try:
keystone = ChainMappingDriver.chain_tenant_keystone_client()
except cfg.NoSuchOptError:
return None
if keystone:
tenant = cfg.CONF.chain_mapping.chain_owner_tenant_name
try:
@@ -655,6 +658,8 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
ctx.session, servicechain_instance_id=instance_id)
if cmap:
ctx.tenant_id = cmap[0].tenant_id
if not self.chain_owner:
self.chain_owner = ChainMappingDriver.chain_tenant_id(reraise=True)
if not ctx.tenant_id:
ctx.tenant_id = tenant_id or self.chain_owner or provider_tenant_id
if self.chain_owner == ctx.tenant_id:

25
gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
View File

@@ -108,6 +108,25 @@ class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase):
self.saved_keystone_client = resource_mapping.k_client.Client
resource_mapping.k_client.Client = mock.Mock()
try:
config.cfg.CONF.keystone_authtoken.username
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('username'),
'keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.password
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('password'),
'keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.project_name
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('project_name'),
'keystone_authtoken')
def tearDown(self):
resource_mapping.k_client.Client = self.saved_keystone_client
super(ResourceMappingTestCase, self).tearDown()
@@ -2418,11 +2437,11 @@ class TestServiceChain(ResourceMappingTestCase):
self.assertEqual(sc_instance['classifier_id'], classifier_id)
def _override_keystone_creds(self, usr, pwd, tenant, uri):
config.cfg.CONF.set_override('admin_user', usr,
config.cfg.CONF.set_override('username', usr,
group='keystone_authtoken')
config.cfg.CONF.set_override('admin_password', pwd,
config.cfg.CONF.set_override('password', pwd,
group='keystone_authtoken')
config.cfg.CONF.set_override('admin_tenant_name', tenant,
config.cfg.CONF.set_override('project_name', tenant,
group='keystone_authtoken')
config.cfg.CONF.set_override('auth_uri', uri,
group='keystone_authtoken')

33
gbpservice/neutron/tests/unit/services/servicechain/ncp/test_admin_owned_resources_apic_tscp.py
View File

@@ -27,12 +27,33 @@ class AdminOwnedResourcesTscpTestCase(
password = 'password'
tenant_name = 'tenant_name',
uri = 'http://127.0.0.1:35357/v2.0/'
config.cfg.CONF.set_override('admin_user', user,
group='keystone_authtoken')
config.cfg.CONF.set_override('admin_password', password,
group='keystone_authtoken')
config.cfg.CONF.set_override('admin_tenant_name', tenant_name,
group='keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.username
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('username', default=user),
'keystone_authtoken')
else:
config.cfg.CONF.set_override('username', user,
group='keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.password
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('password', default=password),
'keystone_authtoken')
else:
config.cfg.CONF.set_override('password', password,
group='keystone_authtoken')
try:
config.cfg.CONF.keystone_authtoken.project_name
except config.cfg.NoSuchOptError:
config.cfg.CONF.register_opt(
config.cfg.StrOpt('project_name', default=tenant_name),
'keystone_authtoken')
else:
config.cfg.CONF.set_override('project_name', tenant_name,
group='keystone_authtoken')
config.cfg.CONF.set_override('auth_uri', uri,
group='keystone_authtoken')
super(AdminOwnedResourcesTscpTestCase, self).setUp(

8
gbpservice/tests/contrib/devstack/local-nfp.conf
View File

@@ -85,9 +85,9 @@ allow_duplicate_networks = True
[[post-config|/etc/neutron/neutron.conf]]
[keystone_authtoken]
admin_tenant_name = service
admin_user = neutron
admin_password = abc123
project_name = service
username = neutron
password = abc123
[group_policy]
policy_drivers=implicit_policy,resource_mapping,chain_mapping
@@ -112,7 +112,7 @@ default_proxy_ip_pool = 192.169.0.0/16
default_external_segment_name = default
[nfp_node_driver]
is_service_admin_owned = True
is_service_admin_owned = False
svc_management_ptg_name = svc_management_ptg
[quotas]

6
gbpservice/tests/contrib/devstack/nfp
View File

@@ -199,9 +199,9 @@ function copy_nfp_files_and_start_process {
source $TOP_DIR/inc/ini-config
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user`
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password`
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name`
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username`
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password`
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name`
auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')