Improve KeyStone credentials parameter handling.
- Put order in keystone credentials parameters - Add keystone auth parameters: * domain_name * trust_id - Add support for environment variables: * OS_USER_ID * OS_PROJECT_ID * OS_TENANT_ID * OS_DOMAIN_NAME * OS_DOMAIN_ID * OS_USER_DOMAIN_ID * OS_PROJECT_DOMAIN_ID * OS_TRUST_ID Co-Authored-By: Federico Ressi <fressi@redhat.com> Change-Id: I66085db690c8f72408b79b3abea9dce7c60b4ea2
This commit is contained in:
parent
82d1584e59
commit
7aaab7fb57
|
@ -115,15 +115,15 @@ Currently supported variables are::
|
||||||
export OS_TENANT_ID=...
|
export OS_TENANT_ID=...
|
||||||
|
|
||||||
# Domain-level authorization scope (name or ID)
|
# Domain-level authorization scope (name or ID)
|
||||||
export OS_DOMAIN_NAME=default
|
export OS_DOMAIN_NAME=Default
|
||||||
export OS_DOMAIN_ID=...
|
export OS_DOMAIN_ID=...
|
||||||
|
|
||||||
# Domain name or ID containing user
|
# Domain name or ID containing user
|
||||||
export OS_USER_DOMAIN_NAME=default
|
export OS_USER_DOMAIN_NAME=Default
|
||||||
export OS_USER_DOMAIN_ID=...
|
export OS_USER_DOMAIN_ID=...
|
||||||
|
|
||||||
# Domain name or ID containing project
|
# Domain name or ID containing project
|
||||||
export OS_PROJECT_DOMAIN_NAME=default
|
export OS_PROJECT_DOMAIN_NAME=Default
|
||||||
export OS_PROJECT_DOMAIN_ID=...
|
export OS_PROJECT_DOMAIN_ID=...
|
||||||
|
|
||||||
# ID of the trust to use as a trustee user
|
# ID of the trust to use as a trustee user
|
||||||
|
|
|
@ -28,13 +28,15 @@ def default_keystone_credentials():
|
||||||
|
|
||||||
|
|
||||||
class KeystoneCredentials(collections.namedtuple(
|
class KeystoneCredentials(collections.namedtuple(
|
||||||
'KeystoneCredentials', ['auth_url',
|
'KeystoneCredentials', ['api_version',
|
||||||
|
'auth_url',
|
||||||
'username',
|
'username',
|
||||||
'project_name',
|
|
||||||
'password',
|
'password',
|
||||||
'api_version',
|
'project_name',
|
||||||
|
'domain_name',
|
||||||
'user_domain_name',
|
'user_domain_name',
|
||||||
'project_domain_name'])):
|
'project_domain_name',
|
||||||
|
'trust_id'])):
|
||||||
|
|
||||||
def to_dict(self):
|
def to_dict(self):
|
||||||
return collections.OrderedDict(
|
return collections.OrderedDict(
|
||||||
|
@ -50,7 +52,7 @@ class KeystoneCredentials(collections.namedtuple(
|
||||||
", ".join("{!s}={!r}".format(k, v)
|
", ".join("{!s}={!r}".format(k, v)
|
||||||
for k, v in params.items()))
|
for k, v in params.items()))
|
||||||
|
|
||||||
required_params = ('auth_url', 'username', 'project_name', 'password')
|
required_params = ('auth_url', 'username', 'password', 'project_name')
|
||||||
|
|
||||||
def validate(self, required_params=None):
|
def validate(self, required_params=None):
|
||||||
required_params = required_params or self.required_params
|
required_params = required_params or self.required_params
|
||||||
|
@ -63,14 +65,25 @@ class KeystoneCredentials(collections.namedtuple(
|
||||||
raise InvalidKeystoneCredentials(credentials=self, reason=reason)
|
raise InvalidKeystoneCredentials(credentials=self, reason=reason)
|
||||||
|
|
||||||
|
|
||||||
def keystone_credentials(api_version=None, auth_url=None,
|
def keystone_credentials(api_version=None,
|
||||||
username=None, password=None, project_name=None,
|
auth_url=None,
|
||||||
user_domain_name=None, project_domain_name=None,
|
username=None,
|
||||||
|
password=None,
|
||||||
|
project_name=None,
|
||||||
|
domain_name=None,
|
||||||
|
user_domain_name=None,
|
||||||
|
project_domain_name=None,
|
||||||
|
trust_id=None,
|
||||||
cls=KeystoneCredentials):
|
cls=KeystoneCredentials):
|
||||||
return cls(api_version=api_version, username=username,
|
return cls(api_version=api_version,
|
||||||
password=password, project_name=project_name,
|
auth_url=auth_url,
|
||||||
auth_url=auth_url, user_domain_name=user_domain_name,
|
username=username,
|
||||||
project_domain_name=project_domain_name)
|
password=password,
|
||||||
|
project_name=project_name,
|
||||||
|
domain_name=domain_name,
|
||||||
|
user_domain_name=user_domain_name,
|
||||||
|
project_domain_name=project_domain_name,
|
||||||
|
trust_id=trust_id)
|
||||||
|
|
||||||
|
|
||||||
class InvalidKeystoneCredentials(tobiko.TobikoException):
|
class InvalidKeystoneCredentials(tobiko.TobikoException):
|
||||||
|
@ -88,24 +101,46 @@ class EnvironKeystoneCredentialsFixture(tobiko.SharedFixture):
|
||||||
LOG.debug("OS_AUTH_URL environment variable not defined")
|
LOG.debug("OS_AUTH_URL environment variable not defined")
|
||||||
return
|
return
|
||||||
|
|
||||||
api_version = (config.get_int_env('OS_IDENTITY_API_VERSION') or
|
api_version = (
|
||||||
api_version_from_url(auth_url))
|
config.get_int_env('OS_IDENTITY_API_VERSION') or
|
||||||
|
api_version_from_url(auth_url))
|
||||||
|
username = (
|
||||||
|
config.get_env('OS_USERNAME') or
|
||||||
|
config.get_env('OS_USER_ID'))
|
||||||
|
password = config.get_env('OS_PASSWORD')
|
||||||
|
project_name = (
|
||||||
|
config.get_env('OS_PROJECT_NAME') or
|
||||||
|
config.get_env('OS_TENANT_NAME') or
|
||||||
|
config.get_env('OS_PROJECT_ID') or
|
||||||
|
config.get_env('OS_TENANT_ID'))
|
||||||
if api_version == 2:
|
if api_version == 2:
|
||||||
credentials = keystone_credentials(
|
credentials = keystone_credentials(
|
||||||
api_version=api_version, auth_url=auth_url,
|
api_version=api_version,
|
||||||
username=config.get_env('OS_USERNAME'),
|
auth_url=auth_url,
|
||||||
password=config.get_env('OS_PASSWORD'),
|
username=username,
|
||||||
project_name=(config.get_env('OS_PROJECT_NAME') or
|
password=password,
|
||||||
config.get_env('OS_TENANT_NAME')))
|
project_name=project_name)
|
||||||
else:
|
else:
|
||||||
|
domain_name = (
|
||||||
|
config.get_env('OS_DOMAIN_NAME') or
|
||||||
|
config.get_env('OS_DOMAIN_ID'))
|
||||||
|
user_domain_name = (
|
||||||
|
config.get_env('OS_USER_DOMAIN_NAME') or
|
||||||
|
config.get_env('OS_USER_DOMAIN_ID'))
|
||||||
|
project_domain_name = (
|
||||||
|
config.get_env('OS_PROJECT_DOMAIN_NAME') or
|
||||||
|
config.get_env('OS_PROJECT_DOMAIN_ID'))
|
||||||
|
trust_id = config.get_env('OS_TRUST_ID')
|
||||||
credentials = keystone_credentials(
|
credentials = keystone_credentials(
|
||||||
api_version=api_version, auth_url=auth_url,
|
api_version=api_version,
|
||||||
username=config.get_env('OS_USERNAME'),
|
auth_url=auth_url,
|
||||||
password=config.get_env('OS_PASSWORD'),
|
username=username,
|
||||||
project_name=(config.get_env('OS_PROJECT_NAME') or
|
password=password,
|
||||||
config.get_env('OS_TENANT_NAME')),
|
project_name=project_name,
|
||||||
user_domain_name=config.get_env('OS_USER_DOMAIN_NAME'),
|
domain_name=domain_name,
|
||||||
project_domain_name=config.get_env('OS_PROJECT_DOMAIN_NAME'))
|
user_domain_name=user_domain_name,
|
||||||
|
project_domain_name=project_domain_name,
|
||||||
|
trust_id=trust_id)
|
||||||
try:
|
try:
|
||||||
credentials.validate()
|
credentials.validate()
|
||||||
except InvalidKeystoneCredentials as ex:
|
except InvalidKeystoneCredentials as ex:
|
||||||
|
@ -131,16 +166,22 @@ class ConfigKeystoneCredentialsFixture(tobiko.SharedFixture):
|
||||||
api_version_from_url(auth_url))
|
api_version_from_url(auth_url))
|
||||||
if api_version == 2:
|
if api_version == 2:
|
||||||
credentials = keystone_credentials(
|
credentials = keystone_credentials(
|
||||||
api_version=api_version, auth_url=auth_url,
|
api_version=api_version,
|
||||||
username=conf.username, password=conf.password,
|
auth_url=auth_url,
|
||||||
|
username=conf.username,
|
||||||
|
password=conf.password,
|
||||||
project_name=conf.project_name)
|
project_name=conf.project_name)
|
||||||
else:
|
else:
|
||||||
credentials = keystone_credentials(
|
credentials = keystone_credentials(
|
||||||
api_version=api_version, auth_url=auth_url,
|
api_version=api_version,
|
||||||
username=conf.username, password=conf.password,
|
auth_url=auth_url,
|
||||||
|
username=conf.username,
|
||||||
|
password=conf.password,
|
||||||
project_name=conf.project_name,
|
project_name=conf.project_name,
|
||||||
|
domain_name=conf.domain_name,
|
||||||
user_domain_name=conf.user_domain_name,
|
user_domain_name=conf.user_domain_name,
|
||||||
project_domain_name=conf.project_domain_name)
|
project_domain_name=conf.project_domain_name,
|
||||||
|
trust_id=conf.trust_id)
|
||||||
try:
|
try:
|
||||||
credentials.validate()
|
credentials.validate()
|
||||||
except InvalidKeystoneCredentials as ex:
|
except InvalidKeystoneCredentials as ex:
|
||||||
|
@ -160,7 +201,6 @@ class DefaultKeystoneCredentialsFixture(tobiko.SharedFixture):
|
||||||
credentials = None
|
credentials = None
|
||||||
|
|
||||||
def setup_fixture(self):
|
def setup_fixture(self):
|
||||||
|
|
||||||
for fixture in self.fixtures:
|
for fixture in self.fixtures:
|
||||||
try:
|
try:
|
||||||
credentials = tobiko.setup_fixture(fixture).credentials
|
credentials = tobiko.setup_fixture(fixture).credentials
|
||||||
|
@ -172,7 +212,6 @@ class DefaultKeystoneCredentialsFixture(tobiko.SharedFixture):
|
||||||
fixture, credentials)
|
fixture, credentials)
|
||||||
self.credentials = credentials
|
self.credentials = credentials
|
||||||
return credentials
|
return credentials
|
||||||
|
|
||||||
raise RuntimeError('Unable to found any valid credentials')
|
raise RuntimeError('Unable to found any valid credentials')
|
||||||
|
|
||||||
|
|
||||||
|
@ -183,7 +222,6 @@ def api_version_from_url(auth_url):
|
||||||
elif auth_url.endswith('/v3'):
|
elif auth_url.endswith('/v3'):
|
||||||
LOG.info('Got Keystone API version 3 from auth_url: %r', auth_url)
|
LOG.info('Got Keystone API version 3 from auth_url: %r', auth_url)
|
||||||
return 3
|
return 3
|
||||||
|
|
||||||
else:
|
else:
|
||||||
LOG.warning('Unable to get Keystone API version from auth_url: %r',
|
LOG.warning('Unable to get Keystone API version from auth_url: %r',
|
||||||
auth_url)
|
auth_url)
|
||||||
|
|
|
@ -20,7 +20,10 @@ def register_tobiko_options(conf):
|
||||||
|
|
||||||
conf.register_opts(
|
conf.register_opts(
|
||||||
group=cfg.OptGroup('keystone'),
|
group=cfg.OptGroup('keystone'),
|
||||||
opts=[cfg.StrOpt('auth_url',
|
opts=[cfg.IntOpt('api_version',
|
||||||
|
default=None,
|
||||||
|
help="Identity API version"),
|
||||||
|
cfg.StrOpt('auth_url',
|
||||||
default=None,
|
default=None,
|
||||||
help="Identity service URL"),
|
help="Identity service URL"),
|
||||||
cfg.StrOpt('username',
|
cfg.StrOpt('username',
|
||||||
|
@ -32,12 +35,15 @@ def register_tobiko_options(conf):
|
||||||
cfg.StrOpt('password',
|
cfg.StrOpt('password',
|
||||||
default=None,
|
default=None,
|
||||||
help="Password"),
|
help="Password"),
|
||||||
cfg.IntOpt('api_version',
|
cfg.StrOpt('domain_name',
|
||||||
default=None,
|
default=None,
|
||||||
help="Identity API version"),
|
help="Domain name"),
|
||||||
cfg.StrOpt('user_domain_name',
|
cfg.StrOpt('user_domain_name',
|
||||||
default=None,
|
default=None,
|
||||||
help="User domain name"),
|
help="User domain name"),
|
||||||
cfg.StrOpt('project_domain_name',
|
cfg.StrOpt('project_domain_name',
|
||||||
default=None,
|
default=None,
|
||||||
help="Project domain name")])
|
help="Project domain name"),
|
||||||
|
cfg.StrOpt('trust_id',
|
||||||
|
default=None,
|
||||||
|
help="Trust ID for trust scoping.")])
|
||||||
|
|
|
@ -48,16 +48,16 @@ V3_PARAMS = {
|
||||||
'username': 'demo',
|
'username': 'demo',
|
||||||
'password': 'super-secret',
|
'password': 'super-secret',
|
||||||
'auth_url': 'http://10.0.0.1:5678/v3',
|
'auth_url': 'http://10.0.0.1:5678/v3',
|
||||||
'user_domain_name': 'demo',
|
'user_domain_name': 'Default',
|
||||||
'project_domain_name': 'demo'}
|
'project_domain_name': 'Default'}
|
||||||
|
|
||||||
V3_ENVIRON = {
|
V3_ENVIRON = {
|
||||||
'OS_PROJECT_NAME': 'demo',
|
'OS_PROJECT_NAME': 'demo',
|
||||||
'OS_USERNAME': 'demo',
|
'OS_USERNAME': 'demo',
|
||||||
'OS_PASSWORD': 'super-secret',
|
'OS_PASSWORD': 'super-secret',
|
||||||
'OS_AUTH_URL': 'http://10.0.0.1:5678/v3',
|
'OS_AUTH_URL': 'http://10.0.0.1:5678/v3',
|
||||||
'OS_USER_DOMAIN_NAME': 'demo',
|
'OS_USER_DOMAIN_NAME': 'Default',
|
||||||
'OS_PROJECT_DOMAIN_NAME': 'demo'}
|
'OS_PROJECT_DOMAIN_NAME': 'Default'}
|
||||||
|
|
||||||
V3_ENVIRON_WITH_VERSION = dict(V3_ENVIRON, OS_IDENTITY_API_VERSION='3')
|
V3_ENVIRON_WITH_VERSION = dict(V3_ENVIRON, OS_IDENTITY_API_VERSION='3')
|
||||||
|
|
||||||
|
@ -75,9 +75,9 @@ class KeystoneCredentialsTest(base.OpenstackTest):
|
||||||
credentials.validate()
|
credentials.validate()
|
||||||
self.assertEqual(V2_PARAMS, credentials.to_dict())
|
self.assertEqual(V2_PARAMS, credentials.to_dict())
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
"keystone_credentials(auth_url='http://10.0.0.1:5678/v2.0', "
|
"keystone_credentials(api_version=2, "
|
||||||
"username='demo', project_name='demo', password='***', "
|
"auth_url='http://10.0.0.1:5678/v2.0', username='demo', "
|
||||||
"api_version=2)",
|
"password='***', project_name='demo')",
|
||||||
repr(credentials))
|
repr(credentials))
|
||||||
|
|
||||||
def test_validate_from_params_v3(self):
|
def test_validate_from_params_v3(self):
|
||||||
|
@ -85,10 +85,11 @@ class KeystoneCredentialsTest(base.OpenstackTest):
|
||||||
credentials.validate()
|
credentials.validate()
|
||||||
self.assertEqual(V3_PARAMS, credentials.to_dict())
|
self.assertEqual(V3_PARAMS, credentials.to_dict())
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
"keystone_credentials(auth_url='http://10.0.0.1:5678/v3', "
|
"keystone_credentials(api_version=3, "
|
||||||
"username='demo', project_name='demo', password='***', "
|
"auth_url='http://10.0.0.1:5678/v3', username='demo', "
|
||||||
"api_version=3, user_domain_name='demo', "
|
"password='***', project_name='demo', "
|
||||||
"project_domain_name='demo')",
|
"user_domain_name='Default', "
|
||||||
|
"project_domain_name='Default')",
|
||||||
repr(credentials))
|
repr(credentials))
|
||||||
|
|
||||||
def test_validate_without_auth_url(self):
|
def test_validate_without_auth_url(self):
|
||||||
|
|
Loading…
Reference in New Issue