KeystoneManager.authenticate() uses a wrong domain attribute
The request body for /v3/auth/tokens (in KeystoneManager.authenticate())
includes a payload that specifies a wrong domain attribute (i.e.
"id"="default"). The proper attribute to use is "name"="default".
This bug affects the OpenStack Mitaka version while in Liberty seems to
be accepted or ignored.
- added two new KeystoneManager configuration attributes:
user_domain_name and project_domain_name
Change-Id: I0b9e56260d2e425399fe5a0c18a10af250a9f022
Sem-Ver: bugfix
Closes-bug: #1645318
This commit is contained in:
Lisa Zangrando
parent
1a36a1db90
commit
0309dd1cc6
@ -64,7 +64,8 @@ class Token(SynergyObject):
|
||||
|
||||
token.setUser(user)
|
||||
|
||||
token.getExtras().update(data["extras"])
|
||||
if "extras" in data:
|
||||
token.getExtras().update(data["extras"])
|
||||
|
||||
for info in data["roles"]:
|
||||
role = Role()
|
||||
|
||||
@ -48,12 +48,20 @@ class KeystoneManager(Manager):
|
||||
cfg.StrOpt("username",
|
||||
help="the name of user with admin role",
|
||||
required=True),
|
||||
cfg.StrOpt("user_domain_name",
|
||||
help="the user domain",
|
||||
default="default",
|
||||
required=False),
|
||||
cfg.StrOpt("password",
|
||||
help="the password of user with admin role",
|
||||
required=True),
|
||||
cfg.StrOpt("project_name",
|
||||
help="the project to request authorization on",
|
||||
required=True),
|
||||
cfg.StrOpt("project_domain_name",
|
||||
help="the project domain",
|
||||
default="default",
|
||||
required=False),
|
||||
cfg.StrOpt("project_id",
|
||||
help="the project id to request authorization on",
|
||||
required=False),
|
||||
@ -71,7 +79,9 @@ class KeystoneManager(Manager):
|
||||
self.auth_url = CONF.KeystoneManager.auth_url
|
||||
self.username = CONF.KeystoneManager.username
|
||||
self.password = CONF.KeystoneManager.password
|
||||
self.user_domain_name = CONF.KeystoneManager.user_domain_name
|
||||
self.project_name = CONF.KeystoneManager.project_name
|
||||
self.project_domain_name = CONF.KeystoneManager.project_domain_name
|
||||
self.project_id = CONF.KeystoneManager.project_id
|
||||
self.timeout = CONF.KeystoneManager.timeout
|
||||
self.trust_expiration = CONF.KeystoneManager.trust_expiration
|
||||
@ -146,20 +156,23 @@ class KeystoneManager(Manager):
|
||||
"User-Agent": "synergy"}
|
||||
|
||||
identity = {"methods": ["password"],
|
||||
"password": {"user": {"name": self.username,
|
||||
"domain": {"id": "default"},
|
||||
"password": self.password}}}
|
||||
"password": {
|
||||
"user": {"name": self.username,
|
||||
"domain": {"name": self.user_domain_name},
|
||||
"password": self.password}}}
|
||||
|
||||
data = {"auth": {}}
|
||||
data["auth"]["identity"] = identity
|
||||
|
||||
if self.project_name:
|
||||
data["auth"]["scope"] = {"project": {"name": self.project_name,
|
||||
"domain": {"id": "default"}}}
|
||||
data["auth"]["scope"] = {
|
||||
"project": {"name": self.project_name,
|
||||
"domain": {"name": self.project_domain_name}}}
|
||||
|
||||
if self.project_id:
|
||||
data["auth"]["scope"] = {"project": {"id": self.project_id,
|
||||
"domain": {"id": "default"}}}
|
||||
data["auth"]["scope"] = {
|
||||
"project": {"id": self.project_id,
|
||||
"domain": {"name": self.project_domaini_name}}}
|
||||
|
||||
response = requests.post(url=self.auth_url + "/auth/tokens",
|
||||
headers=headers,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user