From 0309dd1cc619734dbfaab54cde0acb09ab14c70f Mon Sep 17 00:00:00 2001 From: Lisa Zangrando Date: Mon, 28 Nov 2016 14:17:10 +0100 Subject: [PATCH] KeystoneManager.authenticate() uses a wrong domain attribute The request body for /v3/auth/tokens (in KeystoneManager.authenticate()) includes a payload that specifies a wrong domain attribute (i.e. "id"="default"). The proper attribute to use is "name"="default". This bug affects the OpenStack Mitaka version while in Liberty seems to be accepted or ignored. - added two new KeystoneManager configuration attributes: user_domain_name and project_domain_name Change-Id: I0b9e56260d2e425399fe5a0c18a10af250a9f022 Sem-Ver: bugfix Closes-bug: #1645318 --- synergy_scheduler_manager/common/token.py | 3 ++- synergy_scheduler_manager/keystone_manager.py | 27 ++++++++++++++----- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/synergy_scheduler_manager/common/token.py b/synergy_scheduler_manager/common/token.py index 40eff74..df54ae1 100644 --- a/synergy_scheduler_manager/common/token.py +++ b/synergy_scheduler_manager/common/token.py @@ -64,7 +64,8 @@ class Token(SynergyObject): token.setUser(user) - token.getExtras().update(data["extras"]) + if "extras" in data: + token.getExtras().update(data["extras"]) for info in data["roles"]: role = Role() diff --git a/synergy_scheduler_manager/keystone_manager.py b/synergy_scheduler_manager/keystone_manager.py index 93cf299..def83e8 100644 --- a/synergy_scheduler_manager/keystone_manager.py +++ b/synergy_scheduler_manager/keystone_manager.py @@ -48,12 +48,20 @@ class KeystoneManager(Manager): cfg.StrOpt("username", help="the name of user with admin role", required=True), + cfg.StrOpt("user_domain_name", + help="the user domain", + default="default", + required=False), cfg.StrOpt("password", help="the password of user with admin role", required=True), cfg.StrOpt("project_name", help="the project to request authorization on", required=True), + cfg.StrOpt("project_domain_name", + help="the project domain", + default="default", + required=False), cfg.StrOpt("project_id", help="the project id to request authorization on", required=False), @@ -71,7 +79,9 @@ class KeystoneManager(Manager): self.auth_url = CONF.KeystoneManager.auth_url self.username = CONF.KeystoneManager.username self.password = CONF.KeystoneManager.password + self.user_domain_name = CONF.KeystoneManager.user_domain_name self.project_name = CONF.KeystoneManager.project_name + self.project_domain_name = CONF.KeystoneManager.project_domain_name self.project_id = CONF.KeystoneManager.project_id self.timeout = CONF.KeystoneManager.timeout self.trust_expiration = CONF.KeystoneManager.trust_expiration @@ -146,20 +156,23 @@ class KeystoneManager(Manager): "User-Agent": "synergy"} identity = {"methods": ["password"], - "password": {"user": {"name": self.username, - "domain": {"id": "default"}, - "password": self.password}}} + "password": { + "user": {"name": self.username, + "domain": {"name": self.user_domain_name}, + "password": self.password}}} data = {"auth": {}} data["auth"]["identity"] = identity if self.project_name: - data["auth"]["scope"] = {"project": {"name": self.project_name, - "domain": {"id": "default"}}} + data["auth"]["scope"] = { + "project": {"name": self.project_name, + "domain": {"name": self.project_domain_name}}} if self.project_id: - data["auth"]["scope"] = {"project": {"id": self.project_id, - "domain": {"id": "default"}}} + data["auth"]["scope"] = { + "project": {"id": self.project_id, + "domain": {"name": self.project_domaini_name}}} response = requests.post(url=self.auth_url + "/auth/tokens", headers=headers,