Heat and Synergy interfere on the management of the users trust

Heat and Synergy use the Trust mechanism for making service delegations. Synergy must be able to distinguish the trusts created by Heat from the ones created by itself. Change-Id: I5fdc04fdf94397f8f3b5f336bbaf22781e3ed467 Sem-Ver: bugfix
2017-01-25 11:20:23 +01:00 · 2017-01-25 11:20:23 +01:00 · 75696d2e6b
commit 75696d2e6b
parent a858311eb9
1 changed files with 22 additions and 11 deletions
--- a/synergy_scheduler_manager/scheduler_manager.py
+++ b/synergy_scheduler_manager/scheduler_manager.py
@ -263,24 +263,30 @@ class Worker(Thread):
                    blocking = True

                if quota.allocate(server, blocking=blocking):
+                    try:
+                        km = self.keystone_manager
+                        trust = km.getTrust(context["trust_id"])
+                        token = trust.getToken(km.getToken().getId())
+
+                        context["auth_token"] = token.getId()
+                        context["user_id"] = token.getUser().getId()
+                    except Exception as ex:
+                        LOG.error("Worker %r: error on getting the token "
+                                  "for server (id=%r) reason=%s"
+                                  % (self.name, server.getId(), ex))
+                        raise ex
+
                    try:
                        computes = self.nova_manager.selectComputes(request)
                    except Exception as ex:
                        LOG.warn("Worker %s: compute not found for server %r!"
                                 " [reason=%s]" % (self.name,
-                                                   server.getId(), ex))
+                                                   server.getId(), ex.message))

                    found = False

                    for compute in computes:
                        try:
-                            km = self.keystone_manager
-                            trust = km.getTrust(context["trust_id"])
-                            token = trust.getToken(km.getToken().getId())
-
-                            context["auth_token"] = token.getId()
-                            context["user_id"] = token.getUser().getId()
-
                            self.nova_manager.buildServer(request, compute)

                            LOG.info("Worker %r: server (id=%r) "
@ -572,13 +578,18 @@ class SchedulerManager(Manager):
                    km = self.keystone_manager
                    token_user = km.validateToken(context["auth_token"])
                    token_admin = km.getToken()
+                    admin_id = token_admin.getUser().getId()
+                    trust = None

                    trusts = km.getTrusts(
                        user_id=token_user.getUser().getId(), token=token_user)

-                    if trusts:
-                        trust = trusts[0]
-                    else:
+                    for _trust in trusts:
+                        if _trust.getTrusteeUserId() == admin_id:
+                            trust = _trust
+                            break
+
+                    if not trust:
                        trust = km.makeTrust(
                            token_admin.getUser().getId(), token_user)