Use auth_url as identity endpoint when not project scoped
There are a set of actions in keystone that can be performed without a project scope, but the current discovery code will try to find the identity endpoint in the catalog. Use the auth_url for identity_endpoint_override when there is either no project info or system-scope declaration. Change-Id: Ibab4b2af2ca71fd9bd388829afcf9062431739ec
This commit is contained in:
		| @@ -38,6 +38,12 @@ from openstack.config import defaults as config_defaults | |||||||
| from openstack import exceptions | from openstack import exceptions | ||||||
| from openstack import proxy | from openstack import proxy | ||||||
|  |  | ||||||
|  | SCOPE_KEYS = { | ||||||
|  |     'domain_id', 'domain_name', | ||||||
|  |     'project_id', 'project_name', | ||||||
|  |     'system_scope' | ||||||
|  | } | ||||||
|  |  | ||||||
|  |  | ||||||
| def _make_key(key, service_type): | def _make_key(key, service_type): | ||||||
|     if not service_type: |     if not service_type: | ||||||
| @@ -313,6 +319,7 @@ class CloudRegion(object): | |||||||
|         return self._get_config('service_name', service_type) |         return self._get_config('service_name', service_type) | ||||||
|  |  | ||||||
|     def get_endpoint(self, service_type): |     def get_endpoint(self, service_type): | ||||||
|  |         auth = self.config.get('auth', {}) | ||||||
|         value = self._get_config('endpoint_override', service_type) |         value = self._get_config('endpoint_override', service_type) | ||||||
|         if not value: |         if not value: | ||||||
|             value = self._get_config('endpoint', service_type) |             value = self._get_config('endpoint', service_type) | ||||||
| @@ -320,7 +327,13 @@ class CloudRegion(object): | |||||||
|             # If endpoint is given and we're using the none auth type, |             # If endpoint is given and we're using the none auth type, | ||||||
|             # then the endpoint value is the endpoint_override for every |             # then the endpoint value is the endpoint_override for every | ||||||
|             # service. |             # service. | ||||||
|             value = self.config.get('auth', {}).get('endpoint') |             value = auth.get('endpoint') | ||||||
|  |         if (not value and service_type == 'identity' | ||||||
|  |                 and SCOPE_KEYS.isdisjoint(set(auth.keys()))): | ||||||
|  |             # There are a small number of unscoped identity operations. | ||||||
|  |             # Specifically, looking up a list of projects/domains/system to | ||||||
|  |             # scope to. | ||||||
|  |             value = auth.get('auth_url') | ||||||
|         return value |         return value | ||||||
|  |  | ||||||
|     def get_connect_retries(self, service_type): |     def get_connect_retries(self, service_type): | ||||||
|   | |||||||
| @@ -168,6 +168,23 @@ class TestConfig(base.TestCase): | |||||||
|         self.assertNotIn('domain-id', cc.auth) |         self.assertNotIn('domain-id', cc.auth) | ||||||
|         self.assertNotIn('domain_id', cc) |         self.assertNotIn('domain_id', cc) | ||||||
|  |  | ||||||
|  |     def test_get_one_unscoped_identity(self): | ||||||
|  |         single_conf = base._write_yaml({ | ||||||
|  |             'clouds': { | ||||||
|  |                 'unscoped': { | ||||||
|  |                     'auth': { | ||||||
|  |                         'auth_url': 'http://example.com/v2', | ||||||
|  |                         'username': 'testuser', | ||||||
|  |                         'password': 'testpass', | ||||||
|  |                     }, | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|  |         }) | ||||||
|  |         c = config.OpenStackConfig(config_files=[single_conf], | ||||||
|  |                                    vendor_files=[self.vendor_yaml]) | ||||||
|  |         cc = c.get_one() | ||||||
|  |         self.assertEqual('http://example.com/v2', cc.get_endpoint('identity')) | ||||||
|  |  | ||||||
|     def test_get_one_domain_scoped(self): |     def test_get_one_domain_scoped(self): | ||||||
|         c = config.OpenStackConfig(config_files=[self.cloud_yaml], |         c = config.OpenStackConfig(config_files=[self.cloud_yaml], | ||||||
|                                    vendor_files=[self.vendor_yaml]) |                                    vendor_files=[self.vendor_yaml]) | ||||||
| @@ -175,6 +192,7 @@ class TestConfig(base.TestCase): | |||||||
|         self.assertEqual('12345', cc.auth['domain_id']) |         self.assertEqual('12345', cc.auth['domain_id']) | ||||||
|         self.assertNotIn('user_domain_id', cc.auth) |         self.assertNotIn('user_domain_id', cc.auth) | ||||||
|         self.assertNotIn('project_domain_id', cc.auth) |         self.assertNotIn('project_domain_id', cc.auth) | ||||||
|  |         self.assertIsNone(cc.get_endpoint('identity')) | ||||||
|  |  | ||||||
|     def test_get_one_infer_user_domain(self): |     def test_get_one_infer_user_domain(self): | ||||||
|         c = config.OpenStackConfig(config_files=[self.cloud_yaml], |         c = config.OpenStackConfig(config_files=[self.cloud_yaml], | ||||||
|   | |||||||
| @@ -0,0 +1,7 @@ | |||||||
|  | --- | ||||||
|  | features: | ||||||
|  |   - | | ||||||
|  |     The ``auth_url`` will be used for the default value of | ||||||
|  |     ``identity_endpoint_override`` in the absence of project or system-scope | ||||||
|  |     information. This should simplify some actions such as listing available | ||||||
|  |     projects. | ||||||
		Reference in New Issue
	
	Block a user
	 Monty Taylor
					Monty Taylor