File 0020-compute-Add-support-for-keystone-v3-authen... of Package fence-agents.9831

Overview Repositories Revisions Requests Users Attributes Meta

File 0020-compute-Add-support-for-keystone-v3-authentication.patch of Package fence-agents.9831

From 549fee1c18cfb31881c9126ae46a4bd9b20b4716 Mon Sep 17 00:00:00 2001
From: Andrew Beekhof <andrew@beekhof.net>
Date: Thu, 23 Nov 2017 12:07:19 +1100
Subject: [PATCH] compute: Add support for keystone v3 authentication

---
 fence/agents/compute/fence_compute.py  | 76 ++++++++++++++++++++++++++--------
 fence/agents/compute/fence_evacuate.py | 69 +++++++++++++++++++++++-------
 2 files changed, 113 insertions(+), 32 deletions(-)

Index: fence-agents-4.0.25+git.1485179354.eb43835/fence/agents/compute/fence_compute.py
===================================================================
--- fence-agents-4.0.25+git.1485179354.eb43835.orig/fence/agents/compute/fence_compute.py
+++ fence-agents-4.0.25+git.1485179354.eb43835/fence/agents/compute/fence_compute.py
@@ -264,13 +264,37 @@ def create_nova_connection(options):
 	except ImportError:
 		fail_usage("Nova not found or not accessible")
 
-	versions = [ "2.11", "2" ]
-	for version in versions:
-		clientargs = inspect.getargspec(client.Client).varargs
+	from keystoneauth1 import loading
+	from keystoneauth1 import session
+	from keystoneclient import discover
+
+	# Prefer the oldest and strip the leading 'v'
+	keystone_versions = discover.available_versions(options["--auth-url"])
+	keystone_version = keystone_versions[0]['id'][1:]
+	kwargs = dict(
+		auth_url=options["--auth-url"],
+		username=options["--username"],
+		password=options["--password"]
+		)
+
+	if discover.version_match("2", keystone_version):
+		kwargs["tenant_name"] = options["--tenant-name"]
+
+	elif discover.version_match("3", keystone_version):
+		kwargs["project_name"] = options["--tenant-name"]
+		kwargs["user_domain_name"] = options["--user-domain"]
+		kwargs["project_domain_name"] = options["--project-domain"]
+
+	loader = loading.get_plugin_loader('password')
+	keystone_auth = loader.load_from_options(**kwargs)
+	keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))
 
+	nova_versions = [ "2.11", "2" ]
+	for version in nova_versions:
+		clientargs = inspect.getargspec(client.Client).varargs
 		# Some versions of Openstack prior to Ocata only
 		# supported positional arguments for username,
-		# password and tenant.
+		# password, and tenant.
 		#
 		# Versions since Ocata only support named arguments.
 		#
@@ -285,25 +309,22 @@ def create_nova_connection(options):
 			#	 varargs=None,
 			#	 keywords='kwargs', defaults=(None, None, None, None))
 			nova = client.Client(version,
-					     options["--username"],
-					     options["--password"],
-					     options["--tenant-name"],
-					     options["--auth-url"],
+					     None, # User
+					     None, # Password
+					     None, # Tenant
+					     None, # Auth URL
 					     insecure=options["--insecure"],
 					     region_name=options["--region-name"],
 					     endpoint_type=options["--endpoint-type"],
+					     session=keystone_session, auth=keystone_auth,
 					     http_log_debug=options.has_key("--verbose"))
 		else:
 			# OSP >= 11
 			# ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None)
 			nova = client.Client(version,
-					     username=options["--username"],
-					     password=options["--password"],
-					     tenant_name=options["--tenant-name"],
-					     auth_url=options["--auth-url"],
-					     insecure=options["--insecure"],
 					     region_name=options["--region-name"],
 					     endpoint_type=options["--endpoint-type"],
+					     session=keystone_session, auth=keystone_auth,
 					     http_log_debug=options.has_key("--verbose"))
 
 		try:
@@ -332,12 +353,30 @@ def define_new_opts():
 	all_opt["tenant_name"] = {
 		"getopt" : "t:",
 		"longopt" : "tenant-name",
-		"help" : "-t, --tenant-name=[tenant]     Keystone Admin Tenant",
+		"help" : "-t, --tenant-name=[name]       Keystone v2 Tenant or v3 Project Name",
 		"required" : "0",
-		"shortdesc" : "Keystone Admin Tenant",
+		"shortdesc" : "Keystone Admin Tenant or v3 Project",
 		"default" : "",
 		"order": 1,
 	}
+	all_opt["user-domain"] = {
+		"getopt" : "u:",
+		"longopt" : "user-domain",
+		"help" : "-u, --user-domain=[name]       Keystone v3 User Domain",
+		"required" : "0",
+		"shortdesc" : "Keystone v3 User Domain",
+		"default" : "Default",
+		"order": 2,
+	}
+	all_opt["project-domain"] = {
+		"getopt" : "P:",
+		"longopt" : "project-domain",
+		"help" : "-d, --project-domain=[name]    Keystone v3 Project Domain",
+		"required" : "0",
+		"shortdesc" : "Keystone v3 Project Domain",
+		"default" : "Default",
+		"order": 2,
+	}
 	all_opt["auth_url"] = {
 		"getopt" : "k:",
 		"longopt" : "auth-url",
@@ -365,7 +404,7 @@ def define_new_opts():
 		"default" : "False",
 		"order": 2,
 	}
-	all_opt["domain"] = {
+	all_opt["compute-domain"] = {
 		"getopt" : "d:",
 		"longopt" : "domain",
 		"help" : "-d, --domain=[string]          DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN",
@@ -418,8 +457,8 @@ def main():
 	atexit.register(atexit_handler)
 
 	device_opt = ["login", "passwd", "tenant_name", "auth_url", "fabric_fencing",
-		"no_login", "no_password", "port", "domain", "no_shared_storage", "endpoint_type",
-		"record_only", "instance_filtering", "insecure", "region_name"]
+		      "no_login", "no_password", "port", "compute-domain", "project-domain", "user-domain",
+		      "no_shared_storage", "endpoint_type", "record_only", "instance_filtering", "insecure", "region_name"]
 	define_new_opts()
 	all_opt["shell_timeout"]["default"] = "180"
 
Index: fence-agents-4.0.25+git.1485179354.eb43835/fence/agents/compute/fence_evacuate.py
===================================================================
--- fence-agents-4.0.25+git.1485179354.eb43835.orig/fence/agents/compute/fence_evacuate.py
+++ fence-agents-4.0.25+git.1485179354.eb43835/fence/agents/compute/fence_evacuate.py
@@ -197,13 +197,38 @@ def create_nova_connection(options):
 	except ImportError:
 		fail_usage("Nova not found or not accessible")
 
+	from keystoneauth1 import loading
+	from keystoneauth1 import session
+	from keystoneclient import discover
+
+	# Prefer the oldest and strip the leading 'v'
+	keystone_versions = discover.available_versions(options["--auth-url"])
+	keystone_version = keystone_versions[0]['id'][1:]
+	kwargs = dict(
+		auth_url=options["--auth-url"],
+		username=options["--username"],
+		password=options["--password"]
+		)
+
+	if discover.version_match("2", keystone_version):
+		kwargs["tenant_name"] = options["--tenant-name"]
+
+	elif discover.version_match("3", keystone_version):
+		kwargs["project_name"] = options["--tenant-name"]
+		kwargs["user_domain_name"] = options["--user-domain"]
+		kwargs["project_domain_name"] = options["--project-domain"]
+
+	loader = loading.get_plugin_loader('password')
+	keystone_auth = loader.load_from_options(**kwargs)
+	keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"]))
+
 	versions = [ "2.11", "2" ]
 	for version in versions:
 		clientargs = inspect.getargspec(client.Client).varargs
 
 		# Some versions of Openstack prior to Ocata only
 		# supported positional arguments for username,
-		# password and tenant.
+		# password, and tenant.
 		#
 		# Versions since Ocata only support named arguments.
 		#
@@ -218,25 +243,22 @@ def create_nova_connection(options):
 			#	 varargs=None,
 			#	 keywords='kwargs', defaults=(None, None, None, None))
 			nova = client.Client(version,
-					     options["--username"],
-					     options["--password"],
-					     options["--tenant-name"],
-					     options["--auth-url"],
+					     None, # User
+					     None, # Password
+					     None, # Tenant
+					     None, # Auth URL
 					     insecure=options["--insecure"],
 					     region_name=options["--region-name"],
 					     endpoint_type=options["--endpoint-type"],
+					     session=keystone_session, auth=keystone_auth,
 					     http_log_debug=options.has_key("--verbose"))
 		else:
 			# OSP >= 11
 			# ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None)
 			nova = client.Client(version,
-					     username=options["--username"],
-					     password=options["--password"],
-					     tenant_name=options["--tenant-name"],
-					     auth_url=options["--auth-url"],
-					     insecure=options["--insecure"],
 					     region_name=options["--region-name"],
 					     endpoint_type=options["--endpoint-type"],
+					     session=keystone_session, auth=keystone_auth,
 					     http_log_debug=options.has_key("--verbose"))
 
 		try:
@@ -265,12 +287,30 @@ def define_new_opts():
 	all_opt["tenant_name"] = {
 		"getopt" : "t:",
 		"longopt" : "tenant-name",
-		"help" : "-t, --tenant-name=[tenant]     Keystone Admin Tenant",
+		"help" : "-t, --tenant-name=[name]       Keystone v2 Tenant or v3 Project Name",
 		"required" : "0",
-		"shortdesc" : "Keystone Admin Tenant",
+		"shortdesc" : "Keystone Admin Tenant or v3 Project",
 		"default" : "",
 		"order": 1,
 	}
+	all_opt["user-domain"] = {
+		"getopt" : "u:",
+		"longopt" : "user-domain",
+		"help" : "-u, --user-domain=[name]       Keystone v3 User Domain",
+		"required" : "0",
+		"shortdesc" : "Keystone v3 User Domain",
+		"default" : "Default",
+		"order": 2,
+	}
+	all_opt["project-domain"] = {
+		"getopt" : "P:",
+		"longopt" : "project-domain",
+		"help" : "-d, --project-domain=[name]    Keystone v3 Project Domain",
+		"required" : "0",
+		"shortdesc" : "Keystone v3 Project Domain",
+		"default" : "Default",
+		"order": 2,
+	}
 	all_opt["auth_url"] = {
 		"getopt" : "k:",
 		"longopt" : "auth-url",
@@ -298,7 +338,7 @@ def define_new_opts():
 		"default" : "False",
 		"order": 2,
 	}
-	all_opt["domain"] = {
+	all_opt["compute-domain"] = {
 		"getopt" : "d:",
 		"longopt" : "domain",
 		"help" : "-d, --domain=[string]                  DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN",
@@ -329,8 +369,9 @@ def main():
 	atexit.register(atexit_handler)
 
 	device_opt = ["login", "passwd", "tenant_name", "auth_url",
-		"no_login", "no_password", "port", "domain", "no_shared_storage", "endpoint_type",
-		"instance_filtering", "insecure", "region_name"]
+		      "no_login", "no_password", "port", "compute-domain", "project-domain",
+		      "user-domain", "no_shared_storage", "endpoint_type",
+		      "instance_filtering", "insecure", "region_name"]
 	define_new_opts()
 	all_opt["shell_timeout"]["default"] = "180"

Places

File 0020-compute-Add-support-for-keystone-v3-authentication.patch of Package fence-agents.9831

Places