Fix for Horizon Distributed Cloud subcloud switching

-Fixed switching from RegionOne to SystemController
-Fixed tenant list not being displayed on login

Change-Id: I5cdd96744898637df393afaf2631ef4fa438e3b7
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
Story: 2002984
Task: 22994
This commit is contained in:
Tyler Smith 2018-08-15 15:52:55 -04:00
parent 9677c88ef4
commit 3a32084658
4 changed files with 126 additions and 1 deletions

View File

@ -1 +1 @@
TIS_PATCH_VER=3 TIS_PATCH_VER=4

View File

@ -0,0 +1,24 @@
From 4aafd598ace7fc1bf4c5aaf3591b8880e7642d69 Mon Sep 17 00:00:00 2001
From: Tyler Smith <tyler.smith@windriver.com>
Date: Fri, 29 Jun 2018 20:07:09 -0500
Subject: [PATCH 1/1] [PATCH] meta patch for distributed keystone fix
---
SPECS/python-django-openstack-auth.spec | 1 +
1 file changed, 1 insertion(+)
diff --git a/SPECS/python-django-openstack-auth.spec b/SPECS/python-django-openstack-auth.spec
index 9e5aacb..73b87b5 100644
--- a/SPECS/python-django-openstack-auth.spec
+++ b/SPECS/python-django-openstack-auth.spec
@@ -20,6 +20,7 @@ Patch0002: 0002-disable-token-validation-per-auth-request.patch
Patch0003: 0003-cache-authorized-tenants-in-cookie-to-improve-performance.patch
Patch0004: 0004-US112170-Distributed-Keystone.patch
Patch0005: fix_for_session_timeout.patch
+Patch0006: fix_for_dc_region_switching.patch
BuildArch: noarch
--
1.8.3.1

View File

@ -5,3 +5,4 @@
0005-meta-cache-authorized-tenants-in-cookie-to-improve-performance.patch 0005-meta-cache-authorized-tenants-in-cookie-to-improve-performance.patch
0006-meta-Distributed-Keystone.patch 0006-meta-Distributed-Keystone.patch
spec-include-fix_for_session_timeout.patch spec-include-fix_for_session_timeout.patch
0007-meta-patch-for-distributed-keystone-fix.patch

View File

@ -0,0 +1,100 @@
From d7f75aa87d7b476509b21f9c29162763a73a65af Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 29 Jun 2018 19:51:32 -0500
Subject: [PATCH 1/1] Horizon Distributed Cloud subcloud switching
is broken
-Fixed switching from RegionOne to SystemController
-Fixed tenant list not being displayed on login
---
openstack_auth/backend.py | 2 +-
openstack_auth/forms.py | 14 +++++++++++++-
openstack_auth/views.py | 21 ++++++++++++---------
3 files changed, 26 insertions(+), 11 deletions(-)
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
index cd15ca8..4fa7129 100644
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@@ -162,7 +162,7 @@ class KeystoneBackend(object):
# We want to try to use the same region we just logged into
# which may or may not be the default depending upon the order
# keystone uses
- region_name = None
+ region_name = kwargs.get('force_region', None)
id_endpoints = scoped_auth_ref.service_catalog.\
get_endpoints(service_type='identity')
for id_endpoint in [cat for cat in id_endpoints['identity']]:
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
index 4834ab2..49b8d8b 100644
--- a/openstack_auth/forms.py
+++ b/openstack_auth/forms.py
@@ -138,11 +138,24 @@ class Login(django_auth_forms.AuthenticationForm):
if lockedout:
raise forms.ValidationError("user currently locked out.")
+ # when logging in in DC mode we will force the region to
+ # be system controller since authenticate can't map our
+ # hostname to an endpoint/regionname. Changing the hostname
+ # in settings to ip will work but will break region switching
+ # from RegionOne to SystemController since SystemController
+ # region maps back to RegionOne (same keystone)
+ force_region = None
+ if getattr(settings, 'DC_MODE', False) and \
+ region == getattr(settings, 'OPENSTACK_KEYSTONE_URL', None):
+ force_region = utils.DC_SYSTEMCONTROLLER_REGION
+
self.user_cache = authenticate(request=self.request,
username=username,
password=password,
user_domain_name=domain,
- auth_url=region)
+ auth_url=region,
+ force_region=force_region)
+
msg = 'Login successful for user "%(username)s", remote address '\
'%(remote_ip)s.' % {
'username': username,
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index a680abf..0b1351d 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -293,15 +293,17 @@ def switch_region(request, region_name,
endpoint_dict = utils.get_internal_identity_endpoints(
request.user.service_catalog, region_filter=region_name)
- try:
+ # If we were on a subcloud, then the SystemController Identity
+ # endpoint will not be functional, therefore retrieve the
+ # RegionOne endpoint from the session (cached at login)
+ force_region = None
+ if region_name == utils.DC_SYSTEMCONTROLLER_REGION:
+ force_region = utils.DC_SYSTEMCONTROLLER_REGION
+ region_auth_url = request.session.get(
+ 'SystemController_endpoint', None)
+ else:
region_auth_url = endpoint_dict[region_name]
- except KeyError as e:
- # If we were on a subcloud, then the SystemController Identity
- # endpoint will not be available, therefore retrieve it from
- # the session (cached at login)
- if region_name == utils.DC_SYSTEMCONTROLLER_REGION:
- region_auth_url = request.session.get(
- 'SystemController_endpoint', None)
+
if not region_auth_url:
msg = _('Cannot switch to subcloud %s, no Identity available '
@@ -324,7 +326,8 @@ def switch_region(request, region_name,
try:
request.user = auth.authenticate(
request=request, auth_url=unscoped_auth.auth_url,
- token=unscoped_auth_ref.auth_token)
+ token=unscoped_auth_ref.auth_token,
+ force_region=force_region)
except exceptions.KeystoneAuthException as exc:
msg = 'Switching to Subcloud failed: %s' % six.text_type(exc)
res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
--
1.8.3.1