Merge "Fix for Horizon Distributed Cloud subcloud switching"
This commit is contained in:
Zuul
Gerrit Code Review
commit
80ed2794bc
|
|
@ -1 +1 @@
|
|||
TIS_PATCH_VER=3
|
||||
TIS_PATCH_VER=4
|
||||
|
|
|
|||
|
|
@ -0,0 +1,24 @@
|
|||
From 4aafd598ace7fc1bf4c5aaf3591b8880e7642d69 Mon Sep 17 00:00:00 2001
|
||||
From: Tyler Smith <tyler.smith@windriver.com>
|
||||
Date: Fri, 29 Jun 2018 20:07:09 -0500
|
||||
Subject: [PATCH 1/1] [PATCH] meta patch for distributed keystone fix
|
||||
|
||||
---
|
||||
SPECS/python-django-openstack-auth.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/python-django-openstack-auth.spec b/SPECS/python-django-openstack-auth.spec
|
||||
index 9e5aacb..73b87b5 100644
|
||||
--- a/SPECS/python-django-openstack-auth.spec
|
||||
+++ b/SPECS/python-django-openstack-auth.spec
|
||||
@@ -20,6 +20,7 @@ Patch0002: 0002-disable-token-validation-per-auth-request.patch
|
||||
Patch0003: 0003-cache-authorized-tenants-in-cookie-to-improve-performance.patch
|
||||
Patch0004: 0004-US112170-Distributed-Keystone.patch
|
||||
Patch0005: fix_for_session_timeout.patch
|
||||
+Patch0006: fix_for_dc_region_switching.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
|
|
@ -5,3 +5,4 @@
|
|||
0005-meta-cache-authorized-tenants-in-cookie-to-improve-performance.patch
|
||||
0006-meta-Distributed-Keystone.patch
|
||||
spec-include-fix_for_session_timeout.patch
|
||||
0007-meta-patch-for-distributed-keystone-fix.patch
|
||||
|
|
|
|||
|
|
@ -0,0 +1,100 @@
|
|||
From d7f75aa87d7b476509b21f9c29162763a73a65af Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Fri, 29 Jun 2018 19:51:32 -0500
|
||||
Subject: [PATCH 1/1] Horizon Distributed Cloud subcloud switching
|
||||
is broken
|
||||
|
||||
-Fixed switching from RegionOne to SystemController
|
||||
-Fixed tenant list not being displayed on login
|
||||
---
|
||||
openstack_auth/backend.py | 2 +-
|
||||
openstack_auth/forms.py | 14 +++++++++++++-
|
||||
openstack_auth/views.py | 21 ++++++++++++---------
|
||||
3 files changed, 26 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
|
||||
index cd15ca8..4fa7129 100644
|
||||
--- a/openstack_auth/backend.py
|
||||
+++ b/openstack_auth/backend.py
|
||||
@@ -162,7 +162,7 @@ class KeystoneBackend(object):
|
||||
# We want to try to use the same region we just logged into
|
||||
# which may or may not be the default depending upon the order
|
||||
# keystone uses
|
||||
- region_name = None
|
||||
+ region_name = kwargs.get('force_region', None)
|
||||
id_endpoints = scoped_auth_ref.service_catalog.\
|
||||
get_endpoints(service_type='identity')
|
||||
for id_endpoint in [cat for cat in id_endpoints['identity']]:
|
||||
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
|
||||
index 4834ab2..49b8d8b 100644
|
||||
--- a/openstack_auth/forms.py
|
||||
+++ b/openstack_auth/forms.py
|
||||
@@ -138,11 +138,24 @@ class Login(django_auth_forms.AuthenticationForm):
|
||||
if lockedout:
|
||||
raise forms.ValidationError("user currently locked out.")
|
||||
|
||||
+ # when logging in in DC mode we will force the region to
|
||||
+ # be system controller since authenticate can't map our
|
||||
+ # hostname to an endpoint/regionname. Changing the hostname
|
||||
+ # in settings to ip will work but will break region switching
|
||||
+ # from RegionOne to SystemController since SystemController
|
||||
+ # region maps back to RegionOne (same keystone)
|
||||
+ force_region = None
|
||||
+ if getattr(settings, 'DC_MODE', False) and \
|
||||
+ region == getattr(settings, 'OPENSTACK_KEYSTONE_URL', None):
|
||||
+ force_region = utils.DC_SYSTEMCONTROLLER_REGION
|
||||
+
|
||||
self.user_cache = authenticate(request=self.request,
|
||||
username=username,
|
||||
password=password,
|
||||
user_domain_name=domain,
|
||||
- auth_url=region)
|
||||
+ auth_url=region,
|
||||
+ force_region=force_region)
|
||||
+
|
||||
msg = 'Login successful for user "%(username)s", remote address '\
|
||||
'%(remote_ip)s.' % {
|
||||
'username': username,
|
||||
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
|
||||
index a680abf..0b1351d 100644
|
||||
--- a/openstack_auth/views.py
|
||||
+++ b/openstack_auth/views.py
|
||||
@@ -293,15 +293,17 @@ def switch_region(request, region_name,
|
||||
endpoint_dict = utils.get_internal_identity_endpoints(
|
||||
request.user.service_catalog, region_filter=region_name)
|
||||
|
||||
- try:
|
||||
+ # If we were on a subcloud, then the SystemController Identity
|
||||
+ # endpoint will not be functional, therefore retrieve the
|
||||
+ # RegionOne endpoint from the session (cached at login)
|
||||
+ force_region = None
|
||||
+ if region_name == utils.DC_SYSTEMCONTROLLER_REGION:
|
||||
+ force_region = utils.DC_SYSTEMCONTROLLER_REGION
|
||||
+ region_auth_url = request.session.get(
|
||||
+ 'SystemController_endpoint', None)
|
||||
+ else:
|
||||
region_auth_url = endpoint_dict[region_name]
|
||||
- except KeyError as e:
|
||||
- # If we were on a subcloud, then the SystemController Identity
|
||||
- # endpoint will not be available, therefore retrieve it from
|
||||
- # the session (cached at login)
|
||||
- if region_name == utils.DC_SYSTEMCONTROLLER_REGION:
|
||||
- region_auth_url = request.session.get(
|
||||
- 'SystemController_endpoint', None)
|
||||
+
|
||||
|
||||
if not region_auth_url:
|
||||
msg = _('Cannot switch to subcloud %s, no Identity available '
|
||||
@@ -324,7 +326,8 @@ def switch_region(request, region_name,
|
||||
try:
|
||||
request.user = auth.authenticate(
|
||||
request=request, auth_url=unscoped_auth.auth_url,
|
||||
- token=unscoped_auth_ref.auth_token)
|
||||
+ token=unscoped_auth_ref.auth_token,
|
||||
+ force_region=force_region)
|
||||
except exceptions.KeystoneAuthException as exc:
|
||||
msg = 'Switching to Subcloud failed: %s' % six.text_type(exc)
|
||||
res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
Loading…
Reference in New Issue