When we pass auth_url in nbi.cfg -> [authentication], the auth_url is used by password manager
but not by keystone http client. Need to pass auth_url to httpclient so that it uses auth_url
instead of https://keystone:5000 which is in service catalog of keystone.
Added http://keystone:5000/v3 to docker files.
Added regex validation for auth_url.
Change-Id: Ie3e144dd826e73a27c25f917cf54e64cf4c22207
Signed-off-by: K Sai Kiran <saikiran.k@tataelxsi.co.in>
# authentication
ENV OSMNBI_AUTHENTICATION_BACKEND internal
#ENV OSMNBI_AUTHENTICATION_BACKEND keystone
-#ENV OSMNBI_AUTHENTICATION_AUTH_URL keystone
+#ENV OSMNBI_AUTHENTICATION_AUTH_URL http://keystone:5000/v3
#ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000
#ENV OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME default
#ENV OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME default
# authentication
ENV OSMNBI_AUTHENTICATION_BACKEND internal
#ENV OSMNBI_AUTHENTICATION_BACKEND keystone
-#ENV OSMNBI_AUTHENTICATION_AUTH_URL keystone
+#ENV OSMNBI_AUTHENTICATION_AUTH_URL http://keystone:5000/v3
#ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000
# DOMAIN_NAME can be a single value or a comma separated list of values. The first value is for internal domain
from keystoneauth1.exceptions.http import Conflict
from keystoneclient.v3 import client
from http import HTTPStatus
-from osm_nbi.validation import is_valid_uuid
+from osm_nbi.validation import is_valid_uuid, validate_input, http_schema
class AuthconnKeystone(Authconn):
self.domains_id2name = {}
self.domains_name2id = {}
- self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_url", "keystone"), config.get("auth_port", "5000"))
+ self.auth_url = config.get("auth_url")
+ if config.get("auth_url"):
+ validate_input(self.auth_url, http_schema)
+ else:
+ self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_host", "keystone"),
+ config.get("auth_port", "5000"))
self.user_domain_name_list = config.get("user_domain_name", "default")
self.user_domain_name_list = self.user_domain_name_list.split(",")
# read only domain list
project_name=self.admin_project,
auth_url=self.auth_url)
self.sess = session.Session(auth=self.auth)
- self.keystone = client.Client(session=self.sess)
+ self.keystone = client.Client(session=self.sess, endpoint_override=self.auth_url)
def authenticate(self, credentials, token_info=None):
"""
# user_domain_name: "default,ldap"
# project_domain_name: "default,ldap"
+# Keystone config parameters are
+# auth_url: format https://<ip>:<port>/v3 # v3 is necessary
+# auth_host: ip address of keystone host.
+# auth_port: port number of keystone.
+# Provide either auth_url or (auth_host and auth_port)
+# service_username: "nbi"
+# service_password: "nbi"
+
# Only for test. It works without authorization using the provided user and project:
# user_not_authorized: "admin"
# project_not_authorized: "admin"
pci_schema = {"type": "string", "pattern": "^[0-9a-fA-F]{4}(:[0-9a-fA-F]{2}){2}\\.[0-9a-fA-F]$"}
# allows [] for wildcards. For that reason huge length limit is set
pci_extended_schema = {"type": "string", "pattern": "^[0-9a-fA-F.:-\\[\\]]{12,40}$"}
-http_schema = {"type": "string", "pattern": "^https?://[^'\"=]+$"}
+http_schema = {"type": "string", "pattern": "^(https?|http)://[^'\"=]+$"}
bandwidth_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]bps)?$"}
memory_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]i?[Bb])?$"}
integer0_schema = {"type": "integer", "minimum": 0}
projects / osm / NBI.git / commitdiff