From: K Sai Kiran Date: Wed, 20 May 2020 06:55:12 +0000 (+0530) Subject: Bug 1068 fixed for auth_url in keystone X-Git-Tag: v7.1.0rc2~3 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=27290aa9833bd5fcfb1223d44c6508ccf114835b;p=osm%2FNBI.git Bug 1068 fixed for auth_url in keystone When we pass auth_url in nbi.cfg -> [authentication], the auth_url is used by password manager but not by keystone http client. Need to pass auth_url to httpclient so that it uses auth_url instead of https://keystone:5000 which is in service catalog of keystone. Added http://keystone:5000/v3 to docker files. Added regex validation for auth_url. Change-Id: Ie3e144dd826e73a27c25f917cf54e64cf4c22207 Signed-off-by: K Sai Kiran --- diff --git a/Dockerfile.fromdeb b/Dockerfile.fromdeb index 9c3e245..ec348cb 100644 --- a/Dockerfile.fromdeb +++ b/Dockerfile.fromdeb @@ -66,7 +66,7 @@ ENV OSMNBI_MESSAGE_PORT 9092 # authentication ENV OSMNBI_AUTHENTICATION_BACKEND internal #ENV OSMNBI_AUTHENTICATION_BACKEND keystone -#ENV OSMNBI_AUTHENTICATION_AUTH_URL keystone +#ENV OSMNBI_AUTHENTICATION_AUTH_URL http://keystone:5000/v3 #ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000 #ENV OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME default #ENV OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME default diff --git a/Dockerfile.local b/Dockerfile.local index 81ba1cb..2f34561 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -82,7 +82,7 @@ ENV OSMNBI_MESSAGE_PORT 9092 # authentication ENV OSMNBI_AUTHENTICATION_BACKEND internal #ENV OSMNBI_AUTHENTICATION_BACKEND keystone -#ENV OSMNBI_AUTHENTICATION_AUTH_URL keystone +#ENV OSMNBI_AUTHENTICATION_AUTH_URL http://keystone:5000/v3 #ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000 # DOMAIN_NAME can be a single value or a comma separated list of values. The first value is for internal domain diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py index d71408a..408b72f 100644 --- a/osm_nbi/authconn_keystone.py +++ b/osm_nbi/authconn_keystone.py @@ -41,7 +41,7 @@ from keystoneauth1.exceptions.base import ClientException from keystoneauth1.exceptions.http import Conflict from keystoneclient.v3 import client from http import HTTPStatus -from osm_nbi.validation import is_valid_uuid +from osm_nbi.validation import is_valid_uuid, validate_input, http_schema class AuthconnKeystone(Authconn): @@ -52,7 +52,12 @@ class AuthconnKeystone(Authconn): self.domains_id2name = {} self.domains_name2id = {} - self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_url", "keystone"), config.get("auth_port", "5000")) + self.auth_url = config.get("auth_url") + if config.get("auth_url"): + validate_input(self.auth_url, http_schema) + else: + self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_host", "keystone"), + config.get("auth_port", "5000")) self.user_domain_name_list = config.get("user_domain_name", "default") self.user_domain_name_list = self.user_domain_name_list.split(",") # read only domain list @@ -91,7 +96,7 @@ class AuthconnKeystone(Authconn): project_name=self.admin_project, auth_url=self.auth_url) self.sess = session.Session(auth=self.auth) - self.keystone = client.Client(session=self.sess) + self.keystone = client.Client(session=self.sess, endpoint_override=self.auth_url) def authenticate(self, credentials, token_info=None): """ diff --git a/osm_nbi/nbi.cfg b/osm_nbi/nbi.cfg index 9255a8c..f97b078 100644 --- a/osm_nbi/nbi.cfg +++ b/osm_nbi/nbi.cfg @@ -97,6 +97,14 @@ backend: "internal" # internal or keystone # user_domain_name: "default,ldap" # project_domain_name: "default,ldap" +# Keystone config parameters are +# auth_url: format https://:/v3 # v3 is necessary +# auth_host: ip address of keystone host. +# auth_port: port number of keystone. +# Provide either auth_url or (auth_host and auth_port) +# service_username: "nbi" +# service_password: "nbi" + # Only for test. It works without authorization using the provided user and project: # user_not_authorized: "admin" # project_not_authorized: "admin" diff --git a/osm_nbi/validation.py b/osm_nbi/validation.py index f8b91d8..6a483f3 100644 --- a/osm_nbi/validation.py +++ b/osm_nbi/validation.py @@ -43,7 +43,7 @@ time_schema = {"type": "string", "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0- pci_schema = {"type": "string", "pattern": "^[0-9a-fA-F]{4}(:[0-9a-fA-F]{2}){2}\\.[0-9a-fA-F]$"} # allows [] for wildcards. For that reason huge length limit is set pci_extended_schema = {"type": "string", "pattern": "^[0-9a-fA-F.:-\\[\\]]{12,40}$"} -http_schema = {"type": "string", "pattern": "^https?://[^'\"=]+$"} +http_schema = {"type": "string", "pattern": "^(https?|http)://[^'\"=]+$"} bandwidth_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]bps)?$"} memory_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]i?[Bb])?$"} integer0_schema = {"type": "integer", "minimum": 0}