When we pass auth_url in nbi.cfg -> [authentication], the auth_url is used by password manager
but not by keystone http client. Need to pass auth_url to httpclient so that it uses auth_url
instead of https://keystone:5000 which is in service catalog of keystone.
Added http://keystone:5000/v3 to docker files.
Added regex validation for auth_url.
Change-Id: Ie3e144dd826e73a27c25f917cf54e64cf4c22207
Signed-off-by: K Sai Kiran <saikiran.k@tataelxsi.co.in>
# authentication
ENV OSMNBI_AUTHENTICATION_BACKEND internal
#ENV OSMNBI_AUTHENTICATION_BACKEND keystone
# authentication
ENV OSMNBI_AUTHENTICATION_BACKEND internal
#ENV OSMNBI_AUTHENTICATION_BACKEND keystone
-#ENV OSMNBI_AUTHENTICATION_AUTH_URL keystone
+#ENV OSMNBI_AUTHENTICATION_AUTH_URL http://keystone:5000/v3
#ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000
#ENV OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME default
#ENV OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME default
#ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000
#ENV OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME default
#ENV OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME default
# authentication
ENV OSMNBI_AUTHENTICATION_BACKEND internal
#ENV OSMNBI_AUTHENTICATION_BACKEND keystone
# authentication
ENV OSMNBI_AUTHENTICATION_BACKEND internal
#ENV OSMNBI_AUTHENTICATION_BACKEND keystone
-#ENV OSMNBI_AUTHENTICATION_AUTH_URL keystone
+#ENV OSMNBI_AUTHENTICATION_AUTH_URL http://keystone:5000/v3
#ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000
# DOMAIN_NAME can be a single value or a comma separated list of values. The first value is for internal domain
#ENV OSMNBI_AUTHENTICATION_AUTH_PORT 5000
# DOMAIN_NAME can be a single value or a comma separated list of values. The first value is for internal domain
from keystoneauth1.exceptions.http import Conflict
from keystoneclient.v3 import client
from http import HTTPStatus
from keystoneauth1.exceptions.http import Conflict
from keystoneclient.v3 import client
from http import HTTPStatus
-from osm_nbi.validation import is_valid_uuid
+from osm_nbi.validation import is_valid_uuid, validate_input, http_schema
class AuthconnKeystone(Authconn):
class AuthconnKeystone(Authconn):
self.domains_id2name = {}
self.domains_name2id = {}
self.domains_id2name = {}
self.domains_name2id = {}
- self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_url", "keystone"), config.get("auth_port", "5000"))
+ self.auth_url = config.get("auth_url")
+ if config.get("auth_url"):
+ validate_input(self.auth_url, http_schema)
+ else:
+ self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_host", "keystone"),
+ config.get("auth_port", "5000"))
self.user_domain_name_list = config.get("user_domain_name", "default")
self.user_domain_name_list = self.user_domain_name_list.split(",")
# read only domain list
self.user_domain_name_list = config.get("user_domain_name", "default")
self.user_domain_name_list = self.user_domain_name_list.split(",")
# read only domain list
project_name=self.admin_project,
auth_url=self.auth_url)
self.sess = session.Session(auth=self.auth)
project_name=self.admin_project,
auth_url=self.auth_url)
self.sess = session.Session(auth=self.auth)
- self.keystone = client.Client(session=self.sess)
+ self.keystone = client.Client(session=self.sess, endpoint_override=self.auth_url)
def authenticate(self, credentials, token_info=None):
"""
def authenticate(self, credentials, token_info=None):
"""
# user_domain_name: "default,ldap"
# project_domain_name: "default,ldap"
# user_domain_name: "default,ldap"
# project_domain_name: "default,ldap"
+# Keystone config parameters are
+# auth_url: format https://<ip>:<port>/v3 # v3 is necessary
+# auth_host: ip address of keystone host.
+# auth_port: port number of keystone.
+# Provide either auth_url or (auth_host and auth_port)
+# service_username: "nbi"
+# service_password: "nbi"
+
# Only for test. It works without authorization using the provided user and project:
# user_not_authorized: "admin"
# project_not_authorized: "admin"
# Only for test. It works without authorization using the provided user and project:
# user_not_authorized: "admin"
# project_not_authorized: "admin"
pci_schema = {"type": "string", "pattern": "^[0-9a-fA-F]{4}(:[0-9a-fA-F]{2}){2}\\.[0-9a-fA-F]$"}
# allows [] for wildcards. For that reason huge length limit is set
pci_extended_schema = {"type": "string", "pattern": "^[0-9a-fA-F.:-\\[\\]]{12,40}$"}
pci_schema = {"type": "string", "pattern": "^[0-9a-fA-F]{4}(:[0-9a-fA-F]{2}){2}\\.[0-9a-fA-F]$"}
# allows [] for wildcards. For that reason huge length limit is set
pci_extended_schema = {"type": "string", "pattern": "^[0-9a-fA-F.:-\\[\\]]{12,40}$"}
-http_schema = {"type": "string", "pattern": "^https?://[^'\"=]+$"}
+http_schema = {"type": "string", "pattern": "^(https?|http)://[^'\"=]+$"}
bandwidth_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]bps)?$"}
memory_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]i?[Bb])?$"}
integer0_schema = {"type": "integer", "minimum": 0}
bandwidth_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]bps)?$"}
memory_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]i?[Bb])?$"}
integer0_schema = {"type": "integer", "minimum": 0}