From 990ac461246c2449534955f8e5c73ecbc295f4dc Mon Sep 17 00:00:00 2001
From: K Sai Kiran <saikiran.k@tataelxsi.co.in>
Date: Wed, 20 May 2020 12:25:12 +0530
Subject: [PATCH] Bug 1068 fixed for auth_url in keystone

When we pass auth_url in nbi.cfg -> [authentication], the auth_url is used by password manager
but not by keystone http client. Need to pass auth_url to httpclient so that it uses auth_url
instead of https://keystone:5000 which is in service catalog of keystone.
Added http://keystone:5000/v3 to docker files.
Added regex validation for auth_url.

Change-Id: Ie3e144dd826e73a27c25f917cf54e64cf4c22207
Signed-off-by: K Sai Kiran <saikiran.k@tataelxsi.co.in>
---
 Dockerfile.fromdeb           |  2 +-
 Dockerfile.local             |  2 +-
 osm_nbi/authconn_keystone.py | 11 ++++++++---
 osm_nbi/nbi.cfg              |  8 ++++++++
 osm_nbi/validation.py        |  2 +-
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.fromdeb b/Dockerfile.fromdeb
index 9c3e245..ec348cb 100644
--- a/Dockerfile.fromdeb
+++ b/Dockerfile.fromdeb
@@ -66,7 +66,7 @@ ENV OSMNBI_MESSAGE_PORT    9092
 # authentication
 ENV OSMNBI_AUTHENTICATION_BACKEND               internal
 #ENV OSMNBI_AUTHENTICATION_BACKEND               keystone
-#ENV OSMNBI_AUTHENTICATION_AUTH_URL              keystone
+#ENV OSMNBI_AUTHENTICATION_AUTH_URL              http://keystone:5000/v3
 #ENV OSMNBI_AUTHENTICATION_AUTH_PORT             5000
 #ENV OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME      default
 #ENV OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME   default
diff --git a/Dockerfile.local b/Dockerfile.local
index 81ba1cb..2f34561 100644
--- a/Dockerfile.local
+++ b/Dockerfile.local
@@ -82,7 +82,7 @@ ENV OSMNBI_MESSAGE_PORT                         9092
 # authentication
 ENV OSMNBI_AUTHENTICATION_BACKEND               internal
 #ENV OSMNBI_AUTHENTICATION_BACKEND               keystone
-#ENV OSMNBI_AUTHENTICATION_AUTH_URL              keystone
+#ENV OSMNBI_AUTHENTICATION_AUTH_URL              http://keystone:5000/v3
 #ENV OSMNBI_AUTHENTICATION_AUTH_PORT             5000
 
 # DOMAIN_NAME can be a single value or a comma separated list of values. The first value is for internal domain
diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py
index d71408a..408b72f 100644
--- a/osm_nbi/authconn_keystone.py
+++ b/osm_nbi/authconn_keystone.py
@@ -41,7 +41,7 @@ from keystoneauth1.exceptions.base import ClientException
 from keystoneauth1.exceptions.http import Conflict
 from keystoneclient.v3 import client
 from http import HTTPStatus
-from osm_nbi.validation import is_valid_uuid
+from osm_nbi.validation import is_valid_uuid, validate_input, http_schema
 
 
 class AuthconnKeystone(Authconn):
@@ -52,7 +52,12 @@ class AuthconnKeystone(Authconn):
         self.domains_id2name = {}
         self.domains_name2id = {}
 
-        self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_url", "keystone"), config.get("auth_port", "5000"))
+        self.auth_url = config.get("auth_url")
+        if config.get("auth_url"):
+            validate_input(self.auth_url, http_schema)
+        else:
+            self.auth_url = "http://{0}:{1}/v3".format(config.get("auth_host", "keystone"),
+                                                       config.get("auth_port", "5000"))
         self.user_domain_name_list = config.get("user_domain_name", "default")
         self.user_domain_name_list = self.user_domain_name_list.split(",")
         # read only domain list
@@ -91,7 +96,7 @@ class AuthconnKeystone(Authconn):
                                 project_name=self.admin_project,
                                 auth_url=self.auth_url)
         self.sess = session.Session(auth=self.auth)
-        self.keystone = client.Client(session=self.sess)
+        self.keystone = client.Client(session=self.sess, endpoint_override=self.auth_url)
 
     def authenticate(self, credentials, token_info=None):
         """
diff --git a/osm_nbi/nbi.cfg b/osm_nbi/nbi.cfg
index 9255a8c..f97b078 100644
--- a/osm_nbi/nbi.cfg
+++ b/osm_nbi/nbi.cfg
@@ -97,6 +97,14 @@ backend: "internal"         # internal or keystone
 # user_domain_name:         "default,ldap"
 # project_domain_name:      "default,ldap"
 
+# Keystone config parameters are
+# auth_url: format https://<ip>:<port>/v3       # v3 is necessary
+# auth_host: ip address of keystone host.
+# auth_port: port number of keystone.
+# Provide either auth_url or (auth_host and auth_port)
+# service_username: "nbi"
+# service_password: "nbi"
+
 # Only for test. It works without authorization using the provided user and project:
 # user_not_authorized: "admin"
 # project_not_authorized: "admin"
diff --git a/osm_nbi/validation.py b/osm_nbi/validation.py
index f8b91d8..6a483f3 100644
--- a/osm_nbi/validation.py
+++ b/osm_nbi/validation.py
@@ -43,7 +43,7 @@ time_schema = {"type": "string", "pattern": "^[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-
 pci_schema = {"type": "string", "pattern": "^[0-9a-fA-F]{4}(:[0-9a-fA-F]{2}){2}\\.[0-9a-fA-F]$"}
 # allows [] for wildcards. For that reason huge length limit is set
 pci_extended_schema = {"type": "string", "pattern": "^[0-9a-fA-F.:-\\[\\]]{12,40}$"}
-http_schema = {"type": "string", "pattern": "^https?://[^'\"=]+$"}
+http_schema = {"type": "string", "pattern": "^(https?|http)://[^'\"=]+$"}
 bandwidth_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]bps)?$"}
 memory_schema = {"type": "string", "pattern": "^[0-9]+ *([MG]i?[Bb])?$"}
 integer0_schema = {"type": "integer", "minimum": 0}
-- 
2.17.1