Make sure create ceilometer alarm successful

If enable re-auth, we will use the stored context instead of request context, then we can't create ceilometer alarm resource. There are two problems when create ceilometer client: 1. the stored context has no domain info, an error raised from keystone: BadRequest: Expecting to find domain in project. So this patch will retrive the user/project domain ids from the auth_ref. 2. after fix the first problem, then another error raised from keystone: Forbidden: You are not authorized to perform the requested action. Due keystone doesn't allow to create a token by a trust-scoped token when get aodh endpoint. So this patch will pass 'aodh_endpoint' to ceilometer client to avoid this. Closes-Bug: #1531406 (cherry picked from commit 20214477c80759836b10d1ae45d16d404b077463) Conflicts: heat/engine/clients/os/ceilometer.py Change-Id: I44ed5c10b6dec6f39714f4f74cf51a10ef6104a6
author: huangtianhua <huangtianhua@huawei.com> 2016-01-07 11:04:54 +0800
committer: Oleksii Chuprykov <ochuprykov@mirantis.com> 2016-06-07 15:00:27 +0300
commit: 0e07b6d36ed541e89dc763ca014fe9d4322c5e35 (patch)
tree: 2721e85a203e71fa45bff01f8db703ac04f96733
parent: ad9fabef47669eadb42aa9e8ba437f1512c5dacd (diff)
download: heat-0e07b6d36ed541e89dc763ca014fe9d4322c5e35.tar.gz
3 files changed, 27 insertions, 5 deletions
diff --git a/heat/engine/clients/os/ceilometer.py b/heat/engine/clients/os/ceilometer.py
index 12dbb135d..7ea0ce5bd 100644
--- a/heat/engine/clients/os/ceilometer.py
+++ b/heat/engine/clients/os/ceilometer.py
@@ -22,7 +22,7 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
 
     exceptions_module = [exc, api_exc]
 
-    service_types = [METERING] = ['metering']
+    service_types = [METERING, ALARMING] = ['metering', 'alarming']
 
     def _create(self):
 
@@ -30,6 +30,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
         endpoint_type = self._get_client_option('ceilometer', 'endpoint_type')
         endpoint = self.url_for(service_type=self.METERING,
                                 endpoint_type=endpoint_type)
+        aodh_endpoint = self.url_for(service_type=self.ALARMING,
+                                     endpoint_type=endpoint_type)
         args = {
             'auth_url': con.auth_url,
             'service_type': self.METERING,
@@ -40,7 +42,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin):
             'cacert': self._get_client_option('ceilometer', 'ca_file'),
             'cert_file': self._get_client_option('ceilometer', 'cert_file'),
             'key_file': self._get_client_option('ceilometer', 'key_file'),
-            'insecure': self._get_client_option('ceilometer', 'insecure')
+            'insecure': self._get_client_option('ceilometer', 'insecure'),
+            'aodh_endpoint': aodh_endpoint
         }
 
         return cc.get_client('2', **args)
diff --git a/heat/engine/stack.py b/heat/engine/stack.py
index 744c99a83..c7862e9ab 100644
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@@ -190,6 +190,10 @@ class Stack(collections.Mapping):
             self.context = self.stored_context()
             self.context.roles = self.context.clients.client(
                 'keystone').auth_ref.role_names
+            self.context.user_domain = self.context.clients.client(
+                'keystone').auth_ref.user_domain_id
+            self.context.project_domain = self.context.clients.client(
+                'keystone').auth_ref.project_domain_id
 
         self.clients = self.context.clients
 
diff --git a/heat/tests/fakes.py b/heat/tests/fakes.py
index 585875a5f..e94115de8 100644
--- a/heat/tests/fakes.py
+++ b/heat/tests/fakes.py
@@ -99,7 +99,8 @@ class FakeKeystoneClient(object):
     def __init__(self, username='test_username', password='password',
                  user_id='1234', access='4567', secret='8901',
                  credential_id='abcdxyz', auth_token='abcd1234',
-                 context=None, stack_domain_id='4321', roles=None):
+                 context=None, stack_domain_id='4321', roles=None,
+                 user_domain_id=None, project_domain_id=None):
         self.username = username
         self.password = password
         self.user_id = user_id
@@ -112,6 +113,8 @@ class FakeKeystoneClient(object):
         self.v3_endpoint = 'http://localhost:5000/v3'
         self.stack_domain_id = stack_domain_id
         self.roles = roles or []
+        self.user_domain_id = user_domain_id
+        self.project_domain_id = project_domain_id
 
         class FakeCred(object):
             id = self.credential_id
@@ -199,17 +202,29 @@ class FakeKeystoneClient(object):
 
     @property
     def auth_ref(self):
-        return FakeAccessInfo(roles=self.roles)
+        return FakeAccessInfo(roles=self.roles,
+                              user_domain=self.user_domain_id,
+                              project_domain=self.project_domain_id)
 
 
 class FakeAccessInfo(object):
-    def __init__(self, roles):
+    def __init__(self, roles, user_domain, project_domain):
         self.roles = roles
+        self.user_domain = user_domain
+        self.project_domain = project_domain
 
     @property
     def role_names(self):
         return self.roles
 
+    @property
+    def user_domain_id(self):
+        return self.user_domain
+
+    @property
+    def project_domain_id(self):
+        return self.project_domain
+
 
 class FakeEventSink(object):
author	huangtianhua <huangtianhua@huawei.com>	2016-01-07 11:04:54 +0800
committer	Oleksii Chuprykov <ochuprykov@mirantis.com>	2016-06-07 15:00:27 +0300
commit	0e07b6d36ed541e89dc763ca014fe9d4322c5e35 (patch)
tree	2721e85a203e71fa45bff01f8db703ac04f96733
parent	ad9fabef47669eadb42aa9e8ba437f1512c5dacd (diff)
download	heat-0e07b6d36ed541e89dc763ca014fe9d4322c5e35.tar.gz