diff options
author | huangtianhua <huangtianhua@huawei.com> | 2016-01-07 11:04:54 +0800 |
---|---|---|
committer | Oleksii Chuprykov <ochuprykov@mirantis.com> | 2016-06-07 15:00:27 +0300 |
commit | 0e07b6d36ed541e89dc763ca014fe9d4322c5e35 (patch) | |
tree | 2721e85a203e71fa45bff01f8db703ac04f96733 | |
parent | ad9fabef47669eadb42aa9e8ba437f1512c5dacd (diff) | |
download | heat-0e07b6d36ed541e89dc763ca014fe9d4322c5e35.tar.gz |
Make sure create ceilometer alarm successful
If enable re-auth, we will use the stored context
instead of request context, then we can't create
ceilometer alarm resource. There are two problems
when create ceilometer client:
1. the stored context has no domain info, an error
raised from keystone: BadRequest: Expecting to find
domain in project. So this patch will retrive the
user/project domain ids from the auth_ref.
2. after fix the first problem, then another error
raised from keystone: Forbidden: You are not authorized
to perform the requested action. Due keystone doesn't
allow to create a token by a trust-scoped token when
get aodh endpoint. So this patch will pass 'aodh_endpoint'
to ceilometer client to avoid this.
Closes-Bug: #1531406
(cherry picked from commit 20214477c80759836b10d1ae45d16d404b077463)
Conflicts:
heat/engine/clients/os/ceilometer.py
Change-Id: I44ed5c10b6dec6f39714f4f74cf51a10ef6104a6
-rw-r--r-- | heat/engine/clients/os/ceilometer.py | 7 | ||||
-rw-r--r-- | heat/engine/stack.py | 4 | ||||
-rw-r--r-- | heat/tests/fakes.py | 21 |
3 files changed, 27 insertions, 5 deletions
diff --git a/heat/engine/clients/os/ceilometer.py b/heat/engine/clients/os/ceilometer.py index 12dbb135d..7ea0ce5bd 100644 --- a/heat/engine/clients/os/ceilometer.py +++ b/heat/engine/clients/os/ceilometer.py @@ -22,7 +22,7 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin): exceptions_module = [exc, api_exc] - service_types = [METERING] = ['metering'] + service_types = [METERING, ALARMING] = ['metering', 'alarming'] def _create(self): @@ -30,6 +30,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin): endpoint_type = self._get_client_option('ceilometer', 'endpoint_type') endpoint = self.url_for(service_type=self.METERING, endpoint_type=endpoint_type) + aodh_endpoint = self.url_for(service_type=self.ALARMING, + endpoint_type=endpoint_type) args = { 'auth_url': con.auth_url, 'service_type': self.METERING, @@ -40,7 +42,8 @@ class CeilometerClientPlugin(client_plugin.ClientPlugin): 'cacert': self._get_client_option('ceilometer', 'ca_file'), 'cert_file': self._get_client_option('ceilometer', 'cert_file'), 'key_file': self._get_client_option('ceilometer', 'key_file'), - 'insecure': self._get_client_option('ceilometer', 'insecure') + 'insecure': self._get_client_option('ceilometer', 'insecure'), + 'aodh_endpoint': aodh_endpoint } return cc.get_client('2', **args) diff --git a/heat/engine/stack.py b/heat/engine/stack.py index 744c99a83..c7862e9ab 100644 --- a/heat/engine/stack.py +++ b/heat/engine/stack.py @@ -190,6 +190,10 @@ class Stack(collections.Mapping): self.context = self.stored_context() self.context.roles = self.context.clients.client( 'keystone').auth_ref.role_names + self.context.user_domain = self.context.clients.client( + 'keystone').auth_ref.user_domain_id + self.context.project_domain = self.context.clients.client( + 'keystone').auth_ref.project_domain_id self.clients = self.context.clients diff --git a/heat/tests/fakes.py b/heat/tests/fakes.py index 585875a5f..e94115de8 100644 --- a/heat/tests/fakes.py +++ b/heat/tests/fakes.py @@ -99,7 +99,8 @@ class FakeKeystoneClient(object): def __init__(self, username='test_username', password='password', user_id='1234', access='4567', secret='8901', credential_id='abcdxyz', auth_token='abcd1234', - context=None, stack_domain_id='4321', roles=None): + context=None, stack_domain_id='4321', roles=None, + user_domain_id=None, project_domain_id=None): self.username = username self.password = password self.user_id = user_id @@ -112,6 +113,8 @@ class FakeKeystoneClient(object): self.v3_endpoint = 'http://localhost:5000/v3' self.stack_domain_id = stack_domain_id self.roles = roles or [] + self.user_domain_id = user_domain_id + self.project_domain_id = project_domain_id class FakeCred(object): id = self.credential_id @@ -199,17 +202,29 @@ class FakeKeystoneClient(object): @property def auth_ref(self): - return FakeAccessInfo(roles=self.roles) + return FakeAccessInfo(roles=self.roles, + user_domain=self.user_domain_id, + project_domain=self.project_domain_id) class FakeAccessInfo(object): - def __init__(self, roles): + def __init__(self, roles, user_domain, project_domain): self.roles = roles + self.user_domain = user_domain + self.project_domain = project_domain @property def role_names(self): return self.roles + @property + def user_domain_id(self): + return self.user_domain + + @property + def project_domain_id(self): + return self.project_domain + class FakeEventSink(object): |