Fix fall back to newer keystonemiddleware options

admin_{user,password,tenant_name} are deprecated in keystonemiddleware.
When a user switches to newer "username", "password" and "project_name",
we stop properly falling back to them, which cases failures.

This change makes legacy auth code path first try these new options.

Change-Id: I13d1d0381b1fca2cdd15205f3443b38ebac297fb
Closes-Bug: #1616873

1 files changed, 7 insertions, 0 deletions

diff --git a/ironic/common/keystone.py b/ironic/common/keystone.py
index ee22ad2a6..2349dc420 100644
--- a/ironic/common/keystone.py
+++ b/ironic/common/keystone.py
@@ -90,6 +90,13 @@ def _get_legacy_auth():
     Used only to provide backward compatibility with old configs.
     """
     conf = getattr(CONF, ironic_auth.LEGACY_SECTION)
+    # NOTE(pas-ha) first try to load auth from legacy section
+    # using the new keystoneauth options that might be already set there
+    auth = ironic_auth.load_auth(CONF, ironic_auth.LEGACY_SECTION)
+    if auth:
+        return auth
+    # NOTE(pas-ha) now we surely have legacy config section for auth
+    # and with legacy options set in it, deal with it.
     legacy_loader = kaloading.get_plugin_loader('password')
     auth_params = {
         'auth_url': conf.auth_uri,