diff options
author | Dmitry Tantsur <divius.inside@gmail.com> | 2016-08-25 14:12:35 +0200 |
---|---|---|
committer | Pavlo Shchelokovskyy <pshchelokovskyy@mirantis.com> | 2016-08-25 18:12:10 +0300 |
commit | 0d62aec05773d525faaf97f783dac03224725cda (patch) | |
tree | 3ec2ef9a25461929258854746fa6f7369f44611b /ironic/common/keystone.py | |
parent | 4ce008e8ffe7d56b23738e6699b591ee6734a828 (diff) | |
download | ironic-0d62aec05773d525faaf97f783dac03224725cda.tar.gz |
Fix fall back to newer keystonemiddleware options
admin_{user,password,tenant_name} are deprecated in keystonemiddleware.
When a user switches to newer "username", "password" and "project_name",
we stop properly falling back to them, which cases failures.
This change makes legacy auth code path first try these new options.
Change-Id: I13d1d0381b1fca2cdd15205f3443b38ebac297fb
Closes-Bug: #1616873
Diffstat (limited to 'ironic/common/keystone.py')
-rw-r--r-- | ironic/common/keystone.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ironic/common/keystone.py b/ironic/common/keystone.py index ee22ad2a6..2349dc420 100644 --- a/ironic/common/keystone.py +++ b/ironic/common/keystone.py @@ -90,6 +90,13 @@ def _get_legacy_auth(): Used only to provide backward compatibility with old configs. """ conf = getattr(CONF, ironic_auth.LEGACY_SECTION) + # NOTE(pas-ha) first try to load auth from legacy section + # using the new keystoneauth options that might be already set there + auth = ironic_auth.load_auth(CONF, ironic_auth.LEGACY_SECTION) + if auth: + return auth + # NOTE(pas-ha) now we surely have legacy config section for auth + # and with legacy options set in it, deal with it. legacy_loader = kaloading.get_plugin_loader('password') auth_params = { 'auth_url': conf.auth_uri, |