From a2db877b41fad494fe9daa09b5c77914638ac605 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 19 Jan 2016 10:12:02 -0500 Subject: Don't set project_domain if not project scoped The code to expand domain_{name,id} to {user,project}_domain_{name,id} is flawed in that it sets a project_domain_{name,id} even if a project_{name,id} is not set. There is a valid use case for not having a project_{name,id} - specifically getting a domain-scoped token. In the case where we do not set a project, check for that and don't make further assumptions that the domain input needs to be "fixed". Closes-Bug: #1535676 Change-Id: I825fe4bc375687208bb176bb5990c23fe87c8f9d --- os_client_config/config.py | 9 +++++++++ os_client_config/tests/base.py | 9 +++++++++ os_client_config/tests/test_config.py | 17 +++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/os_client_config/config.py b/os_client_config/config.py index 378cd3b..0444316 100644 --- a/os_client_config/config.py +++ b/os_client_config/config.py @@ -480,6 +480,11 @@ class OpenStackConfig(object): cloud = self._handle_domain_id(cloud) return cloud + def _project_scoped(self, cloud): + return ('project_id' in cloud or 'project_name' in cloud + or 'project_id' in cloud['auth'] + or 'project_name' in cloud['auth']) + def _handle_domain_id(self, cloud): # Allow people to just specify domain once if it's the same mappings = { @@ -487,6 +492,10 @@ class OpenStackConfig(object): 'domain_name': ('user_domain_name', 'project_domain_name'), } for target_key, possible_values in mappings.items(): + if not self._project_scoped(cloud): + if target_key in cloud and target_key not in cloud['auth']: + cloud['auth'][target_key] = cloud.pop(target_key) + continue for key in possible_values: if target_key in cloud['auth'] and key not in cloud['auth']: cloud['auth'][key] = cloud['auth'][target_key] diff --git a/os_client_config/tests/base.py b/os_client_config/tests/base.py index 3f00f6d..9b784b1 100644 --- a/os_client_config/tests/base.py +++ b/os_client_config/tests/base.py @@ -73,6 +73,7 @@ USER_CONF = { 'auth': { 'username': 'testuser', 'password': 'testpass', + 'domain_id': 'awesome-domain', 'project_id': 12345, 'auth_url': 'http://example.com/v2', }, @@ -128,6 +129,14 @@ USER_CONF = { 'password': 'testpass', }, }, + '_test-cloud-domain-scoped_': { + 'auth': { + 'auth_url': 'http://example.com/v2', + 'username': 'testuser', + 'password': 'testpass', + 'domain-id': '12345', + }, + }, }, 'ansible': { 'expand-hostvars': False, diff --git a/os_client_config/tests/test_config.py b/os_client_config/tests/test_config.py index 1a16bd8..73be114 100644 --- a/os_client_config/tests/test_config.py +++ b/os_client_config/tests/test_config.py @@ -103,6 +103,22 @@ class TestConfig(base.TestCase): self.assertNotIn('domain_id', cc.auth) self.assertNotIn('domain-id', cc.auth) + def test_get_one_cloud_domain_scoped(self): + c = config.OpenStackConfig(config_files=[self.cloud_yaml], + vendor_files=[self.vendor_yaml]) + cc = c.get_one_cloud('_test-cloud-domain-scoped_') + self.assertEqual('12345', cc.auth['domain_id']) + self.assertNotIn('user_domain_id', cc.auth) + self.assertNotIn('project_domain_id', cc.auth) + + def test_get_one_cloud_infer_user_domain(self): + c = config.OpenStackConfig(config_files=[self.cloud_yaml], + vendor_files=[self.vendor_yaml]) + cc = c.get_one_cloud('_test-cloud-int-project_') + self.assertEqual('awesome-domain', cc.auth['user_domain_id']) + self.assertEqual('awesome-domain', cc.auth['project_domain_id']) + self.assertNotIn('domain_id', cc.auth) + def test_get_one_cloud_with_hyphenated_project_id(self): c = config.OpenStackConfig(config_files=[self.cloud_yaml], vendor_files=[self.vendor_yaml]) @@ -183,6 +199,7 @@ class TestConfig(base.TestCase): secure_files=[self.no_yaml]) self.assertEqual( ['_test-cloud-domain-id_', + '_test-cloud-domain-scoped_', '_test-cloud-int-project_', '_test-cloud_', '_test-cloud_no_region', -- cgit v1.2.1