Merge pull request #108 from open-cloud/domain_auth
Domain auth
diff --git a/xos/core/models/site.py b/xos/core/models/site.py
index e3c275f..42855a9 100644
--- a/xos/core/models/site.py
+++ b/xos/core/models/site.py
@@ -265,6 +265,13 @@
def __unicode__(self): return u'%s %s %s' % (self.name, self.backend_type, self.version)
+ @property
+ def auth_url_v3(self):
+ if self.auth_url and self.auth_url[-1] == '/':
+ return '{}/v3/'.format('/'.join(self.auth_url.split('/')[:-2]))
+ else:
+ return '{}/v3/'.format('/'.join(self.auth_url.split('/')[:-1]))
+
@staticmethod
def select_by_user(user):
diff --git a/xos/openstack/get_token.sh b/xos/openstack/get_token.sh
new file mode 100755
index 0000000..849f333
--- /dev/null
+++ b/xos/openstack/get_token.sh
@@ -0,0 +1,23 @@
+curl --insecure -X POST $ENDPOINT/auth/tokens \
+ -H "Content-type: application/json" \
+ -d '
+{ "auth": {
+ "identity": {
+ "methods": ["password"],
+ "password": {
+ "user": {
+ "name": "'$USERNAME'",
+ "domain": { "id": "'$DOMAIN'" },
+ "password": "'$PASSWORD'"
+ }
+ }
+ },
+ "scope": {
+ "project": {
+ "name": "'$TENANT'",
+ "domain": { "id": "'$DOMAIN'" }
+ }
+ }
+ }
+}' \
+ | grep X-Subject-Token | awk '{print $2;}'
diff --git a/xos/openstack_observer/steps/sync_controller_images.py b/xos/openstack_observer/steps/sync_controller_images.py
index 3434f01..153558e 100644
--- a/xos/openstack_observer/steps/sync_controller_images.py
+++ b/xos/openstack_observer/steps/sync_controller_images.py
@@ -26,8 +26,10 @@
def map_inputs(self, controller_image):
image_fields = {'endpoint':controller_image.controller.auth_url,
+ 'endpoint_v3': controller_image.controller.auth_url_v3,
'admin_user':controller_image.controller.admin_user,
'admin_password':controller_image.controller.admin_password,
+ 'domain': controller_image.controller.domain,
'name':controller_image.image.name,
'filepath':controller_image.image.path,
'ansible_tag': '%s@%s'%(controller_image.image.name,controller_image.controller.name), # name of ansible playbook
diff --git a/xos/openstack_observer/steps/sync_controller_images.yaml b/xos/openstack_observer/steps/sync_controller_images.yaml
index 18228db..328090b 100644
--- a/xos/openstack_observer/steps/sync_controller_images.yaml
+++ b/xos/openstack_observer/steps/sync_controller_images.yaml
@@ -2,11 +2,12 @@
- hosts: 127.0.0.1
connection: local
tasks:
+ - shell: ENDPOINT={{endpoint_v3}} USERNAME={{admin_user}} PASSWORD={{admin_password}} TENANT=admin DOMAIN={{domain}} openstack/get_token.sh
+ register: token
+
- glance_image:
auth_url: {{ endpoint }}
- login_username: {{ admin_user }}
- login_tenant_name: 'admin'
- login_password: {{ admin_password }}
+ token: {{ token.stdout }}
name: "{{ name }}"
file: "{{ filepath }}"
disk_format: 'raw'
diff --git a/xos/openstack_observer/steps/sync_controller_networks.py b/xos/openstack_observer/steps/sync_controller_networks.py
index 0b636e2..0ce3a96 100644
--- a/xos/openstack_observer/steps/sync_controller_networks.py
+++ b/xos/openstack_observer/steps/sync_controller_networks.py
@@ -42,9 +42,11 @@
slice = controller_network.network.owner
network_fields = {'endpoint':controller_network.controller.auth_url,
+ 'endpoint_v3': controller_network.controller.auth_url_v3,
'admin_user':slice.creator.email,
'tenant_name':slice.name,
'admin_password':slice.creator.remote_password,
+ 'domain': congroller_network.controller.domain,
'name':network_name,
'subnet_name':subnet_name,
'ansible_tag':'%s-%s@%s'%(network_name,slice.slicename,controller_network.controller.name),
diff --git a/xos/openstack_observer/steps/sync_controller_networks.yaml b/xos/openstack_observer/steps/sync_controller_networks.yaml
index 6b18fda..2bf2b4a 100644
--- a/xos/openstack_observer/steps/sync_controller_networks.yaml
+++ b/xos/openstack_observer/steps/sync_controller_networks.yaml
@@ -2,12 +2,13 @@
- hosts: 127.0.0.1
connection: local
tasks:
+ - shell: ENDPOINT={{endpoint_v3}} USERNAME={{admin_user}} PASSWORD={{admin_password}} TENANT={{tenant_name}} DOMAIN={{domain}} openstack/get_token.sh
+ register: token
+
- quantum_network:
- auth_url={{ endpoint }}
- login_username={{ admin_user }}
+ auth_url={{ endpoint }}
+ token={{ token.stdout }}
tenant_name={{ tenant_name }}
- login_tenant_name={{ tenant_name }}
- login_password={{ admin_password }}
name={{ name }}
{% if delete %}
state=absent
@@ -17,11 +18,9 @@
shared=true
{% if not delete %}
- quantum_subnet:
- auth_url={{ endpoint }}
- login_username={{ admin_user }}
+ auth_url={{ endpoint }}
+ token={{ token.stdout }}
tenant_name={{ tenant_name }}
- login_tenant_name={{ tenant_name }}
- login_password={{ admin_password }}
name={{ subnet_name }}
network_name={{ name }}
{% if delete %}
diff --git a/xos/openstack_observer/steps/sync_controller_site_privileges.py b/xos/openstack_observer/steps/sync_controller_site_privileges.py
index d52c999..d257536 100644
--- a/xos/openstack_observer/steps/sync_controller_site_privileges.py
+++ b/xos/openstack_observer/steps/sync_controller_site_privileges.py
@@ -39,13 +39,15 @@
# tenant_id = ctrl_site_deployments[0].tenant_id
# tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
user_fields = {
- 'endpoint':controller_site_privilege.controller.auth_url,
+ 'endpoint':controller_site_privilege.controller.auth_url,
+ 'endpoint_v3': controller_site_privilege.controller.auth_url_v3,
+ 'domain': controller_site_privilege.controller.domain,
'name': controller_site_privilege.site_privilege.user.email,
- 'email': controller_site_privilege.site_privilege.user.email,
- 'password': controller_site_privilege.site_privilege.user.remote_password,
- 'admin_user': controller_site_privilege.controller.admin_user,
+ 'email': controller_site_privilege.site_privilege.user.email,
+ 'password': controller_site_privilege.site_privilege.user.remote_password,
+ 'admin_user': controller_site_privilege.controller.admin_user,
'admin_password': controller_site_privilege.controller.admin_password,
- 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
+ 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
'admin_tenant': controller_site_privilege.controller.admin_tenant,
'roles':roles,
'tenant':controller_site_privilege.site_privilege.site.login_base}
diff --git a/xos/openstack_observer/steps/sync_controller_sites.py b/xos/openstack_observer/steps/sync_controller_sites.py
index 2f1680c..614d435 100644
--- a/xos/openstack_observer/steps/sync_controller_sites.py
+++ b/xos/openstack_observer/steps/sync_controller_sites.py
@@ -21,10 +21,12 @@
def map_sync_inputs(self, controller_site):
tenant_fields = {'endpoint':controller_site.controller.auth_url,
+ 'endpoint_v3': controller_site.controller.auth_url_v3,
+ 'domain': controller_site.controller.domain,
'admin_user': controller_site.controller.admin_user,
'admin_password': controller_site.controller.admin_password,
'admin_tenant': controller_site.controller.admin_tenant,
- 'ansible_tag': '%s@%s'%(controller_site.site.login_base,controller_site.controller.name), # name of ansible playbook
+ 'ansible_tag': '%s@%s'%(controller_site.site.login_base,controller_site.controller.name), # name of ansible playbook
'tenant': controller_site.site.login_base,
'tenant_description': controller_site.site.name}
return tenant_fields
diff --git a/xos/openstack_observer/steps/sync_controller_slice_privileges.py b/xos/openstack_observer/steps/sync_controller_slice_privileges.py
index a998460..948ea57 100644
--- a/xos/openstack_observer/steps/sync_controller_slice_privileges.py
+++ b/xos/openstack_observer/steps/sync_controller_slice_privileges.py
@@ -39,13 +39,15 @@
# tenant_id = ctrl_slice_deployments[0].tenant_id
# tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
user_fields = {
- 'endpoint':controller_slice_privilege.controller.auth_url,
+ 'endpoint':controller_slice_privilege.controller.auth_url,
+ 'endpoint_v3': controller_slice_privilege.controller.auth_url_v3,
+ 'domain': controller_slice_privilege.controller.domain,
'name': controller_slice_privilege.slice_privilege.user.email,
- 'email': controller_slice_privilege.slice_privilege.user.email,
- 'password': controller_slice_privilege.slice_privilege.user.remote_password,
- 'admin_user': controller_slice_privilege.controller.admin_user,
+ 'email': controller_slice_privilege.slice_privilege.user.email,
+ 'password': controller_slice_privilege.slice_privilege.user.remote_password,
+ 'admin_user': controller_slice_privilege.controller.admin_user,
'admin_password': controller_slice_privilege.controller.admin_password,
- 'ansible_tag':'%s@%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.slice_privilege.slice.name,controller_slice_privilege.controller.name),
+ 'ansible_tag':'%s@%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.slice_privilege.slice.name,controller_slice_privilege.controller.name),
'admin_tenant': controller_slice_privilege.controller.admin_tenant,
'roles':roles,
'tenant':controller_slice_privilege.slice_privilege.slice.name}
diff --git a/xos/openstack_observer/steps/sync_controller_slices.py b/xos/openstack_observer/steps/sync_controller_slices.py
index a790a67..9904aef 100644
--- a/xos/openstack_observer/steps/sync_controller_slices.py
+++ b/xos/openstack_observer/steps/sync_controller_slices.py
@@ -35,6 +35,8 @@
max_instances=int(controller_slice.slice.max_instances)
tenant_fields = {'endpoint':controller_slice.controller.auth_url,
+ 'endpoint_v3': controller_slice.controller.auth_url_v3,
+ 'domain': controller_slice.controller.domain,
'admin_user': controller_slice.controller.admin_user,
'admin_password': controller_slice.controller.admin_password,
'admin_tenant': 'admin',
diff --git a/xos/openstack_observer/steps/sync_controller_slices.yaml b/xos/openstack_observer/steps/sync_controller_slices.yaml
index 28c406d..7151e09 100644
--- a/xos/openstack_observer/steps/sync_controller_slices.yaml
+++ b/xos/openstack_observer/steps/sync_controller_slices.yaml
@@ -2,11 +2,13 @@
- hosts: 127.0.0.1
connection: local
tasks:
+ - shell: ENDPOINT={{endpoint_v3}} USERNAME={{admin_user}} PASSWORD={{admin_password}} TENANT={{admin_tenant}} DOMAIN={{domain}} openstack/get_token.sh
+ register: token
{% if delete -%}
- - keystone_user: endpoint={{ endpoint }} login_user={{ admin_user }} login_password={{ admin_password }} login_tenant_name={{ admin_tenant }} tenant={{ tenant }} tenant_description="{{ tenant_description }}" state=absent
+ - keystone_user: endpoint={{ endpoint }} token={{ token.stdout }} tenant={{ tenant }} tenant_description="{{ tenant_description }}" state=absent
{% else -%}
- - keystone_user: endpoint={{ endpoint }} login_user={{ admin_user }} login_password={{ admin_password }} login_tenant_name={{ admin_tenant }} tenant={{ tenant }} tenant_description="{{ tenant_description }}"
+ - keystone_user: endpoint={{ endpoint }} token={{ token.stdout }} tenant={{ tenant }} tenant_description="{{ tenant_description }}"
{% for role in roles %}
- - keystone_user: endpoint={{ endpoint}} login_user={{ admin_user }} login_password={{ admin_password }} login_tenant_name={{ admin_tenant }} user="{{ name }}" role={{ role }} tenant={{ tenant }}
+ - keystone_user: endpoint={{ endpoint}} token={{ token.stdout }} user="{{ name }}" role={{ role }} tenant={{ tenant }}
{% endfor %}
{% endif %}
diff --git a/xos/openstack_observer/steps/sync_controller_users.py b/xos/openstack_observer/steps/sync_controller_users.py
index ae04460..4062453 100644
--- a/xos/openstack_observer/steps/sync_controller_users.py
+++ b/xos/openstack_observer/steps/sync_controller_users.py
@@ -44,6 +44,8 @@
# tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
user_fields = {
'endpoint':controller_user.controller.auth_url,
+ 'endpoint_v3': controller_user.controller.auth_url_v3,
+ 'domain': controller_user.controller.domain,
'name': controller_user.user.email,
'email': controller_user.user.email,
'password': controller_user.user.remote_password,
diff --git a/xos/openstack_observer/steps/sync_controller_users.yaml b/xos/openstack_observer/steps/sync_controller_users.yaml
index 95cdba3..7814ee6 100644
--- a/xos/openstack_observer/steps/sync_controller_users.yaml
+++ b/xos/openstack_observer/steps/sync_controller_users.yaml
@@ -2,15 +2,16 @@
- hosts: 127.0.0.1
connection: local
tasks:
+ - shell: ENDPOINT={{endpoint_v3}} USERNAME={{admin_user}} PASSWORD={{admin_password}} TENANT={{admin_tenant}} DOMAIN={{domain}} openstack/get_token.sh
+ register: token
+
- keystone_user:
- endpoint={{ endpoint }}
+ endpoint= {{ endpoint }}
+ token= {{ token.stdout }}
user="{{ name }}"
email={{ email }}
password={{ password }}
- login_user={{ admin_user }}
- login_password={{ admin_password }}
- login_tenant_name={{ admin_tenant }}
tenant={{ tenant }}
{% for role in roles %}
- - keystone_user: endpoint={{ endpoint}} login_user={{ admin_user }} login_password={{ admin_password }} login_tenant_name={{ admin_tenant }} user="{{ name }}" role={{ role }} tenant={{ tenant }}
+ - keystone_user: endpoint= {{ endpoint}} token= {{ token.stdout }} user="{{ name }}" role={{ role }} tenant={{ tenant }}
{% endfor %}
diff --git a/xos/openstack_observer/steps/sync_instances.py b/xos/openstack_observer/steps/sync_instances.py
index 963d859..7aa4bb7 100644
--- a/xos/openstack_observer/steps/sync_instances.py
+++ b/xos/openstack_observer/steps/sync_instances.py
@@ -112,6 +112,8 @@
controller = instance.node.site_deployment.controller
fields = {'endpoint':controller.auth_url,
+ 'endpoint_v3': controller.auth_url_v3,
+ 'domain': controller.domain,
'admin_user': instance.creator.email,
'admin_password': instance.creator.remote_password,
'admin_tenant': instance.slice.name,
diff --git a/xos/openstack_observer/steps/sync_instances.yaml b/xos/openstack_observer/steps/sync_instances.yaml
index 803a294..f42f601 100644
--- a/xos/openstack_observer/steps/sync_instances.yaml
+++ b/xos/openstack_observer/steps/sync_instances.yaml
@@ -2,11 +2,12 @@
- hosts: 127.0.0.1
connection: local
tasks:
+ - shell: ENDPOINT={{endpoint_v3}} USERNAME={{admin_user}} PASSWORD={{admin_password}} TENANT=admin DOMAIN={{domain}} openstack/get_token.sh
+ register: token
+
- nova_compute:
auth_url: {{ endpoint }}
- login_username: {{ admin_user }}
- login_password: {{ admin_password }}
- login_tenant_name: {{ admin_tenant }}
+ token: {{ token.stdout }}
name: {{ name }}
{% if delete -%}
state: absent