Fix auth url for Barbican client

This patch fixes up the auth url if an invalid or no version prefix is set in OPENSTACK_KEYSTONE_URL. An invalid prefix could be /v2.0 endpoint when running Keystone v3. keystoneclient.auth.token_endpoint is deprecated as of the 2.1.0 release in favor of keystoneauth1.token_endpoint.Token. Reason why it is being used here is because keystoneauth1 is not in our requirements.txt (although it is a dependency pulled by required libraries) making this patch not backportable if we were to add it now. A follow up patch should handle this deprecation. Story: 2005101 Task: 29723 Change-Id: Ib09c954180d4b545d05344dc2c318a48c9b8d4e4
2019-03-03 14:02:51 +01:00 · 2019-03-03 14:02:51 +01:00 · 9fc4b035cf
commit 9fc4b035cf
parent 7943510362
2 changed files with 9 additions and 14 deletions
--- a/octavia_dashboard/api/rest/barbican.py
+++ b/octavia_dashboard/api/rest/barbican.py
@ -17,33 +17,25 @@
 from barbicanclient import client as barbican_client
 from django.conf import settings
 from django.views import generic
-from keystoneclient.auth.identity import v2 as auth_v2
-from keystoneclient.auth.identity import v3 as auth_v3
+from keystoneclient.auth import token_endpoint
 from keystoneclient import session

 from horizon.utils.memoized import memoized  # noqa
+from openstack_auth import utils as auth_utils

 from openstack_dashboard.api import base
-from openstack_dashboard.api import keystone
 from openstack_dashboard.api.rest import urls
 from openstack_dashboard.api.rest import utils as rest_utils


@memoized
 def barbicanclient(request):
-    project_id = request.user.project_id
    region = request.user.services_region
    endpoint = base.url_for(request, 'key-manager')
-    if keystone.get_version() < 3:
-        auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL,
-                             request.user.token.id,
-                             tenant_id=project_id)
-    else:
-        domain_id = request.session.get('domain_context')
-        auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL,
-                             request.user.token.id,
-                             project_id=project_id,
-                             project_domain_id=domain_id)
+    auth_url, _ = auth_utils.fix_auth_url_version_prefix(
+        settings.OPENSTACK_KEYSTONE_URL)
+    auth = token_endpoint.Token(auth_url, request.user.token.id)
+
    insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
    cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
    # If 'insecure' is True, 'verify' is False in all cases; otherwise
--- a/releasenotes/notes/fix-auth-url-barbican-client-d41b03419fb31ba4.yaml
+++ b/releasenotes/notes/fix-auth-url-barbican-client-d41b03419fb31ba4.yaml
@ -0,0 +1,3 @@
+---
+fixes:
+  - Fixed an issue where TERMINATED_HTTPS listener type was greyed out.