Scoped tokens

2013-03-27 21:30:40 +04:00 · 2013-03-27 21:30:40 +04:00 · 8c2bf8bfe0
commit 8c2bf8bfe0
parent c313c0959a
5 changed files with 416 additions and 407 deletions
--- a/conductor/conductor/app.py
+++ b/conductor/conductor/app.py
@ -27,7 +27,7 @@ def task_received(task, message_id):
        reporter = reporting.Reporter(rmqclient, message_id, task['id'])

        command_dispatcher = CommandDispatcher(
-            task['id'], rmqclient, task['token'])
+            task['id'], rmqclient, task['token'], task['tenant_id'])
        workflows = []
        for path in glob.glob("data/workflows/*.xml"):
            log.debug('Loading XML {0}'.format(path))
@ -79,7 +79,7 @@ class ConductorWorkflowService(service.Service):
                with rabbitmq.RmqClient() as rmq:
                    rmq.declare('tasks', 'tasks')
                    rmq.declare('task-results')
-                    with rmq.open('tasks') as subscription:
+                    with rmq.open('tasks2') as subscription:
                        while True:
                            msg = subscription.get_message()
                            self.tg.add_thread(
--- a/conductor/conductor/commands/cloud_formation.py
+++ b/conductor/conductor/commands/cloud_formation.py
@ -7,19 +7,26 @@ from command import CommandBase
 import conductor.config
 from heatclient.client import Client
 import heatclient.exc
+from keystoneclient.v2_0 import client as ksclient
 import types

 log = logging.getLogger(__name__)


 class HeatExecutor(CommandBase):
-    def __init__(self, stack, token):
+    def __init__(self, stack, token, tenant_id):
        self._update_pending_list = []
        self._delete_pending_list = []
        self._stack = 'e' + stack
        settings = conductor.config.CONF.heat
+
+        client = ksclient.Client(endpoint=settings.keystone)
+        scoped_token = client.tokens.authenticate(
+            tenant_id=tenant_id,
+            token=token).id
+
        self._heat_client = Client('1', settings.url,
-                                   token_only=True, token=token)
+                                   token_only=True, token=scoped_token)

    def execute(self, command, callback, **kwargs):
        log.debug('Got command {0} on stack {1}'.format(command, self._stack))
--- a/conductor/conductor/commands/dispatcher.py
+++ b/conductor/conductor/commands/dispatcher.py
@ -4,9 +4,9 @@ import windows_agent


 class CommandDispatcher(command.CommandBase):
-    def __init__(self, environment_id, rmqclient, token):
+    def __init__(self, environment_id, rmqclient, token, tenant_id):
        self._command_map = {
-            'cf': cloud_formation.HeatExecutor(environment_id, token),
+            'cf': cloud_formation.HeatExecutor(environment_id, token, tenant_id),
            'agent': windows_agent.WindowsAgentExecutor(
                environment_id, rmqclient)
        }
--- a/conductor/conductor/config.py
+++ b/conductor/conductor/config.py
@ -46,7 +46,8 @@ rabbit_opts = [
 ]

 heat_opts = [
-    cfg.StrOpt('url')
+    cfg.StrOpt('url'),
+    cfg.StrOpt('keystone')
 ]

 CONF = cfg.CONF
--- a/conductor/etc/conductor.conf
+++ b/conductor/etc/conductor.conf
@ -5,6 +5,7 @@ verbose=True

 [heat]
 url = http://172.18.124.101:8004/v1/16eb78cbb688459c8308d89678bcef50
+keystone = http://172.18.124.101:5000/v2.0

 [rabbitmq]
 host = 172.18.124.101