Fix Ranger rds service get token logic

Update rds service to switch from v2.0 to v3 auth token Change-Id: I889076c3f31eae2ada55e427fe00c03ff536396f
2019-04-04 10:10:39 -07:00 · 2019-04-04 10:10:39 -07:00 · 482238bd6f
commit 482238bd6f
parent 9799a994c6
3 changed files with 33 additions and 12 deletions
--- a/orm/base_config.py
+++ b/orm/base_config.py
@ -375,6 +375,7 @@ rms = {'port': CONF.rms.port,
       'log': '{}/{}'.format(CONF.log_location, CONF.rms.log)}

 rds = {'port': CONF.rds.port,
+       'token_version': CONF.keystone_authtoken.auth_version,
       'repo_local_location': CONF.rds.repo_local_location,
       'repo_remote_location': CONF.rds.repo_remote_location,
       'repo_user': CONF.rds.repo_user,
--- a/orm/services/resource_distributor/config.py
+++ b/orm/services/resource_distributor/config.py
@ -55,6 +55,8 @@ ims = {
    'delete_region': 'v1/orm/images/{0}/regions/{1}'
 }

+token_version = config.rds['token_version']
+
 rms = {
    'base_url': config.rms['base_url'],
    'all_regions_path': 'v2/orm/regions'
--- a/orm/services/resource_distributor/rds/utils/authentication.py
+++ b/orm/services/resource_distributor/rds/utils/authentication.py
@ -53,6 +53,7 @@ def get_keystone_ep_region_name(region):


 def get_token(region):
+    V3_TOKEN_GET_SUCCESS = 201

    logger.debug("create token")
    if not _is_authorization_enabled():
@ -66,26 +67,43 @@ def get_token(region):
        logger.error(log_message)
        return

-    url = keystone_ep + '/v2.0/tokens'
-    logger.debug("url :- {}".format(url))
+    url = keystone_ep + '/{}/auth/tokens'.format(conf.token_version)
+
    data = {
        "auth": {
-            "tenantName": conf.authentication.tenant_name,
-            "passwordCredentials": {
-                "username": conf.authentication.mech_id,
-                "password": conf.authentication.mech_pass
+            "identity": {
+                "methods": [
+                    "password"
+                ],
+                "password": {
+                    "user": {
+                        "name": conf.authentication.mech_id,
+                        "domain": {
+                            "name": user_domain_name
+                        },
+                        "password": conf.authentication.mech_pass
+                    }
+                }
+            },
+            "scope": {
+                "project": {
+                    "domain": {
+                        "name": project_domain_name
+                    },
+                    "name": conf.authentication.tenant_name
+                }
            }
        }
    }
-    try:
-        logger.debug("get token url- {} data= {}".format(url, data))
-        respone = requests.post(url, data=json.dumps(data), headers=headers,
-                                verify=conf.verify)

-        if respone.status_code != 200:
+    try:
+        logger.debug("get token url- {}".format(url))
+        resp = requests.post(url, data=json.dumps(data), headers=headers)
+
+        if resp.status_code != V3_TOKEN_GET_SUCCESS:
            logger.error("fail to get token from url")
        logger.debug("got token for region {}".format(region))
-        return respone.json()['access']['token']['id']
+        return resp.headers['x-subject-token']

    except Exception as exp:
        logger.error(exp)