x/ranger
Code Issues Proposed changes

Fix Ranger rds service get token logic

Browse Source 
Update rds service to switch from v2.0 to v3 auth token

Change-Id: I889076c3f31eae2ada55e427fe00c03ff536396f
This commit is contained in:
stewie925 2019-04-04 10:10:39 -07:00
parent 9799a994c6
commit 482238bd6f
3 changed files with 33 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
orm/base_config.py
View File

@ -375,6 +375,7 @@ rms = {'port': CONF.rms.port,
'log': '{}/{}'.format(CONF.log_location, CONF.rms.log)} 'log': '{}/{}'.format(CONF.log_location, CONF.rms.log)}
rds = {'port': CONF.rds.port, rds = {'port': CONF.rds.port,
'token_version': CONF.keystone_authtoken.auth_version,
'repo_local_location': CONF.rds.repo_local_location, 'repo_local_location': CONF.rds.repo_local_location,
'repo_remote_location': CONF.rds.repo_remote_location, 'repo_remote_location': CONF.rds.repo_remote_location,
'repo_user': CONF.rds.repo_user, 'repo_user': CONF.rds.repo_user,

2
orm/services/resource_distributor/config.py
View File

@ -55,6 +55,8 @@ ims = {
'delete_region': 'v1/orm/images/{0}/regions/{1}' 'delete_region': 'v1/orm/images/{0}/regions/{1}'
} }
token_version = config.rds['token_version']
rms = { rms = {
'base_url': config.rms['base_url'], 'base_url': config.rms['base_url'],
'all_regions_path': 'v2/orm/regions' 'all_regions_path': 'v2/orm/regions'

40
orm/services/resource_distributor/rds/utils/authentication.py
View File

@ -53,6 +53,7 @@ def get_keystone_ep_region_name(region):
def get_token(region): def get_token(region):
V3_TOKEN_GET_SUCCESS = 201
logger.debug("create token") logger.debug("create token")
if not _is_authorization_enabled(): if not _is_authorization_enabled():
@ -66,26 +67,43 @@ def get_token(region):
logger.error(log_message) logger.error(log_message)
return return
url = keystone_ep + '/v2.0/tokens' url = keystone_ep + '/{}/auth/tokens'.format(conf.token_version)
logger.debug("url :- {}".format(url))
data = { data = {
"auth": { "auth": {
"tenantName": conf.authentication.tenant_name, "identity": {
"passwordCredentials": { "methods": [
"username": conf.authentication.mech_id, "password"
],
"password": {
"user": {
"name": conf.authentication.mech_id,
"domain": {
"name": user_domain_name
},
"password": conf.authentication.mech_pass "password": conf.authentication.mech_pass
} }
} }
},
"scope": {
"project": {
"domain": {
"name": project_domain_name
},
"name": conf.authentication.tenant_name
}
}
}
} }
try:
logger.debug("get token url- {} data= {}".format(url, data))
respone = requests.post(url, data=json.dumps(data), headers=headers,
verify=conf.verify)
if respone.status_code != 200: try:
logger.debug("get token url- {}".format(url))
resp = requests.post(url, data=json.dumps(data), headers=headers)
if resp.status_code != V3_TOKEN_GET_SUCCESS:
logger.error("fail to get token from url") logger.error("fail to get token from url")
logger.debug("got token for region {}".format(region)) logger.debug("got token for region {}".format(region))
return respone.json()['access']['token']['id'] return resp.headers['x-subject-token']
except Exception as exp: except Exception as exp:
logger.error(exp) logger.error(exp)