Merge lp:~james-page/charms/precise/keystone/fix-requested-roles into lp:~charmers/charms/precise/keystone/trunk

Proposed by James Page
Status: Merged
Approved by: Adam Gandelman
Approved revision: 54
Merged at revision: 45
Proposed branch: lp:~james-page/charms/precise/keystone/fix-requested-roles
Merge into: lp:~charmers/charms/precise/keystone/trunk
Diff against target: 72 lines (+29/-16)
1 file modified
hooks/keystone_hooks.py (+29/-16)
To merge this branch: bzr merge lp:~james-page/charms/precise/keystone/fix-requested-roles
Reviewer Review Type Date Requested Status
Adam Gandelman (community) Approve
Review via email: mp+183580@code.launchpad.net

Description of the change

Fixup requested_roles handling so that remote services not registering
endpoints can also request that new roles be created.

This fixes a problem in openstack deployments where swift is not being
used - the openstack-dashboard requests 'Member' but it was not actually
being created.

To post a comment you must log in.
Revision history for this message
James Page (james-page) wrote :

Note that the grant_role is automatically called by created role when the service username and tenant are passed.

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

LGTM, thanks.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/keystone_hooks.py'
2--- hooks/keystone_hooks.py 2013-08-13 12:55:50 +0000
3+++ hooks/keystone_hooks.py 2013-09-03 12:03:41 +0000
4@@ -201,6 +201,15 @@
5 pass
6
7
8+def get_requested_roles(settings):
9+ ''' Retrieve any valid requested_roles from dict settings '''
10+ if ('requested_roles' in settings and
11+ settings['requested_roles'] not in ['None', None]):
12+ return settings['requested_roles'].split(',')
13+ else:
14+ return []
15+
16+
17 def identity_changed(relation_id=None, remote_unit=None):
18 """ A service has advertised its API endpoints, create an entry in the
19 service catalog.
20@@ -242,18 +251,24 @@
21 relation_data['ca_cert'] = b64encode(ca_bundle)
22 if relation_id:
23 relation_data['rid'] = relation_id
24+ # Allow the remote service to request creation of any additional
25+ # roles. Currently used by Horizon
26+ for role in get_requested_roles(settings):
27+ utils.juju_log('INFO',
28+ "Creating requested role: %s" % role)
29+ create_role(role)
30 utils.relation_set(**relation_data)
31 return
32-
33- ensure_valid_service(settings['service'])
34-
35- add_endpoint(region=settings['region'], service=settings['service'],
36- publicurl=settings['public_url'],
37- adminurl=settings['admin_url'],
38- internalurl=settings['internal_url'])
39- service_username = settings['service']
40- https_cn = urlparse.urlparse(settings['internal_url'])
41- https_cn = https_cn.hostname
42+ else:
43+ ensure_valid_service(settings['service'])
44+ add_endpoint(region=settings['region'],
45+ service=settings['service'],
46+ publicurl=settings['public_url'],
47+ adminurl=settings['admin_url'],
48+ internalurl=settings['internal_url'])
49+ service_username = settings['service']
50+ https_cn = urlparse.urlparse(settings['internal_url'])
51+ https_cn = https_cn.hostname
52 else:
53 # assemble multiple endpoints from relation data. service name
54 # should be prepended to setting name, ie:
55@@ -314,13 +329,11 @@
56
57 # Allow the remote service to request creation of any additional roles.
58 # Currently used by Swift and Ceilometer.
59- if 'requested_roles' in settings and settings['requested_roles'] != 'None':
60- roles = settings['requested_roles'].split(',')
61+ for role in get_requested_roles(settings):
62 utils.juju_log('INFO',
63- "Creating requested roles: %s" % roles)
64- for role in roles:
65- create_role(role, service_username, config['service-tenant'])
66- grant_role(service_username, role, config['service-tenant'])
67+ "Creating requested role: %s" % role)
68+ create_role(role, service_username,
69+ config['service-tenant'])
70
71 # As of https://review.openstack.org/#change,4675, all nodes hosting
72 # an endpoint(s) needs a service username and password assigned to

Subscribers

People subscribed via source and target branches

to all changes: