Merge lp:~james-page/charms/precise/keystone/fix-requested-roles into lp:~charmers/charms/precise/keystone/trunk

Proposed by James Page on 2013-09-03
Status: Merged
Approved by: Adam Gandelman on 2013-09-03
Approved revision: 54
Merged at revision: 45
Proposed branch: lp:~james-page/charms/precise/keystone/fix-requested-roles
Merge into: lp:~charmers/charms/precise/keystone/trunk
Diff against target: 72 lines (+29/-16)
1 file modified
hooks/keystone_hooks.py (+29/-16)
To merge this branch: bzr merge lp:~james-page/charms/precise/keystone/fix-requested-roles
Reviewer Review Type Date Requested Status
Adam Gandelman (community) 2013-09-03 Approve on 2013-09-03
Review via email: mp+183580@code.launchpad.net

Description of the change

Fixup requested_roles handling so that remote services not registering
endpoints can also request that new roles be created.

This fixes a problem in openstack deployments where swift is not being
used - the openstack-dashboard requests 'Member' but it was not actually
being created.

To post a comment you must log in.
James Page (james-page) wrote :

Note that the grant_role is automatically called by created role when the service username and tenant are passed.

Adam Gandelman (gandelman-a) wrote :

LGTM, thanks.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/keystone_hooks.py'
--- hooks/keystone_hooks.py 2013-08-13 12:55:50 +0000
+++ hooks/keystone_hooks.py 2013-09-03 12:03:41 +0000
@@ -201,6 +201,15 @@
201 pass201 pass
202202
203203
204def get_requested_roles(settings):
205 ''' Retrieve any valid requested_roles from dict settings '''
206 if ('requested_roles' in settings and
207 settings['requested_roles'] not in ['None', None]):
208 return settings['requested_roles'].split(',')
209 else:
210 return []
211
212
204def identity_changed(relation_id=None, remote_unit=None):213def identity_changed(relation_id=None, remote_unit=None):
205 """ A service has advertised its API endpoints, create an entry in the214 """ A service has advertised its API endpoints, create an entry in the
206 service catalog.215 service catalog.
@@ -242,18 +251,24 @@
242 relation_data['ca_cert'] = b64encode(ca_bundle)251 relation_data['ca_cert'] = b64encode(ca_bundle)
243 if relation_id:252 if relation_id:
244 relation_data['rid'] = relation_id253 relation_data['rid'] = relation_id
254 # Allow the remote service to request creation of any additional
255 # roles. Currently used by Horizon
256 for role in get_requested_roles(settings):
257 utils.juju_log('INFO',
258 "Creating requested role: %s" % role)
259 create_role(role)
245 utils.relation_set(**relation_data)260 utils.relation_set(**relation_data)
246 return261 return
247262 else:
248 ensure_valid_service(settings['service'])263 ensure_valid_service(settings['service'])
249264 add_endpoint(region=settings['region'],
250 add_endpoint(region=settings['region'], service=settings['service'],265 service=settings['service'],
251 publicurl=settings['public_url'],266 publicurl=settings['public_url'],
252 adminurl=settings['admin_url'],267 adminurl=settings['admin_url'],
253 internalurl=settings['internal_url'])268 internalurl=settings['internal_url'])
254 service_username = settings['service']269 service_username = settings['service']
255 https_cn = urlparse.urlparse(settings['internal_url'])270 https_cn = urlparse.urlparse(settings['internal_url'])
256 https_cn = https_cn.hostname271 https_cn = https_cn.hostname
257 else:272 else:
258 # assemble multiple endpoints from relation data. service name273 # assemble multiple endpoints from relation data. service name
259 # should be prepended to setting name, ie:274 # should be prepended to setting name, ie:
@@ -314,13 +329,11 @@
314329
315 # Allow the remote service to request creation of any additional roles.330 # Allow the remote service to request creation of any additional roles.
316 # Currently used by Swift and Ceilometer.331 # Currently used by Swift and Ceilometer.
317 if 'requested_roles' in settings and settings['requested_roles'] != 'None':332 for role in get_requested_roles(settings):
318 roles = settings['requested_roles'].split(',')
319 utils.juju_log('INFO',333 utils.juju_log('INFO',
320 "Creating requested roles: %s" % roles)334 "Creating requested role: %s" % role)
321 for role in roles:335 create_role(role, service_username,
322 create_role(role, service_username, config['service-tenant'])336 config['service-tenant'])
323 grant_role(service_username, role, config['service-tenant'])
324337
325 # As of https://review.openstack.org/#change,4675, all nodes hosting338 # As of https://review.openstack.org/#change,4675, all nodes hosting
326 # an endpoint(s) needs a service username and password assigned to339 # an endpoint(s) needs a service username and password assigned to

Subscribers

People subscribed via source and target branches

to all changes: