Merge ~xavpaice/charm-openstack-service-checks/+git/charm-openstack-service-checks:keystonev3 into ~canonical-bootstack/charm-openstack-service-checks:master

Proposed by Xav Paice
Status: Merged
Approved by: James Hebden
Approved revision: e079a5391d526f296da5224a958b5de316de1a59
Merge reported by: Xav Paice
Merged at revision: e079a5391d526f296da5224a958b5de316de1a59
Proposed branch: ~xavpaice/charm-openstack-service-checks/+git/charm-openstack-service-checks:keystonev3
Merge into: ~canonical-bootstack/charm-openstack-service-checks:master
Diff against target: 107 lines (+47/-21)
2 files modified
reactive/service_checks.py (+40/-20)
templates/nagios.novarc (+7/-1)
Reviewer Review Type Date Requested Status
James Hebden (community) Approve
Review via email: mp+331394@code.launchpad.net
To post a comment you must log in.
Revision history for this message
James Hebden (ec0) wrote :

As discussed my only concern was the scoping the token to a domain and/or project may produce different results to the existing v2 code, which may have required additional logic to have the checks operate across multiple projects and domains.

Given this can be configured (and has been tested as such) to use the admin domain/project and this behaviour is not seen, LGTM.

Revision history for this message
James Hebden (ec0) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/reactive/service_checks.py b/reactive/service_checks.py
2index 4fbf5bf..50d745e 100644
3--- a/reactive/service_checks.py
4+++ b/reactive/service_checks.py
5@@ -57,25 +57,34 @@ def save_creds(keystone):
6
7 def get_creds(keystone):
8
9- if keystone.api_version() == 2:
10- api_url = "v2.0"
11- elif keystone.api_version() == 3:
12+ if keystone.api_version() == '3':
13 api_url = "v3"
14+ try:
15+ domain = keystone.domain()
16+ except AttributeError:
17+ domain = 'service_domain'
18+ creds = {
19+ 'credentials_username': keystone.credentials_username(),
20+ 'credentials_password': keystone.credentials_password(),
21+ 'credentials_project': keystone.credentials_project(),
22+ 'auth_version': '3',
23+ 'region': keystone.region(),
24+ 'credentials_user_domain': domain,
25+ 'credentials_project_domain': domain
26+ }
27 else:
28 api_url = "v2.0"
29+ creds = {
30+ 'credentials_username': keystone.credentials_username(),
31+ 'credentials_password': keystone.credentials_password(),
32+ 'credentials_project': keystone.credentials_project(),
33+ 'region': keystone.region(),
34+ }
35
36 auth_url = "%s://%s:%s/%s" % (keystone.auth_protocol(),
37 keystone.auth_host(), keystone.auth_port(),
38 api_url)
39-
40- creds = {
41- 'credentials_username': keystone.credentials_username(),
42- 'credentials_password': keystone.credentials_password(),
43- 'credentials_project': keystone.credentials_project(),
44- 'region': keystone.region(),
45- 'auth_url': auth_url,
46- }
47-
48+ creds['auth_url'] = auth_url
49 return creds
50
51
52@@ -84,14 +93,25 @@ def get_creds(keystone):
53 def get_credentials():
54 keystone_creds = config_flags_parser(config.get('os-credentials'))
55 if keystone_creds:
56- creds = {
57- 'credentials_username': keystone_creds['username'],
58- 'credentials_password': keystone_creds['password'],
59- 'credentials_project': keystone_creds['credentials_project'],
60- 'region': keystone_creds['region_name'],
61- 'auth_url': keystone_creds['auth_url'],
62- }
63-
64+ if '/v3' in keystone_creds['auth_url']:
65+ creds = {
66+ 'credentials_username': keystone_creds['username'],
67+ 'credentials_password': keystone_creds['password'],
68+ 'credentials_project': keystone_creds['credentials_project'],
69+ 'region': keystone_creds['region_name'],
70+ 'auth_url': keystone_creds['auth_url'],
71+ 'auth_version': '3',
72+ 'credentials_user_domain': keystone_creds['domain'],
73+ 'credentials_project_domain': keystone_creds['domain'],
74+ }
75+ else:
76+ creds = {
77+ 'credentials_username': keystone_creds['username'],
78+ 'credentials_password': keystone_creds['password'],
79+ 'credentials_project': keystone_creds['credentials_project'],
80+ 'region': keystone_creds['region_name'],
81+ 'auth_url': keystone_creds['auth_url'],
82+ }
83 else:
84 kv = unitdata.kv()
85 creds = kv.get('keystone-relation-creds')
86diff --git a/templates/nagios.novarc b/templates/nagios.novarc
87index 982f914..e4c7e68 100644
88--- a/templates/nagios.novarc
89+++ b/templates/nagios.novarc
90@@ -1,5 +1,6 @@
91 export OS_USERNAME={{ credentials_username }}
92 export OS_TENANT_NAME={{ credentials_project }}
93+export OS_PROJECT_NAME={{ credentials_project }}
94 export OS_PASSWORD={{ credentials_password }}
95 export OS_REGION_NAME={{ region }}
96 export OS_AUTH_URL={{ auth_url }}
97@@ -9,4 +10,9 @@ export REQUESTS_CA_BUNDLE=$OS_CACERT
98 {%- endif %}
99 # Allow novaclient libs to save to ~/.novaclient
100 export HOME=${SNAP_COMMON}
101-
102+{%- if auth_version %}
103+export OS_IDENTITY_API_VERSION={{ auth_version }}
104+export OS_AUTH_VERSION={{ auth_version }}
105+export OS_USER_DOMAIN_NAME={{ credentials_user_domain }}
106+export OS_PROJECT_DOMAIN_NAME={{ credentials_project_domain }}
107+{%- endif %}

Subscribers

People subscribed via source and target branches