Merge "Deprecate http_basic_username and http_basic_password in [json_rpc]"
This commit is contained in:
commit
3670be1283
@ -1410,10 +1410,15 @@ function configure_ironic {
|
|||||||
if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" != "" ]]; then
|
if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" != "" ]]; then
|
||||||
iniset $IRONIC_CONF_FILE json_rpc auth_strategy $IRONIC_JSON_RPC_AUTH_STRATEGY
|
iniset $IRONIC_CONF_FILE json_rpc auth_strategy $IRONIC_JSON_RPC_AUTH_STRATEGY
|
||||||
fi
|
fi
|
||||||
iniset $IRONIC_CONF_FILE json_rpc http_basic_username myName
|
if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" == "http_basic" ]]; then
|
||||||
iniset $IRONIC_CONF_FILE json_rpc http_basic_password myPassword
|
iniset $IRONIC_CONF_FILE json_rpc username myName
|
||||||
# json-rpc auth file with bcrypt hash of myPassword
|
iniset $IRONIC_CONF_FILE json_rpc password myPassword
|
||||||
echo 'myName:$2y$05$lE3eGtyj41jZwrzS87KTqe6.JETVCWBkc32C63UP2aYrGoYOEpbJm' > /etc/ironic/htpasswd-json-rpc
|
# json-rpc auth file with bcrypt hash of myPassword
|
||||||
|
echo 'myName:$2y$05$lE3eGtyj41jZwrzS87KTqe6.JETVCWBkc32C63UP2aYrGoYOEpbJm' > /etc/ironic/htpasswd-json-rpc
|
||||||
|
fi
|
||||||
|
if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" == "" ]] || [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" == "keystone" ]]; then
|
||||||
|
configure_client_for json_rpc
|
||||||
|
fi
|
||||||
|
|
||||||
# Set fast track options
|
# Set fast track options
|
||||||
iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK
|
iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK
|
||||||
@ -1547,7 +1552,7 @@ function configure_ironic_conductor {
|
|||||||
|
|
||||||
# NOTE(pas-ha) service_catalog section is used to discover
|
# NOTE(pas-ha) service_catalog section is used to discover
|
||||||
# ironic API endpoint from keystone catalog
|
# ironic API endpoint from keystone catalog
|
||||||
local client_sections="neutron swift glance inspector cinder service_catalog json_rpc nova"
|
local client_sections="neutron swift glance inspector cinder service_catalog nova"
|
||||||
for conf_section in $client_sections; do
|
for conf_section in $client_sections; do
|
||||||
configure_client_for $conf_section
|
configure_client_for $conf_section
|
||||||
done
|
done
|
||||||
|
@ -73,8 +73,8 @@ You should make the following changes to ``/etc/ironic/ironic.conf``:
|
|||||||
|
|
||||||
[json_rpc]
|
[json_rpc]
|
||||||
auth_strategy=http_basic
|
auth_strategy=http_basic
|
||||||
http_basic_username=myName
|
username=myName
|
||||||
http_basic_password=myPassword
|
password=myPassword
|
||||||
|
|
||||||
Preparing images
|
Preparing images
|
||||||
----------------
|
----------------
|
||||||
|
@ -15,8 +15,6 @@
|
|||||||
This client is compatible with any JSON RPC 2.0 implementation, including ours.
|
This client is compatible with any JSON RPC 2.0 implementation, including ours.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import base64
|
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
from oslo_utils import importutils
|
from oslo_utils import importutils
|
||||||
@ -38,23 +36,25 @@ def _get_session():
|
|||||||
global _SESSION
|
global _SESSION
|
||||||
|
|
||||||
if _SESSION is None:
|
if _SESSION is None:
|
||||||
|
kwargs = {}
|
||||||
auth_strategy = json_rpc.auth_strategy()
|
auth_strategy = json_rpc.auth_strategy()
|
||||||
if auth_strategy == 'keystone':
|
if auth_strategy != 'keystone':
|
||||||
auth = keystone.get_auth('json_rpc')
|
auth_type = 'none' if auth_strategy == 'noauth' else auth_strategy
|
||||||
else:
|
CONF.set_default('auth_type', auth_type, group='json_rpc')
|
||||||
auth = None
|
|
||||||
|
# Deprecated, remove in W
|
||||||
|
if auth_strategy == 'http_basic':
|
||||||
|
if CONF.json_rpc.http_basic_username:
|
||||||
|
kwargs['username'] = CONF.json_rpc.http_basic_username
|
||||||
|
if CONF.json_rpc.http_basic_password:
|
||||||
|
kwargs['password'] = CONF.json_rpc.http_basic_password
|
||||||
|
|
||||||
|
auth = keystone.get_auth('json_rpc', **kwargs)
|
||||||
|
|
||||||
session = keystone.get_session('json_rpc', auth=auth)
|
session = keystone.get_session('json_rpc', auth=auth)
|
||||||
headers = {
|
headers = {
|
||||||
'Content-Type': 'application/json'
|
'Content-Type': 'application/json'
|
||||||
}
|
}
|
||||||
if auth_strategy == 'http_basic':
|
|
||||||
token = '{}:{}'.format(
|
|
||||||
CONF.json_rpc.http_basic_username,
|
|
||||||
CONF.json_rpc.http_basic_password
|
|
||||||
).encode('utf-8')
|
|
||||||
encoded = base64.b64encode(token).decode('utf-8')
|
|
||||||
headers['Authorization'] = 'Basic {}'.format(encoded)
|
|
||||||
|
|
||||||
# Adds options like connect_retries
|
# Adds options like connect_retries
|
||||||
_SESSION = keystone.get_adapter('json_rpc', session=session,
|
_SESSION = keystone.get_adapter('json_rpc', session=session,
|
||||||
|
@ -38,16 +38,16 @@ opts = [
|
|||||||
default=False,
|
default=False,
|
||||||
help=_('Whether to use TLS for JSON RPC')),
|
help=_('Whether to use TLS for JSON RPC')),
|
||||||
cfg.StrOpt('http_basic_username',
|
cfg.StrOpt('http_basic_username',
|
||||||
default='',
|
deprecated_for_removal=True,
|
||||||
|
deprecated_reason=_("Use username instead"),
|
||||||
help=_("Name of the user to use for HTTP Basic authentication "
|
help=_("Name of the user to use for HTTP Basic authentication "
|
||||||
"client requests. Required when "
|
"client requests.")),
|
||||||
"auth_strategy=http_basic.")),
|
|
||||||
cfg.StrOpt('http_basic_password',
|
cfg.StrOpt('http_basic_password',
|
||||||
default='',
|
deprecated_for_removal=True,
|
||||||
|
deprecated_reason=_("Use password instead"),
|
||||||
secret=True,
|
secret=True,
|
||||||
help=_("Password to use for HTTP Basic authentication "
|
help=_("Password to use for HTTP Basic authentication "
|
||||||
"client requests. Required when "
|
"client requests.")),
|
||||||
"auth_strategy=http_basic.")),
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -584,9 +584,11 @@ class TestSession(test_base.TestCase):
|
|||||||
self.config(auth_strategy='noauth', group='json_rpc')
|
self.config(auth_strategy='noauth', group='json_rpc')
|
||||||
session = client._get_session()
|
session = client._get_session()
|
||||||
|
|
||||||
mock_keystone.get_auth.assert_not_called()
|
mock_keystone.get_auth.assert_called_once_with('json_rpc')
|
||||||
|
auth = mock_keystone.get_auth.return_value
|
||||||
|
|
||||||
mock_keystone.get_session.assert_called_once_with(
|
mock_keystone.get_session.assert_called_once_with(
|
||||||
'json_rpc', auth=None)
|
'json_rpc', auth=auth)
|
||||||
|
|
||||||
internal_session = mock_keystone.get_session.return_value
|
internal_session = mock_keystone.get_session.return_value
|
||||||
|
|
||||||
@ -620,13 +622,34 @@ class TestSession(test_base.TestCase):
|
|||||||
|
|
||||||
def test_http_basic(self, mock_keystone):
|
def test_http_basic(self, mock_keystone):
|
||||||
self.config(auth_strategy='http_basic', group='json_rpc')
|
self.config(auth_strategy='http_basic', group='json_rpc')
|
||||||
self.config(http_basic_username='myName', group='json_rpc')
|
|
||||||
self.config(http_basic_password='myPassword', group='json_rpc')
|
|
||||||
session = client._get_session()
|
session = client._get_session()
|
||||||
|
|
||||||
mock_keystone.get_auth.assert_not_called()
|
mock_keystone.get_auth.assert_called_once_with('json_rpc')
|
||||||
|
auth = mock_keystone.get_auth.return_value
|
||||||
mock_keystone.get_session.assert_called_once_with(
|
mock_keystone.get_session.assert_called_once_with(
|
||||||
'json_rpc', auth=None)
|
'json_rpc', auth=auth)
|
||||||
|
|
||||||
|
internal_session = mock_keystone.get_session.return_value
|
||||||
|
|
||||||
|
mock_keystone.get_adapter.assert_called_once_with(
|
||||||
|
'json_rpc',
|
||||||
|
session=internal_session,
|
||||||
|
additional_headers={
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
})
|
||||||
|
self.assertEqual(mock_keystone.get_adapter.return_value, session)
|
||||||
|
|
||||||
|
def test_http_basic_deprecated(self, mock_keystone):
|
||||||
|
self.config(auth_strategy='http_basic', group='json_rpc')
|
||||||
|
self.config(http_basic_username='myName', group='json_rpc')
|
||||||
|
self.config(http_basic_password='myPassword', group='json_rpc')
|
||||||
|
session = client._get_session()
|
||||||
|
|
||||||
|
mock_keystone.get_auth.assert_called_once_with(
|
||||||
|
'json_rpc', username='myName', password='myPassword')
|
||||||
|
auth = mock_keystone.get_auth.return_value
|
||||||
|
mock_keystone.get_session.assert_called_once_with(
|
||||||
|
'json_rpc', auth=auth)
|
||||||
|
|
||||||
internal_session = mock_keystone.get_session.return_value
|
internal_session = mock_keystone.get_session.return_value
|
||||||
|
|
||||||
@ -634,7 +657,6 @@ class TestSession(test_base.TestCase):
|
|||||||
'json_rpc',
|
'json_rpc',
|
||||||
session=internal_session,
|
session=internal_session,
|
||||||
additional_headers={
|
additional_headers={
|
||||||
'Authorization': 'Basic bXlOYW1lOm15UGFzc3dvcmQ=',
|
|
||||||
'Content-Type': 'application/json'
|
'Content-Type': 'application/json'
|
||||||
})
|
})
|
||||||
self.assertEqual(mock_keystone.get_adapter.return_value, session)
|
self.assertEqual(mock_keystone.get_adapter.return_value, session)
|
||||||
|
@ -42,7 +42,7 @@ jmespath==0.9.5
|
|||||||
jsonpatch==1.16
|
jsonpatch==1.16
|
||||||
jsonpointer==2.0
|
jsonpointer==2.0
|
||||||
jsonschema==3.2.0
|
jsonschema==3.2.0
|
||||||
keystoneauth1==3.18.0
|
keystoneauth1==4.2.0
|
||||||
keystonemiddleware==4.17.0
|
keystonemiddleware==4.17.0
|
||||||
kombu==4.6.8
|
kombu==4.6.8
|
||||||
linecache2==1.0.0
|
linecache2==1.0.0
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The configuration options ``[json_rpc]http_basic_username`` and
|
||||||
|
``[json_rpc]http_basic_password`` have been deprecated in favour of the
|
||||||
|
more generic ``[json_rpc]username`` and ``[json_rpc]password``.
|
@ -10,7 +10,7 @@ WebOb>=1.7.1 # MIT
|
|||||||
python-cinderclient!=4.0.0,>=3.3.0 # Apache-2.0
|
python-cinderclient!=4.0.0,>=3.3.0 # Apache-2.0
|
||||||
python-neutronclient>=6.7.0 # Apache-2.0
|
python-neutronclient>=6.7.0 # Apache-2.0
|
||||||
python-glanceclient>=2.8.0 # Apache-2.0
|
python-glanceclient>=2.8.0 # Apache-2.0
|
||||||
keystoneauth1>=3.18.0 # Apache-2.0
|
keystoneauth1>=4.2.0 # Apache-2.0
|
||||||
ironic-lib>=4.3.0 # Apache-2.0
|
ironic-lib>=4.3.0 # Apache-2.0
|
||||||
python-swiftclient>=3.2.0 # Apache-2.0
|
python-swiftclient>=3.2.0 # Apache-2.0
|
||||||
pytz>=2013.6 # MIT
|
pytz>=2013.6 # MIT
|
||||||
|
Loading…
x
Reference in New Issue
Block a user