Juniper Openstack

Need to support keystone v3 in analytics

Bug #1714063 reported by Senthilnathan Murugappan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.0
Invalid
High
Biswajit Mandal
Juniper Openstack r4.0.4.0
R4.1
Invalid
High
Biswajit Mandal
Juniper Openstack r4.1.2.0
R5.0
Invalid
High
Biswajit Mandal
Juniper Openstack r5.0.1
Trunk
Invalid
High
Biswajit Mandal
Juniper Openstack r5.1.0
Revision history for this message
Anish Mehta (amehta00) wrote :

Moving out of R4.0.2.
Please confirm if this is really needed in R4.0.

Revision history for this message
Biswajit Mandal (bmandal) wrote :

Analytics does have the keystone v3 support. So moving to fixed state.

--------------------------------
From: Biswajit Mandal <email address hidden>
Date: Tuesday, June 26, 2018 at 6:35 AM
To: Senthilnathan Murugappan <email address hidden>, Ignatious Johnson <email address hidden>
Cc: Sundaresan Rajangam <email address hidden>
Subject: Reg: Bug https://bugs.launchpad.net/juniperopenstack/+bug/1714063

I am working on this bug.
While code walk through, I see that keystone v3 is handled as part of the vnc_cfg_api_client implementation.

So, https://github.com/Juniper/contrail-controller/blob/7784f9590c6a8d0428911531ca24c7b2550777d7/src/opserver/vnc_cfg_api_client.py#L50, we are not passing the domain name, but that is being retrieved from vnc_api_lib.ini in https://github.com/Juniper/contrail-api-client/blob/master/api-lib/vnc_api/vnc_api.py#L442

So, vnc_api_lib.ini is getting read by the client library always. Thus, handled for python code.

Now, as per the VNC server side keystone client library communication, we do by user_domain_name and project_domain_name, but client side, we communicate to keystone using same _domain_name, but if we need to keep sync with VNC Server side, then we can change the below code and then we need to have two separate flags in vnc_api_lib.ini similar to vnc server.

    404             self._v3_authn_body = \
    405                 '{"auth":{"identity":{' + \
    406                 '"methods": ["password"],' + \
    407                 ' "password":{' + \
    408                 ' "user":{' + \
    409                 ' "name": "%s",' % (self._username) + \
    410                 ' "domain": { "name": "%s" },' % (self._domain_name) +\
    411                 ' "password": "%s"' % (self._password) + \
    412                 '}' + \
    413                 '}' + \
    414                 '},' + \
    415                 ' "scope":{' + \
    416                 ' "project":{' + \
    417                 ' "domain": { "name": "%s" },' % (self._domain_name) +\
    418                 ' "name": "%s"' % (self._tenant_name) + \
    419                 '}' + \
    420                 '}' + \
    421                 '}' + \
    422                 '}'

Please let me know your thoughts.

Now I do not see any usage of https://github.com/Juniper/contrail-controller/blob/5c4669f314e434c8d8606ae87d41413915ee1ffe/src/http/client/vncapi.cc#L126 C++ client code in any of existing C++ files.
So, either this can be removed or may not be required to have change.

Please let me know if otherwise.

With regards,
Biswajit

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.