Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:8:CentOS:7.3
openstack-magnum
0001-fix-bad-scope-for-cert-generation.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-fix-bad-scope-for-cert-generation.patch of Package openstack-magnum
From ffdb1144535d80d64757e845d5f200140368099d Mon Sep 17 00:00:00 2001 From: Joshua Hesketh <josh@nitrotech.org> Date: Fri, 16 Feb 2018 16:19:05 +1100 Subject: Do not scope to OS-TRUST when no TRUST_ID is given When cluster_user_trust is False no TRUST_ID is set causing an invalid request to be sent to keystone. If no TRUST_ID is given it is sufficient to authenticate with just the user/password if magnum is configured with a project_domain_name and user_domain_name. Change-Id: Ieb1e42d0f8c16eaed276e57e05833c624573ac7c --- .../templates/fragments/make-cert-client.sh | 27 ++++++++++++++++++++-- .../templates/fragments/make-cert.sh | 27 ++++++++++++++++++++-- 2 files changed, 50 insertions(+), 4 deletions(-) diff --git a/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert-client.sh b/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert-client.sh index 24f35d6..40e67ff 100644 --- a/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert-client.sh +++ b/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert-client.sh @@ -34,8 +34,30 @@ CLIENT_CSR=$cert_dir/client.csr CLIENT_KEY=$cert_dir/client.key KUBE_MASTER_URI="https://$KUBE_MASTER_IP:$KUBE_API_PORT" -#Get a token by user credentials and trust -auth_json=$(cat << EOF + +if [ -z $TRUST_ID ]; then + # Get a token without scoped TRUST (eg when cluster_user_trust is off) + auth_json=$(cat << EOF +{ + "auth": { + "identity": { + "methods": [ + "password" + ], + "password": { + "user": { + "id": "$TRUSTEE_USER_ID", + "password": "$TRUSTEE_PASSWORD" + } + } + } + } +} +EOF +) +else + # Get a token by user credentials and trust + auth_json=$(cat << EOF { "auth": { "identity": { @@ -58,6 +80,7 @@ auth_json=$(cat << EOF } EOF ) +fi #trust is introduced in Keystone v3 version AUTH_URL=${AUTH_URL/v2.0/v3} diff --git a/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert.sh b/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert.sh index a63bd31..d32566d 100644 --- a/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert.sh +++ b/contrib/drivers/k8s_opensuse_v1/templates/fragments/make-cert.sh @@ -55,8 +55,29 @@ SERVER_CERT=$cert_dir/server.crt SERVER_CSR=$cert_dir/server.csr SERVER_KEY=$cert_dir/server.key -#Get a token by user credentials and trust -auth_json=$(cat << EOF +if [ -z $TRUST_ID ]; then + # Get a token without scoped TRUST (eg when cluster_user_trust is off) + auth_json=$(cat << EOF +{ + "auth": { + "identity": { + "methods": [ + "password" + ], + "password": { + "user": { + "id": "$TRUSTEE_USER_ID", + "password": "$TRUSTEE_PASSWORD" + } + } + } + } +} +EOF +) +else + # Get a token by user credentials and trust + auth_json=$(cat << EOF { "auth": { "identity": { @@ -79,6 +100,8 @@ auth_json=$(cat << EOF } EOF ) +fi + #trust is introduced in Keystone v3 version AUTH_URL=${AUTH_URL/v2.0/v3}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor