Skip to content

Bugs/de778 #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
schoksey wants to merge 2 commits into
base: cis-havana
Choose a base branch
from
Open

Bugs/de778 #5

schoksey wants to merge 2 commits into from

Conversation

@schoksey
Copy link

@schoksey schoksey commented Oct 14, 2014

The fix is a clean up of the hybrid driver to simplify and consolidates the driver code.

Specifically it addresses

  • bug in conf definition StrOpts v/s ListOpts for built-in users configuration paramter
  • Heat templates using cfn-signal where dynamic users are created by keystone
  • Consolidate the hybrid driver used between nimbus and telstra codebase
  • Isolates all configuration parameters to the single driver file instead of custom parameter proliferation from a maintenance perspective when this code is ported to Icehouse

Rally-bug: DE778 (Admin can create non-buildin user without checking LDAP via Keystone Hybrid Driver)
Upstream: False

@schoksey
The fix is a clean up of the hybrid driver to simplify and consolidat…
5573167 
…e the

logic where if a user fails authentication in ldap, it will default the
SQL driver for authentication.

Specifically it addresses
- bug in conf definition StrOpts v/s ListOpts for built-in users configuration paramter
- Heat templates using cfn-signal where dynamic users are created by keystone
- Consolidate the hybrid driver used between nimbus and telstra codebase

Rally-bug: DE778 (Admin can create non-buildin user without checking LDAP via Keystone Hybrid Driver)
Upstream: False
@schoksey
- convert from StrOpts to ListOpts for builtin_user param
480e4aa 
The patch cleans up config parameter proliferation for hybrid driver to enable
isolation of the hybrid driver code.  All parameters related to hybrid are not
part of the driver code itself.

Rally-bug: None (forward-looking enhancement for Icehouse / RHEL supportability
Upstream: False
@schoksey
Copy link
Author

schoksey commented Oct 19, 2014

Re-defined builtin_user param from StrOpt to ListOpt

@tiewei
Copy link

tiewei commented Oct 21, 2014

+1 good job

@schoksey schoksey mentioned this pull request Jan 5, 2015
Merged
@scpham
Copy link

scpham commented Jan 5, 2015

Can we add some unit tests ?

@schoksey
Copy link
Author

schoksey commented Jan 5, 2015

Will do

@alop
Copy link
Member

alop commented Jan 12, 2015

Any update on this?

@jadelester
Copy link

jadelester commented Jan 29, 2015

I've tested this functionality in London was able to successfully add a user that did not exist in either LDAP or built_in users to keystone and provide access to a tenant project.

keystone user-create --name cloud_user2 --pass NfEQHTsV --email someuser@somedomain.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | someuser@somedomain.com |
| enabled | True |
| id | 1a76c51780174ea2b98d91836d0d2f7e |
| name | cloud_user2 |
| username | cloud_user2 |
+----------+----------------------------------+

[root@csx-a-keystonectl-001 backends]# keystone user-role-add --user cloud_user2 --role Member --tenant HomeWrecker228

[root@csx-a-keystonectl-001 backends]# keystone user-list --tenant HomeWrecker228
+----------------------------------+-------------+---------+----------------------------------+
| id | name | enabled | email |
+----------------------------------+-------------+---------+----------------------------------+
| 1a76c51780174ea2b98d91836d0d2f7e | cloud_user2 | True | someuser@somedomain.com |
+----------------------------------+-------------+---------+----------------------------------+

I think this code should be merged in and retro fitted to all sites so that we can get away from the need to add local users through the 'built_in' method

@retr0h
Copy link

retr0h commented Jan 29, 2015

@jadelester this code is not a bug fix but a feature. Once @schoksey addresses the peer review in the PR we can work on merging it. However, #8 solves the bug that was originally reported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@schoksey @tiewei @scpham @alop @jadelester @retr0h