Enable to specify project id in OpenStack OIDC auth #1293

micafer · 2019-05-31T06:24:18Z

Enable to specify project id in OpenStack OIDC auth

Description

In current implementation the OpenStack OIDC auth the first project available is selected.
This PR enables to specify the project id using the domain_name (as the tenant_name attribute is used to specify the protocol). The domain_name attribute can be used either to select the domain name in case of domain scoped token or to select the project name in case of project scoped token

Status

done, ready for review

Checklist (tick everything that applies)

Code linting (required, can be done after the PR checks)
Documentation
Tests
ICLA (required for bigger changes)

codecov-io · 2019-05-31T06:52:46Z

Codecov Report

Merging #1293 into trunk will increase coverage by <.01%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##            trunk    #1293      +/-   ##
==========================================
+ Coverage   85.95%   85.95%   +<.01%     
==========================================
  Files         359      359              
  Lines       73911    73916       +5     
  Branches     6705     6708       +3     
==========================================
+ Hits        63530    63535       +5     
+ Misses       7699     7698       -1     
- Partials     2682     2683       +1

Impacted Files	Coverage Δ
libcloud/test/common/test_openstack_identity.py	`98.06% <50%> (ø)`	⬆️
libcloud/common/openstack_identity.py	`75.89% <71.42%> (-0.11%)`	⬇️
libcloud/test/compute/test_ec2.py	`97.9% <0%> (+0.16%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7a948b1...f096db4. Read the comment docs.

Kami · 2019-06-22T13:02:45Z

Thanks for the contribution.

Can you please also open a PR with a corresponding documentation change (ideally with a code example on how to specify a project)?

Kami · 2019-06-22T13:04:23Z

libcloud/test/common/test_openstack_identity.py

            return (httplib.OK, body, self.json_content_headers, httplib.responses[httplib.OK])
        raise NotImplementedError()

    def _v3_auth_projects(self, method, url, body, headers):
        if method == 'GET':
            # get user projects
-            body = json.dumps({"projects": [{"id": "project_id"}]})
+            body = json.dumps({"projects": [{"id": "project_id", "name": "project_name"},


It would also be good to add a test case for scenario where invalid project id is specified.

Kami · 2019-06-22T13:05:51Z

I went ahead and merged it into trunk, but I would appreciate if you can open a new PR with corresponding documentation and tests change.

micafer added 3 commits May 31, 2019 08:22

OIDC project

1abaec4

Add test file

68ab9f2

Add test file

f096db4

Kami added drivers: openstack api: common labels Jun 22, 2019

Kami reviewed Jun 22, 2019

View reviewed changes

asfgit merged commit f096db4 into apache:trunk Jun 22, 2019

asfgit pushed a commit that referenced this pull request Jun 22, 2019

Add changelog entry for #1293.

a0dd583

micafer mentioned this pull request Mar 10, 2020

Enable to set project id in OpenStack OIDC authentication #1439

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable to specify project id in OpenStack OIDC auth #1293

Enable to specify project id in OpenStack OIDC auth #1293

micafer commented May 31, 2019

codecov-io commented May 31, 2019

Kami commented Jun 22, 2019

Kami Jun 22, 2019

Kami commented Jun 22, 2019

Enable to specify project id in OpenStack OIDC auth #1293

Enable to specify project id in OpenStack OIDC auth #1293

Conversation

micafer commented May 31, 2019