From b1673c48c7dddadebcba09e2415de3cb0df77600 Mon Sep 17 00:00:00 2001 From: Shubham Mali Date: Wed, 28 May 2025 11:31:23 +0530 Subject: [PATCH 1/4] skip ssl for keystone --- connector/keystone/keystone.go | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index ab4cf71516..e39ed482c0 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -4,6 +4,7 @@ package keystone import ( "bytes" "context" + "crypto/tls" "encoding/json" "fmt" "io" @@ -64,10 +65,11 @@ type domainKeystone struct { // keystonePassword: DEMO_PASS // useRolesAsGroups: true type Config struct { - Domain string `json:"domain"` - Host string `json:"keystoneHost"` - AdminUsername string `json:"keystoneUsername"` - AdminPassword string `json:"keystonePassword"` + Domain string `json:"domain"` + Host string `json:"keystoneHost"` + AdminUsername string `json:"keystoneUsername"` + AdminPassword string `json:"keystonePassword"` + InsecureSkipVerify bool `json:"insecureSkipVerify"` } type loginRequestData struct { @@ -177,13 +179,19 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) domain := domainKeystone{ Name: c.Domain, } + tr := &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: c.InsecureSkipVerify, + }, + } + client := &http.Client{Transport: tr} return &conn{ Domain: domain, Host: c.Host, AdminUsername: c.AdminUsername, AdminPassword: c.AdminPassword, Logger: logger, - client: http.DefaultClient, + client: client, }, nil } From fab14c49e8d38f28021cd46d2a47a751462c2252 Mon Sep 17 00:00:00 2001 From: Shubham Mali Date: Wed, 28 May 2025 14:47:17 +0530 Subject: [PATCH 2/4] added customer name to keystone connector config --- connector/keystone/keystone.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index e39ed482c0..909ef982c5 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -23,6 +23,7 @@ type conn struct { AdminPassword string client *http.Client Logger log.Logger + fqdn string } // type group struct { @@ -70,6 +71,7 @@ type Config struct { AdminUsername string `json:"keystoneUsername"` AdminPassword string `json:"keystonePassword"` InsecureSkipVerify bool `json:"insecureSkipVerify"` + Fqdn string `json:"fqdn"` } type loginRequestData struct { @@ -192,6 +194,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) AdminPassword: c.AdminPassword, Logger: logger, client: client, + fqdn: c.Fqdn, }, nil } @@ -546,10 +549,9 @@ func (p *conn) getGroups(ctx context.Context, token string, tokenInfo *tokenInfo var roleGroups []string // get the customer name to be prefixed in the group name - hostName, err := p.getHostname() - if err != nil { - return userGroups, err - } + // hostName, err := p.getHostname() + hostName := p.fqdn + for _, roleAssignment := range roleAssignments { role, ok := roleMap[roleAssignment.Role.ID] if !ok { From 1083bbf181a9d24a775c2ab3ddb3b885b8b7c78a Mon Sep 17 00:00:00 2001 From: Shubham Mali Date: Fri, 30 May 2025 12:48:13 +0530 Subject: [PATCH 3/4] KAAP-712 add customername in keystone config KAAP-295 replace "_" with "-" in tenant group name --- connector/keystone/keystone.go | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index 909ef982c5..21ba9679f2 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -23,7 +23,7 @@ type conn struct { AdminPassword string client *http.Client Logger log.Logger - fqdn string + CustomerName string } // type group struct { @@ -71,7 +71,7 @@ type Config struct { AdminUsername string `json:"keystoneUsername"` AdminPassword string `json:"keystonePassword"` InsecureSkipVerify bool `json:"insecureSkipVerify"` - Fqdn string `json:"fqdn"` + CustomerName string `json:"customerName"` } type loginRequestData struct { @@ -187,6 +187,9 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) }, } client := &http.Client{Transport: tr} + if c.CustomerName == "" { + return nil, fmt.Errorf("customerName is required in keystone config it cannot be empty") + } return &conn{ Domain: domain, Host: c.Host, @@ -194,7 +197,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) AdminPassword: c.AdminPassword, Logger: logger, client: client, - fqdn: c.Fqdn, + CustomerName: c.CustomerName, }, nil } @@ -550,7 +553,7 @@ func (p *conn) getGroups(ctx context.Context, token string, tokenInfo *tokenInfo // get the customer name to be prefixed in the group name // hostName, err := p.getHostname() - hostName := p.fqdn + customerName := p.CustomerName for _, roleAssignment := range roleAssignments { role, ok := roleMap[roleAssignment.Role.ID] @@ -563,7 +566,7 @@ func (p *conn) getGroups(ctx context.Context, token string, tokenInfo *tokenInfo // Ignore role assignments to non-existent projects (shouldn't happen) continue } - groupName := p.generateGroupName(project, role, hostName) + groupName := p.generateGroupName(project, role, customerName) roleGroups = append(roleGroups, groupName) } @@ -586,15 +589,14 @@ func (p *conn) getHostname() (string, error) { return hostName, nil } -func (p *conn) generateGroupName(project project, role role, hostName string) string { +func (p *conn) generateGroupName(project project, role role, customerName string) string { roleName := role.Name if roleName == "_member_" { roleName = "member" } - if hostName != "" { - return hostName + "-" + p.Domain.Name + "-" + project.Name + "-" + roleName - } - return p.Domain.Name + "-" + project.Name + "-" + roleName + domainName := strings.ToLower(strings.ReplaceAll(p.Domain.Name, "_", "-")) + projectName := strings.ToLower(strings.ReplaceAll(project.Name, "_", "-")) + return customerName + "-" + domainName + "-" + projectName + "-" + roleName } func (p *conn) getUser(ctx context.Context, userID string, token string) (*userResponse, error) { From e05050c4a1ecc5b6be15c9ae97d70ddde42bb6dd Mon Sep 17 00:00:00 2001 From: Shubham Mali Date: Fri, 30 May 2025 13:14:10 +0530 Subject: [PATCH 4/4] use hostname if customername not provided in config --- connector/keystone/keystone.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index 21ba9679f2..5a413940d9 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -187,9 +187,6 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) }, } client := &http.Client{Transport: tr} - if c.CustomerName == "" { - return nil, fmt.Errorf("customerName is required in keystone config it cannot be empty") - } return &conn{ Domain: domain, Host: c.Host, @@ -552,9 +549,14 @@ func (p *conn) getGroups(ctx context.Context, token string, tokenInfo *tokenInfo var roleGroups []string // get the customer name to be prefixed in the group name - // hostName, err := p.getHostname() customerName := p.CustomerName - + // if customerName is not provided in the keystone config get it from keystone host url. + if customerName == "" { + customerName, err = p.getHostname() + if err != nil { + return userGroups, err + } + } for _, roleAssignment := range roleAssignments { role, ok := roleMap[roleAssignment.Role.ID] if !ok {