1 files changed, 74 insertions, 15 deletions
diff --git a/dnsdesig/dnsdesig/dns_plugin.py b/dnsdesig/dnsdesig/dns_plugin.py
index ee755aa..d46468d 100644
--- a/dnsdesig/dnsdesig/dns_plugin.py
+++ b/dnsdesig/dnsdesig/dns_plugin.py
@@ -1,7 +1,7 @@
 # ============LICENSE_START====================================================
 # org.onap.ccsdk
 # =============================================================================
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
 # =============================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,23 +30,82 @@ def _check_status(resp, msg):
       raise NonRecoverableError(msg)
 
 def _get_auth_info(openstack):
+  if openstack['auth_url'].endswith('/v2.0'):
+    (tok, gbls, urls) = _get_auth_info_v2(openstack)
+  else:
+    (tok, gbls, urls) = _get_auth_info_v3(openstack)
+  if len(urls.keys()) == 1:
+    reg = urls.keys()[0]
+  else:
+    reg = openstack['region']
+  if reg in urls and 'dns' in urls[reg]:
+    url = urls[reg]['dns']
+  elif 'dns' in gbls:
+    url = gbls['dns']
+  else:
+    raise NonRecoverableError('DNS service not found')
+  return { 'osauth': { 'X-Auth-Token': tok }, 'dns': url }
+
+def _get_auth_info_v3(openstack):
+  domain = openstack['domain'] if 'domain' in openstack else 'default'
+  resp = requests.post('{0}/auth/tokens'.format(openstack['auth_url']), json={
+    'auth': {
+      'identity': {
+        'methods': [
+          'password'
+        ],
+        'password': {
+          'user': {
+            'name': openstack['username'],
+            'domain': {
+              'id': domain
+            },
+            'password': openstack['password']
+          }
+        }
+      },
+      'scope': {
+        'project': {
+          'name': openstack['tenant_name'],
+          'domain': {
+            'id': domain
+          }
+        }
+      }
+    }
+  })
+  _check_status(resp, 'Failed to get authorization token from OpenStack identity service v3')
+  gbls = {}
+  urls = {}
+  for sc in resp.json()['token']['catalog']:
+    type = sc['type']
+    for ep in sc['endpoints']:
+      if 'region' in ep and ep['region'] not in urls:
+        urls[ep['region']] = {}
+      if ep['interface'] == 'public' and ep['url'] != '':
+        if 'region' not in ep:
+          gbls[type] = ep['url']
+        else:
+          urls[ep['region']][type] = ep['url']
+  return (resp.headers['X-Subject-Token'], gbls, urls)
+
+def _get_auth_info_v2(openstack):
   resp = requests.post('{0}/tokens'.format(openstack['auth_url']), json={'auth':{'tenantName':openstack['tenant_name'],'passwordCredentials':{'username':openstack['username'], 'password':openstack['password']}}})
-  _check_status(resp, 'Failed to get authorization token from OpenStack identity service')
+  _check_status(resp, 'Failed to get authorization token from OpenStack identity service v2')
   respj = resp.json()['access']
-  osauth={'X-Auth-Token': respj['token']['id'] }
+  gbls = {}
   urls = {}
   for se in respj['serviceCatalog']:
     type = se['type']
     for ep in se['endpoints']:
-      url = ep['publicURL']
-      reg = ep['region']
-      if not urls.has_key(reg):
-        urls[reg] = { }
-      if type not in urls[reg] or urls[reg][type] == '':
-        urls[reg][type] = url
-  if len(urls.keys()) == 1:
-    openstack['region'] = urls.keys()[0]
-  return { 'osauth': osauth, 'dns': urls[openstack['region']]['dns'] }
+      if 'region' in ep and ep['region'] not in urls:
+        urls[ep['region']] = {}
+      if 'publicURL' in ep and ep['publicURL'] != '':
+        if 'region' not in ep:
+          gbls[type] = ep['publicURL']
+        else:
+          urls[ep['region']][type] = ep['publicURL']
+  return (respj['token']['id'], gbls, urls)
 
 def _dot(fqdn):
   """
@@ -86,7 +145,7 @@ def aneeded(**kwargs):
   """
   try:
     _doneed('A', kwargs['args']['ip_addresses'])
-  except NonRecoverableError as nre:
+  except (NonRecoverableError, RecoverableError) as nre:
     raise nre
   except Exception as e:
     raise NonRecoverableError(e)
@@ -105,7 +164,7 @@ def cnameneeded(**kwargs):
   """
   try:
     _doneed('CNAME', [ _dot(kwargs['args']['cname']) ] )
-  except NonRecoverableError as nre:
+  except (NonRecoverableError, RecoverableError) as nre:
     raise nre
   except Exception as e:
     raise NonRecoverableError(e)
@@ -145,7 +204,7 @@ def _noneed(type):
     if rs:
       resp = requests.delete('{0}/v2/zones/{1}/recordsets/{2}'.format(access['dns'], zid, rs['id']), headers=access['osauth'])
       _check_status(resp, 'Failed to delete DNS record set for {0}'.format(fqdn))
-  except NonRecoverableError as nre:
+  except (NonRecoverableError, RecoverableError) as nre:
     raise nre
   except Exception as e:
     raise NonRecoverableError(e)