Example #1
0
    def test_loading_v2(self):
        section = uuid.uuid4().hex
        auth_url = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        trust_id = uuid.uuid4().hex
        tenant_id = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)

        self.conf_fixture.register_opts(
            to_oslo_opts(v2.Password().get_options()),
            group=section)

        self.conf_fixture.config(auth_type=self.V2PASS,
                                 auth_url=auth_url,
                                 username=username,
                                 password=password,
                                 trust_id=trust_id,
                                 tenant_id=tenant_id,
                                 group=section)

        a = loading.load_auth_from_conf_options(self.conf_fixture.conf,
                                                self.GROUP)

        self.assertEqual(auth_url, a.auth_url)
        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
        self.assertEqual(trust_id, a.trust_id)
        self.assertEqual(tenant_id, a.tenant_id)
Example #2
0
def register_ksa_opts(conf, group, default_service_type, include_auth=True,
                      deprecated_opts=None):
    """Register keystoneauth auth, Session, and Adapter opts.

    :param conf: oslo_config.cfg.CONF in which to register the options
    :param group: Conf group, or string name thereof, in which to register the
                  options.
    :param default_service_type: Default for the service_type conf option on
                                 the Adapter.
    :param include_auth: For service types where Nova is acting on behalf of
                         the user, auth should come from the user context.
                         In those cases, set this arg to False to avoid
                         registering ksa auth options.
    :param deprecated_opts: dict of deprecated opts to register with the ksa
                            Session or Adapter opts.  See docstring for
                            the deprecated_opts param of:
                    keystoneauth1.loading.session.Session.register_conf_options
    """
    # ksa register methods need the group name as a string.  oslo doesn't care.
    group = getattr(group, 'name', group)
    ks_loading.register_session_conf_options(
        conf, group, deprecated_opts=deprecated_opts)
    if include_auth:
        ks_loading.register_auth_conf_options(conf, group)
    conf.register_opts(get_ksa_adapter_opts(
        default_service_type, deprecated_opts=deprecated_opts), group=group)
    # Have to register dummies for the version-related opts we removed
    for name in _ADAPTER_VERSION_OPTS:
        conf.register_opt(_dummy_opt(name), group=group)
Example #3
0
    def __init__(self, section=constants.SERVICE_AUTH):
        self._session = None
        self._auth = None

        self.section = section
        ks_loading.register_auth_conf_options(cfg.CONF, self.section)
        ks_loading.register_session_conf_options(cfg.CONF, self.section)
Example #4
0
def register_opts(conf):
    global neutron_options
    conf.register_group(neutron_group)
    conf.register_opts(ALL_OPTS, group=neutron_group)
    neutron_options = ks_loading.register_session_conf_options(
        conf, NEUTRON_GROUP, deprecated_opts=deprecations)
    ks_loading.register_auth_conf_options(conf, NEUTRON_GROUP)
Example #5
0
    def _migrate_keys(self, volumes, backups):
        LOG.info("Starting migration of ConfKeyManager keys.")

        # Establish a Barbican client session that will be used for the entire
        # key migration process. Use cinder's own service credentials.
        try:
            ks_loading.register_auth_conf_options(self.conf,
                                                  'keystone_authtoken')
            auth = ks_loading.load_auth_from_conf_options(self.conf,
                                                          'keystone_authtoken')
            sess = ks_session.Session(auth=auth)
            self.barbican = barbican_client.Client(session=sess)
        except Exception as e:
            LOG.error("Aborting encryption key migration due to "
                      "error creating Barbican client: %s", e)
            return

        errors = 0
        for item in itertools.chain(volumes, backups):
            try:
                self._migrate_encryption_key(item)
            except Exception as e:
                LOG.error("Error migrating encryption key: %s", e)
                # NOTE(abishop): There really shouldn't be any soft errors, so
                # if an error occurs migrating one key then chances are they
                # will all fail. This avoids filling the log with the same
                # error in situations where there are many keys to migrate.
                errors += 1
                if errors > MAX_KEY_MIGRATION_ERRORS:
                    LOG.error("Aborting encryption key migration "
                              "(too many errors).")
                    break
Example #6
0
    def test_loading_v3(self):
        section = uuid.uuid4().hex
        auth_url = uuid.uuid4().hex,
        token = uuid.uuid4().hex
        trust_id = uuid.uuid4().hex
        project_id = uuid.uuid4().hex
        project_domain_name = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)

        self.conf_fixture.register_opts(to_oslo_opts(v3.Token().get_options()),
                                        group=section)

        self.conf_fixture.config(auth_type=self.V3TOKEN,
                                 auth_url=auth_url,
                                 token=token,
                                 trust_id=trust_id,
                                 project_id=project_id,
                                 project_domain_name=project_domain_name,
                                 group=section)

        a = loading.load_auth_from_conf_options(self.conf_fixture.conf,
                                                self.GROUP)

        self.assertEqual(token, a.auth_methods[0].token)
        self.assertEqual(trust_id, a.trust_id)
        self.assertEqual(project_id, a.project_id)
        self.assertEqual(project_domain_name, a.project_domain_name)
Example #7
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf, CFG_GROUP,
        deprecated_opts={'cacert': [
            cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
        })
Example #8
0
def register_opts(conf):
    # FIXME(pauloewerton): remove import of authtoken group and legacy options
    # after deprecation period
    conf.import_group(CFG_LEGACY_GROUP, 'keystonemiddleware.auth_token')
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf, CFG_GROUP, deprecated_opts=legacy_session_opts)
    conf.set_default('auth_type', default='password', group=CFG_GROUP)
Example #9
0
def register_auth_opts(conf, group):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
Example #10
0
    def test_get_keystone_session(self):
        _AUTH_CONF_GROUP = 'watcher_clients_auth'
        ka_loading.register_auth_conf_options(cfg.CONF, _AUTH_CONF_GROUP)
        ka_loading.register_session_conf_options(cfg.CONF, _AUTH_CONF_GROUP)

        cfg.CONF.set_override('auth_type', 'password',
                              group=_AUTH_CONF_GROUP)

        # If we don't clean up the _AUTH_CONF_GROUP conf options, then other
        # tests that run after this one will fail, complaining about required
        # options that _AUTH_CONF_GROUP wants.
        def cleanup_conf_from_loading():
            # oslo_config doesn't seem to allow unregistering groups through a
            # single method, so we do this instead
            cfg.CONF.reset()
            del cfg.CONF._groups[_AUTH_CONF_GROUP]

        self.addCleanup(cleanup_conf_from_loading)

        osc = clients.OpenStackClients()

        expected = {'username': '******',
                    'password': '******',
                    'auth_url': 'http://server.ip:35357',
                    'user_domain_id': 'foouserdomainid',
                    'project_domain_id': 'fooprojdomainid'}

        def reset_register_opts_mock(conf_obj, original_method):
            conf_obj.register_opts = original_method

        original_register_opts = cfg.CONF.register_opts
        self.addCleanup(reset_register_opts_mock,
                        cfg.CONF,
                        original_register_opts)

        # Because some of the conf options for auth plugins are not registered
        # until right before they are loaded, and because the method that does
        # the actual loading of the conf option values is an anonymous method
        # (see _getter method of load_from_conf_options in
        # keystoneauth1.loading.conf.py), we need to manually monkey patch
        # the register opts method so that we can override the conf values to
        # our custom values.
        def mock_register_opts(*args, **kwargs):
            ret = original_register_opts(*args, **kwargs)
            if 'group' in kwargs and kwargs['group'] == _AUTH_CONF_GROUP:
                for key, value in expected.items():
                    cfg.CONF.set_override(key, value, group=_AUTH_CONF_GROUP)
            return ret

        cfg.CONF.register_opts = mock_register_opts

        sess = osc.session
        self.assertEqual(expected['auth_url'], sess.auth.auth_url)
        self.assertEqual(expected['username'], sess.auth._username)
        self.assertEqual(expected['password'], sess.auth._password)
        self.assertEqual(expected['user_domain_id'], sess.auth._user_domain_id)
        self.assertEqual(expected['project_domain_id'],
                         sess.auth._project_domain_id)
Example #11
0
    def register_conf_options(self, group=None, section=None):
        loading.register_auth_conf_options(self.conf_fixture.conf, group=group)

        if section:
            self.conf_fixture.config(group=group, auth_section=section)
            loading.register_auth_conf_options(self.conf_fixture.conf,
                                               group=group)

        return self.conf_fixture
Example #12
0
def _register_keystoneauth_group(conf, group):
    ka_loading.register_auth_conf_options(conf, group)
    ka_loading.register_session_conf_options(
        conf, group,
        deprecated_opts={'cacert': [
            cfg.DeprecatedOpt('os-cacert', group=group),
            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
        })
    conf.register_opts(CLI_OPTS, group=group)
Example #13
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf, CFG_GROUP,
        deprecated_opts={'cacert': [
            cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
        })
    conf.set_default("auth_type", default="password-ceilometer-legacy",
                     group=CFG_GROUP)
Example #14
0
    def setUp(self):
        super(ConfTests, self).setUp()
        self.conf_fixture = self.useFixture(config.Config())

        # NOTE(jamielennox): we register the basic config options first because
        # we need them in place before we can stub them. We will need to run
        # the register again after we stub the auth section and auth plugin so
        # it can load the plugin specific options.
        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)
Example #15
0
def register_keystoneauth_opts():
    ka_loading.register_auth_conf_options(CONF, CFG_GROUP)
    ka_loading.register_session_conf_options(
        CONF,
        CFG_GROUP,
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
Example #16
0
 def setUp(self):
     super(TestPlacementHelper, self).setUp()
     _AUTH_CONF_GROUP = 'watcher_clients_auth'
     ka_loading.register_auth_conf_options(CONF, _AUTH_CONF_GROUP)
     ka_loading.register_session_conf_options(CONF, _AUTH_CONF_GROUP)
     self.client = placement_helper.PlacementHelper()
     self.fake_err_msg = {
         'errors': [{
             'detail': 'The resource could not be found.',
         }]
     }
Example #17
0
def register_opts(conf):
    """ Registers all the sections in this module.
    """
    for section in SECTIONS:
        conf.register_group(
            cfg.OptGroup(name=section.name,
                         title=section.title,
                         help=section.help))
        conf.register_opts(section.options, group=section.name)

    ks_loading.register_auth_conf_options(conf, group='keystone_authtoken')
Example #18
0
def register_opts(conf):

    conf.register_group(identity_group)

    group = getattr(identity_group, 'name', identity_group)

    ks_loading.register_session_conf_options(conf, group)
    ks_loading.register_auth_conf_options(conf, group)

    adapter_opts = get_ksa_adapter_opts(SERVICE_TYPE)
    conf.register_opts(adapter_opts, group=group)
Example #19
0
def _register_keystoneauth_group(conf, group):
    ka_loading.register_auth_conf_options(conf, group)
    ka_loading.register_session_conf_options(
        conf,
        group,
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group=group),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
    conf.register_opts(CLI_OPTS, group=group)
Example #20
0
    def __init__(self, config_group_name=None):
        self.config_group_name = config_group_name or 'DEFAULT'

        ks_loading.register_session_conf_options(
            CONF, NEUTRON_GROUP, deprecated_opts=deprecated_opts)
        ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP)
        CONF.register_opts(neutron_opts, NEUTRON_GROUP)

        self.configuration = getattr(CONF, self.config_group_name, CONF)
        self.last_neutron_extension_sync = None
        self.extensions = {}
        self.auth_obj = None
Example #21
0
def register_opts(conf):
    loading.register_session_conf_options(CONF, _option_group)
    loading.register_adapter_conf_options(CONF, _option_group,
                                          include_deprecated=False)

    loading.register_auth_conf_options(CONF, _option_group)
    plugin_name = CONF.oslo_limit.auth_type
    if plugin_name:
        plugin_loader = loading.get_plugin_loader(plugin_name)
        plugin_opts = loading.get_auth_plugin_conf_options(plugin_loader)
        CONF.register_opts(plugin_opts, group=_option_group)
    conf.register_opts(_options, group=_option_group)
Example #22
0
    def test_same_section(self, m):
        opts = loading.get_auth_plugin_conf_options(utils.MockLoader())
        self.conf_fixture.register_opts(opts, group=self.GROUP)

        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)
        self.conf_fixture.config(auth_type=uuid.uuid4().hex,
                                 group=self.GROUP,
                                 **self.TEST_VALS)

        a = loading.load_auth_from_conf_options(self.conf_fixture.conf,
                                                self.GROUP)
        self.assertTestVals(a)
Example #23
0
    def test_same_section(self, m):
        opts = loading.get_auth_plugin_conf_options(utils.MockLoader())
        self.conf_fixture.register_opts(opts, group=self.GROUP)

        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)
        self.conf_fixture.config(auth_type=uuid.uuid4().hex,
                                 group=self.GROUP,
                                 **self.TEST_VALS)

        a = loading.load_auth_from_conf_options(self.conf_fixture.conf,
                                                self.GROUP)
        self.assertTestVals(a)
Example #24
0
 def __init__(self):
     ks_loading.register_session_conf_options(CONF, "neutron_client")
     ks_loading.register_auth_conf_options(CONF, "neutron_client")
     self.auth = ks_loading.load_auth_from_conf_options(
         CONF,
         "neutron_client")
     self.session = ks_loading.load_session_from_conf_options(
         CONF,
         "neutron_client",
         auth=self.auth)
     self.neutron_client = neutron_client.Client(
         session=self.session,
         auth=self.auth)
Example #25
0
    def __init__(self, config_group_name=None):
        self.config_group_name = config_group_name or 'DEFAULT'

        ks_loading.register_session_conf_options(CONF, NEUTRON_GROUP)
        ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP)
        CONF.register_opts(neutron_opts, NEUTRON_GROUP)
        CONF.register_opts(neutron_deprecated_opts,
                           group=self.config_group_name)

        self.configuration = getattr(CONF, self.config_group_name, CONF)
        self.last_neutron_extension_sync = None
        self.extensions = {}
        self.auth_obj = None
Example #26
0
    def configure_middleware(self, auth_type, **kwargs):
        opts = loading.get_auth_plugin_conf_options(auth_type)
        self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)

        # Since these tests cfg.config() themselves rather than waiting for
        # auth_token to do it on __init__ we need to register the base auth
        # options (e.g., auth_plugin)
        loading.register_auth_conf_options(self.cfg.conf,
                                           group=_base.AUTHTOKEN_GROUP)

        self.cfg.config(group=_base.AUTHTOKEN_GROUP,
                        auth_type=auth_type,
                        **kwargs)
Example #27
0
def register_auth_opts(conf, group, service_type=None):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
    kaloading.register_adapter_conf_options(conf, group)
    conf.set_default('valid_interfaces', DEFAULT_VALID_INTERFACES, group=group)
    # TODO(pas-ha) use os-service-type to try find the service_type by the
    # config group name assuming it is a project name (e.g. 'glance')
    if service_type:
        conf.set_default('service_type', service_type, group=group)
Example #28
0
def register_auth_opts(conf, group, service_type=None):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
    kaloading.register_adapter_conf_options(conf, group)
    conf.set_default('valid_interfaces', DEFAULT_VALID_INTERFACES, group=group)
    # TODO(pas-ha) use os-service-type to try find the service_type by the
    # config group name assuming it is a project name (e.g. 'glance')
    if service_type:
        conf.set_default('service_type', service_type, group=group)
Example #29
0
 def __init__(self):
     ks_loading.register_session_conf_options(CONF, "glance_client")
     ks_loading.register_auth_conf_options(CONF, "glance_client")
     self.auth = ks_loading.load_auth_from_conf_options(
         CONF,
         "glance_client")
     self.session = ks_loading.load_session_from_conf_options(
         CONF,
         "glance_client",
         auth=self.auth)
     self.glance_client = glance_client.Client(
         version='1',
         session=self.session,
         auth=self.auth)
Example #30
0
    def setUp(self):
        super(FixturesTests, self).setUp()
        self.conf_fixture = self.useFixture(config.Config())

        # conf loading will still try to read the auth_type from the config
        # object and pass that to the get_plugin_loader method. This value will
        # typically be ignored and the fake plugin returned regardless of name
        # but it could be a useful differentiator and it also ensures that the
        # application has called register_auth_conf_options before simply
        # returning a fake plugin.
        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)

        self.conf_fixture.config(auth_type=self.AUTH_TYPE, group=self.GROUP)
Example #31
0
def register_opts():
    CONF.register_group(HYPERV_AGENT_GROUP)
    CONF.register_opts(HYPERV_AGENT_OPTS, group=HYPERV_AGENT_GROUP_NAME)

    CONF.register_group(NVGRE_GROUP)
    CONF.register_opts(NVGRE_OPTS, group=NVGRE_GROUP_NAME)

    CONF.register_group(NEUTRON_GROUP)
    CONF.register_opts(NEUTRON_OPTS, group=NEUTRON_GROUP_NAME)
    ks_loading.register_session_conf_options(CONF, NEUTRON_GROUP)
    ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP)

    CONF.register_group(HNV_GROUP)
    CONF.register_opts(HNV_OPTS, group=HNV_GROUP_NAME)
Example #32
0
 def __init__(self):
     ks_loading.register_session_conf_options(CONF, "keystone_client")
     ks_loading.register_auth_conf_options(CONF, "keystone_client")
     self.auth = ks_loading.load_auth_from_conf_options(
         CONF,
         "keystone_client")
     self.session = ks_loading.load_session_from_conf_options(
         CONF,
         "keystone_client",
         auth=self.auth)
     self.ks_client = ks_client.Client(
         version='3',
         session=self.session,
         auth_url=self.auth.auth_url)
Example #33
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf,
        CFG_GROUP,
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
    conf.set_default("auth_type",
                     default="password-aodh-legacy",
                     group=CFG_GROUP)
Example #34
0
def register_auth_opts(conf, group, service_type=None):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
    if service_type:
        kaloading.register_adapter_conf_options(conf, group)
        conf.set_default('valid_interfaces',
                         DEFAULT_VALID_INTERFACES,
                         group=group)
        conf.set_default('service_type', service_type, group=group)
    def configure_middleware(self,
                             auth_type,
                             **kwargs):
        opts = loading.get_auth_plugin_conf_options(auth_type)
        self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)

        # Since these tests cfg.config() themselves rather than waiting for
        # auth_token to do it on __init__ we need to register the base auth
        # options (e.g., auth_plugin)
        loading.register_auth_conf_options(self.cfg.conf,
                                           group=_base.AUTHTOKEN_GROUP)

        self.cfg.config(group=_base.AUTHTOKEN_GROUP,
                        auth_type=auth_type,
                        **kwargs)
Example #36
0
def register_opts():
    # NOTE (froyo): just to not try to re-register options already done
    # by Neutron, specially in test scope, that will get a DuplicateOptError
    missing_opts = ovn_opts
    try:
        neutron_registered_opts = [opt for opt in cfg.CONF.ovn]
        missing_opts = [
            opt for opt in ovn_opts if opt.name not in neutron_registered_opts
        ]
    except cfg.NoSuchOptError:
        LOG.info('Not found any opts under group ovn registered by Neutron')

    cfg.CONF.register_opts(missing_opts, group='ovn')
    cfg.CONF.register_opts(neutron_opts, group='neutron')
    ks_loading.register_auth_conf_options(cfg.CONF, 'service_auth')
    ks_loading.register_session_conf_options(cfg.CONF, 'service_auth')
Example #37
0
    def test_diff_section(self, m):
        section = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)

        self.conf_fixture.register_opts(to_oslo_opts(
            utils.MockLoader().get_options()),
                                        group=section)
        self.conf_fixture.config(group=section,
                                 auth_type=uuid.uuid4().hex,
                                 **self.TEST_VALS)

        a = loading.load_auth_from_conf_options(self.conf_fixture.conf,
                                                self.GROUP)
        self.assertTestVals(a)
Example #38
0
    def test_diff_section(self, m):
        section = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        loading.register_auth_conf_options(self.conf_fixture.conf,
                                           group=self.GROUP)

        self.conf_fixture.register_opts(to_oslo_opts(
            utils.MockLoader().get_options()),
            group=section)
        self.conf_fixture.config(group=section,
                                 auth_type=uuid.uuid4().hex,
                                 **self.TEST_VALS)

        a = loading.load_auth_from_conf_options(self.conf_fixture.conf,
                                                self.GROUP)
        self.assertTestVals(a)
Example #39
0
def connect_gnocchi():
    conf = cfg.ConfigOpts()
    loading.register_auth_conf_options(conf, "keystone_authtoken")
    loading.register_session_conf_options(
        conf,
        "keystone_authtoken",
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group="keystone_authtoken"),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
    conf([], project='gnocchi')

    auth_plugin = loading.load_auth_from_conf_options(conf,
                                                      "keystone_authtoken")
    conn_gnocchi = client.Client(session_options={'auth': auth_plugin})
    return conn_gnocchi
Example #40
0
def prepare_service(argv=None, config_files=None, conf=None):
    oslo_i18n.enable_lazy()

    if argv is None:
        argv = sys.argv
    if conf is None:
        conf = cfg.ConfigOpts()
    conf.register_opts(OPTS)
    log.register_options(conf)
    db_options.set_defaults(conf)
    loading.register_auth_conf_options(conf, 'keystone_authtoken')
    conf(argv[1:], project='nabu', validate_default_values=True,
         version=nabu.__version__,
         default_config_files=config_files)
    loading.load_auth_from_conf_options(conf, 'keystone_authtoken')

    log.setup(conf, 'nabu')

    return conf
Example #41
0
def prepare_service(argv=None, config_files=None, conf=None):
    oslo_i18n.enable_lazy()

    if argv is None:
        argv = sys.argv
    if conf is None:
        conf = cfg.ConfigOpts()
    conf.register_opts(OPTS)
    log.register_options(conf)
    db_options.set_defaults(conf)
    loading.register_auth_conf_options(conf, 'keystone_authtoken')
    conf(argv[1:],
         project='nabu',
         validate_default_values=True,
         version=nabu.__version__,
         default_config_files=config_files)
    loading.load_auth_from_conf_options(conf, 'keystone_authtoken')

    log.setup(conf, 'nabu')

    return conf
Example #42
0
def main():
    cli_opts = [
        cfg.StrOpt('component',
                   short='c',
                   choices=['neutron', 'nova', 'cinder'],
                   help='Openstack Service to check'),
        cfg.StrOpt('binary',
                   short='b',
                   default=None,
                   help='For neutron agent, filter for this binary'),
        cfg.BoolOpt('dhcp_ready',
                    short='r',
                    default=False,
                    help='check that dhcp-agent has all networks synced'),
    ]

    conf = cfg.CONF
    conf.register_cli_opts(cli_opts)
    logging.basicConfig(level=logging.WARNING)
    ks_loading.register_auth_conf_options(conf, 'keystone_authtoken')
    ks_loading.register_auth_conf_options(conf, 'nova')
    ks_loading.register_session_conf_options(conf, 'nova')
    conf.register_opts(auth_opts, 'keystone_authtoken')
    conf.register_opts(host_opts)
    conf(sys.argv[1:])

    if conf.component is None:
        # Try guessing service type
        tokens = conf.host.split('-')
        if len(tokens) > 1:
            try:
                conf.component = next(x for x in ['neutron', 'nova', 'cinder']
                                      if x == tokens[0])
            except StopIteration:
                logging.critical(
                    "Error, no component mode defined, use --component")
                sys.exit(1)

    from agentliveness.agent import Liveness
    return Liveness(conf).check()
Example #43
0
def delete_encryption_key(context, key_manager, encryption_key_id):
    try:
        key_manager.delete(context, encryption_key_id)
    except castellan_exception.ManagedObjectNotFoundError:
        pass
    except castellan_exception.KeyManagerError:
        LOG.info("First attempt to delete key id %s failed, retrying with "
                 "cinder's service context.", encryption_key_id)
        conf = CONF
        ks_loading.register_auth_conf_options(conf, 'keystone_authtoken')
        service_context = keystone_password.KeystonePassword(
            password=conf.keystone_authtoken.password,
            auth_url=conf.keystone_authtoken.auth_url,
            username=conf.keystone_authtoken.username,
            user_domain_name=conf.keystone_authtoken.user_domain_name,
            project_name=conf.keystone_authtoken.project_name,
            project_domain_name=conf.keystone_authtoken.project_domain_name)
        try:
            castellan_key_manager.API(conf).delete(service_context,
                                                   encryption_key_id)
        except castellan_exception.ManagedObjectNotFoundError:
            pass
Example #44
0
def delete_encryption_key(context, key_manager, encryption_key_id):
    try:
        key_manager.delete(context, encryption_key_id)
    except castellan_exception.ManagedObjectNotFoundError:
        pass
    except castellan_exception.KeyManagerError:
        LOG.info("First attempt to delete key id %s failed, retrying with "
                 "cinder's service context.", encryption_key_id)
        conf = CONF
        ks_loading.register_auth_conf_options(conf, 'keystone_authtoken')
        service_context = keystone_password.KeystonePassword(
            password=conf.keystone_authtoken.password,
            auth_url=conf.keystone_authtoken.auth_url,
            username=conf.keystone_authtoken.username,
            user_domain_name=conf.keystone_authtoken.user_domain_name,
            project_name=conf.keystone_authtoken.project_name,
            project_domain_name=conf.keystone_authtoken.project_domain_name)
        try:
            castellan_key_manager.API(conf).delete(service_context,
                                                   encryption_key_id)
        except castellan_exception.ManagedObjectNotFoundError:
            pass
Example #45
0
def register_ksa_opts(conf, group, default_service_type, deprecated_opts=None):
    """Register keystoneauth auth, Session, and Adapter opts.

    :param conf: oslo_config.cfg.CONF in which to register the options
    :param group: Conf group, or string name thereof, in which to register the
                  options.
    :param default_service_type: Default for the service_type conf option on
                                 the Adapter.
    :param deprecated_opts: dict of deprecated opts to register with the ksa
                            Session or Adapter opts.  See docstring for
                            the deprecated_opts param of:
                    keystoneauth1.loading.session.Session.register_conf_options
    """
    # ksa register methods need the group name as a string.  oslo doesn't care.
    group = getattr(group, 'name', group)
    ks_loading.register_session_conf_options(
        conf, group, deprecated_opts=deprecated_opts)
    ks_loading.register_auth_conf_options(conf, group)
    conf.register_opts(get_ksa_adapter_opts(
        default_service_type, deprecated_opts=deprecated_opts), group=group)
    # Have to register dummies for the version-related opts we removed
    for name in _ADAPTER_VERSION_OPTS:
        conf.register_opt(_dummy_opt(name), group=group)
Example #46
0
def set_defaults(conf):
    conf.set_default('connection', 'sqlite://', group='database')
    conf.set_default('sqlite_synchronous', False, group='database')
    conf.set_default('policy_dirs', [], group='oslo_policy')
    conf.set_default('auth_strategy', 'noauth')
    conf.set_default(
        'state_path',
        os.path.abspath(
            os.path.join(os.path.dirname(__file__), '..', '..', '..')))
    conf.set_default('provider_config_dir',
                     os.path.join(os.path.dirname(__file__), 'fake_providers'))
    loading.register_auth_conf_options(conf, 'trustee')
    opts = loading.get_auth_plugin_conf_options('password')
    conf.register_opts(opts, 'trustee')
    conf.set_default('auth_type', 'password', group='trustee')
    conf.set_default('auth_section', None, group='trustee')
    conf.set_default('auth_url',
                     'http://192.168.1.2/identity',
                     group='trustee')
    conf.set_default('username', 'karbor', group='trustee')
    conf.set_default('password', 'password', group='trustee')
    conf.set_default('user_domain_id', 'default', group='trustee')
    conf.set_default('trigger_poll_interval', 1)
Example #47
0
def register_common_config_options():
    global _COMMON_OPTIONS_ALREADY_REGISTERED
    if _COMMON_OPTIONS_ALREADY_REGISTERED:
        return

    # Register the configuration options
    common_config.register_core_common_config_opts()

    # Ensure that the control exchange is set correctly
    oslo_messaging.set_transport_defaults(control_exchange='neutron')

    ks_loading.register_auth_conf_options(cfg.CONF,
                                          common_config.NOVA_CONF_SECTION)
    ks_loading.register_session_conf_options(cfg.CONF,
                                             common_config.NOVA_CONF_SECTION)

    # Register the nova configuration options
    common_config.register_nova_opts()

    ks_loading.register_auth_conf_options(cfg.CONF,
                                          common_config.PLACEMENT_CONF_SECTION)
    ks_loading.register_session_conf_options(
        cfg.CONF, common_config.PLACEMENT_CONF_SECTION)

    # Register the placement configuration options
    common_config.register_placement_opts()

    logging.register_options(cfg.CONF)

    # Register the ironic configuration options
    ks_loading.register_auth_conf_options(cfg.CONF,
                                          common_config.IRONIC_CONF_SECTION)
    ks_loading.register_session_conf_options(cfg.CONF,
                                             common_config.IRONIC_CONF_SECTION)
    ks_loading.register_adapter_conf_options(cfg.CONF,
                                             common_config.IRONIC_CONF_SECTION)
    common_config.register_ironic_opts()

    _COMMON_OPTIONS_ALREADY_REGISTERED = True
Example #48
0
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.


from keystoneauth1 import loading
from keystoneauth1 import session
from keystoneclient.v3 import client
from oslo_config import cfg


PASSWORD_PLUGIN = 'password'
TRUSTEE_CONF_GROUP = 'trustee'
loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)


def _config_options():
    trustee_opts = loading.get_auth_common_conf_options()
    trustee_opts.extend(loading.get_auth_plugin_conf_options(PASSWORD_PLUGIN))
    yield TRUSTEE_CONF_GROUP, trustee_opts


def get_trusted_token(trust_id):
    """Return a Keystone token using the given trust_id."""
    auth_plugin = loading.load_auth_from_conf_options(
        cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=trust_id)

    trust_session = session.Session(auth=auth_plugin)
    return trust_session.auth.get_access(trust_session).auth_token
Example #49
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#
# @author: Stéphane Albert
#
from ceilometerclient import client as cclient
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg

from cloudkitty import collector
from cloudkitty import utils as ck_utils

CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector'
ks_loading.register_session_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS)
ks_loading.register_auth_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS)
CONF = cfg.CONF


class ResourceNotFound(Exception):
    """Raised when the resource doesn't exist."""
    def __init__(self, resource_type, resource_id):
        super(ResourceNotFound, self).__init__(
            "No such resource: %s, type: %s" % (resource_id, resource_type))
        self.resource_id = resource_id
        self.resource_type = resource_type


class CeilometerResourceCacher(object):
    def __init__(self):
        self._resource_cache = {}
Example #50
0
def register_opts(conf):
    conf.register_group(opt_group)
    conf.register_opts(opts, group=opt_group)
    ks_loading.register_auth_conf_options(conf, group=opt_group.name)
    ks_loading.register_session_conf_options(conf, group=opt_group.name)
Example #51
0
LOG = logging.getLogger(__name__)

# Note, we yield the options via list_opts to enable generation of the
# sample heat.conf, but we don't register these options directly via
# cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options
# Note, only auth_type = v3password is expected to work, example config:
# [trustee]
# auth_type = password
# auth_url = http://192.168.1.2:35357
# username = heat
# password = password
# user_domain_id = default
PASSWORD_PLUGIN = 'password'
TRUSTEE_CONF_GROUP = 'trustee'
ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)


def list_opts():
    trustee_opts = ks_loading.get_auth_common_conf_options()
    trustee_opts.extend(
        ks_loading.get_auth_plugin_conf_options(PASSWORD_PLUGIN))
    yield TRUSTEE_CONF_GROUP, trustee_opts


def _moved_attr(new_name):
    def getter(self):
        return getattr(self, new_name)

    def setter(self, value):
        setattr(self, new_name, value)
Example #52
0
               help='Number of cinderclient retries on failed HTTP calls.',
               deprecated_group='DEFAULT',
               deprecated_name="cinder_http_retries"),
    cfg.BoolOpt('api_insecure',
                default=False,
                help='Allow to perform insecure SSL requests to cinder.',
                deprecated_group='DEFAULT',
                deprecated_name="cinder_api_insecure"),
    ]

CONF = cfg.CONF
CONF.register_opts(cinder_deprecated_opts)
CONF.register_opts(core_opts)
CONF.register_opts(cinder_opts, CINDER_GROUP)
ks_loading.register_session_conf_options(CONF, CINDER_GROUP)
ks_loading.register_auth_conf_options(CONF, CINDER_GROUP)


LOG = log.getLogger(__name__)


def list_opts():
    return client_auth.AuthClientLoader.list_opts(CINDER_GROUP)


auth_obj = None


def cinderclient(context):
    global auth_obj
    if not auth_obj:
Example #53
0

def set_db_defaults():
    # Update the default QueuePool parameters. These can be tweaked by the
    # conf variables - max_pool_size, max_overflow and pool_timeout
    db_options.set_defaults(
        cfg.CONF,
        connection='sqlite://',
        sqlite_db='', max_pool_size=10,
        max_overflow=20, pool_timeout=10)

set_db_defaults()

NOVA_CONF_SECTION = 'nova'

ks_loading.register_auth_conf_options(cfg.CONF, NOVA_CONF_SECTION)
ks_loading.register_session_conf_options(cfg.CONF, NOVA_CONF_SECTION)

nova_opts = [
    cfg.StrOpt('region_name',
               help=_('Name of nova region to use. Useful if keystone manages'
                      ' more than one region.')),
    cfg.StrOpt('endpoint_type',
               default='public',
               choices=['public', 'admin', 'internal'],
               help=_('Type of the nova endpoint to use.  This endpoint will'
                      ' be looked up in the keystone catalog and should be'
                      ' one of public, internal or admin.')),
]
cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION)
Example #54
0
def register_opts(conf):
    conf.register_group(placement_group)
    conf.register_opts(placement_opts, group=placement_group)
    ks_loading.register_session_conf_options(conf, placement_group.name)
    ks_loading.register_auth_conf_options(conf, placement_group.name)
Example #55
0
def register_opts(conf):
    conf.register_group(ironic_group)
    conf.register_opts(ironic_options, group=ironic_group)
    ks_loading.register_auth_conf_options(conf, group=ironic_group.name)
    ks_loading.register_session_conf_options(conf, group=ironic_group.name)
Example #56
0
               default=os.environ.get('OS_REGION_NAME'),
               help='Region name to use for OpenStack service endpoints.'
               'If set, will be included in plugin mappings.'),
    cfg.StrOpt('os-endpoint-type',
               default=os.environ.get('OS_ENDPOINT_TYPE', 'publicURL'),
               help='Type of endpoint in Identity service catalog to '
               'use for communication with OpenStack services.'),
]

GROUP = "service_credentials"
CONF = cfg.CONF

CONF.register_opts(client_opts, group=GROUP)

ka_loading.register_session_conf_options(CONF, GROUP)
ka_loading.register_auth_conf_options(CONF, GROUP)

_session = None

NOVA_MIN_API_VERSION = '2.1'


def _get_session():
    global _session
    if not _session:
        auth = ka_loading.load_auth_from_conf_options(CONF, GROUP)
        _session = ka_loading.load_session_from_conf_options(CONF,
                                                             GROUP,
                                                             auth=auth)
    return _session
Example #57
0
from keystoneclient.v3 import client as kc_v3
from oslo_config import cfg
from oslo_log import log as logging

from fuge.common import exception
from fuge.common.i18n import _LE

CONF = cfg.CONF
CFG_GROUP = 'keystone_auth'
LOG = logging.getLogger(__name__)

keystone_auth_opts = (ka_loading.get_auth_common_conf_options() +
                      ka_loading.get_auth_plugin_conf_options('password'))

CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
ka_loading.register_auth_conf_options(CONF, CFG_GROUP)
ka_loading.register_session_conf_options(CONF, CFG_GROUP)
CONF.set_default('auth_type', default='password', group=CFG_GROUP)


class KeystoneClientV3(object):
    """Keystone client wrapper so we can encapsulate logic in one place."""

    def __init__(self, context):
        self.context = context
        self._client = None
        self._session = None

    @property
    def auth_url(self):
        return CONF.keystone_auth.auth_uri.replace('v2.0', 'v3')
    def __init__(self, app, conf):
        log = logging.getLogger(conf.get('log_name', __name__))
        log.info(_LI('Starting Keystone auth_token middleware'))

        # NOTE(wanghong): If options are set in paste file, all the option
        # values passed into conf are string type. So, we should convert the
        # conf value into correct type.
        self._conf = _conf_values_type_convert(conf)

        # NOTE(sileht, cdent): If we don't want to use oslo.config global
        # object there are two options: set "oslo_config_project" in
        # paste.ini and the middleware will load the configuration with a
        # local oslo.config object or the caller which instantiates
        # AuthProtocol can pass in an existing oslo.config as the
        # value of the "oslo_config_config" key in conf. If both are
        # set "olso_config_config" is used.
        self._local_oslo_config = conf.get('oslo_config_config')
        if (not self._local_oslo_config) and ('oslo_config_project' in conf):
            if 'oslo_config_file' in conf:
                default_config_files = [conf['oslo_config_file']]
            else:
                default_config_files = None
            self._local_oslo_config = cfg.ConfigOpts()
            self._local_oslo_config(
                [], project=conf['oslo_config_project'],
                default_config_files=default_config_files,
                validate_default_values=True)

        if self._local_oslo_config:
            self._local_oslo_config.register_opts(_OPTS,
                                                  group=_base.AUTHTOKEN_GROUP)
            self._local_oslo_config.register_opts(_auth.OPTS,
                                                  group=_base.AUTHTOKEN_GROUP)

            loading.register_auth_conf_options(self._local_oslo_config,
                                               group=_base.AUTHTOKEN_GROUP)

        super(AuthProtocol, self).__init__(
            app,
            log=log,
            enforce_token_bind=self._conf_get('enforce_token_bind'))

        # delay_auth_decision means we still allow unauthenticated requests
        # through and we let the downstream service make the final decision
        self._delay_auth_decision = self._conf_get('delay_auth_decision')
        self._include_service_catalog = self._conf_get(
            'include_service_catalog')
        self._hash_algorithms = self._conf_get('hash_algorithms')

        self._identity_server = self._create_identity_server()

        self._auth_uri = self._conf_get('auth_uri')
        if not self._auth_uri:
            self.log.warning(
                _LW('Configuring auth_uri to point to the public identity '
                    'endpoint is required; clients may not be able to '
                    'authenticate against an admin endpoint'))

            # FIXME(dolph): drop support for this fallback behavior as
            # documented in bug 1207517.

            self._auth_uri = self._identity_server.auth_uri

        self._signing_directory = _signing_dir.SigningDirectory(
            directory_name=self._conf_get('signing_dir'), log=self.log)

        self._token_cache = self._token_cache_factory()

        revocation_cache_timeout = datetime.timedelta(
            seconds=self._conf_get('revocation_cache_time'))
        self._revocations = _revocations.Revocations(revocation_cache_timeout,
                                                     self._signing_directory,
                                                     self._identity_server,
                                                     self._cms_verify,
                                                     self.log)

        self._check_revocations_for_cached = self._conf_get(
            'check_revocations_for_cached')
Example #59
0
#
# @author: Stéphane Albert
#
from ceilometerclient import client as cclient
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg

from cloudkitty import collector
from cloudkitty import utils as ck_utils

CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector'
ks_loading.register_session_conf_options(
    cfg.CONF,
    CEILOMETER_COLLECTOR_OPTS)
ks_loading.register_auth_conf_options(
    cfg.CONF,
    CEILOMETER_COLLECTOR_OPTS)
CONF = cfg.CONF


class ResourceNotFound(Exception):
    """Raised when the resource doesn't exist."""

    def __init__(self, resource_type, resource_id):
        super(ResourceNotFound, self).__init__(
            "No such resource: %s, type: %s" % (resource_id, resource_type))
        self.resource_id = resource_id
        self.resource_type = resource_type


class CeilometerResourceCacher(object):