Esempio n. 1
0
    def __init__(self, section=constants.SERVICE_AUTH):
        self._session = None
        self._auth = None

        self.section = section
        ks_loading.register_auth_conf_options(cfg.CONF, self.section)
        ks_loading.register_session_conf_options(cfg.CONF, self.section)
Esempio n. 2
0
def register_opts(conf):
    castellan_opts.set_defaults(conf)
    # TODO(raj_singh): Code block below is deprecated and will be removed
    # post Newton
    conf.register_group(barbican_group)
    conf.register_opts(barbican_opts, group=barbican_group)
    ks_loading.register_session_conf_options(conf, barbican_group.name)
Esempio n. 3
0
def register_ksa_opts(conf, group, default_service_type, include_auth=True,
                      deprecated_opts=None):
    """Register keystoneauth auth, Session, and Adapter opts.

    :param conf: oslo_config.cfg.CONF in which to register the options
    :param group: Conf group, or string name thereof, in which to register the
                  options.
    :param default_service_type: Default for the service_type conf option on
                                 the Adapter.
    :param include_auth: For service types where Nova is acting on behalf of
                         the user, auth should come from the user context.
                         In those cases, set this arg to False to avoid
                         registering ksa auth options.
    :param deprecated_opts: dict of deprecated opts to register with the ksa
                            Session or Adapter opts.  See docstring for
                            the deprecated_opts param of:
                    keystoneauth1.loading.session.Session.register_conf_options
    """
    # ksa register methods need the group name as a string.  oslo doesn't care.
    group = getattr(group, 'name', group)
    ks_loading.register_session_conf_options(
        conf, group, deprecated_opts=deprecated_opts)
    if include_auth:
        ks_loading.register_auth_conf_options(conf, group)
    conf.register_opts(get_ksa_adapter_opts(
        default_service_type, deprecated_opts=deprecated_opts), group=group)
    # Have to register dummies for the version-related opts we removed
    for name in _ADAPTER_VERSION_OPTS:
        conf.register_opt(_dummy_opt(name), group=group)
Esempio n. 4
0
def register_auth_opts(conf, group):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
Esempio n. 5
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf, CFG_GROUP,
        deprecated_opts={'cacert': [
            cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
        })
Esempio n. 6
0
def register_opts(conf):
    # FIXME(pauloewerton): remove import of authtoken group and legacy options
    # after deprecation period
    conf.import_group(CFG_LEGACY_GROUP, 'keystonemiddleware.auth_token')
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf, CFG_GROUP, deprecated_opts=legacy_session_opts)
    conf.set_default('auth_type', default='password', group=CFG_GROUP)
Esempio n. 7
0
    def test_get_keystone_session(self):
        _AUTH_CONF_GROUP = 'watcher_clients_auth'
        ka_loading.register_auth_conf_options(cfg.CONF, _AUTH_CONF_GROUP)
        ka_loading.register_session_conf_options(cfg.CONF, _AUTH_CONF_GROUP)

        cfg.CONF.set_override('auth_type', 'password',
                              group=_AUTH_CONF_GROUP)

        # If we don't clean up the _AUTH_CONF_GROUP conf options, then other
        # tests that run after this one will fail, complaining about required
        # options that _AUTH_CONF_GROUP wants.
        def cleanup_conf_from_loading():
            # oslo_config doesn't seem to allow unregistering groups through a
            # single method, so we do this instead
            cfg.CONF.reset()
            del cfg.CONF._groups[_AUTH_CONF_GROUP]

        self.addCleanup(cleanup_conf_from_loading)

        osc = clients.OpenStackClients()

        expected = {'username': '******',
                    'password': '******',
                    'auth_url': 'http://server.ip:35357',
                    'user_domain_id': 'foouserdomainid',
                    'project_domain_id': 'fooprojdomainid'}

        def reset_register_opts_mock(conf_obj, original_method):
            conf_obj.register_opts = original_method

        original_register_opts = cfg.CONF.register_opts
        self.addCleanup(reset_register_opts_mock,
                        cfg.CONF,
                        original_register_opts)

        # Because some of the conf options for auth plugins are not registered
        # until right before they are loaded, and because the method that does
        # the actual loading of the conf option values is an anonymous method
        # (see _getter method of load_from_conf_options in
        # keystoneauth1.loading.conf.py), we need to manually monkey patch
        # the register opts method so that we can override the conf values to
        # our custom values.
        def mock_register_opts(*args, **kwargs):
            ret = original_register_opts(*args, **kwargs)
            if 'group' in kwargs and kwargs['group'] == _AUTH_CONF_GROUP:
                for key, value in expected.items():
                    cfg.CONF.set_override(key, value, group=_AUTH_CONF_GROUP)
            return ret

        cfg.CONF.register_opts = mock_register_opts

        sess = osc.session
        self.assertEqual(expected['auth_url'], sess.auth.auth_url)
        self.assertEqual(expected['username'], sess.auth._username)
        self.assertEqual(expected['password'], sess.auth._password)
        self.assertEqual(expected['user_domain_id'], sess.auth._user_domain_id)
        self.assertEqual(expected['project_domain_id'],
                         sess.auth._project_domain_id)
Esempio n. 8
0
def _register_keystoneauth_group(conf, group):
    ka_loading.register_auth_conf_options(conf, group)
    ka_loading.register_session_conf_options(
        conf, group,
        deprecated_opts={'cacert': [
            cfg.DeprecatedOpt('os-cacert', group=group),
            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
        })
    conf.register_opts(CLI_OPTS, group=group)
Esempio n. 9
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf, CFG_GROUP,
        deprecated_opts={'cacert': [
            cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
        })
    conf.set_default("auth_type", default="password-ceilometer-legacy",
                     group=CFG_GROUP)
Esempio n. 10
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf,
        CFG_GROUP,
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
Esempio n. 11
0
 def __init__(self, configuration):
     self._conf = configuration
     self._conf.register_opts(vault_opts, group=VAULT_OPT_GROUP)
     loading.register_session_conf_options(self._conf, VAULT_OPT_GROUP)
     self._session = requests.Session()
     self._root_token_id = self._conf.vault.root_token_id
     self._vault_url = self._conf.vault.vault_url
     if self._vault_url.startswith("https://"):
         self._verify_server = self._conf.vault.ssl_ca_crt_file or True
     else:
         self._verify_server = False
Esempio n. 12
0
def register_opts(conf):
    loading.register_session_conf_options(CONF, _option_group)
    loading.register_adapter_conf_options(CONF, _option_group,
                                          include_deprecated=False)

    loading.register_auth_conf_options(CONF, _option_group)
    plugin_name = CONF.oslo_limit.auth_type
    if plugin_name:
        plugin_loader = loading.get_plugin_loader(plugin_name)
        plugin_opts = loading.get_auth_plugin_conf_options(plugin_loader)
        CONF.register_opts(plugin_opts, group=_option_group)
    conf.register_opts(_options, group=_option_group)
Esempio n. 13
0
def init(args, **kwargs):
    cfg.CONF.register_group(sysinv_group)
    cfg.CONF.register_opts(sysinv_opts, group=sysinv_group)
    ks_loading.register_session_conf_options(cfg.CONF,
                                             sysinv_group.name)
    logging.register_options(cfg.CONF)

    cfg.CONF(args=args, project='inventory',
             version='%%(prog)s %s' % version_info.release_string(),
             **kwargs)
    objects.register_all()
    config.parse_args(args)
Esempio n. 14
0
def _register_keystoneauth_group(conf, group):
    ka_loading.register_auth_conf_options(conf, group)
    ka_loading.register_session_conf_options(
        conf,
        group,
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group=group),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
    conf.register_opts(CLI_OPTS, group=group)
Esempio n. 15
0
    def __init__(self, config_group_name=None):
        self.config_group_name = config_group_name or 'DEFAULT'

        ks_loading.register_session_conf_options(
            CONF, NEUTRON_GROUP, deprecated_opts=deprecated_opts)
        ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP)
        CONF.register_opts(neutron_opts, NEUTRON_GROUP)

        self.configuration = getattr(CONF, self.config_group_name, CONF)
        self.last_neutron_extension_sync = None
        self.extensions = {}
        self.auth_obj = None
Esempio n. 16
0
def register_opts(conf):

    conf.register_group(cinder_group)
    conf.register_opts(cinder_opts, group=cinder_group)

    group = getattr(cinder_group, 'name', cinder_group)

    ks_loading.register_session_conf_options(conf, group)
    ks_loading.register_auth_conf_options(conf, group)

    adapter_opts = get_ksa_adapter_opts(SERVICE_TYPE)
    conf.register_opts(adapter_opts, group=group)
Esempio n. 17
0
 def __init__(self):
     ks_loading.register_session_conf_options(CONF, "neutron_client")
     ks_loading.register_auth_conf_options(CONF, "neutron_client")
     self.auth = ks_loading.load_auth_from_conf_options(
         CONF,
         "neutron_client")
     self.session = ks_loading.load_session_from_conf_options(
         CONF,
         "neutron_client",
         auth=self.auth)
     self.neutron_client = neutron_client.Client(
         session=self.session,
         auth=self.auth)
Esempio n. 18
0
def register_opts(conf):
    conf.register_group(glance_group)
    conf.register_opts(glance_opts, group=glance_group)

    deprecated = {
        'insecure':
        [cfg.DeprecatedOpt('api_insecure', group=glance_group.name)],
        'cafile': [cfg.DeprecatedOpt('ca_file', group="ssl")],
        'certfile': [cfg.DeprecatedOpt('cert_file', group="ssl")],
        'keyfile': [cfg.DeprecatedOpt('key_file', group="ssl")],
    }
    ks_loading.register_session_conf_options(conf, glance_group.name,
                                             deprecated)
Esempio n. 19
0
    def __init__(self, config_group_name=None):
        self.config_group_name = config_group_name or 'DEFAULT'

        ks_loading.register_session_conf_options(CONF, NEUTRON_GROUP)
        ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP)
        CONF.register_opts(neutron_opts, NEUTRON_GROUP)
        CONF.register_opts(neutron_deprecated_opts,
                           group=self.config_group_name)

        self.configuration = getattr(CONF, self.config_group_name, CONF)
        self.last_neutron_extension_sync = None
        self.extensions = {}
        self.auth_obj = None
Esempio n. 20
0
def register_auth_opts(conf, group, service_type=None):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
    kaloading.register_adapter_conf_options(conf, group)
    conf.set_default('valid_interfaces', DEFAULT_VALID_INTERFACES, group=group)
    # TODO(pas-ha) use os-service-type to try find the service_type by the
    # config group name assuming it is a project name (e.g. 'glance')
    if service_type:
        conf.set_default('service_type', service_type, group=group)
Esempio n. 21
0
def register_opts():
    CONF.register_group(HYPERV_AGENT_GROUP)
    CONF.register_opts(HYPERV_AGENT_OPTS, group=HYPERV_AGENT_GROUP_NAME)

    CONF.register_group(NVGRE_GROUP)
    CONF.register_opts(NVGRE_OPTS, group=NVGRE_GROUP_NAME)

    CONF.register_group(NEUTRON_GROUP)
    CONF.register_opts(NEUTRON_OPTS, group=NEUTRON_GROUP_NAME)
    ks_loading.register_session_conf_options(CONF, NEUTRON_GROUP)
    ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP)

    CONF.register_group(HNV_GROUP)
    CONF.register_opts(HNV_OPTS, group=HNV_GROUP_NAME)
Esempio n. 22
0
def register_auth_opts(conf, group, service_type=None):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
    kaloading.register_adapter_conf_options(conf, group)
    conf.set_default('valid_interfaces', DEFAULT_VALID_INTERFACES, group=group)
    # TODO(pas-ha) use os-service-type to try find the service_type by the
    # config group name assuming it is a project name (e.g. 'glance')
    if service_type:
        conf.set_default('service_type', service_type, group=group)
Esempio n. 23
0
 def __init__(self):
     ks_loading.register_session_conf_options(CONF, "glance_client")
     ks_loading.register_auth_conf_options(CONF, "glance_client")
     self.auth = ks_loading.load_auth_from_conf_options(
         CONF,
         "glance_client")
     self.session = ks_loading.load_session_from_conf_options(
         CONF,
         "glance_client",
         auth=self.auth)
     self.glance_client = glance_client.Client(
         version='1',
         session=self.session,
         auth=self.auth)
Esempio n. 24
0
def register_auth_opts(conf, group, service_type=None):
    """Register session- and auth-related options

    Registers only basic auth options shared by all auth plugins.
    The rest are registered at runtime depending on auth plugin used.
    """
    kaloading.register_session_conf_options(conf, group)
    kaloading.register_auth_conf_options(conf, group)
    if service_type:
        kaloading.register_adapter_conf_options(conf, group)
        conf.set_default('valid_interfaces',
                         DEFAULT_VALID_INTERFACES,
                         group=group)
        conf.set_default('service_type', service_type, group=group)
Esempio n. 25
0
 def __init__(self):
     ks_loading.register_session_conf_options(CONF, "keystone_client")
     ks_loading.register_auth_conf_options(CONF, "keystone_client")
     self.auth = ks_loading.load_auth_from_conf_options(
         CONF,
         "keystone_client")
     self.session = ks_loading.load_session_from_conf_options(
         CONF,
         "keystone_client",
         auth=self.auth)
     self.ks_client = ks_client.Client(
         version='3',
         session=self.session,
         auth_url=self.auth.auth_url)
Esempio n. 26
0
def register_keystoneauth_opts(conf):
    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
    ka_loading.register_session_conf_options(
        conf,
        CFG_GROUP,
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
    conf.set_default("auth_type",
                     default="password-aodh-legacy",
                     group=CFG_GROUP)
Esempio n. 27
0
def register_opts():
    # NOTE (froyo): just to not try to re-register options already done
    # by Neutron, specially in test scope, that will get a DuplicateOptError
    missing_opts = ovn_opts
    try:
        neutron_registered_opts = [opt for opt in cfg.CONF.ovn]
        missing_opts = [
            opt for opt in ovn_opts if opt.name not in neutron_registered_opts
        ]
    except cfg.NoSuchOptError:
        LOG.info('Not found any opts under group ovn registered by Neutron')

    cfg.CONF.register_opts(missing_opts, group='ovn')
    cfg.CONF.register_opts(neutron_opts, group='neutron')
    ks_loading.register_auth_conf_options(cfg.CONF, 'service_auth')
    ks_loading.register_session_conf_options(cfg.CONF, 'service_auth')
Esempio n. 28
0
def register_opts(conf):
    global neutron_options
    conf.register_group(neutron_group)
    conf.register_opts(ALL_OPTS, group=neutron_group)
    neutron_options = ks_loading.register_session_conf_options(
        conf, NEUTRON_GROUP, deprecated_opts=deprecations)
    ks_loading.register_auth_conf_options(conf, NEUTRON_GROUP)
Esempio n. 29
0
def register_opts(conf):
    conf.register_group(glance_group)
    conf.register_opts(glance_opts, group=glance_group)

    deprecated = {
        'insecure': [cfg.DeprecatedOpt('api_insecure',
                        group=glance_group.name)],
        'cafile': [cfg.DeprecatedOpt('ca_file',
                        group="ssl")],
        'certfile': [cfg.DeprecatedOpt('cert_file',
                        group="ssl")],
        'keyfile': [cfg.DeprecatedOpt('key_file',
                        group="ssl")],
    }
    ks_loading.register_session_conf_options(conf, glance_group.name,
                                             deprecated)
Esempio n. 30
0
def connect_gnocchi():
    conf = cfg.ConfigOpts()
    loading.register_auth_conf_options(conf, "keystone_authtoken")
    loading.register_session_conf_options(
        conf,
        "keystone_authtoken",
        deprecated_opts={
            'cacert': [
                cfg.DeprecatedOpt('os-cacert', group="keystone_authtoken"),
                cfg.DeprecatedOpt('os-cacert', group="DEFAULT")
            ]
        })
    conf([], project='gnocchi')

    auth_plugin = loading.load_auth_from_conf_options(conf,
                                                      "keystone_authtoken")
    conn_gnocchi = client.Client(session_options={'auth': auth_plugin})
    return conn_gnocchi
Esempio n. 31
0
 def __init__(self, configuration):
     self._conf = configuration
     self._conf.register_opts(vault_opts, group=VAULT_OPT_GROUP)
     loading.register_session_conf_options(self._conf, VAULT_OPT_GROUP)
     self._session = requests.Session()
     self._root_token_id = self._conf.vault.root_token_id
     self._approle_role_id = self._conf.vault.approle_role_id
     self._approle_secret_id = self._conf.vault.approle_secret_id
     self._cached_approle_token_id = None
     self._approle_token_ttl = None
     self._approle_token_issue = None
     self._kv_mountpoint = self._conf.vault.kv_mountpoint
     self._vault_url = self._conf.vault.vault_url
     if self._vault_url.startswith("https://"):
         self._verify_server = self._conf.vault.ssl_ca_crt_file or True
     else:
         self._verify_server = False
     self._vault_kv_version = None
Esempio n. 32
0
 def __init__(self, configuration):
     self._conf = configuration
     self._conf.register_opts(vault_opts, group=VAULT_OPT_GROUP)
     loading.register_session_conf_options(self._conf, VAULT_OPT_GROUP)
     self._session = requests.Session()
     self._root_token_id = self._conf.vault.root_token_id
     self._approle_role_id = self._conf.vault.approle_role_id
     self._approle_secret_id = self._conf.vault.approle_secret_id
     self._cached_approle_token_id = None
     self._approle_token_ttl = None
     self._approle_token_issue = None
     self._kv_mountpoint = self._conf.vault.kv_mountpoint
     self._vault_url = self._conf.vault.vault_url
     if self._vault_url.startswith("https://"):
         self._verify_server = self._conf.vault.ssl_ca_crt_file or True
     else:
         self._verify_server = False
     self._vault_kv_version = None
Esempio n. 33
0
def list_auth_opts():
    opt_list = ks_loading.register_session_conf_options(CONF, GROUP_AUTHTOKEN)
    opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
    # NOTE(mhickey): There are a lot of auth plugins, we just generate
    # the config options for a few common ones
    plugins = ['password', 'v2password', 'v3password']
    for name in plugins:
        for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
            if all(option.name != plugin_option.name for option in opt_list):
                opt_list.append(plugin_option)
    opt_list.sort(key=operator.attrgetter('name'))
    return [(GROUP_AUTHTOKEN, opt_list)]
Esempio n. 34
0
def main():
    cli_opts = [
        cfg.StrOpt('component',
                   short='c',
                   choices=['neutron', 'nova', 'cinder'],
                   help='Openstack Service to check'),
        cfg.StrOpt('binary',
                   short='b',
                   default=None,
                   help='For neutron agent, filter for this binary'),
        cfg.BoolOpt('dhcp_ready',
                    short='r',
                    default=False,
                    help='check that dhcp-agent has all networks synced'),
    ]

    conf = cfg.CONF
    conf.register_cli_opts(cli_opts)
    logging.basicConfig(level=logging.WARNING)
    ks_loading.register_auth_conf_options(conf, 'keystone_authtoken')
    ks_loading.register_auth_conf_options(conf, 'nova')
    ks_loading.register_session_conf_options(conf, 'nova')
    conf.register_opts(auth_opts, 'keystone_authtoken')
    conf.register_opts(host_opts)
    conf(sys.argv[1:])

    if conf.component is None:
        # Try guessing service type
        tokens = conf.host.split('-')
        if len(tokens) > 1:
            try:
                conf.component = next(x for x in ['neutron', 'nova', 'cinder']
                                      if x == tokens[0])
            except StopIteration:
                logging.critical(
                    "Error, no component mode defined, use --component")
                sys.exit(1)

    from agentliveness.agent import Liveness
    return Liveness(conf).check()
Esempio n. 35
0
def register_ksa_opts(conf, group, default_service_type, deprecated_opts=None):
    """Register keystoneauth auth, Session, and Adapter opts.

    :param conf: oslo_config.cfg.CONF in which to register the options
    :param group: Conf group, or string name thereof, in which to register the
                  options.
    :param default_service_type: Default for the service_type conf option on
                                 the Adapter.
    :param deprecated_opts: dict of deprecated opts to register with the ksa
                            Session or Adapter opts.  See docstring for
                            the deprecated_opts param of:
                    keystoneauth1.loading.session.Session.register_conf_options
    """
    # ksa register methods need the group name as a string.  oslo doesn't care.
    group = getattr(group, 'name', group)
    ks_loading.register_session_conf_options(
        conf, group, deprecated_opts=deprecated_opts)
    ks_loading.register_auth_conf_options(conf, group)
    conf.register_opts(get_ksa_adapter_opts(
        default_service_type, deprecated_opts=deprecated_opts), group=group)
    # Have to register dummies for the version-related opts we removed
    for name in _ADAPTER_VERSION_OPTS:
        conf.register_opt(_dummy_opt(name), group=group)
Esempio n. 36
0
def add_auth_opts():
    opts = ks_loading.register_session_conf_options(
        cfg.CONF, constants.SERVICE_AUTH)
    opt_list = copy.deepcopy(opts)
    opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
    # NOTE(mhickey): There are a lot of auth plugins, we just generate
    # the config options for a few common ones
    plugins = ['password', 'v2password', 'v3password']
    for name in plugins:
        for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
            if all(option.name != plugin_option.name for option in opt_list):
                opt_list.append(plugin_option)
    opt_list.sort(key=operator.attrgetter('name'))
    return (constants.SERVICE_AUTH, opt_list)
Esempio n. 37
0
def add_auth_opts():
    opts = ks_loading.register_session_conf_options(cfg.CONF,
                                                    constants.SERVICE_AUTH)
    opt_list = copy.deepcopy(opts)
    opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
    # NOTE(mhickey): There are a lot of auth plugins, we just generate
    # the config options for a few common ones
    plugins = ['password', 'v2password', 'v3password']
    for name in plugins:
        for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
            if all(option.name != plugin_option.name for option in opt_list):
                opt_list.append(plugin_option)
    opt_list.sort(key=operator.attrgetter('name'))
    return (constants.SERVICE_AUTH, opt_list)
Esempio n. 38
0
def list_auth_opts(group):
    group_conf = AUTH_GROUPS_OPTS.get(group)
    kwargs = {'conf': CONF, 'group': group}
    deprecations = group_conf.get('deprecations')
    if deprecations:
        kwargs['deprecated_opts'] = deprecations
    opts = ks_loading.register_session_conf_options(**kwargs)
    opt_list = copy.deepcopy(opts)
    opt_list.insert(0, ks_loading.get_auth_common_conf_options()[0])
    # NOTE(mhickey): There are a lot of auth plugins, we just generate
    # the config options for a few common ones
    plugins = ['password', 'v2password', 'v3password']
    for name in plugins:
        for plugin_option in ks_loading.get_auth_plugin_conf_options(name):
            if all(option.name != plugin_option.name for option in opt_list):
                opt_list.append(plugin_option)
    opt_list.sort(key=operator.attrgetter('name'))
    return [(group, opt_list)]
Esempio n. 39
0
    def list_opts(group):
        """Generates a list of config option for a given group

        :param group: group name
        :return: list of auth default configuration
        """
        opts = copy.deepcopy(ks_loading.register_session_conf_options(
                             CONF, group))
        opts.insert(0, ks_loading.get_auth_common_conf_options()[0])

        for plugin_option in ks_loading.get_auth_plugin_conf_options(
                'password'):
            found = False
            for option in opts:
                if option.name == plugin_option.name:
                    found = True
                    break
            if not found:
                opts.append(plugin_option)
        opts.sort(key=lambda x: x.name)
        return [(group, opts)]
Esempio n. 40
0
    def list_opts(group):
        """Generates a list of config option for a given group

        :param group: group name
        :return: list of auth default configuration
        """
        opts = copy.deepcopy(
            ks_loading.register_session_conf_options(CONF, group))
        opts.insert(0, ks_loading.get_auth_common_conf_options()[0])

        for plugin_option in ks_loading.get_auth_plugin_conf_options(
                'password'):
            found = False
            for option in opts:
                if option.name == plugin_option.name:
                    found = True
                    break
            if not found:
                opts.append(plugin_option)
        opts.sort(key=lambda x: x.name)
        return [(group, opts)]
Esempio n. 41
0
def register_common_config_options():
    global _COMMON_OPTIONS_ALREADY_REGISTERED
    if _COMMON_OPTIONS_ALREADY_REGISTERED:
        return

    # Register the configuration options
    common_config.register_core_common_config_opts()

    # Ensure that the control exchange is set correctly
    oslo_messaging.set_transport_defaults(control_exchange='neutron')

    ks_loading.register_auth_conf_options(cfg.CONF,
                                          common_config.NOVA_CONF_SECTION)
    ks_loading.register_session_conf_options(cfg.CONF,
                                             common_config.NOVA_CONF_SECTION)

    # Register the nova configuration options
    common_config.register_nova_opts()

    ks_loading.register_auth_conf_options(cfg.CONF,
                                          common_config.PLACEMENT_CONF_SECTION)
    ks_loading.register_session_conf_options(
        cfg.CONF, common_config.PLACEMENT_CONF_SECTION)

    # Register the placement configuration options
    common_config.register_placement_opts()

    logging.register_options(cfg.CONF)

    # Register the ironic configuration options
    ks_loading.register_auth_conf_options(cfg.CONF,
                                          common_config.IRONIC_CONF_SECTION)
    ks_loading.register_session_conf_options(cfg.CONF,
                                             common_config.IRONIC_CONF_SECTION)
    ks_loading.register_adapter_conf_options(cfg.CONF,
                                             common_config.IRONIC_CONF_SECTION)
    common_config.register_ironic_opts()

    _COMMON_OPTIONS_ALREADY_REGISTERED = True
Esempio n. 42
0
               help='endpoint url type'),
    cfg.StrOpt('archive_policy_name',
               default='rating',
               help='Gnocchi storage archive policy name.'),
    # The archive policy definition MUST include the collect period granularity
    cfg.StrOpt('archive_policy_definition',
               default='[{"granularity": '
                       + six.text_type(CONF.collect.period) +
                       ', "timespan": "90 days"}, '
                       '{"granularity": 86400, "timespan": "360 days"}, '
                       '{"granularity": 2592000, "timespan": "1800 days"}]',
               help='Gnocchi storage archive policy definition.'), ]
CONF.register_opts(gnocchi_storage_opts, GNOCCHI_STORAGE_OPTS)

ks_loading.register_session_conf_options(
    CONF,
    GNOCCHI_STORAGE_OPTS)
ks_loading.register_auth_conf_options(
    CONF,
    GNOCCHI_STORAGE_OPTS)

RESOURCE_TYPE_NAME_ROOT = 'rating_service_'
METADATA_NAME_ROOT = 'ckmeta_'


class UnknownResourceType(Exception):
    """Exception raised when an unknown resource type is encountered"""

    def __init__(self, resource_type):
        super(UnknownResourceType, self).__init__(
            'Unknown resource type {}'.format(resource_type)
Esempio n. 43
0
from oslo_config import cfg
from oslo_log import log as logging

from fuge.common import exception
from fuge.common.i18n import _LE

CONF = cfg.CONF
CFG_GROUP = 'keystone_auth'
LOG = logging.getLogger(__name__)

keystone_auth_opts = (ka_loading.get_auth_common_conf_options() +
                      ka_loading.get_auth_plugin_conf_options('password'))

CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
ka_loading.register_auth_conf_options(CONF, CFG_GROUP)
ka_loading.register_session_conf_options(CONF, CFG_GROUP)
CONF.set_default('auth_type', default='password', group=CFG_GROUP)


class KeystoneClientV3(object):
    """Keystone client wrapper so we can encapsulate logic in one place."""

    def __init__(self, context):
        self.context = context
        self._client = None
        self._session = None

    @property
    def auth_url(self):
        return CONF.keystone_auth.auth_uri.replace('v2.0', 'v3')
Esempio n. 44
0
import neutron.plugins.ml2.drivers.mech_sriov.agent.common.config
import neutron.wsgi


NOVA_GROUP = 'nova'

CONF = cfg.CONF

deprecations = {'nova.cafile': [cfg.DeprecatedOpt('ca_certificates_file',
                                                  group=NOVA_GROUP)],
                'nova.insecure': [cfg.DeprecatedOpt('api_insecure',
                                                    group=NOVA_GROUP)],
                'nova.timeout': [cfg.DeprecatedOpt('url_timeout',
                                                   group=NOVA_GROUP)]}

_nova_options = ks_loading.register_session_conf_options(
            CONF, NOVA_GROUP, deprecated_opts=deprecations)


def list_agent_opts():
    return [
        ('agent',
         itertools.chain(
             neutron.conf.agent.common.ROOT_HELPER_OPTS,
             neutron.conf.agent.common.AGENT_STATE_OPTS,
             neutron.conf.agent.common.IPTABLES_OPTS,
             neutron.conf.agent.common.PROCESS_MONITOR_OPTS,
             neutron.conf.agent.common.AVAILABILITY_ZONE_OPTS)
         ),
        ('DEFAULT',
         itertools.chain(
             neutron.conf.agent.common.INTERFACE_DRIVER_OPTS,
Esempio n. 45
0
def set_db_defaults():
    # Update the default QueuePool parameters. These can be tweaked by the
    # conf variables - max_pool_size, max_overflow and pool_timeout
    db_options.set_defaults(
        cfg.CONF,
        connection='sqlite://',
        sqlite_db='', max_pool_size=10,
        max_overflow=20, pool_timeout=10)

set_db_defaults()

NOVA_CONF_SECTION = 'nova'

ks_loading.register_auth_conf_options(cfg.CONF, NOVA_CONF_SECTION)
ks_loading.register_session_conf_options(cfg.CONF, NOVA_CONF_SECTION)

nova_opts = [
    cfg.StrOpt('region_name',
               help=_('Name of nova region to use. Useful if keystone manages'
                      ' more than one region.')),
    cfg.StrOpt('endpoint_type',
               default='public',
               choices=['public', 'admin', 'internal'],
               help=_('Type of the nova endpoint to use.  This endpoint will'
                      ' be looked up in the keystone catalog and should be'
                      ' one of public, internal or admin.')),
]
cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION)

logging.register_options(cfg.CONF)
Esempio n. 46
0
               deprecated_group="DEFAULT",
               deprecated_name="nova_ca_certificates_file",
               help='Location of CA certificates file to use for nova client '
                    'requests.'),
    cfg.BoolOpt('api_insecure',
                default=False,
                deprecated_group="DEFAULT",
                deprecated_name="nova_api_insecure",
                help='Allow to perform insecure SSL requests to nova.'),
    ]

CONF = cfg.CONF
CONF.register_opts(nova_deprecated_opts)
CONF.register_opts(core_opts)
CONF.register_opts(nova_opts, NOVA_GROUP)
ks_loading.register_session_conf_options(CONF, NOVA_GROUP)
ks_loading.register_auth_conf_options(CONF, NOVA_GROUP)

LOG = log.getLogger(__name__)


def list_opts():
    return client_auth.AuthClientLoader.list_opts(NOVA_GROUP)


def novaclient(context):
    global AUTH_OBJ
    if not AUTH_OBJ:
        deprecated_opts_for_v2 = {
            'username': CONF.nova_admin_username,
            'password': CONF.nova_admin_password,
Esempio n. 47
0
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#
# @author: Stéphane Albert
#
from ceilometerclient import client as cclient
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg

from cloudkitty import collector
from cloudkitty import utils as ck_utils

CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector'
ks_loading.register_session_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS)
ks_loading.register_auth_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS)
CONF = cfg.CONF


class ResourceNotFound(Exception):
    """Raised when the resource doesn't exist."""
    def __init__(self, resource_type, resource_id):
        super(ResourceNotFound, self).__init__(
            "No such resource: %s, type: %s" % (resource_id, resource_type))
        self.resource_id = resource_id
        self.resource_type = resource_type


class CeilometerResourceCacher(object):
    def __init__(self):
Esempio n. 48
0
CONF = cfg.CONF
CINDER_OPT_GROUP = 'cinder'

# cinder_opts options in the DEFAULT group were deprecated in Juno
CONF.register_opts(cinder_opts, group=CINDER_OPT_GROUP)


deprecated = {'timeout': [cfg.DeprecatedOpt('http_timeout',
                                            group=CINDER_OPT_GROUP)],
              'cafile': [cfg.DeprecatedOpt('ca_certificates_file',
                                           group=CINDER_OPT_GROUP)],
              'insecure': [cfg.DeprecatedOpt('api_insecure',
                                             group=CINDER_OPT_GROUP)]}

ks_loading.register_session_conf_options(CONF,
                                         CINDER_OPT_GROUP,
                                         deprecated_opts=deprecated)

LOG = logging.getLogger(__name__)

_SESSION = None
_V1_ERROR_RAISED = False


def reset_globals():
    """Testing method to reset globals.
    """
    global _SESSION
    _SESSION = None

Esempio n. 49
0
def register_opts(conf):
    conf.register_group(ironic_group)
    conf.register_opts(ironic_options, group=ironic_group)
    ks_loading.register_auth_conf_options(conf, group=ironic_group.name)
    ks_loading.register_session_conf_options(conf, group=ironic_group.name)
Esempio n. 50
0
    cfg.StrOpt('os-region-name',
               default=os.environ.get('OS_REGION_NAME'),
               help='Region name to use for OpenStack service endpoints.'
               'If set, will be included in plugin mappings.'),
    cfg.StrOpt('os-endpoint-type',
               default=os.environ.get('OS_ENDPOINT_TYPE', 'publicURL'),
               help='Type of endpoint in Identity service catalog to '
               'use for communication with OpenStack services.'),
]

GROUP = "service_credentials"
CONF = cfg.CONF

CONF.register_opts(client_opts, group=GROUP)

ka_loading.register_session_conf_options(CONF, GROUP)
ka_loading.register_auth_conf_options(CONF, GROUP)

_session = None

NOVA_MIN_API_VERSION = '2.1'


def _get_session():
    global _session
    if not _session:
        auth = ka_loading.load_auth_from_conf_options(CONF, GROUP)
        _session = ka_loading.load_session_from_conf_options(CONF,
                                                             GROUP,
                                                             auth=auth)
    return _session
Esempio n. 51
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#
# @author: Stéphane Albert
#
from ceilometerclient import client as cclient
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg

from cloudkitty import collector
from cloudkitty import utils as ck_utils

CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector'
ks_loading.register_session_conf_options(
    cfg.CONF,
    CEILOMETER_COLLECTOR_OPTS)
ks_loading.register_auth_conf_options(
    cfg.CONF,
    CEILOMETER_COLLECTOR_OPTS)
CONF = cfg.CONF


class ResourceNotFound(Exception):
    """Raised when the resource doesn't exist."""

    def __init__(self, resource_type, resource_id):
        super(ResourceNotFound, self).__init__(
            "No such resource: %s, type: %s" % (resource_id, resource_type))
        self.resource_id = resource_id
        self.resource_type = resource_type
Esempio n. 52
0
def register_opts(conf):
    conf.register_group(opt_group)
    conf.register_opts(opts, group=opt_group)
    ks_loading.register_auth_conf_options(conf, group=opt_group.name)
    ks_loading.register_session_conf_options(conf, group=opt_group.name)
Esempio n. 53
0
 def __init__(self, configuration):
     self._barbican_client = None
     self._base_url = None
     self.conf = configuration
     self.conf.register_opts(barbican_opts, group=BARBICAN_OPT_GROUP)
     loading.register_session_conf_options(self.conf, BARBICAN_OPT_GROUP)
Esempio n. 54
0
def register_neutron_opts(conf):
    conf.register_group(neutron_group)
    conf.register_opts(neutron_opts, group=neutron_group)
    ks_loading.register_session_conf_options(conf, neutron_group.name)
    ks_loading.register_auth_conf_options(conf, neutron_group.name)
Esempio n. 55
0
    'certfile': [cfg.DeprecatedOpt('certfile', CFG_LEGACY_GROUP)],
    'keyfile': [cfg.DeprecatedOpt('keyfile', CFG_LEGACY_GROUP)],
    'cafile': [cfg.DeprecatedOpt('cafile', CFG_LEGACY_GROUP)],
    'insecure': [cfg.DeprecatedOpt('insecure', CFG_LEGACY_GROUP)],
    'timeout': [cfg.DeprecatedOpt('timeout', CFG_LEGACY_GROUP)],
}

keystone_auth_opts = (ka_loading.get_auth_common_conf_options() +
                      ka_loading.get_auth_plugin_conf_options('password'))

CONF.register_opts(trust_opts, group='trust')
# FIXME(pauloewerton): remove import of authtoken group and legacy options
# after deprecation period
CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
ka_loading.register_auth_conf_options(CONF, CFG_GROUP)
ka_loading.register_session_conf_options(CONF, CFG_GROUP,
                                         deprecated_opts=legacy_session_opts)
CONF.set_default('auth_type', default='password', group=CFG_GROUP)


class KeystoneClientV3(object):
    """Keystone client wrapper so we can encapsulate logic in one place."""

    def __init__(self, context):
        self.context = context
        self._client = None
        self._domain_admin_client = None
        self._session = None

    @property
    def auth_url(self):
        # FIXME(pauloewerton): auth_url should be retrieved from keystone_auth
Esempio n. 56
0
def register_opts(conf):
    conf.register_group(placement_group)
    conf.register_opts(placement_opts, group=placement_group)
    ks_loading.register_session_conf_options(conf, placement_group.name)
    ks_loading.register_auth_conf_options(conf, placement_group.name)
Esempio n. 57
0
                     'catalog. Format is: separated values of the form: '
                     '<service_type>:<service_name>:<endpoint_type>'),
    cfg.StrOpt('endpoint_template',
               help='Override service catalog lookup with template for '
                    'barbican endpoint e.g. '
                    'http://localhost:9311/v1/%(project_id)s'),
    cfg.StrOpt('os_region_name',
               help='Region name of this node'),
]

CONF = cfg.CONF
BARBICAN_OPT_GROUP = 'barbican'

CONF.register_opts(barbican_opts, group=BARBICAN_OPT_GROUP)

ks_loading.register_session_conf_options(CONF, BARBICAN_OPT_GROUP)

LOG = logging.getLogger(__name__)


class BarbicanKeyManager(key_mgr.KeyManager):
    """Key Manager Interface that wraps the Barbican client API."""

    def __init__(self):
        self._barbican_client = None
        self._current_context = None
        self._base_url = None

    def _get_barbican_client(self, ctxt):
        """Creates a client to connect to the Barbican service.
Esempio n. 58
0
               default=3,
               help='Number of cinderclient retries on failed HTTP calls.',
               deprecated_group='DEFAULT',
               deprecated_name="cinder_http_retries"),
    cfg.BoolOpt('api_insecure',
                default=False,
                help='Allow to perform insecure SSL requests to cinder.',
                deprecated_group='DEFAULT',
                deprecated_name="cinder_api_insecure"),
    ]

CONF = cfg.CONF
CONF.register_opts(cinder_deprecated_opts)
CONF.register_opts(core_opts)
CONF.register_opts(cinder_opts, CINDER_GROUP)
ks_loading.register_session_conf_options(CONF, CINDER_GROUP)
ks_loading.register_auth_conf_options(CONF, CINDER_GROUP)


LOG = log.getLogger(__name__)


def list_opts():
    return client_auth.AuthClientLoader.list_opts(CINDER_GROUP)


auth_obj = None


def cinderclient(context):
    global auth_obj