def configure_middleware(self,
auth_plugin,
**kwargs):
opts = auth.get_plugin_class(auth_plugin).get_options()
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
# Since these tests cfg.config() themselves rather than waiting for
# auth_token to do it on __init__ we need to register the base auth
# options (e.g., auth_plugin)
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
self.cfg.config(group=_base.AUTHTOKEN_GROUP,
auth_plugin=auth_plugin,
**kwargs)
def _register_opts(cls, conf):
"""Register keystonemiddleware options."""
options = []
keystone_opts = opts.list_auth_token_opts()
for n in keystone_opts:
if n[0] == cls.OPT_GROUP_NAME:
options = n[1]
break
if cls.OPT_GROUP_NAME not in conf:
conf.register_opts(options, group=cls.OPT_GROUP_NAME)
auth.register_conf_options(conf, cls.OPT_GROUP_NAME)
auth_token.CONF = conf
def configure_middleware(self,
auth_plugin,
group='keystone_authtoken',
**kwargs):
# NOTE(gyee): For this test suite and for the stable liberty branch
# only, we will ignore deprecated calls that keystonemiddleware makes.
warnings.filterwarnings('ignore',
category=DeprecationWarning,
module='^keystonemiddleware\\.')
opts = auth.get_plugin_class(auth_plugin).get_options()
self.cfg.register_opts(opts, group=group)
# Since these tests cfg.config() themselves rather than waiting for
# auth_token to do it on __init__ we need to register the base auth
# options (e.g., auth_plugin)
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
self.cfg.config(group=group, auth_plugin=auth_plugin, **kwargs)
def __init__(self, app, conf):
log = logging.getLogger(conf.get('log_name', __name__))
log.info(_LI('Starting Keystone auth_token middleware'))
# NOTE(wanghong): If options are set in paste file, all the option
# values passed into conf are string type. So, we should convert the
# conf value into correct type.
self._conf = _conf_values_type_convert(conf)
# NOTE(sileht): If we don't want to use oslo.config global object
# we can set the paste "oslo_config_project" and the middleware
# will load the configuration with a local oslo.config object.
self._local_oslo_config = None
if 'oslo_config_project' in conf:
if 'oslo_config_file' in conf:
default_config_files = [conf['oslo_config_file']]
else:
default_config_files = None
# For unit tests, support passing in a ConfigOpts in
# oslo_config_config.
self._local_oslo_config = conf.get('oslo_config_config',
cfg.ConfigOpts())
self._local_oslo_config({},
project=conf['oslo_config_project'],
default_config_files=default_config_files,
validate_default_values=True)
self._local_oslo_config.register_opts(_OPTS,
group=_base.AUTHTOKEN_GROUP)
auth.register_conf_options(self._local_oslo_config,
group=_base.AUTHTOKEN_GROUP)
super(AuthProtocol, self).__init__(
app,
log=log,
enforce_token_bind=self._conf_get('enforce_token_bind'))
# delay_auth_decision means we still allow unauthenticated requests
# through and we let the downstream service make the final decision
self._delay_auth_decision = self._conf_get('delay_auth_decision')
self._include_service_catalog = self._conf_get(
'include_service_catalog')
self._hash_algorithms = self._conf_get('hash_algorithms')
self._identity_server = self._create_identity_server()
self._auth_uri = self._conf_get('auth_uri')
if not self._auth_uri:
self.log.warning(
_LW('Configuring auth_uri to point to the public identity '
'endpoint is required; clients may not be able to '
'authenticate against an admin endpoint'))
# FIXME(dolph): drop support for this fallback behavior as
# documented in bug 1207517.
self._auth_uri = self._identity_server.auth_uri
self._signing_directory = _signing_dir.SigningDirectory(
directory_name=self._conf_get('signing_dir'), log=self.log)
self._token_cache = self._token_cache_factory()
revocation_cache_timeout = datetime.timedelta(
seconds=self._conf_get('revocation_cache_time'))
self._revocations = _revocations.Revocations(revocation_cache_timeout,
self._signing_directory,
self._identity_server,
self._cms_verify,
self.log)
self._check_revocations_for_cached = self._conf_get(
'check_revocations_for_cached')
# @author: Stéphane Albert
#
from ceilometerclient import client as cclient
from keystoneclient import auth as ks_auth
from keystoneclient import session as ks_session
from oslo_config import cfg
from cloudkitty import collector
from cloudkitty import utils as ck_utils
CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector'
ks_session.Session.register_conf_options(
cfg.CONF,
CEILOMETER_COLLECTOR_OPTS)
ks_auth.register_conf_options(
cfg.CONF,
CEILOMETER_COLLECTOR_OPTS)
CONF = cfg.CONF
class ResourceNotFound(Exception):
"""Raised when the resource doesn't exist."""
def __init__(self, resource_type, resource_id):
super(ResourceNotFound, self).__init__(
"No such resource: %s, type: %s" % (resource_id, resource_type))
self.resource_id = resource_id
self.resource_type = resource_type
class CeilometerResourceCacher(object):
# Update the default QueuePool parameters. These can be tweaked by the
# conf variables - max_pool_size, max_overflow and pool_timeout
db_options.set_defaults(cfg.CONF,
connection='sqlite://',
sqlite_db='',
max_pool_size=10,
max_overflow=20,
pool_timeout=10)
set_db_defaults()
NOVA_CONF_SECTION = 'nova'
ks_session.Session.register_conf_options(cfg.CONF, NOVA_CONF_SECTION)
auth.register_conf_options(cfg.CONF, NOVA_CONF_SECTION)
nova_opts = [
cfg.StrOpt('region_name',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION)
logging.register_options(cfg.CONF)
def init(args, **kwargs):
cfg.CONF(args=args,
project='neutron',
version='%%(prog)s %s' % version.version_info.release_string(),
def __init__(self):
self._session = None
self.region_name = CONF.auth_region
ksauth.register_conf_options(CONF, 'keystone_authtoken')
from keystoneclient import auth as ks_auth
from keystoneclient.auth.identity import v2 as v2_auth
from keystoneclient import session as ks_session
from oslo_config import cfg
from tacker.api.v1 import attributes
from tacker.i18n import _LE, _LW
from tacker.openstack.common import log as logging
from tacker.vm.drivers import abstract_driver
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
NOVA_API_VERSION = "2"
SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova'
ks_session.Session.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
OPTS = [
cfg.StrOpt('region_name',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION)
_NICS = 'nics' # converted by novaclient => 'networks'
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
_PORT_ID = 'port-id' # converted by novaclient => 'port'
_FILES = 'files'
class DefaultAuthPlugin(v2_auth.Password):
"""A wrapper around standard v2 user/pass to handle bypass url.
default='2.1',
help='The compute API (micro)version, the provided '
'compute API (micro)version should be not smaller '
'than 2.1 and not larger than the max supported '
'Compute API microversion. The current supported '
'Compute API versions can be checked using: '
'nova version-list.')
GROUP = "service_credentials"
cfg.CONF.register_opts(client_opts, group=GROUP)
cfg.CONF.register_opt(compute_api_version, group="service_credentials:nova")
ks_session.Session.register_conf_options(cfg.CONF, GROUP)
ks_auth.register_conf_options(cfg.CONF, GROUP)
_session = None
NOVA_MIN_API_VERSION = '2.1'
def _get_session():
global _session
if not _session:
auth = ks_auth.load_from_conf_options(cfg.CONF, GROUP)
_session = ks_session.Session.load_from_conf_options(
cfg.CONF, GROUP)
_session.auth = auth
return _session
from neutron.extensions import portbindings
from neutron.extensions import servicevm as sv
from neutron.plugins.common import constants
from neutron.openstack.common.gettextutils import _LI, _LW
from neutron.openstack.common import log as logging
from neutron.services.vm.drivers import abstract_driver
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
NOVA_API_VERSION = "2"
SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova'
a = ks_session.Session()
a.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION)
OPTS = [
cfg.StrOpt('region_name',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION)
SVM_OPTS = [
cfg.StrOpt('mgmt_network_name_id',
default="manage_network",
help=_("Manager network name or id")),
cfg.StrOpt('mgmt_subnet_name_id',
default="manage_subent",
help=_("Manager subnet name or id")),
default=os.environ.get('OS_REGION_NAME'),
help='Region name to use for OpenStack service endpoints.'),
cfg.StrOpt('os-endpoint-type',
default=os.environ.get('OS_ENDPOINT_TYPE', 'publicURL'),
help='Type of endpoint in Identity service catalog to '
'use for communication with OpenStack services.'),
]
GROUP = "service_credentials"
cfg.CONF.register_opts(client_opts, group=GROUP)
ks_session.Session.register_conf_options(cfg.CONF, GROUP)
ks_auth.register_conf_options(cfg.CONF, GROUP)
_session = None
def _get_session():
global _session
if not _session:
auth = ks_auth.load_from_conf_options(cfg.CONF, GROUP)
_session = ks_session.Session.load_from_conf_options(
cfg.CONF, GROUP)
_session.auth = auth
return _session
from keystoneclient import session as ksc_session
from keystoneclient.v3 import client as ksc_client
from oslo_config import cfg
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
# REVISIT(rkukura): We use keystone to get the name of the keystone
# project owning each neutron resource, which by default, requires
# admin. If we keep this, we should probably move it to a separate
# config module. But we should also investigate whether admin is even
# needed, or if neutron's credentials could somehow be used.
AUTH_GROUP = 'apic_aim_auth'
ksc_session.Session.register_conf_options(cfg.CONF, AUTH_GROUP)
ksc_auth.register_conf_options(cfg.CONF, AUTH_GROUP)
class ProjectDetailsCache(object):
"""Cache of Keystone project ID to project details mappings."""
def __init__(self):
self.project_details = {}
self.keystone = None
self.gbp = None
self.enable_neutronclient_internal_ep_interface = (
cfg.CONF.ml2_apic_aim.enable_neutronclient_internal_ep_interface)
def _get_keystone_client(self):
# REVISIT: It seems load_from_conf_options() and
# keystoneclient auth plugins have been deprecated, and we
# License for the specific language governing permissions and limitations
# under the License.
#
# @author: Stéphane Albert
#
from ceilometerclient import client as cclient
from keystoneclient import auth as ks_auth
from keystoneclient import session as ks_session
from oslo_config import cfg
from cloudkitty import collector
from cloudkitty import utils as ck_utils
CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector'
ks_session.Session.register_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS)
ks_auth.register_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS)
CONF = cfg.CONF
class ResourceNotFound(Exception):
"""Raised when the resource doesn't exist."""
def __init__(self, resource_type, resource_id):
super(ResourceNotFound, self).__init__(
"No such resource: %s, type: %s" % (resource_id, resource_type))
self.resource_id = resource_id
self.resource_type = resource_type
class CeilometerResourceCacher(object):
def __init__(self):
self._resource_cache = {}
def __init__(self, app, conf):
# tomograph.start("AuthProtocol", "init", "127.0.0.1", 0)
log = logging.getLogger(conf.get("log_name", __name__))
log.info(_LI("Starting Keystone auth_token middleware"))
# NOTE(wanghong): If options are set in paste file, all the option
# values passed into conf are string type. So, we should convert the
# conf value into correct type.
self._conf = _conf_values_type_convert(conf)
# NOTE(sileht): If we don't want to use oslo.config global object
# we can set the paste "oslo_config_project" and the middleware
# will load the configuration with a local oslo.config object.
self._local_oslo_config = None
if "oslo_config_project" in conf:
if "oslo_config_file" in conf:
default_config_files = [conf["oslo_config_file"]]
else:
default_config_files = None
self._local_oslo_config = cfg.ConfigOpts()
self._local_oslo_config(
{},
project=conf["oslo_config_project"],
default_config_files=default_config_files,
validate_default_values=True,
)
self._local_oslo_config.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP)
auth.register_conf_options(self._local_oslo_config, group=_base.AUTHTOKEN_GROUP)
# tomograph.annotate("call super", "AuthProtocol")
super(AuthProtocol, self).__init__(app, log=log, enforce_token_bind=self._conf_get("enforce_token_bind"))
# delay_auth_decision means we still allow unauthenticated requests
# through and we let the downstream service make the final decision
self._delay_auth_decision = self._conf_get("delay_auth_decision")
self._include_service_catalog = self._conf_get("include_service_catalog")
self._hash_algorithms = self._conf_get("hash_algorithms")
# tomograph.annotate("create identity server", "AuthProtocol")
self._identity_server = self._create_identity_server()
self._auth_uri = self._conf_get("auth_uri")
if not self._auth_uri:
self.log.warning(
_LW(
"Configuring auth_uri to point to the public identity "
"endpoint is required; clients may not be able to "
"authenticate against an admin endpoint"
)
)
# FIXME(dolph): drop support for this fallback behavior as
# documented in bug 1207517.
self._auth_uri = self._identity_server.auth_uri
self._signing_directory = _signing_dir.SigningDirectory(
directory_name=self._conf_get("signing_dir"), log=self.log
)
self._token_cache = self._token_cache_factory()
revocation_cache_timeout = datetime.timedelta(seconds=self._conf_get("revocation_cache_time"))
self._revocations = _revocations.Revocations(
revocation_cache_timeout, self._signing_directory, self._identity_server, self._cms_verify, self.log
)
self._check_revocations_for_cached = self._conf_get("check_revocations_for_cached")
from keystoneclient import session as ksc_session
from keystoneclient.v3 import client as ksc_client
from oslo_config import cfg
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
# REVISIT(rkukura): We use keystone to get the name of the keystone
# project owning each neutron resource, which by default, requires
# admin. If we keep this, we should probably move it to a separate
# config module. But we should also investigate whether admin is even
# needed, or if neutron's credentials could somehow be used.
AUTH_GROUP = 'apic_aim_auth'
ksc_session.Session.register_conf_options(cfg.CONF, AUTH_GROUP)
ksc_auth.register_conf_options(cfg.CONF, AUTH_GROUP)
class ProjectNameCache(object):
"""Cache of Keystone project ID to project name mappings."""
def __init__(self):
self.project_names = {}
self.keystone = None
self.gbp = None
def _get_keystone_client(self):
# REVISIT: It seems load_from_conf_options() and
# keystoneclient auth plugins have been deprecated, and we
# should use keystoneauth instead.
LOG.debug("Getting keystone client")
def __init__(self, app, conf):
log = logging.getLogger(conf.get('log_name', __name__))
log.info(_LI('Starting Keystone auth_token middleware'))
# NOTE(wanghong): If options are set in paste file, all the option
# values passed into conf are string type. So, we should convert the
# conf value into correct type.
self._conf = _conf_values_type_convert(conf)
# NOTE(sileht): If we don't want to use oslo.config global object
# we can set the paste "oslo_config_project" and the middleware
# will load the configuration with a local oslo.config object.
self._local_oslo_config = None
if 'oslo_config_project' in conf:
if 'oslo_config_file' in conf:
default_config_files = [conf['oslo_config_file']]
else:
default_config_files = None
# For unit tests, support passing in a ConfigOpts in
# oslo_config_config.
self._local_oslo_config = conf.get('oslo_config_config',
cfg.ConfigOpts())
self._local_oslo_config(
{}, project=conf['oslo_config_project'],
default_config_files=default_config_files,
validate_default_values=True)
self._local_oslo_config.register_opts(
_OPTS, group=_base.AUTHTOKEN_GROUP)
auth.register_conf_options(self._local_oslo_config,
group=_base.AUTHTOKEN_GROUP)
super(AuthProtocol, self).__init__(
app,
log=log,
enforce_token_bind=self._conf_get('enforce_token_bind'))
# delay_auth_decision means we still allow unauthenticated requests
# through and we let the downstream service make the final decision
self._delay_auth_decision = self._conf_get('delay_auth_decision')
self._include_service_catalog = self._conf_get(
'include_service_catalog')
self._hash_algorithms = self._conf_get('hash_algorithms')
self._identity_server = self._create_identity_server()
self._auth_uri = self._conf_get('auth_uri')
if not self._auth_uri:
self.log.warning(
_LW('Configuring auth_uri to point to the public identity '
'endpoint is required; clients may not be able to '
'authenticate against an admin endpoint'))
# FIXME(dolph): drop support for this fallback behavior as
# documented in bug 1207517.
self._auth_uri = self._identity_server.auth_uri
self._signing_directory = _signing_dir.SigningDirectory(
directory_name=self._conf_get('signing_dir'), log=self.log)
self._token_cache = self._token_cache_factory()
revocation_cache_timeout = datetime.timedelta(
seconds=self._conf_get('revocation_cache_time'))
self._revocations = _revocations.Revocations(revocation_cache_timeout,
self._signing_directory,
self._identity_server,
self._cms_verify,
self.log)
self._check_revocations_for_cached = self._conf_get(
'check_revocations_for_cached')
),
cfg.StrOpt(
"identity_uri",
default=None,
help="Complete admin Identity API endpoint. This "
"should specify the unversioned root endpoint "
"e.g. https://localhost:35357/",
),
cfg.StrOpt(
"admin_token",
secret=True,
help="This option is deprecated and may be removed in "
"a future release. Single shared secret with the "
"Keystone configuration used for bootstrapping a "
"Keystone installation, or otherwise bypassing "
"the normal authentication process. This option "
"should not be used, use `admin_user` and "
"`admin_password` instead.",
),
cfg.StrOpt("admin_user", help="Service username."),
cfg.StrOpt("admin_password", secret=True, help="Service user password."),
cfg.StrOpt("admin_tenant_name", default="admin", help="Service tenant name."),
]
)
return options
auth.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
AuthTokenPlugin.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
from keystoneclient import client as kclient
from keystoneclient import session as ks_session
from oslo_config import cfg
from cloudkitty import tenant_fetcher
KEYSTONE_FETCHER_OPTS = 'keystone_fetcher'
keystone_fetcher_opts = [
cfg.StrOpt('keystone_version',
default='2',
help='Keystone version to use.'),
]
cfg.CONF.register_opts(keystone_fetcher_opts, KEYSTONE_FETCHER_OPTS)
ks_session.Session.register_conf_options(cfg.CONF, KEYSTONE_FETCHER_OPTS)
ks_auth.register_conf_options(cfg.CONF, KEYSTONE_FETCHER_OPTS)
CONF = cfg.CONF
class KeystoneFetcher(tenant_fetcher.BaseFetcher):
"""Keystone tenants fetcher."""
def __init__(self):
self.auth = ks_auth.load_from_conf_options(CONF, KEYSTONE_FETCHER_OPTS)
self.session = ks_session.Session.load_from_conf_options(
CONF, KEYSTONE_FETCHER_OPTS, auth=self.auth)
self.admin_ks = kclient.Client(
version=CONF.keystone_fetcher.keystone_version,
session=self.session,
auth_url=self.auth.auth_url)
def get_tenants(self):
default='http://127.0.0.1:2704',
help='URL for connecting to gluon'),
cfg.StrOpt('region_name',
help='Region name for connecting to gluon in admin context'),
]
OPT_GROUP = 'gluon'
CONF = cfg.CONF
CONF.register_opts(opts, OPT_GROUP)
deprecations = {}
session.Session.register_conf_options(CONF, OPT_GROUP,
deprecated_opts=deprecations)
auth.register_conf_options(CONF, OPT_GROUP)
LOG = logging.getLogger(__name__)
# NOTE: these classes are practically speaking unneeded, but I've put them here for two reasons:
# 1. as a list of ABCs that this interface probably ought to support so that we can do better in
# Nova when the feature is not supported by the network plugin
# 2. as a documented list of functions I've actively not implemented (so that you know I've made
# a choice rather than forgotten them)
# We should, in theory, have implemented every function of the base API model. It could, therefore,
# be converted to an ABC that expects complete implementation.
class NoNetworkSupportMixin(object):
def _err(self):
raise NotImplementedError("No L2 network support when using Gluon - use the backend")
from keystoneclient import auth as ks_auth
from keystoneclient.auth.identity import v2 as v2_auth
from keystoneclient import session as ks_session
from oslo_config import cfg
from tacker.api.v1 import attributes
from tacker.i18n import _LE, _LW
from tacker.openstack.common import log as logging
from tacker.vm.drivers import abstract_driver
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
NOVA_API_VERSION = "2"
TACKER_NOVA_CONF_SECTION = 'tacker_nova'
ks_session.Session.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION)
ks_auth.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION)
OPTS = [
cfg.StrOpt('region_name',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
CONF.register_opts(OPTS, group=TACKER_NOVA_CONF_SECTION)
_NICS = 'nics' # converted by novaclient => 'networks'
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
_PORT_ID = 'port-id' # converted by novaclient => 'port'
_FILES = 'files'
class DefaultAuthPlugin(v2_auth.Password):
"""A wrapper around standard v2 user/pass to handle bypass url.
'(http or https). Deprecated, use identity_uri.'),
cfg.StrOpt('identity_uri',
default=None,
help='Complete admin Identity API endpoint. This '
'should specify the unversioned root endpoint '
'e.g. https://localhost:35357/'),
cfg.StrOpt('admin_token',
secret=True,
help='This option is deprecated and may be removed in '
'a future release. Single shared secret with the '
'Keystone configuration used for bootstrapping a '
'Keystone installation, or otherwise bypassing '
'the normal authentication process. This option '
'should not be used, use `admin_user` and '
'`admin_password` instead.'),
cfg.StrOpt('admin_user',
help='Service username.'),
cfg.StrOpt('admin_password',
secret=True,
help='Service user password.'),
cfg.StrOpt('admin_tenant_name',
default='admin',
help='Service tenant name.'),
])
return options
auth.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
AuthTokenPlugin.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
LOG = logging.getLogger(__name__)
# Note, we yield the options via list_opts to enable generation of the
# sample king.conf, but we don't register these options directly via
# cfg.CONF.register*, it's done via auth.register_conf_options
# Note, only auth_plugin = v3password is expected to work, example config:
# [trustee]
# auth_plugin = password
# auth_url = http://192.168.1.2:35357
# username = king
# password = password
# user_domain_id = default
V3_PASSWORD_PLUGIN = 'v3password'
TRUSTEE_CONF_GROUP = 'trustee'
auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
def list_opts():
trustee_opts = auth.conf.get_common_conf_options()
trustee_opts.extend(auth.conf.get_plugin_options(V3_PASSWORD_PLUGIN))
yield TRUSTEE_CONF_GROUP, trustee_opts
class RequestContext(context.RequestContext):
"""Stores information about the security context.
Under the security context the user accesses the system, as well as
additional request information.
"""
from keystoneclient import session as ks_session
from oslo_config import cfg
from oslo_log import log as logging
from oslo_log import versionutils
from six import iteritems
from tacker.api.v1 import attributes
from tacker._i18n import _LE, _LW
from tacker.vnfm.infra_drivers import abstract_driver
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
NOVA_API_VERSION = "2"
TACKER_NOVA_CONF_SECTION = 'tacker_nova'
ks_session.Session.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION)
ks_auth.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION)
OPTS = [
cfg.StrOpt('region_name',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
CONF.register_opts(OPTS, group=TACKER_NOVA_CONF_SECTION)
_NICS = 'nics' # converted by novaclient => 'networks'
_NET_ID = 'net-id' # converted by novaclient => 'uuid'
_PORT_ID = 'port-id' # converted by novaclient => 'port'
_FILES = 'files'
class DefaultAuthPlugin(v2_auth.Password):
"""A wrapper around standard v2 user/pass to handle bypass url.
from oslo_config import cfg
from cloudkitty import tenant_fetcher
KEYSTONE_FETCHER_OPTS = 'keystone_fetcher'
keystone_fetcher_opts = [
cfg.StrOpt('keystone_version',
default='2',
help='Keystone version to use.'), ]
cfg.CONF.register_opts(keystone_fetcher_opts, KEYSTONE_FETCHER_OPTS)
ks_session.Session.register_conf_options(
cfg.CONF,
KEYSTONE_FETCHER_OPTS)
ks_auth.register_conf_options(
cfg.CONF,
KEYSTONE_FETCHER_OPTS)
CONF = cfg.CONF
class KeystoneFetcher(tenant_fetcher.BaseFetcher):
"""Keystone tenants fetcher."""
def __init__(self):
self.auth = ks_auth.load_from_conf_options(
CONF,
KEYSTONE_FETCHER_OPTS)
self.session = ks_session.Session.load_from_conf_options(
CONF,
KEYSTONE_FETCHER_OPTS,
auth=self.auth)
from oslo_utils import timeutils
from conveyor.common import local
from conveyor.conveyorheat.common import endpoint_utils
from conveyor.conveyorheat.common import exception as heat_exc
from conveyor.conveyorheat.engine import clients
from conveyor.db import api as db_api
from conveyor import exception
from conveyor.i18n import _
from conveyor.i18n import _LE
from conveyor.i18n import _LW
LOG = logging.getLogger(__name__)
TRUSTEE_CONF_GROUP = 'trustee'
auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
def generate_request_id():
return 'req-' + str(uuid.uuid4())
class RequestContext(object):
"""Security context and request information.
Represents the user taking a given action within the system.
"""
def __init__(self, user_id, project_id, is_admin=None, read_deleted="no",
roles=None, remote_address=None, timestamp=None,
# Update the default QueuePool parameters. These can be tweaked by the
# configuration variables - max_pool_size, max_overflow and pool_timeout
db_options.set_defaults(cfg.CONF,
connection=_SQL_CONNECTION_DEFAULT,
sqlite_db='', max_pool_size=10,
max_overflow=20, pool_timeout=10)
NOVA_CONF_SECTION = 'nova'
nova_deprecated_opts = {
'cafile': [cfg.DeprecatedOpt('nova_ca_certificates_file', 'DEFAULT')],
'insecure': [cfg.DeprecatedOpt('nova_api_insecure', 'DEFAULT')],
}
ks_session.Session.register_conf_options(cfg.CONF, NOVA_CONF_SECTION,
deprecated_opts=nova_deprecated_opts)
auth.register_conf_options(cfg.CONF, NOVA_CONF_SECTION)
nova_opts = [
cfg.StrOpt('region_name',
deprecated_name='nova_region_name',
deprecated_group='DEFAULT',
help=_('Name of nova region to use. Useful if keystone manages'
' more than one region.')),
]
cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION)
logging.register_options(cfg.CONF)
def init(args, **kwargs):
cfg.CONF(args=args, project='neutron',
help='URL for connecting to gluon'),
cfg.StrOpt('region_name',
help='Region name for connecting to gluon in admin context'),
]
OPT_GROUP = 'gluon'
CONF = cfg.CONF
CONF.register_opts(opts, OPT_GROUP)
deprecations = {}
session.Session.register_conf_options(CONF,
OPT_GROUP,
deprecated_opts=deprecations)
auth.register_conf_options(CONF, OPT_GROUP)
LOG = logging.getLogger(__name__)
# NOTE: these classes are practically speaking unneeded, but I've put them here for two reasons:
# 1. as a list of ABCs that this interface probably ought to support so that we can do better in
# Nova when the feature is not supported by the network plugin
# 2. as a documented list of functions I've actively not implemented (so that you know I've made
# a choice rather than forgotten them)
# We should, in theory, have implemented every function of the base API model. It could, therefore,
# be converted to an ABC that expects complete implementation.
class NoNetworkSupportMixin(object):
def _err(self):
raise NotImplementedError(
