def add_auth_middleware(app): """Add authentication middleware to Flask application. :param app: application. """ auth_conf = {key: conf.get('discoverd', value) for (key, value) in zip(MIDDLEWARE_ARGS, OS_ARGS)} auth_conf['delay_auth_decision'] = True auth_conf['identity_uri'] = conf.get('discoverd', 'identity_uri') app.wsgi_app = auth_token.AuthProtocol(app.wsgi_app, auth_conf)
def main(): # pragma: no cover old_args = config_shim(sys.argv) parser = argparse.ArgumentParser(description='''Hardware introspection service for OpenStack Ironic. ''') parser.add_argument('--config-file', dest='config', required=True) # if parse_args is passed None it uses sys.argv instead. args = parser.parse_args(old_args) conf.read(args.config) debug = conf.getboolean('discoverd', 'debug') logging.basicConfig(level=logging.DEBUG if debug else logging.INFO) for third_party in ('urllib3.connectionpool', 'keystonemiddleware.auth_token', 'requests.packages.urllib3.connectionpool'): logging.getLogger(third_party).setLevel(logging.WARNING) logging.getLogger('ironicclient.common.http').setLevel( logging.INFO if debug else logging.ERROR) if old_args: LOG.warning('"ironic-discoverd <config-file>" syntax is deprecated use' ' "ironic-discoverd --config-file <config-file>" instead') init() app.run(debug=debug, host=conf.get('discoverd', 'listen_address'), port=conf.getint('discoverd', 'listen_port'))
def main(): # pragma: no cover old_args = config_shim(sys.argv) parser = argparse.ArgumentParser(description='''Hardware introspection service for OpenStack Ironic. ''') parser.add_argument('--config-file', dest='config', required=True) # if parse_args is passed None it uses sys.argv instead. args = parser.parse_args(old_args) conf.read(args.config) debug = conf.getboolean('discoverd', 'debug') logging.basicConfig(level=logging.DEBUG if debug else logging.INFO) logging.getLogger('urllib3.connectionpool').setLevel(logging.WARNING) logging.getLogger('requests.packages.urllib3.connectionpool').setLevel( logging.WARNING) logging.getLogger('ironicclient.common.http').setLevel( logging.INFO if debug else logging.ERROR) if old_args: LOG.warning('"ironic-discoverd <config-file>" syntax is deprecated use' ' "ironic-discoverd --config-file <config-file>" instead') init() app.run(debug=debug, host=conf.get('discoverd', 'listen_address'), port=conf.getint('discoverd', 'listen_port'))
def check_is_admin(token): """Check whether the token is from a user with the admin role. :param token: Keystone authentication token. :raises: keystoneclient.exceptions.Unauthorized if the user does not have the admin role in the tenant provided in the admin_tenant_name option. """ kc = keystone.Client(token=token, tenant_name=conf.get('discoverd', 'admin_tenant_name'), auth_url=conf.get('discoverd', 'os_auth_url')) if "admin" not in [role.name for role in kc.roles.roles_for_user( kc.user_id, tenant=kc.tenant_id)]: raise keystone_exc.Unauthorized()
def init(): """Initialize firewall management. Must be called one on start-up. """ global INTERFACE INTERFACE = conf.get('discoverd', 'dnsmasq_interface') _clean_up(CHAIN) # Not really needed, but helps to validate that we have access to iptables _iptables('-N', CHAIN)
def init(): """Initialize firewall management. Must be called one on start-up. """ if not conf.getboolean('discoverd', 'manage_firewall'): return global INTERFACE INTERFACE = conf.get('discoverd', 'dnsmasq_interface') _clean_up(CHAIN) # Not really needed, but helps to validate that we have access to iptables _iptables('-N', CHAIN)
def init(): """Initialize the database.""" global _DB_NAME _DB_NAME = conf.get('discoverd', 'database', default='').strip() if not _DB_NAME: LOG.critical('Configuration option discoverd.database should be set') sys.exit(1) db_dir = os.path.dirname(_DB_NAME) if db_dir and not os.path.exists(db_dir): os.makedirs(db_dir) sqlite3.connect(_DB_NAME).executescript(_SCHEMA)
def init(): """Initialize the database.""" global _DB_NAME _DB_NAME = conf.get('discoverd', 'database').strip() if not _DB_NAME: # We can't use in-memory, so we create a temporary file fd, _DB_NAME = tempfile.mkstemp(prefix='discoverd-') os.close(fd) def cleanup(): if os.path.exists(_DB_NAME): os.unlink(_DB_NAME) atexit.register(cleanup) sqlite3.connect(_DB_NAME).executescript(_SCHEMA)
def processing_hooks_manager(*args): """Create a Stevedore extension manager for processing hooks. :param args: arguments to pass to the hooks constructor. """ global _HOOKS_MGR if _HOOKS_MGR is None: names = [x.strip() for x in conf.get('discoverd', 'processing_hooks').split(',') if x.strip()] _HOOKS_MGR = named.NamedExtensionManager('ironic_discoverd.hooks', names=names, invoke_on_load=True, invoke_args=args, name_order=True) return _HOOKS_MGR
def processing_hooks_manager(*args): """Create a Stevedore extension manager for processing hooks. :param args: arguments to pass to the hooks constructor. """ global _HOOKS_MGR if _HOOKS_MGR is None: names = [ x.strip() for x in conf.get('discoverd', 'processing_hooks').split(',') if x.strip() ] _HOOKS_MGR = named.NamedExtensionManager('ironic_discoverd.hooks', names=names, invoke_on_load=True, invoke_args=args, name_order=True) return _HOOKS_MGR
def get_daisy_client(): """Get Daisy client instance.""" endpoint = conf.get('discoverd', 'daisy_url') return daisy_client.Client(version=1, endpoint=endpoint)
def get_client(): # pragma: no cover """Get Ironic client instance.""" #args = dict((k, conf.get('discoverd', k)) for k in OS_ARGS) args = dict({'os_auth_token': conf.get('discoverd', 'os_auth_token'), 'ironic_url': conf.get('discoverd', 'ironic_url')}) return client.get_client(1, **args)
def get_client(): # pragma: no cover """Get Ironic client instance.""" args = dict((k, conf.get('discoverd', k)) for k in OS_ARGS) return client.get_client(1, **args)