def test_loading_v2(self): section = uuid.uuid4().hex auth_url = uuid.uuid4().hex username = uuid.uuid4().hex password = uuid.uuid4().hex trust_id = uuid.uuid4().hex tenant_id = uuid.uuid4().hex self.conf_fixture.config(auth_section=section, group=self.GROUP) loading.register_auth_conf_options(self.conf_fixture.conf, group=self.GROUP) self.conf_fixture.register_opts( to_oslo_opts(v2.Password().get_options()), group=section) self.conf_fixture.config(auth_type=self.V2PASS, auth_url=auth_url, username=username, password=password, trust_id=trust_id, tenant_id=tenant_id, group=section) a = loading.load_auth_from_conf_options(self.conf_fixture.conf, self.GROUP) self.assertEqual(auth_url, a.auth_url) self.assertEqual(username, a.username) self.assertEqual(password, a.password) self.assertEqual(trust_id, a.trust_id) self.assertEqual(tenant_id, a.tenant_id)
def register_ksa_opts(conf, group, default_service_type, include_auth=True, deprecated_opts=None): """Register keystoneauth auth, Session, and Adapter opts. :param conf: oslo_config.cfg.CONF in which to register the options :param group: Conf group, or string name thereof, in which to register the options. :param default_service_type: Default for the service_type conf option on the Adapter. :param include_auth: For service types where Nova is acting on behalf of the user, auth should come from the user context. In those cases, set this arg to False to avoid registering ksa auth options. :param deprecated_opts: dict of deprecated opts to register with the ksa Session or Adapter opts. See docstring for the deprecated_opts param of: keystoneauth1.loading.session.Session.register_conf_options """ # ksa register methods need the group name as a string. oslo doesn't care. group = getattr(group, 'name', group) ks_loading.register_session_conf_options( conf, group, deprecated_opts=deprecated_opts) if include_auth: ks_loading.register_auth_conf_options(conf, group) conf.register_opts(get_ksa_adapter_opts( default_service_type, deprecated_opts=deprecated_opts), group=group) # Have to register dummies for the version-related opts we removed for name in _ADAPTER_VERSION_OPTS: conf.register_opt(_dummy_opt(name), group=group)
def __init__(self, section=constants.SERVICE_AUTH): self._session = None self._auth = None self.section = section ks_loading.register_auth_conf_options(cfg.CONF, self.section) ks_loading.register_session_conf_options(cfg.CONF, self.section)
def register_opts(conf): global neutron_options conf.register_group(neutron_group) conf.register_opts(ALL_OPTS, group=neutron_group) neutron_options = ks_loading.register_session_conf_options( conf, NEUTRON_GROUP, deprecated_opts=deprecations) ks_loading.register_auth_conf_options(conf, NEUTRON_GROUP)
def _migrate_keys(self, volumes, backups): LOG.info("Starting migration of ConfKeyManager keys.") # Establish a Barbican client session that will be used for the entire # key migration process. Use cinder's own service credentials. try: ks_loading.register_auth_conf_options(self.conf, 'keystone_authtoken') auth = ks_loading.load_auth_from_conf_options(self.conf, 'keystone_authtoken') sess = ks_session.Session(auth=auth) self.barbican = barbican_client.Client(session=sess) except Exception as e: LOG.error("Aborting encryption key migration due to " "error creating Barbican client: %s", e) return errors = 0 for item in itertools.chain(volumes, backups): try: self._migrate_encryption_key(item) except Exception as e: LOG.error("Error migrating encryption key: %s", e) # NOTE(abishop): There really shouldn't be any soft errors, so # if an error occurs migrating one key then chances are they # will all fail. This avoids filling the log with the same # error in situations where there are many keys to migrate. errors += 1 if errors > MAX_KEY_MIGRATION_ERRORS: LOG.error("Aborting encryption key migration " "(too many errors).") break
def test_loading_v3(self): section = uuid.uuid4().hex auth_url = uuid.uuid4().hex, token = uuid.uuid4().hex trust_id = uuid.uuid4().hex project_id = uuid.uuid4().hex project_domain_name = uuid.uuid4().hex self.conf_fixture.config(auth_section=section, group=self.GROUP) loading.register_auth_conf_options(self.conf_fixture.conf, group=self.GROUP) self.conf_fixture.register_opts(to_oslo_opts(v3.Token().get_options()), group=section) self.conf_fixture.config(auth_type=self.V3TOKEN, auth_url=auth_url, token=token, trust_id=trust_id, project_id=project_id, project_domain_name=project_domain_name, group=section) a = loading.load_auth_from_conf_options(self.conf_fixture.conf, self.GROUP) self.assertEqual(token, a.auth_methods[0].token) self.assertEqual(trust_id, a.trust_id) self.assertEqual(project_id, a.project_id) self.assertEqual(project_domain_name, a.project_domain_name)
def register_keystoneauth_opts(conf): ka_loading.register_auth_conf_options(conf, CFG_GROUP) ka_loading.register_session_conf_options( conf, CFG_GROUP, deprecated_opts={'cacert': [ cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP), cfg.DeprecatedOpt('os-cacert', group="DEFAULT")] })
def register_opts(conf): # FIXME(pauloewerton): remove import of authtoken group and legacy options # after deprecation period conf.import_group(CFG_LEGACY_GROUP, 'keystonemiddleware.auth_token') ka_loading.register_auth_conf_options(conf, CFG_GROUP) ka_loading.register_session_conf_options( conf, CFG_GROUP, deprecated_opts=legacy_session_opts) conf.set_default('auth_type', default='password', group=CFG_GROUP)
def register_auth_opts(conf, group): """Register session- and auth-related options Registers only basic auth options shared by all auth plugins. The rest are registered at runtime depending on auth plugin used. """ kaloading.register_session_conf_options(conf, group) kaloading.register_auth_conf_options(conf, group)
def test_get_keystone_session(self): _AUTH_CONF_GROUP = 'watcher_clients_auth' ka_loading.register_auth_conf_options(cfg.CONF, _AUTH_CONF_GROUP) ka_loading.register_session_conf_options(cfg.CONF, _AUTH_CONF_GROUP) cfg.CONF.set_override('auth_type', 'password', group=_AUTH_CONF_GROUP) # If we don't clean up the _AUTH_CONF_GROUP conf options, then other # tests that run after this one will fail, complaining about required # options that _AUTH_CONF_GROUP wants. def cleanup_conf_from_loading(): # oslo_config doesn't seem to allow unregistering groups through a # single method, so we do this instead cfg.CONF.reset() del cfg.CONF._groups[_AUTH_CONF_GROUP] self.addCleanup(cleanup_conf_from_loading) osc = clients.OpenStackClients() expected = {'username': '******', 'password': '******', 'auth_url': 'http://server.ip:35357', 'user_domain_id': 'foouserdomainid', 'project_domain_id': 'fooprojdomainid'} def reset_register_opts_mock(conf_obj, original_method): conf_obj.register_opts = original_method original_register_opts = cfg.CONF.register_opts self.addCleanup(reset_register_opts_mock, cfg.CONF, original_register_opts) # Because some of the conf options for auth plugins are not registered # until right before they are loaded, and because the method that does # the actual loading of the conf option values is an anonymous method # (see _getter method of load_from_conf_options in # keystoneauth1.loading.conf.py), we need to manually monkey patch # the register opts method so that we can override the conf values to # our custom values. def mock_register_opts(*args, **kwargs): ret = original_register_opts(*args, **kwargs) if 'group' in kwargs and kwargs['group'] == _AUTH_CONF_GROUP: for key, value in expected.items(): cfg.CONF.set_override(key, value, group=_AUTH_CONF_GROUP) return ret cfg.CONF.register_opts = mock_register_opts sess = osc.session self.assertEqual(expected['auth_url'], sess.auth.auth_url) self.assertEqual(expected['username'], sess.auth._username) self.assertEqual(expected['password'], sess.auth._password) self.assertEqual(expected['user_domain_id'], sess.auth._user_domain_id) self.assertEqual(expected['project_domain_id'], sess.auth._project_domain_id)
def register_conf_options(self, group=None, section=None): loading.register_auth_conf_options(self.conf_fixture.conf, group=group) if section: self.conf_fixture.config(group=group, auth_section=section) loading.register_auth_conf_options(self.conf_fixture.conf, group=group) return self.conf_fixture
def _register_keystoneauth_group(conf, group): ka_loading.register_auth_conf_options(conf, group) ka_loading.register_session_conf_options( conf, group, deprecated_opts={'cacert': [ cfg.DeprecatedOpt('os-cacert', group=group), cfg.DeprecatedOpt('os-cacert', group="DEFAULT")] }) conf.register_opts(CLI_OPTS, group=group)
def register_keystoneauth_opts(conf): ka_loading.register_auth_conf_options(conf, CFG_GROUP) ka_loading.register_session_conf_options( conf, CFG_GROUP, deprecated_opts={'cacert': [ cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP), cfg.DeprecatedOpt('os-cacert', group="DEFAULT")] }) conf.set_default("auth_type", default="password-ceilometer-legacy", group=CFG_GROUP)
def setUp(self): super(ConfTests, self).setUp() self.conf_fixture = self.useFixture(config.Config()) # NOTE(jamielennox): we register the basic config options first because # we need them in place before we can stub them. We will need to run # the register again after we stub the auth section and auth plugin so # it can load the plugin specific options. loading.register_auth_conf_options(self.conf_fixture.conf, group=self.GROUP)
def register_keystoneauth_opts(): ka_loading.register_auth_conf_options(CONF, CFG_GROUP) ka_loading.register_session_conf_options( CONF, CFG_GROUP, deprecated_opts={ 'cacert': [ cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP), cfg.DeprecatedOpt('os-cacert', group="DEFAULT") ] })
def setUp(self): super(TestPlacementHelper, self).setUp() _AUTH_CONF_GROUP = 'watcher_clients_auth' ka_loading.register_auth_conf_options(CONF, _AUTH_CONF_GROUP) ka_loading.register_session_conf_options(CONF, _AUTH_CONF_GROUP) self.client = placement_helper.PlacementHelper() self.fake_err_msg = { 'errors': [{ 'detail': 'The resource could not be found.', }] }
def register_opts(conf): """ Registers all the sections in this module. """ for section in SECTIONS: conf.register_group( cfg.OptGroup(name=section.name, title=section.title, help=section.help)) conf.register_opts(section.options, group=section.name) ks_loading.register_auth_conf_options(conf, group='keystone_authtoken')
def register_opts(conf): conf.register_group(identity_group) group = getattr(identity_group, 'name', identity_group) ks_loading.register_session_conf_options(conf, group) ks_loading.register_auth_conf_options(conf, group) adapter_opts = get_ksa_adapter_opts(SERVICE_TYPE) conf.register_opts(adapter_opts, group=group)
def _register_keystoneauth_group(conf, group): ka_loading.register_auth_conf_options(conf, group) ka_loading.register_session_conf_options( conf, group, deprecated_opts={ 'cacert': [ cfg.DeprecatedOpt('os-cacert', group=group), cfg.DeprecatedOpt('os-cacert', group="DEFAULT") ] }) conf.register_opts(CLI_OPTS, group=group)
def __init__(self, config_group_name=None): self.config_group_name = config_group_name or 'DEFAULT' ks_loading.register_session_conf_options( CONF, NEUTRON_GROUP, deprecated_opts=deprecated_opts) ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP) CONF.register_opts(neutron_opts, NEUTRON_GROUP) self.configuration = getattr(CONF, self.config_group_name, CONF) self.last_neutron_extension_sync = None self.extensions = {} self.auth_obj = None
def register_opts(conf): loading.register_session_conf_options(CONF, _option_group) loading.register_adapter_conf_options(CONF, _option_group, include_deprecated=False) loading.register_auth_conf_options(CONF, _option_group) plugin_name = CONF.oslo_limit.auth_type if plugin_name: plugin_loader = loading.get_plugin_loader(plugin_name) plugin_opts = loading.get_auth_plugin_conf_options(plugin_loader) CONF.register_opts(plugin_opts, group=_option_group) conf.register_opts(_options, group=_option_group)
def test_same_section(self, m): opts = loading.get_auth_plugin_conf_options(utils.MockLoader()) self.conf_fixture.register_opts(opts, group=self.GROUP) loading.register_auth_conf_options(self.conf_fixture.conf, group=self.GROUP) self.conf_fixture.config(auth_type=uuid.uuid4().hex, group=self.GROUP, **self.TEST_VALS) a = loading.load_auth_from_conf_options(self.conf_fixture.conf, self.GROUP) self.assertTestVals(a)
def __init__(self): ks_loading.register_session_conf_options(CONF, "neutron_client") ks_loading.register_auth_conf_options(CONF, "neutron_client") self.auth = ks_loading.load_auth_from_conf_options( CONF, "neutron_client") self.session = ks_loading.load_session_from_conf_options( CONF, "neutron_client", auth=self.auth) self.neutron_client = neutron_client.Client( session=self.session, auth=self.auth)
def __init__(self, config_group_name=None): self.config_group_name = config_group_name or 'DEFAULT' ks_loading.register_session_conf_options(CONF, NEUTRON_GROUP) ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP) CONF.register_opts(neutron_opts, NEUTRON_GROUP) CONF.register_opts(neutron_deprecated_opts, group=self.config_group_name) self.configuration = getattr(CONF, self.config_group_name, CONF) self.last_neutron_extension_sync = None self.extensions = {} self.auth_obj = None
def configure_middleware(self, auth_type, **kwargs): opts = loading.get_auth_plugin_conf_options(auth_type) self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP) # Since these tests cfg.config() themselves rather than waiting for # auth_token to do it on __init__ we need to register the base auth # options (e.g., auth_plugin) loading.register_auth_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP) self.cfg.config(group=_base.AUTHTOKEN_GROUP, auth_type=auth_type, **kwargs)
def register_auth_opts(conf, group, service_type=None): """Register session- and auth-related options Registers only basic auth options shared by all auth plugins. The rest are registered at runtime depending on auth plugin used. """ kaloading.register_session_conf_options(conf, group) kaloading.register_auth_conf_options(conf, group) kaloading.register_adapter_conf_options(conf, group) conf.set_default('valid_interfaces', DEFAULT_VALID_INTERFACES, group=group) # TODO(pas-ha) use os-service-type to try find the service_type by the # config group name assuming it is a project name (e.g. 'glance') if service_type: conf.set_default('service_type', service_type, group=group)
def __init__(self): ks_loading.register_session_conf_options(CONF, "glance_client") ks_loading.register_auth_conf_options(CONF, "glance_client") self.auth = ks_loading.load_auth_from_conf_options( CONF, "glance_client") self.session = ks_loading.load_session_from_conf_options( CONF, "glance_client", auth=self.auth) self.glance_client = glance_client.Client( version='1', session=self.session, auth=self.auth)
def setUp(self): super(FixturesTests, self).setUp() self.conf_fixture = self.useFixture(config.Config()) # conf loading will still try to read the auth_type from the config # object and pass that to the get_plugin_loader method. This value will # typically be ignored and the fake plugin returned regardless of name # but it could be a useful differentiator and it also ensures that the # application has called register_auth_conf_options before simply # returning a fake plugin. loading.register_auth_conf_options(self.conf_fixture.conf, group=self.GROUP) self.conf_fixture.config(auth_type=self.AUTH_TYPE, group=self.GROUP)
def register_opts(): CONF.register_group(HYPERV_AGENT_GROUP) CONF.register_opts(HYPERV_AGENT_OPTS, group=HYPERV_AGENT_GROUP_NAME) CONF.register_group(NVGRE_GROUP) CONF.register_opts(NVGRE_OPTS, group=NVGRE_GROUP_NAME) CONF.register_group(NEUTRON_GROUP) CONF.register_opts(NEUTRON_OPTS, group=NEUTRON_GROUP_NAME) ks_loading.register_session_conf_options(CONF, NEUTRON_GROUP) ks_loading.register_auth_conf_options(CONF, NEUTRON_GROUP) CONF.register_group(HNV_GROUP) CONF.register_opts(HNV_OPTS, group=HNV_GROUP_NAME)
def __init__(self): ks_loading.register_session_conf_options(CONF, "keystone_client") ks_loading.register_auth_conf_options(CONF, "keystone_client") self.auth = ks_loading.load_auth_from_conf_options( CONF, "keystone_client") self.session = ks_loading.load_session_from_conf_options( CONF, "keystone_client", auth=self.auth) self.ks_client = ks_client.Client( version='3', session=self.session, auth_url=self.auth.auth_url)
def register_keystoneauth_opts(conf): ka_loading.register_auth_conf_options(conf, CFG_GROUP) ka_loading.register_session_conf_options( conf, CFG_GROUP, deprecated_opts={ 'cacert': [ cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP), cfg.DeprecatedOpt('os-cacert', group="DEFAULT") ] }) conf.set_default("auth_type", default="password-aodh-legacy", group=CFG_GROUP)
def register_auth_opts(conf, group, service_type=None): """Register session- and auth-related options Registers only basic auth options shared by all auth plugins. The rest are registered at runtime depending on auth plugin used. """ kaloading.register_session_conf_options(conf, group) kaloading.register_auth_conf_options(conf, group) if service_type: kaloading.register_adapter_conf_options(conf, group) conf.set_default('valid_interfaces', DEFAULT_VALID_INTERFACES, group=group) conf.set_default('service_type', service_type, group=group)
def register_opts(): # NOTE (froyo): just to not try to re-register options already done # by Neutron, specially in test scope, that will get a DuplicateOptError missing_opts = ovn_opts try: neutron_registered_opts = [opt for opt in cfg.CONF.ovn] missing_opts = [ opt for opt in ovn_opts if opt.name not in neutron_registered_opts ] except cfg.NoSuchOptError: LOG.info('Not found any opts under group ovn registered by Neutron') cfg.CONF.register_opts(missing_opts, group='ovn') cfg.CONF.register_opts(neutron_opts, group='neutron') ks_loading.register_auth_conf_options(cfg.CONF, 'service_auth') ks_loading.register_session_conf_options(cfg.CONF, 'service_auth')
def test_diff_section(self, m): section = uuid.uuid4().hex self.conf_fixture.config(auth_section=section, group=self.GROUP) loading.register_auth_conf_options(self.conf_fixture.conf, group=self.GROUP) self.conf_fixture.register_opts(to_oslo_opts( utils.MockLoader().get_options()), group=section) self.conf_fixture.config(group=section, auth_type=uuid.uuid4().hex, **self.TEST_VALS) a = loading.load_auth_from_conf_options(self.conf_fixture.conf, self.GROUP) self.assertTestVals(a)
def connect_gnocchi(): conf = cfg.ConfigOpts() loading.register_auth_conf_options(conf, "keystone_authtoken") loading.register_session_conf_options( conf, "keystone_authtoken", deprecated_opts={ 'cacert': [ cfg.DeprecatedOpt('os-cacert', group="keystone_authtoken"), cfg.DeprecatedOpt('os-cacert', group="DEFAULT") ] }) conf([], project='gnocchi') auth_plugin = loading.load_auth_from_conf_options(conf, "keystone_authtoken") conn_gnocchi = client.Client(session_options={'auth': auth_plugin}) return conn_gnocchi
def prepare_service(argv=None, config_files=None, conf=None): oslo_i18n.enable_lazy() if argv is None: argv = sys.argv if conf is None: conf = cfg.ConfigOpts() conf.register_opts(OPTS) log.register_options(conf) db_options.set_defaults(conf) loading.register_auth_conf_options(conf, 'keystone_authtoken') conf(argv[1:], project='nabu', validate_default_values=True, version=nabu.__version__, default_config_files=config_files) loading.load_auth_from_conf_options(conf, 'keystone_authtoken') log.setup(conf, 'nabu') return conf
def main(): cli_opts = [ cfg.StrOpt('component', short='c', choices=['neutron', 'nova', 'cinder'], help='Openstack Service to check'), cfg.StrOpt('binary', short='b', default=None, help='For neutron agent, filter for this binary'), cfg.BoolOpt('dhcp_ready', short='r', default=False, help='check that dhcp-agent has all networks synced'), ] conf = cfg.CONF conf.register_cli_opts(cli_opts) logging.basicConfig(level=logging.WARNING) ks_loading.register_auth_conf_options(conf, 'keystone_authtoken') ks_loading.register_auth_conf_options(conf, 'nova') ks_loading.register_session_conf_options(conf, 'nova') conf.register_opts(auth_opts, 'keystone_authtoken') conf.register_opts(host_opts) conf(sys.argv[1:]) if conf.component is None: # Try guessing service type tokens = conf.host.split('-') if len(tokens) > 1: try: conf.component = next(x for x in ['neutron', 'nova', 'cinder'] if x == tokens[0]) except StopIteration: logging.critical( "Error, no component mode defined, use --component") sys.exit(1) from agentliveness.agent import Liveness return Liveness(conf).check()
def delete_encryption_key(context, key_manager, encryption_key_id): try: key_manager.delete(context, encryption_key_id) except castellan_exception.ManagedObjectNotFoundError: pass except castellan_exception.KeyManagerError: LOG.info("First attempt to delete key id %s failed, retrying with " "cinder's service context.", encryption_key_id) conf = CONF ks_loading.register_auth_conf_options(conf, 'keystone_authtoken') service_context = keystone_password.KeystonePassword( password=conf.keystone_authtoken.password, auth_url=conf.keystone_authtoken.auth_url, username=conf.keystone_authtoken.username, user_domain_name=conf.keystone_authtoken.user_domain_name, project_name=conf.keystone_authtoken.project_name, project_domain_name=conf.keystone_authtoken.project_domain_name) try: castellan_key_manager.API(conf).delete(service_context, encryption_key_id) except castellan_exception.ManagedObjectNotFoundError: pass
def register_ksa_opts(conf, group, default_service_type, deprecated_opts=None): """Register keystoneauth auth, Session, and Adapter opts. :param conf: oslo_config.cfg.CONF in which to register the options :param group: Conf group, or string name thereof, in which to register the options. :param default_service_type: Default for the service_type conf option on the Adapter. :param deprecated_opts: dict of deprecated opts to register with the ksa Session or Adapter opts. See docstring for the deprecated_opts param of: keystoneauth1.loading.session.Session.register_conf_options """ # ksa register methods need the group name as a string. oslo doesn't care. group = getattr(group, 'name', group) ks_loading.register_session_conf_options( conf, group, deprecated_opts=deprecated_opts) ks_loading.register_auth_conf_options(conf, group) conf.register_opts(get_ksa_adapter_opts( default_service_type, deprecated_opts=deprecated_opts), group=group) # Have to register dummies for the version-related opts we removed for name in _ADAPTER_VERSION_OPTS: conf.register_opt(_dummy_opt(name), group=group)
def set_defaults(conf): conf.set_default('connection', 'sqlite://', group='database') conf.set_default('sqlite_synchronous', False, group='database') conf.set_default('policy_dirs', [], group='oslo_policy') conf.set_default('auth_strategy', 'noauth') conf.set_default( 'state_path', os.path.abspath( os.path.join(os.path.dirname(__file__), '..', '..', '..'))) conf.set_default('provider_config_dir', os.path.join(os.path.dirname(__file__), 'fake_providers')) loading.register_auth_conf_options(conf, 'trustee') opts = loading.get_auth_plugin_conf_options('password') conf.register_opts(opts, 'trustee') conf.set_default('auth_type', 'password', group='trustee') conf.set_default('auth_section', None, group='trustee') conf.set_default('auth_url', 'http://192.168.1.2/identity', group='trustee') conf.set_default('username', 'karbor', group='trustee') conf.set_default('password', 'password', group='trustee') conf.set_default('user_domain_id', 'default', group='trustee') conf.set_default('trigger_poll_interval', 1)
def register_common_config_options(): global _COMMON_OPTIONS_ALREADY_REGISTERED if _COMMON_OPTIONS_ALREADY_REGISTERED: return # Register the configuration options common_config.register_core_common_config_opts() # Ensure that the control exchange is set correctly oslo_messaging.set_transport_defaults(control_exchange='neutron') ks_loading.register_auth_conf_options(cfg.CONF, common_config.NOVA_CONF_SECTION) ks_loading.register_session_conf_options(cfg.CONF, common_config.NOVA_CONF_SECTION) # Register the nova configuration options common_config.register_nova_opts() ks_loading.register_auth_conf_options(cfg.CONF, common_config.PLACEMENT_CONF_SECTION) ks_loading.register_session_conf_options( cfg.CONF, common_config.PLACEMENT_CONF_SECTION) # Register the placement configuration options common_config.register_placement_opts() logging.register_options(cfg.CONF) # Register the ironic configuration options ks_loading.register_auth_conf_options(cfg.CONF, common_config.IRONIC_CONF_SECTION) ks_loading.register_session_conf_options(cfg.CONF, common_config.IRONIC_CONF_SECTION) ks_loading.register_adapter_conf_options(cfg.CONF, common_config.IRONIC_CONF_SECTION) common_config.register_ironic_opts() _COMMON_OPTIONS_ALREADY_REGISTERED = True
# distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. from keystoneauth1 import loading from keystoneauth1 import session from keystoneclient.v3 import client from oslo_config import cfg PASSWORD_PLUGIN = 'password' TRUSTEE_CONF_GROUP = 'trustee' loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP) def _config_options(): trustee_opts = loading.get_auth_common_conf_options() trustee_opts.extend(loading.get_auth_plugin_conf_options(PASSWORD_PLUGIN)) yield TRUSTEE_CONF_GROUP, trustee_opts def get_trusted_token(trust_id): """Return a Keystone token using the given trust_id.""" auth_plugin = loading.load_auth_from_conf_options( cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=trust_id) trust_session = session.Session(auth=auth_plugin) return trust_session.auth.get_access(trust_session).auth_token
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # @author: Stéphane Albert # from ceilometerclient import client as cclient from keystoneauth1 import loading as ks_loading from oslo_config import cfg from cloudkitty import collector from cloudkitty import utils as ck_utils CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector' ks_loading.register_session_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS) ks_loading.register_auth_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS) CONF = cfg.CONF class ResourceNotFound(Exception): """Raised when the resource doesn't exist.""" def __init__(self, resource_type, resource_id): super(ResourceNotFound, self).__init__( "No such resource: %s, type: %s" % (resource_id, resource_type)) self.resource_id = resource_id self.resource_type = resource_type class CeilometerResourceCacher(object): def __init__(self): self._resource_cache = {}
def register_opts(conf): conf.register_group(opt_group) conf.register_opts(opts, group=opt_group) ks_loading.register_auth_conf_options(conf, group=opt_group.name) ks_loading.register_session_conf_options(conf, group=opt_group.name)
LOG = logging.getLogger(__name__) # Note, we yield the options via list_opts to enable generation of the # sample heat.conf, but we don't register these options directly via # cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options # Note, only auth_type = v3password is expected to work, example config: # [trustee] # auth_type = password # auth_url = http://192.168.1.2:35357 # username = heat # password = password # user_domain_id = default PASSWORD_PLUGIN = 'password' TRUSTEE_CONF_GROUP = 'trustee' ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP) def list_opts(): trustee_opts = ks_loading.get_auth_common_conf_options() trustee_opts.extend( ks_loading.get_auth_plugin_conf_options(PASSWORD_PLUGIN)) yield TRUSTEE_CONF_GROUP, trustee_opts def _moved_attr(new_name): def getter(self): return getattr(self, new_name) def setter(self, value): setattr(self, new_name, value)
help='Number of cinderclient retries on failed HTTP calls.', deprecated_group='DEFAULT', deprecated_name="cinder_http_retries"), cfg.BoolOpt('api_insecure', default=False, help='Allow to perform insecure SSL requests to cinder.', deprecated_group='DEFAULT', deprecated_name="cinder_api_insecure"), ] CONF = cfg.CONF CONF.register_opts(cinder_deprecated_opts) CONF.register_opts(core_opts) CONF.register_opts(cinder_opts, CINDER_GROUP) ks_loading.register_session_conf_options(CONF, CINDER_GROUP) ks_loading.register_auth_conf_options(CONF, CINDER_GROUP) LOG = log.getLogger(__name__) def list_opts(): return client_auth.AuthClientLoader.list_opts(CINDER_GROUP) auth_obj = None def cinderclient(context): global auth_obj if not auth_obj:
def set_db_defaults(): # Update the default QueuePool parameters. These can be tweaked by the # conf variables - max_pool_size, max_overflow and pool_timeout db_options.set_defaults( cfg.CONF, connection='sqlite://', sqlite_db='', max_pool_size=10, max_overflow=20, pool_timeout=10) set_db_defaults() NOVA_CONF_SECTION = 'nova' ks_loading.register_auth_conf_options(cfg.CONF, NOVA_CONF_SECTION) ks_loading.register_session_conf_options(cfg.CONF, NOVA_CONF_SECTION) nova_opts = [ cfg.StrOpt('region_name', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), cfg.StrOpt('endpoint_type', default='public', choices=['public', 'admin', 'internal'], help=_('Type of the nova endpoint to use. This endpoint will' ' be looked up in the keystone catalog and should be' ' one of public, internal or admin.')), ] cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION)
def register_opts(conf): conf.register_group(placement_group) conf.register_opts(placement_opts, group=placement_group) ks_loading.register_session_conf_options(conf, placement_group.name) ks_loading.register_auth_conf_options(conf, placement_group.name)
def register_opts(conf): conf.register_group(ironic_group) conf.register_opts(ironic_options, group=ironic_group) ks_loading.register_auth_conf_options(conf, group=ironic_group.name) ks_loading.register_session_conf_options(conf, group=ironic_group.name)
default=os.environ.get('OS_REGION_NAME'), help='Region name to use for OpenStack service endpoints.' 'If set, will be included in plugin mappings.'), cfg.StrOpt('os-endpoint-type', default=os.environ.get('OS_ENDPOINT_TYPE', 'publicURL'), help='Type of endpoint in Identity service catalog to ' 'use for communication with OpenStack services.'), ] GROUP = "service_credentials" CONF = cfg.CONF CONF.register_opts(client_opts, group=GROUP) ka_loading.register_session_conf_options(CONF, GROUP) ka_loading.register_auth_conf_options(CONF, GROUP) _session = None NOVA_MIN_API_VERSION = '2.1' def _get_session(): global _session if not _session: auth = ka_loading.load_auth_from_conf_options(CONF, GROUP) _session = ka_loading.load_session_from_conf_options(CONF, GROUP, auth=auth) return _session
from keystoneclient.v3 import client as kc_v3 from oslo_config import cfg from oslo_log import log as logging from fuge.common import exception from fuge.common.i18n import _LE CONF = cfg.CONF CFG_GROUP = 'keystone_auth' LOG = logging.getLogger(__name__) keystone_auth_opts = (ka_loading.get_auth_common_conf_options() + ka_loading.get_auth_plugin_conf_options('password')) CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token') ka_loading.register_auth_conf_options(CONF, CFG_GROUP) ka_loading.register_session_conf_options(CONF, CFG_GROUP) CONF.set_default('auth_type', default='password', group=CFG_GROUP) class KeystoneClientV3(object): """Keystone client wrapper so we can encapsulate logic in one place.""" def __init__(self, context): self.context = context self._client = None self._session = None @property def auth_url(self): return CONF.keystone_auth.auth_uri.replace('v2.0', 'v3')
def __init__(self, app, conf): log = logging.getLogger(conf.get('log_name', __name__)) log.info(_LI('Starting Keystone auth_token middleware')) # NOTE(wanghong): If options are set in paste file, all the option # values passed into conf are string type. So, we should convert the # conf value into correct type. self._conf = _conf_values_type_convert(conf) # NOTE(sileht, cdent): If we don't want to use oslo.config global # object there are two options: set "oslo_config_project" in # paste.ini and the middleware will load the configuration with a # local oslo.config object or the caller which instantiates # AuthProtocol can pass in an existing oslo.config as the # value of the "oslo_config_config" key in conf. If both are # set "olso_config_config" is used. self._local_oslo_config = conf.get('oslo_config_config') if (not self._local_oslo_config) and ('oslo_config_project' in conf): if 'oslo_config_file' in conf: default_config_files = [conf['oslo_config_file']] else: default_config_files = None self._local_oslo_config = cfg.ConfigOpts() self._local_oslo_config( [], project=conf['oslo_config_project'], default_config_files=default_config_files, validate_default_values=True) if self._local_oslo_config: self._local_oslo_config.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP) self._local_oslo_config.register_opts(_auth.OPTS, group=_base.AUTHTOKEN_GROUP) loading.register_auth_conf_options(self._local_oslo_config, group=_base.AUTHTOKEN_GROUP) super(AuthProtocol, self).__init__( app, log=log, enforce_token_bind=self._conf_get('enforce_token_bind')) # delay_auth_decision means we still allow unauthenticated requests # through and we let the downstream service make the final decision self._delay_auth_decision = self._conf_get('delay_auth_decision') self._include_service_catalog = self._conf_get( 'include_service_catalog') self._hash_algorithms = self._conf_get('hash_algorithms') self._identity_server = self._create_identity_server() self._auth_uri = self._conf_get('auth_uri') if not self._auth_uri: self.log.warning( _LW('Configuring auth_uri to point to the public identity ' 'endpoint is required; clients may not be able to ' 'authenticate against an admin endpoint')) # FIXME(dolph): drop support for this fallback behavior as # documented in bug 1207517. self._auth_uri = self._identity_server.auth_uri self._signing_directory = _signing_dir.SigningDirectory( directory_name=self._conf_get('signing_dir'), log=self.log) self._token_cache = self._token_cache_factory() revocation_cache_timeout = datetime.timedelta( seconds=self._conf_get('revocation_cache_time')) self._revocations = _revocations.Revocations(revocation_cache_timeout, self._signing_directory, self._identity_server, self._cms_verify, self.log) self._check_revocations_for_cached = self._conf_get( 'check_revocations_for_cached')
# # @author: Stéphane Albert # from ceilometerclient import client as cclient from keystoneauth1 import loading as ks_loading from oslo_config import cfg from cloudkitty import collector from cloudkitty import utils as ck_utils CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector' ks_loading.register_session_conf_options( cfg.CONF, CEILOMETER_COLLECTOR_OPTS) ks_loading.register_auth_conf_options( cfg.CONF, CEILOMETER_COLLECTOR_OPTS) CONF = cfg.CONF class ResourceNotFound(Exception): """Raised when the resource doesn't exist.""" def __init__(self, resource_type, resource_id): super(ResourceNotFound, self).__init__( "No such resource: %s, type: %s" % (resource_id, resource_type)) self.resource_id = resource_id self.resource_type = resource_type class CeilometerResourceCacher(object):