def configure_middleware(self, auth_plugin, **kwargs): opts = auth.get_plugin_class(auth_plugin).get_options() self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP) # Since these tests cfg.config() themselves rather than waiting for # auth_token to do it on __init__ we need to register the base auth # options (e.g., auth_plugin) auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP) self.cfg.config(group=_base.AUTHTOKEN_GROUP, auth_plugin=auth_plugin, **kwargs)
def _register_opts(cls, conf): """Register keystonemiddleware options.""" options = [] keystone_opts = opts.list_auth_token_opts() for n in keystone_opts: if n[0] == cls.OPT_GROUP_NAME: options = n[1] break if cls.OPT_GROUP_NAME not in conf: conf.register_opts(options, group=cls.OPT_GROUP_NAME) auth.register_conf_options(conf, cls.OPT_GROUP_NAME) auth_token.CONF = conf
def configure_middleware(self, auth_plugin, group='keystone_authtoken', **kwargs): # NOTE(gyee): For this test suite and for the stable liberty branch # only, we will ignore deprecated calls that keystonemiddleware makes. warnings.filterwarnings('ignore', category=DeprecationWarning, module='^keystonemiddleware\\.') opts = auth.get_plugin_class(auth_plugin).get_options() self.cfg.register_opts(opts, group=group) # Since these tests cfg.config() themselves rather than waiting for # auth_token to do it on __init__ we need to register the base auth # options (e.g., auth_plugin) auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP) self.cfg.config(group=group, auth_plugin=auth_plugin, **kwargs)
def __init__(self, app, conf): log = logging.getLogger(conf.get('log_name', __name__)) log.info(_LI('Starting Keystone auth_token middleware')) # NOTE(wanghong): If options are set in paste file, all the option # values passed into conf are string type. So, we should convert the # conf value into correct type. self._conf = _conf_values_type_convert(conf) # NOTE(sileht): If we don't want to use oslo.config global object # we can set the paste "oslo_config_project" and the middleware # will load the configuration with a local oslo.config object. self._local_oslo_config = None if 'oslo_config_project' in conf: if 'oslo_config_file' in conf: default_config_files = [conf['oslo_config_file']] else: default_config_files = None # For unit tests, support passing in a ConfigOpts in # oslo_config_config. self._local_oslo_config = conf.get('oslo_config_config', cfg.ConfigOpts()) self._local_oslo_config({}, project=conf['oslo_config_project'], default_config_files=default_config_files, validate_default_values=True) self._local_oslo_config.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP) auth.register_conf_options(self._local_oslo_config, group=_base.AUTHTOKEN_GROUP) super(AuthProtocol, self).__init__( app, log=log, enforce_token_bind=self._conf_get('enforce_token_bind')) # delay_auth_decision means we still allow unauthenticated requests # through and we let the downstream service make the final decision self._delay_auth_decision = self._conf_get('delay_auth_decision') self._include_service_catalog = self._conf_get( 'include_service_catalog') self._hash_algorithms = self._conf_get('hash_algorithms') self._identity_server = self._create_identity_server() self._auth_uri = self._conf_get('auth_uri') if not self._auth_uri: self.log.warning( _LW('Configuring auth_uri to point to the public identity ' 'endpoint is required; clients may not be able to ' 'authenticate against an admin endpoint')) # FIXME(dolph): drop support for this fallback behavior as # documented in bug 1207517. self._auth_uri = self._identity_server.auth_uri self._signing_directory = _signing_dir.SigningDirectory( directory_name=self._conf_get('signing_dir'), log=self.log) self._token_cache = self._token_cache_factory() revocation_cache_timeout = datetime.timedelta( seconds=self._conf_get('revocation_cache_time')) self._revocations = _revocations.Revocations(revocation_cache_timeout, self._signing_directory, self._identity_server, self._cms_verify, self.log) self._check_revocations_for_cached = self._conf_get( 'check_revocations_for_cached')
# @author: Stéphane Albert # from ceilometerclient import client as cclient from keystoneclient import auth as ks_auth from keystoneclient import session as ks_session from oslo_config import cfg from cloudkitty import collector from cloudkitty import utils as ck_utils CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector' ks_session.Session.register_conf_options( cfg.CONF, CEILOMETER_COLLECTOR_OPTS) ks_auth.register_conf_options( cfg.CONF, CEILOMETER_COLLECTOR_OPTS) CONF = cfg.CONF class ResourceNotFound(Exception): """Raised when the resource doesn't exist.""" def __init__(self, resource_type, resource_id): super(ResourceNotFound, self).__init__( "No such resource: %s, type: %s" % (resource_id, resource_type)) self.resource_id = resource_id self.resource_type = resource_type class CeilometerResourceCacher(object):
# Update the default QueuePool parameters. These can be tweaked by the # conf variables - max_pool_size, max_overflow and pool_timeout db_options.set_defaults(cfg.CONF, connection='sqlite://', sqlite_db='', max_pool_size=10, max_overflow=20, pool_timeout=10) set_db_defaults() NOVA_CONF_SECTION = 'nova' ks_session.Session.register_conf_options(cfg.CONF, NOVA_CONF_SECTION) auth.register_conf_options(cfg.CONF, NOVA_CONF_SECTION) nova_opts = [ cfg.StrOpt('region_name', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), ] cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION) logging.register_options(cfg.CONF) def init(args, **kwargs): cfg.CONF(args=args, project='neutron', version='%%(prog)s %s' % version.version_info.release_string(),
def __init__(self): self._session = None self.region_name = CONF.auth_region ksauth.register_conf_options(CONF, 'keystone_authtoken')
from keystoneclient import auth as ks_auth from keystoneclient.auth.identity import v2 as v2_auth from keystoneclient import session as ks_session from oslo_config import cfg from tacker.api.v1 import attributes from tacker.i18n import _LE, _LW from tacker.openstack.common import log as logging from tacker.vm.drivers import abstract_driver LOG = logging.getLogger(__name__) CONF = cfg.CONF NOVA_API_VERSION = "2" SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova' ks_session.Session.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION) ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION) OPTS = [ cfg.StrOpt('region_name', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), ] CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION) _NICS = 'nics' # converted by novaclient => 'networks' _NET_ID = 'net-id' # converted by novaclient => 'uuid' _PORT_ID = 'port-id' # converted by novaclient => 'port' _FILES = 'files' class DefaultAuthPlugin(v2_auth.Password): """A wrapper around standard v2 user/pass to handle bypass url.
default='2.1', help='The compute API (micro)version, the provided ' 'compute API (micro)version should be not smaller ' 'than 2.1 and not larger than the max supported ' 'Compute API microversion. The current supported ' 'Compute API versions can be checked using: ' 'nova version-list.') GROUP = "service_credentials" cfg.CONF.register_opts(client_opts, group=GROUP) cfg.CONF.register_opt(compute_api_version, group="service_credentials:nova") ks_session.Session.register_conf_options(cfg.CONF, GROUP) ks_auth.register_conf_options(cfg.CONF, GROUP) _session = None NOVA_MIN_API_VERSION = '2.1' def _get_session(): global _session if not _session: auth = ks_auth.load_from_conf_options(cfg.CONF, GROUP) _session = ks_session.Session.load_from_conf_options( cfg.CONF, GROUP) _session.auth = auth return _session
from neutron.extensions import portbindings from neutron.extensions import servicevm as sv from neutron.plugins.common import constants from neutron.openstack.common.gettextutils import _LI, _LW from neutron.openstack.common import log as logging from neutron.services.vm.drivers import abstract_driver LOG = logging.getLogger(__name__) CONF = cfg.CONF NOVA_API_VERSION = "2" SERVICEVM_NOVA_CONF_SECTION = 'servicevm_nova' a = ks_session.Session() a.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION) ks_auth.register_conf_options(cfg.CONF, SERVICEVM_NOVA_CONF_SECTION) OPTS = [ cfg.StrOpt('region_name', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), ] CONF.register_opts(OPTS, group=SERVICEVM_NOVA_CONF_SECTION) SVM_OPTS = [ cfg.StrOpt('mgmt_network_name_id', default="manage_network", help=_("Manager network name or id")), cfg.StrOpt('mgmt_subnet_name_id', default="manage_subent", help=_("Manager subnet name or id")),
default=os.environ.get('OS_REGION_NAME'), help='Region name to use for OpenStack service endpoints.'), cfg.StrOpt('os-endpoint-type', default=os.environ.get('OS_ENDPOINT_TYPE', 'publicURL'), help='Type of endpoint in Identity service catalog to ' 'use for communication with OpenStack services.'), ] GROUP = "service_credentials" cfg.CONF.register_opts(client_opts, group=GROUP) ks_session.Session.register_conf_options(cfg.CONF, GROUP) ks_auth.register_conf_options(cfg.CONF, GROUP) _session = None def _get_session(): global _session if not _session: auth = ks_auth.load_from_conf_options(cfg.CONF, GROUP) _session = ks_session.Session.load_from_conf_options( cfg.CONF, GROUP) _session.auth = auth return _session
from keystoneclient import session as ksc_session from keystoneclient.v3 import client as ksc_client from oslo_config import cfg from oslo_log import log as logging LOG = logging.getLogger(__name__) # REVISIT(rkukura): We use keystone to get the name of the keystone # project owning each neutron resource, which by default, requires # admin. If we keep this, we should probably move it to a separate # config module. But we should also investigate whether admin is even # needed, or if neutron's credentials could somehow be used. AUTH_GROUP = 'apic_aim_auth' ksc_session.Session.register_conf_options(cfg.CONF, AUTH_GROUP) ksc_auth.register_conf_options(cfg.CONF, AUTH_GROUP) class ProjectDetailsCache(object): """Cache of Keystone project ID to project details mappings.""" def __init__(self): self.project_details = {} self.keystone = None self.gbp = None self.enable_neutronclient_internal_ep_interface = ( cfg.CONF.ml2_apic_aim.enable_neutronclient_internal_ep_interface) def _get_keystone_client(self): # REVISIT: It seems load_from_conf_options() and # keystoneclient auth plugins have been deprecated, and we
# License for the specific language governing permissions and limitations # under the License. # # @author: Stéphane Albert # from ceilometerclient import client as cclient from keystoneclient import auth as ks_auth from keystoneclient import session as ks_session from oslo_config import cfg from cloudkitty import collector from cloudkitty import utils as ck_utils CEILOMETER_COLLECTOR_OPTS = 'ceilometer_collector' ks_session.Session.register_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS) ks_auth.register_conf_options(cfg.CONF, CEILOMETER_COLLECTOR_OPTS) CONF = cfg.CONF class ResourceNotFound(Exception): """Raised when the resource doesn't exist.""" def __init__(self, resource_type, resource_id): super(ResourceNotFound, self).__init__( "No such resource: %s, type: %s" % (resource_id, resource_type)) self.resource_id = resource_id self.resource_type = resource_type class CeilometerResourceCacher(object): def __init__(self): self._resource_cache = {}
def __init__(self, app, conf): # tomograph.start("AuthProtocol", "init", "127.0.0.1", 0) log = logging.getLogger(conf.get("log_name", __name__)) log.info(_LI("Starting Keystone auth_token middleware")) # NOTE(wanghong): If options are set in paste file, all the option # values passed into conf are string type. So, we should convert the # conf value into correct type. self._conf = _conf_values_type_convert(conf) # NOTE(sileht): If we don't want to use oslo.config global object # we can set the paste "oslo_config_project" and the middleware # will load the configuration with a local oslo.config object. self._local_oslo_config = None if "oslo_config_project" in conf: if "oslo_config_file" in conf: default_config_files = [conf["oslo_config_file"]] else: default_config_files = None self._local_oslo_config = cfg.ConfigOpts() self._local_oslo_config( {}, project=conf["oslo_config_project"], default_config_files=default_config_files, validate_default_values=True, ) self._local_oslo_config.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP) auth.register_conf_options(self._local_oslo_config, group=_base.AUTHTOKEN_GROUP) # tomograph.annotate("call super", "AuthProtocol") super(AuthProtocol, self).__init__(app, log=log, enforce_token_bind=self._conf_get("enforce_token_bind")) # delay_auth_decision means we still allow unauthenticated requests # through and we let the downstream service make the final decision self._delay_auth_decision = self._conf_get("delay_auth_decision") self._include_service_catalog = self._conf_get("include_service_catalog") self._hash_algorithms = self._conf_get("hash_algorithms") # tomograph.annotate("create identity server", "AuthProtocol") self._identity_server = self._create_identity_server() self._auth_uri = self._conf_get("auth_uri") if not self._auth_uri: self.log.warning( _LW( "Configuring auth_uri to point to the public identity " "endpoint is required; clients may not be able to " "authenticate against an admin endpoint" ) ) # FIXME(dolph): drop support for this fallback behavior as # documented in bug 1207517. self._auth_uri = self._identity_server.auth_uri self._signing_directory = _signing_dir.SigningDirectory( directory_name=self._conf_get("signing_dir"), log=self.log ) self._token_cache = self._token_cache_factory() revocation_cache_timeout = datetime.timedelta(seconds=self._conf_get("revocation_cache_time")) self._revocations = _revocations.Revocations( revocation_cache_timeout, self._signing_directory, self._identity_server, self._cms_verify, self.log ) self._check_revocations_for_cached = self._conf_get("check_revocations_for_cached")
from keystoneclient import session as ksc_session from keystoneclient.v3 import client as ksc_client from oslo_config import cfg from oslo_log import log as logging LOG = logging.getLogger(__name__) # REVISIT(rkukura): We use keystone to get the name of the keystone # project owning each neutron resource, which by default, requires # admin. If we keep this, we should probably move it to a separate # config module. But we should also investigate whether admin is even # needed, or if neutron's credentials could somehow be used. AUTH_GROUP = 'apic_aim_auth' ksc_session.Session.register_conf_options(cfg.CONF, AUTH_GROUP) ksc_auth.register_conf_options(cfg.CONF, AUTH_GROUP) class ProjectNameCache(object): """Cache of Keystone project ID to project name mappings.""" def __init__(self): self.project_names = {} self.keystone = None self.gbp = None def _get_keystone_client(self): # REVISIT: It seems load_from_conf_options() and # keystoneclient auth plugins have been deprecated, and we # should use keystoneauth instead. LOG.debug("Getting keystone client")
def __init__(self, app, conf): log = logging.getLogger(conf.get('log_name', __name__)) log.info(_LI('Starting Keystone auth_token middleware')) # NOTE(wanghong): If options are set in paste file, all the option # values passed into conf are string type. So, we should convert the # conf value into correct type. self._conf = _conf_values_type_convert(conf) # NOTE(sileht): If we don't want to use oslo.config global object # we can set the paste "oslo_config_project" and the middleware # will load the configuration with a local oslo.config object. self._local_oslo_config = None if 'oslo_config_project' in conf: if 'oslo_config_file' in conf: default_config_files = [conf['oslo_config_file']] else: default_config_files = None # For unit tests, support passing in a ConfigOpts in # oslo_config_config. self._local_oslo_config = conf.get('oslo_config_config', cfg.ConfigOpts()) self._local_oslo_config( {}, project=conf['oslo_config_project'], default_config_files=default_config_files, validate_default_values=True) self._local_oslo_config.register_opts( _OPTS, group=_base.AUTHTOKEN_GROUP) auth.register_conf_options(self._local_oslo_config, group=_base.AUTHTOKEN_GROUP) super(AuthProtocol, self).__init__( app, log=log, enforce_token_bind=self._conf_get('enforce_token_bind')) # delay_auth_decision means we still allow unauthenticated requests # through and we let the downstream service make the final decision self._delay_auth_decision = self._conf_get('delay_auth_decision') self._include_service_catalog = self._conf_get( 'include_service_catalog') self._hash_algorithms = self._conf_get('hash_algorithms') self._identity_server = self._create_identity_server() self._auth_uri = self._conf_get('auth_uri') if not self._auth_uri: self.log.warning( _LW('Configuring auth_uri to point to the public identity ' 'endpoint is required; clients may not be able to ' 'authenticate against an admin endpoint')) # FIXME(dolph): drop support for this fallback behavior as # documented in bug 1207517. self._auth_uri = self._identity_server.auth_uri self._signing_directory = _signing_dir.SigningDirectory( directory_name=self._conf_get('signing_dir'), log=self.log) self._token_cache = self._token_cache_factory() revocation_cache_timeout = datetime.timedelta( seconds=self._conf_get('revocation_cache_time')) self._revocations = _revocations.Revocations(revocation_cache_timeout, self._signing_directory, self._identity_server, self._cms_verify, self.log) self._check_revocations_for_cached = self._conf_get( 'check_revocations_for_cached')
), cfg.StrOpt( "identity_uri", default=None, help="Complete admin Identity API endpoint. This " "should specify the unversioned root endpoint " "e.g. https://localhost:35357/", ), cfg.StrOpt( "admin_token", secret=True, help="This option is deprecated and may be removed in " "a future release. Single shared secret with the " "Keystone configuration used for bootstrapping a " "Keystone installation, or otherwise bypassing " "the normal authentication process. This option " "should not be used, use `admin_user` and " "`admin_password` instead.", ), cfg.StrOpt("admin_user", help="Service username."), cfg.StrOpt("admin_password", secret=True, help="Service user password."), cfg.StrOpt("admin_tenant_name", default="admin", help="Service tenant name."), ] ) return options auth.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP) AuthTokenPlugin.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
from keystoneclient import client as kclient from keystoneclient import session as ks_session from oslo_config import cfg from cloudkitty import tenant_fetcher KEYSTONE_FETCHER_OPTS = 'keystone_fetcher' keystone_fetcher_opts = [ cfg.StrOpt('keystone_version', default='2', help='Keystone version to use.'), ] cfg.CONF.register_opts(keystone_fetcher_opts, KEYSTONE_FETCHER_OPTS) ks_session.Session.register_conf_options(cfg.CONF, KEYSTONE_FETCHER_OPTS) ks_auth.register_conf_options(cfg.CONF, KEYSTONE_FETCHER_OPTS) CONF = cfg.CONF class KeystoneFetcher(tenant_fetcher.BaseFetcher): """Keystone tenants fetcher.""" def __init__(self): self.auth = ks_auth.load_from_conf_options(CONF, KEYSTONE_FETCHER_OPTS) self.session = ks_session.Session.load_from_conf_options( CONF, KEYSTONE_FETCHER_OPTS, auth=self.auth) self.admin_ks = kclient.Client( version=CONF.keystone_fetcher.keystone_version, session=self.session, auth_url=self.auth.auth_url) def get_tenants(self):
default='http://127.0.0.1:2704', help='URL for connecting to gluon'), cfg.StrOpt('region_name', help='Region name for connecting to gluon in admin context'), ] OPT_GROUP = 'gluon' CONF = cfg.CONF CONF.register_opts(opts, OPT_GROUP) deprecations = {} session.Session.register_conf_options(CONF, OPT_GROUP, deprecated_opts=deprecations) auth.register_conf_options(CONF, OPT_GROUP) LOG = logging.getLogger(__name__) # NOTE: these classes are practically speaking unneeded, but I've put them here for two reasons: # 1. as a list of ABCs that this interface probably ought to support so that we can do better in # Nova when the feature is not supported by the network plugin # 2. as a documented list of functions I've actively not implemented (so that you know I've made # a choice rather than forgotten them) # We should, in theory, have implemented every function of the base API model. It could, therefore, # be converted to an ABC that expects complete implementation. class NoNetworkSupportMixin(object): def _err(self): raise NotImplementedError("No L2 network support when using Gluon - use the backend")
from keystoneclient import auth as ks_auth from keystoneclient.auth.identity import v2 as v2_auth from keystoneclient import session as ks_session from oslo_config import cfg from tacker.api.v1 import attributes from tacker.i18n import _LE, _LW from tacker.openstack.common import log as logging from tacker.vm.drivers import abstract_driver LOG = logging.getLogger(__name__) CONF = cfg.CONF NOVA_API_VERSION = "2" TACKER_NOVA_CONF_SECTION = 'tacker_nova' ks_session.Session.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION) ks_auth.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION) OPTS = [ cfg.StrOpt('region_name', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), ] CONF.register_opts(OPTS, group=TACKER_NOVA_CONF_SECTION) _NICS = 'nics' # converted by novaclient => 'networks' _NET_ID = 'net-id' # converted by novaclient => 'uuid' _PORT_ID = 'port-id' # converted by novaclient => 'port' _FILES = 'files' class DefaultAuthPlugin(v2_auth.Password): """A wrapper around standard v2 user/pass to handle bypass url.
'(http or https). Deprecated, use identity_uri.'), cfg.StrOpt('identity_uri', default=None, help='Complete admin Identity API endpoint. This ' 'should specify the unversioned root endpoint ' 'e.g. https://localhost:35357/'), cfg.StrOpt('admin_token', secret=True, help='This option is deprecated and may be removed in ' 'a future release. Single shared secret with the ' 'Keystone configuration used for bootstrapping a ' 'Keystone installation, or otherwise bypassing ' 'the normal authentication process. This option ' 'should not be used, use `admin_user` and ' '`admin_password` instead.'), cfg.StrOpt('admin_user', help='Service username.'), cfg.StrOpt('admin_password', secret=True, help='Service user password.'), cfg.StrOpt('admin_tenant_name', default='admin', help='Service tenant name.'), ]) return options auth.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP) AuthTokenPlugin.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
LOG = logging.getLogger(__name__) # Note, we yield the options via list_opts to enable generation of the # sample king.conf, but we don't register these options directly via # cfg.CONF.register*, it's done via auth.register_conf_options # Note, only auth_plugin = v3password is expected to work, example config: # [trustee] # auth_plugin = password # auth_url = http://192.168.1.2:35357 # username = king # password = password # user_domain_id = default V3_PASSWORD_PLUGIN = 'v3password' TRUSTEE_CONF_GROUP = 'trustee' auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP) def list_opts(): trustee_opts = auth.conf.get_common_conf_options() trustee_opts.extend(auth.conf.get_plugin_options(V3_PASSWORD_PLUGIN)) yield TRUSTEE_CONF_GROUP, trustee_opts class RequestContext(context.RequestContext): """Stores information about the security context. Under the security context the user accesses the system, as well as additional request information. """
from keystoneclient import session as ks_session from oslo_config import cfg from oslo_log import log as logging from oslo_log import versionutils from six import iteritems from tacker.api.v1 import attributes from tacker._i18n import _LE, _LW from tacker.vnfm.infra_drivers import abstract_driver LOG = logging.getLogger(__name__) CONF = cfg.CONF NOVA_API_VERSION = "2" TACKER_NOVA_CONF_SECTION = 'tacker_nova' ks_session.Session.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION) ks_auth.register_conf_options(cfg.CONF, TACKER_NOVA_CONF_SECTION) OPTS = [ cfg.StrOpt('region_name', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), ] CONF.register_opts(OPTS, group=TACKER_NOVA_CONF_SECTION) _NICS = 'nics' # converted by novaclient => 'networks' _NET_ID = 'net-id' # converted by novaclient => 'uuid' _PORT_ID = 'port-id' # converted by novaclient => 'port' _FILES = 'files' class DefaultAuthPlugin(v2_auth.Password): """A wrapper around standard v2 user/pass to handle bypass url.
from oslo_config import cfg from cloudkitty import tenant_fetcher KEYSTONE_FETCHER_OPTS = 'keystone_fetcher' keystone_fetcher_opts = [ cfg.StrOpt('keystone_version', default='2', help='Keystone version to use.'), ] cfg.CONF.register_opts(keystone_fetcher_opts, KEYSTONE_FETCHER_OPTS) ks_session.Session.register_conf_options( cfg.CONF, KEYSTONE_FETCHER_OPTS) ks_auth.register_conf_options( cfg.CONF, KEYSTONE_FETCHER_OPTS) CONF = cfg.CONF class KeystoneFetcher(tenant_fetcher.BaseFetcher): """Keystone tenants fetcher.""" def __init__(self): self.auth = ks_auth.load_from_conf_options( CONF, KEYSTONE_FETCHER_OPTS) self.session = ks_session.Session.load_from_conf_options( CONF, KEYSTONE_FETCHER_OPTS, auth=self.auth)
from oslo_utils import timeutils from conveyor.common import local from conveyor.conveyorheat.common import endpoint_utils from conveyor.conveyorheat.common import exception as heat_exc from conveyor.conveyorheat.engine import clients from conveyor.db import api as db_api from conveyor import exception from conveyor.i18n import _ from conveyor.i18n import _LE from conveyor.i18n import _LW LOG = logging.getLogger(__name__) TRUSTEE_CONF_GROUP = 'trustee' auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP) def generate_request_id(): return 'req-' + str(uuid.uuid4()) class RequestContext(object): """Security context and request information. Represents the user taking a given action within the system. """ def __init__(self, user_id, project_id, is_admin=None, read_deleted="no", roles=None, remote_address=None, timestamp=None,
# Update the default QueuePool parameters. These can be tweaked by the # configuration variables - max_pool_size, max_overflow and pool_timeout db_options.set_defaults(cfg.CONF, connection=_SQL_CONNECTION_DEFAULT, sqlite_db='', max_pool_size=10, max_overflow=20, pool_timeout=10) NOVA_CONF_SECTION = 'nova' nova_deprecated_opts = { 'cafile': [cfg.DeprecatedOpt('nova_ca_certificates_file', 'DEFAULT')], 'insecure': [cfg.DeprecatedOpt('nova_api_insecure', 'DEFAULT')], } ks_session.Session.register_conf_options(cfg.CONF, NOVA_CONF_SECTION, deprecated_opts=nova_deprecated_opts) auth.register_conf_options(cfg.CONF, NOVA_CONF_SECTION) nova_opts = [ cfg.StrOpt('region_name', deprecated_name='nova_region_name', deprecated_group='DEFAULT', help=_('Name of nova region to use. Useful if keystone manages' ' more than one region.')), ] cfg.CONF.register_opts(nova_opts, group=NOVA_CONF_SECTION) logging.register_options(cfg.CONF) def init(args, **kwargs): cfg.CONF(args=args, project='neutron',
help='URL for connecting to gluon'), cfg.StrOpt('region_name', help='Region name for connecting to gluon in admin context'), ] OPT_GROUP = 'gluon' CONF = cfg.CONF CONF.register_opts(opts, OPT_GROUP) deprecations = {} session.Session.register_conf_options(CONF, OPT_GROUP, deprecated_opts=deprecations) auth.register_conf_options(CONF, OPT_GROUP) LOG = logging.getLogger(__name__) # NOTE: these classes are practically speaking unneeded, but I've put them here for two reasons: # 1. as a list of ABCs that this interface probably ought to support so that we can do better in # Nova when the feature is not supported by the network plugin # 2. as a documented list of functions I've actively not implemented (so that you know I've made # a choice rather than forgotten them) # We should, in theory, have implemented every function of the base API model. It could, therefore, # be converted to an ABC that expects complete implementation. class NoNetworkSupportMixin(object): def _err(self): raise NotImplementedError(