Change [1] removed SSLMiddleware from code but
missed removal of oslo-config namespace, this
patch cleans it up.
[1] https://review.openstack.org/#/c/506900/
Change-Id: Ibeeece25a13706e3ce0b58dbb9746090d881b909
This corrects the entrypoint for heat_keystoneclient so that
oslo-config-generator can find it.
Change-Id: I366589c30626232771714394ed6d9353db6f04ba
Closes-Bug: #1711445
Some time ago, we added support for a new "trustee" config section,
aimed at allowing independent configuration of the credentials used
to obtain trust-scoped tokens for deferred authentication. One of the
main reasons for this was to avoid incorrectly using the keystone
auth_token section, and as such a deprecation warning was added when
we fall back to using that config section for heat.
Unfortunately we didn't capture this new section in the sample config
because it's registered via keystoneclient.auth, so this adds support
for this section to the sample config generated via tox -e genconfig,
and adds some notes clarifying usage to the auth_plugin option.
To move to the new config syntax, but maintain the current behavior,
which is to delegate to the heat service user, you can add this section
to your heat.conf
[trustee]
auth_plugin = password
auth_url = http://<keystone hostname or IP>:35357
username = heat
password = password
user_domain_id = default
The generated config documents many more options, all of those supported
by the keystoneclient v3 Password auth plugin, but these are the minimum
to enable delegation to the heat service user in the default domain.
In new deployments this could be set to some other user (such as one created
in the heat domain), but note that the trustee should not be changed for
existing deployments where stacks exist, as the trust stored inside heat
defines a relationship between the stack owner (trustor) and a specific
trustee (which will be the heat service user if the deployment is using
the deprecated path that steals credentials from keystone auth_token).
Change-Id: I30aeb765a2246ce54b10972ae7187655d85cde1f
Partial-Bug: #1300246
This adds the CORS support middleware to Heat, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.
For heat, the paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate responses created
by keystonemiddleware. If the middleware were explicitly included
as in the previous patch, keystone would reject the request before
the cross-domain headers could be annotated, resulting in an
error response that was unreadable by the user agent.
OpenStack CrossProject Spec:
http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html docimpact
Change-Id: I185f0d9f85617dd2f482cac4994ccc0a4cb6cf16
Patch #196106 has added oslo.service.service to the config generator
configuration file. However, due to problems in oslo.service, there are
still two modules missing for configuration generation.
This patch adds another two modules that contain config options from the
oslo.service package.
Change-Id: I7bb823f62bf9125bbd9cf071b5acb3f59f997c66
Closes-Bug: 1468955
Use oslo.service.service entry point to generate a sample configuration
file. oslo.service library doesn't have an oslo.service entry point.
Change-Id: Ibb6872dd8e19ec15d72a174d94ca64b7aa489d36
Closes-Bug: 1468955
After commit 4154ce7578de5cedf41b130e9026710e5d393422, it is no
longer possible to generate heat.conf because
heat.openstack.common.policy was still listed in
config-generator.conf
Change-Id: Ib81e8f3b4b80f51025ccda1173b03f6f65387b62
The oslo-incubator log modlule has been removed, so port to the oslo_log
library. Note this uses the new (non namespaced, e.g oslo.log) import
convention, we'll need to align other imports in a future commit.
Some import reordering was required due to pedantic H30[57] checks, and
the services have all been converted to initialize the oslo_log library
as this is done differently to the log.py in incubator.
Change-Id: Ib5a97123fe1b287bc531e42d7887c13ba6205628
Replace usage of old incubator configuration generator by the
oslo.config tool.
tools/config/generate_sample.sh has been replaced by tox -egenconfig.
heat_integrationtests/generate_sample.sh has been replaced by
oslo-config-generator
--config-file=heat_integrationtests/config-generator.conf
Change-Id: I6d95df203b556c8ec2088d40a446427f7087b9a7