openstack/ironic-inspector
Code Issues Proposed changes
25c5a774e3
ironic-inspector/ironic_inspector/common/keystone.py
Pavlo Shchelokovskyy 35f332539d Use keystoneauth for Ironic and Swift clients 
This patch does not change the options in config file yet to showcase
backward compatibility with old config options.

Change-Id: I1da93b59b2f4813c42008277bd6479dc6673e7f1
2016-03-25 13:08:15 +02:00

130 lines
4.5 KiB
Python
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import copy
from keystoneauth1 import exceptions
from keystoneauth1 import loading
from oslo_config import cfg
from oslo_log import log
from six.moves.urllib import parse # for legacy options loading only
from ironic_inspector.common.i18n import _LW
CONF = cfg.CONF
LOG = log.getLogger(__name__)
def register_auth_opts(group):
loading.register_session_conf_options(CONF, group)
loading.register_auth_conf_options(CONF, group)
CONF.set_default('auth_type', default='password', group=group)
def get_session(group, legacy_mapping=None, legacy_auth_opts=None):
auth = _get_auth(group, legacy_mapping, legacy_auth_opts)
session = loading.load_session_from_conf_options(
CONF, group, auth=auth)
return session
def _get_auth(group, legacy_mapping=None, legacy_opts=None):
try:
auth = loading.load_auth_from_conf_options(CONF, group)
except exceptions.MissingRequiredOptions:
auth = _get_legacy_auth(group, legacy_mapping, legacy_opts)
else:
if auth is None:
auth = _get_legacy_auth(group, legacy_mapping, legacy_opts)
return auth
def _get_legacy_auth(group, legacy_mapping, legacy_opts):
"""Load auth plugin from legacy options.
If legacy_opts is not empty, these options will be registered first.
legacy_mapping is a dict that maps the following keys to legacy option
names:
auth_url
username
password
tenant_name
"""
LOG.warning(_LW("Group [%s]: Using legacy auth loader is deprecated. "
"Consider specifying appropriate keystone auth plugin as "
"'auth_type' and corresponding plugin options."), group)
if legacy_opts:
for opt in legacy_opts:
try:
CONF.register_opt(opt, group=group)
except cfg.DuplicateOptError:
pass
conf = getattr(CONF, group)
auth_params = {a: getattr(conf, legacy_mapping[a])
for a in legacy_mapping}
legacy_loader = loading.get_plugin_loader('password')
# NOTE(pas-ha) only Swift had this option, take it into account
try:
auth_version = conf.get('os_auth_version')
except cfg.NoSuchOptError:
auth_version = None
# NOTE(pas-ha) mimic defaults of keystoneclient
if _is_apiv3(auth_params['auth_url'], auth_version):
auth_params.update({
'project_domain_id': 'default',
'user_domain_id': 'default'})
return legacy_loader.load_from_options(**auth_params)
# NOTE(pas-ha): for backward compat with legacy options loading only
def _is_apiv3(auth_url, auth_version):
"""Check if V3 version of API is being used or not.
This method inspects auth_url and auth_version, and checks whether V3
version of the API is being used or not.
When no auth_version is specified and auth_url is not a versioned
endpoint, v2.0 is assumed.
:param auth_url: a http or https url to be inspected (like
'http://127.0.0.1:9898/').
:param auth_version: a string containing the version (like 'v2', 'v3.0')
or None
:returns: True if V3 of the API is being used.
"""
return (auth_version in ('v3.0', '3') or
'/v3' in parse.urlparse(auth_url).path)
def add_auth_options(options, group):
def add_options(opts, opts_to_add):
for new_opt in opts_to_add:
for opt in opts:
if opt.name == new_opt.name:
break
else:
opts.append(new_opt)
opts = copy.deepcopy(options)
opts.insert(0, loading.get_auth_common_conf_options()[0])
# NOTE(dims): There are a lot of auth plugins, we just generate
# the config options for a few common ones
plugins = ['password', 'v2password', 'v3password']
for name in plugins:
plugin = loading.get_plugin_loader(name)
add_options(opts, loading.get_auth_plugin_conf_options(plugin))
add_options(opts, loading.get_session_conf_options())
opts.sort(key=lambda x: x.name)
return [(group, opts)]
View Git Blame Copy Permalink