openstack/mistral
Code Issues Proposed changes

Add authentication options for KeyCloak OIDC

Browse Source 
Change-Id: I3126cc5fcc42f6ad6f8eb2daa0d30e032b54bcae
This commit is contained in:
Renat Akhmerov 2016-07-01 17:42:53 +07:00
parent 164a504dec
commit d29a6dcfbb
1 changed files with 47 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
mistral/config.py
View File

@ -28,6 +28,7 @@ from osprofiler import opts as profiler
from mistral import version
# Options under default group.
launch_opt = cfg.ListOpt(
'server',
default=['all'],
@ -36,6 +37,27 @@ launch_opt = cfg.ListOpt(
'api, engine, and executor.'
)
wf_trace_log_name_opt = cfg.StrOpt(
'workflow_trace_log_name',
default='workflow_trace',
help='Logger name for pretty workflow trace output.'
)
use_debugger_opt = cfg.BoolOpt(
'use-debugger',
default=False,
help='Enables debugger. Note that using this option changes how the '
'eventlet library is used to support async IO. This could result '
'in failures that do not occur under normal operation. '
'Use at your own risk.'
)
auth_type_opt = cfg.StrOpt(
'auth_type',
default='keystone',
help='Authentication type (valid options: keystone, keycloak-oidc)'
)
api_opts = [
cfg.StrOpt('host', default='0.0.0.0', help='Mistral API server host'),
cfg.PortOpt('port', default=8989, help='Mistral API server port'),
@ -87,15 +109,6 @@ pecan_opts = [
)
]
use_debugger = cfg.BoolOpt(
"use-debugger",
default=False,
help='Enables debugger. Note that using this option changes how the '
'eventlet library is used to support async IO. This could result '
'in failures that do not occur under normal operation. '
'Use at your own risk.'
)
engine_opts = [
cfg.StrOpt('engine', default='default', help='Mistral engine plugin'),
cfg.StrOpt(
@ -157,13 +170,6 @@ execution_expiration_policy_opts = [
)
]
wf_trace_log_name_opt = cfg.StrOpt(
'workflow_trace_log_name',
default='workflow_trace',
help='Logger name for pretty '
'workflow trace output.'
)
coordination_opts = [
cfg.StrOpt(
'backend_url',
@ -186,6 +192,14 @@ profiler_opts.append(
)
keycloak_oidc_opts = [
cfg.StrOpt(
'auth_url',
help='Keycloak base url (e.g. https://my.keycloak:8443/auth)'
)
]
CONF = cfg.CONF
API_GROUP = 'api'
@ -195,25 +209,36 @@ PECAN_GROUP = 'pecan'
COORDINATION_GROUP = 'coordination'
EXECUTION_EXPIRATION_POLICY_GROUP = 'execution_expiration_policy'
PROFILER_GROUP = profiler.list_opts()[0][0]
KEYCLOAK_OIDC_GROUP = "keycloak_oidc"
CONF.register_opt(wf_trace_log_name_opt)
CONF.register_opt(auth_type_opt)
CONF.register_opts(api_opts, group=API_GROUP)
CONF.register_opts(engine_opts, group=ENGINE_GROUP)
CONF.register_opts(pecan_opts, group=PECAN_GROUP)
CONF.register_opts(executor_opts, group=EXECUTOR_GROUP)
CONF.register_opts(execution_expiration_policy_opts,
group=EXECUTION_EXPIRATION_POLICY_GROUP)
CONF.register_opt(wf_trace_log_name_opt)
CONF.register_opts(
execution_expiration_policy_opts,
group=EXECUTION_EXPIRATION_POLICY_GROUP
)
CONF.register_opts(coordination_opts, group=COORDINATION_GROUP)
CONF.register_opts(profiler_opts, group=PROFILER_GROUP)
CONF.register_opt(rpc_impl_opt)
CONF.register_opts(keycloak_oidc_opts, group=KEYCLOAK_OIDC_GROUP)
CONF.register_opt(os_endpoint_type)
CLI_OPTS = [
use_debugger,
use_debugger_opt,
launch_opt
]
default_group_opts = itertools.chain(
CLI_OPTS,
[wf_trace_log_name_opt, auth_type_opt, rpc_impl_opt, os_endpoint_type]
)
CONF.register_cli_opts(CLI_OPTS)
_DEFAULT_LOG_LEVELS = [
@ -239,14 +264,8 @@ def list_opts():
(COORDINATION_GROUP, coordination_opts),
(EXECUTION_EXPIRATION_POLICY_GROUP, execution_expiration_policy_opts),
(PROFILER_GROUP, profiler_opts),
(None, itertools.chain(
CLI_OPTS,
[
wf_trace_log_name_opt,
rpc_impl_opt,
os_endpoint_type,
]
))
(KEYCLOAK_OIDC_GROUP, keycloak_oidc_opts),
(None, default_group_opts)
]