Make keystone optional

Add a new auth_strategy option allowing to disable keystone auth to make CK fully standalone if needed/wanted. Update the sample config file with the new option. Change-Id: I8926f1518382640395e34b4e5321d99f2bc2d7eb
2015-05-22 18:06:02 -07:00 · 2015-05-22 18:06:02 -07:00 · 548dea0900
commit 548dea0900
parent 13d5e41e74
4 changed files with 24 additions and 5 deletions
--- a/cloudkitty/api/app.py
+++ b/cloudkitty/api/app.py
@ -38,6 +38,11 @@ auth_opts = [
               default="api_paste.ini",
               help="Configuration file for WSGI definition of API."
               ),
+    cfg.StrOpt('auth_strategy',
+               choices=['noauth', 'keystone'],
+               default='keystone',
+               help=("The strategy to use for auth. Supports noauth and "
+                     "keystone")),
 ]

 api_opts = [
@ -73,9 +78,11 @@ def setup_app(pecan_config=None, extra_hooks=None):
    app_hooks = [
        hooks.RPCHook(client),
        hooks.StorageHook(storage_backend),
-        hooks.ContextHook(),
    ]

+    if CONF.auth_strategy == 'keystone':
+        app_hooks.append(hooks.ContextHook())
+
    app = pecan.make_app(
        app_conf.app.root,
        static_root=app_conf.app.static_root,
@ -86,8 +93,11 @@ def setup_app(pecan_config=None, extra_hooks=None):
        guess_content_type_from_ext=False
    )

-    return middleware.AuthTokenMiddleware(app, dict(CONF),
-                                          app_conf.app.acl_public_routes)
+    if CONF.auth_strategy == 'keystone':
+        return middleware.AuthTokenMiddleware(app, dict(CONF),
+                                              app_conf.app.acl_public_routes)
+    else:
+        return app


 def setup_wsgi():
--- a/cloudkitty/common/policy.py
+++ b/cloudkitty/common/policy.py
@ -60,6 +60,9 @@ def enforce(context, action, target):
       :raises PolicyNotAuthorized: if verification fails.

    """
+    if CONF.auth_strategy != "keystone":
+        return
+
    init()

    return _ENFORCER.enforce(action, target, context.to_dict(),
--- a/cloudkitty/orchestrator.py
+++ b/cloudkitty/orchestrator.py
@ -24,6 +24,7 @@ try:
    import oslo_messaging as messaging
 except ImportError:
    from oslo import messaging
+import six
 from stevedore import driver
 from stevedore import extension

@ -185,7 +186,7 @@ class Worker(BaseWorker):
                    except Exception as e:
                        LOG.warn('Error while collecting service {service}:'
                                 ' {error}'.format(service=service,
-                                                   error=str(e)))
+                                                   error=six.text_type(e)))
                        raise collector.NoDataCollected('', service)
                except collector.NoDataCollected:
                    begin = timestamp
--- a/etc/cloudkitty/cloudkitty.conf.sample
+++ b/etc/cloudkitty/cloudkitty.conf.sample
@ -61,6 +61,11 @@
 # Configuration file for WSGI definition of API. (string value)
 #api_paste_config = api_paste.ini

+# The strategy to use for auth. Supports noauth and keystone (string
+# value)
+# Allowed values: noauth, keystone
+#auth_strategy = keystone
+
 # Name of this node. This can be an opaque identifier. It is not
 # necessarily a hostname, FQDN, or IP address. However, the node name
 # must be valid within an AMQP key, and if using ZeroMQ, a valid
@ -189,7 +194,7 @@
 #wait_periods = 2

 # Services to monitor. (list value)
-#services = compute,image
+#services = compute,image,volume,network.bw.in,network.bw.out,network.floating


 [database]