Make keystone optional

Add a new auth_strategy option allowing to disable keystone auth to make
CK fully standalone if needed/wanted.

Update the sample config file with the new option.

Change-Id: I8926f1518382640395e34b4e5321d99f2bc2d7eb
This commit is contained in:
Gauvain Pocentek 2015-05-22 18:06:02 -07:00
parent 13d5e41e74
commit 548dea0900
4 changed files with 24 additions and 5 deletions

View File

@ -38,6 +38,11 @@ auth_opts = [
default="api_paste.ini", default="api_paste.ini",
help="Configuration file for WSGI definition of API." help="Configuration file for WSGI definition of API."
), ),
cfg.StrOpt('auth_strategy',
choices=['noauth', 'keystone'],
default='keystone',
help=("The strategy to use for auth. Supports noauth and "
"keystone")),
] ]
api_opts = [ api_opts = [
@ -73,9 +78,11 @@ def setup_app(pecan_config=None, extra_hooks=None):
app_hooks = [ app_hooks = [
hooks.RPCHook(client), hooks.RPCHook(client),
hooks.StorageHook(storage_backend), hooks.StorageHook(storage_backend),
hooks.ContextHook(),
] ]
if CONF.auth_strategy == 'keystone':
app_hooks.append(hooks.ContextHook())
app = pecan.make_app( app = pecan.make_app(
app_conf.app.root, app_conf.app.root,
static_root=app_conf.app.static_root, static_root=app_conf.app.static_root,
@ -86,8 +93,11 @@ def setup_app(pecan_config=None, extra_hooks=None):
guess_content_type_from_ext=False guess_content_type_from_ext=False
) )
return middleware.AuthTokenMiddleware(app, dict(CONF), if CONF.auth_strategy == 'keystone':
app_conf.app.acl_public_routes) return middleware.AuthTokenMiddleware(app, dict(CONF),
app_conf.app.acl_public_routes)
else:
return app
def setup_wsgi(): def setup_wsgi():

View File

@ -60,6 +60,9 @@ def enforce(context, action, target):
:raises PolicyNotAuthorized: if verification fails. :raises PolicyNotAuthorized: if verification fails.
""" """
if CONF.auth_strategy != "keystone":
return
init() init()
return _ENFORCER.enforce(action, target, context.to_dict(), return _ENFORCER.enforce(action, target, context.to_dict(),

View File

@ -24,6 +24,7 @@ try:
import oslo_messaging as messaging import oslo_messaging as messaging
except ImportError: except ImportError:
from oslo import messaging from oslo import messaging
import six
from stevedore import driver from stevedore import driver
from stevedore import extension from stevedore import extension
@ -185,7 +186,7 @@ class Worker(BaseWorker):
except Exception as e: except Exception as e:
LOG.warn('Error while collecting service {service}:' LOG.warn('Error while collecting service {service}:'
' {error}'.format(service=service, ' {error}'.format(service=service,
error=str(e))) error=six.text_type(e)))
raise collector.NoDataCollected('', service) raise collector.NoDataCollected('', service)
except collector.NoDataCollected: except collector.NoDataCollected:
begin = timestamp begin = timestamp

View File

@ -61,6 +61,11 @@
# Configuration file for WSGI definition of API. (string value) # Configuration file for WSGI definition of API. (string value)
#api_paste_config = api_paste.ini #api_paste_config = api_paste.ini
# The strategy to use for auth. Supports noauth and keystone (string
# value)
# Allowed values: noauth, keystone
#auth_strategy = keystone
# Name of this node. This can be an opaque identifier. It is not # Name of this node. This can be an opaque identifier. It is not
# necessarily a hostname, FQDN, or IP address. However, the node name # necessarily a hostname, FQDN, or IP address. However, the node name
# must be valid within an AMQP key, and if using ZeroMQ, a valid # must be valid within an AMQP key, and if using ZeroMQ, a valid
@ -189,7 +194,7 @@
#wait_periods = 2 #wait_periods = 2
# Services to monitor. (list value) # Services to monitor. (list value)
#services = compute,image #services = compute,image,volume,network.bw.in,network.bw.out,network.floating
[database] [database]