From 70c73dbf9a0961e336c3546933aa30ef350ae85e Mon Sep 17 00:00:00 2001
From: Eoghan Glynn <eglynn@redhat.com>
Date: Mon, 24 Sep 2012 10:52:41 +0000
Subject: [PATCH] Use standard CLI options & env vars for creds.

For consistency with the standard openstack CLIs, we use the same
set of config/command line/env var options to provide credentials
for the glance pollster's interaction with the glance-registry.

(The exception here is the ability to pass in a previously acquired
authentication token via --os-auth-token/OS_AUTH_TOKEN, as this
would not make sense for a long-lived service given the limited
lifetime of keystone tokens.)

As well as having the advantage of familiarity, this approach
allows users to avoid encoding sensitive credentials in config
files (instead environment variables or command line options
may be used).

Also, if future non-glance pollsters need authenticated access
to other openstack services, more generic naming of the config
options would be preferable.

Change-Id: I7505c3f668262951c034f36ccd15ce706f06bf0f
---
 ceilometer/image/glance.py | 25 +++++--------------------
 ceilometer/service.py      | 30 +++++++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/ceilometer/image/glance.py b/ceilometer/image/glance.py
index 1c744bd9..b983750c 100644
--- a/ceilometer/image/glance.py
+++ b/ceilometer/image/glance.py
@@ -38,21 +38,6 @@ cfg.CONF.register_opts(
         cfg.IntOpt('glance_registry_port',
                    default=9191,
                    help="URL of Glance API server"),
-        cfg.StrOpt('glance_username',
-                   default="glance",
-                   help="Username to use for Glance access"),
-        cfg.StrOpt('glance_password',
-                   default="admin",
-                   help="Password to use for Glance access"),
-        cfg.StrOpt('glance_tenant_id',
-                   default="",
-                   help="Tenant ID to use for Glance access"),
-        cfg.StrOpt('glance_tenant_name',
-                   default="admin",
-                   help="Tenant name to use for Glance access"),
-        cfg.StrOpt('glance_auth_url',
-                   default="http://localhost:5000/v2.0",
-                   help="Auth URL to use for Glance access"),
     ])
 
 
@@ -60,11 +45,11 @@ class _Base(plugin.PollsterBase):
 
     @staticmethod
     def get_registry_client():
-        k = ksclient.Client(username=cfg.CONF.glance_username,
-                            password=cfg.CONF.glance_password,
-                            tenant_id=cfg.CONF.glance_tenant_id,
-                            tenant_name=cfg.CONF.glance_tenant_name,
-                            auth_url=cfg.CONF.glance_auth_url)
+        k = ksclient.Client(username=cfg.CONF.os_username,
+                            password=cfg.CONF.os_password,
+                            tenant_id=cfg.CONF.os_tenant_id,
+                            tenant_name=cfg.CONF.os_tenant_name,
+                            auth_url=cfg.CONF.os_auth_url)
         return client.RegistryClient(cfg.CONF.glance_registry_host,
                                      cfg.CONF.glance_registry_port,
                                      auth_tok=k.auth_token)
diff --git a/ceilometer/service.py b/ceilometer/service.py
index 4d16880c..45ba0ca3 100644
--- a/ceilometer/service.py
+++ b/ceilometer/service.py
@@ -17,6 +17,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import os
+
 from nova import flags
 
 from ceilometer.openstack.common import log
@@ -28,6 +30,32 @@ cfg.CONF.register_opts([
                help='seconds between running periodic tasks')
 ])
 
+CLI_OPTIONS = [
+    cfg.StrOpt('os-username',
+               default=os.environ.get('OS_USERNAME', 'glance'),
+               help='Username to use for openstack service access'),
+    cfg.StrOpt('os-password',
+               default=os.environ.get('OS_PASSWORD', 'admin'),
+               help='Password to use for openstack service access'),
+    cfg.StrOpt('os-tenant-id',
+               default=os.environ.get('OS_TENANT_ID', ''),
+               help='Tenant ID to use for openstack service access'),
+    cfg.StrOpt('os-tenant-name',
+               default=os.environ.get('OS_TENANT_NAME', 'admin'),
+               help='Tenant name to use for openstack service access'),
+    cfg.StrOpt('os-auth-url',
+               default=os.environ.get('OS_AUTH_URL',
+                                      'http://localhost:5000/v2.0'),
+               help='Auth URL to use for openstack service access'),
+]
+cfg.CONF.register_cli_opts(CLI_OPTIONS)
+
+
+def _sanitize_cmd_line(argv):
+    """Remove non-nova CLI options from argv."""
+    cli_opt_names = ['--%s' % o.name for o in CLI_OPTIONS]
+    return [a for a in argv if a in cli_opt_names]
+
 
 def prepare_service(argv=[]):
     cfg.CONF(argv[1:])
@@ -35,5 +63,5 @@ def prepare_service(argv=[]):
     # to have the RPC and DB access work correctly because we are
     # still using the Service object out of nova directly. We need to
     # move that into openstack.common.
-    flags.parse_args(argv)
+    flags.parse_args(_sanitize_cmd_line(argv))
     log.setup('ceilometer')