Use entry points for config generation

This starts using entry points to generate configuration for the
common.config and the common.wsgi modules, as they use entries with the
same name in different groups.
This also removes configuration for sslutils which is unused, and
re-enable the check for up-to-date configuration.

Co-Authored-By: ala.rezmerita@cloudwatt.com
Closes-Bug: #1288586
Change-Id: If48c62bbb2b1fb641791dad56f7f905e483080fa

etc/heat/heat.conf.sample

@@ -1,13 +1,13 @@
 [DEFAULT]
 
 #
-# Options defined in heat.api.middleware.ssl
+# Options defined in heat.common.config
 #
 
-# The HTTP Header that will be used to determine which the
-# original request protocol scheme was, even if it was removed
-# by an SSL terminator proxy. (string value)
-#secure_proxy_ssl_header=X-Forwarded-Proto
+# Name of the engine node. This can be an opaque identifier.
+# It is not necessarily a hostname, FQDN, or IP address.
+# (string value)
+#host=heat
 
 
 #
@@ -74,10 +74,10 @@
 # notification module. (string value)
 #onready=<None>
 
-# Name of the engine node. This can be an opaque identifier.
-# It is not necessarily a hostname, FQDN, or IP address.
-# (string value)
-#host=heat
+
+#
+# Options defined in heat.common.config
+#
 
 # Seconds between running periodic tasks. (integer value)
 #periodic_interval=60
@@ -125,6 +125,29 @@
 # value)
 #max_nested_stack_depth=3
 
+# Number of heat-engine processes to fork and run. (integer
+# value)
+#num_engine_workers=1
+
+
+#
+# Options defined in heat.common.wsgi
+#
+
+# Maximum raw byte size of JSON request body. Should be larger
+# than max_template_size. (integer value)
+#max_json_body_size=1048576
+
+
+#
+# Options defined in heat.api.middleware.ssl
+#
+
+# The HTTP Header that will be used to determine which the
+# original request protocol scheme was, even if it was removed
+# by an SSL terminator proxy. (string value)
+#secure_proxy_ssl_header=X-Forwarded-Proto
+
 
 #
 # Options defined in heat.common.crypt
@@ -144,15 +167,6 @@
 #keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3
 
 
-#
-# Options defined in heat.common.wsgi
-#
-
-# Maximum raw byte size of JSON request body. Should be larger
-# than max_template_size. (integer value)
-#max_json_body_size=1048576
-
-
 #
 # Options defined in heat.engine.clients
 #
@@ -190,7 +204,7 @@
 # Options defined in heat.openstack.common.lockutils
 #
 
-# Whether to disable inter-process locks (boolean value)
+# Enables or disables inter-process locks. (boolean value)
 #disable_process_locking=false
 
 # Directory to use for lock files. (string value)
@@ -209,47 +223,48 @@
 # of default WARNING level). (boolean value)
 #verbose=false
 
-# Log output to standard error (boolean value)
+# Log output to standard error. (boolean value)
 #use_stderr=true
 
-# format string to use for log messages with context (string
+# Format string to use for log messages with context. (string
 # value)
 #logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# format string to use for log messages without context
+# Format string to use for log messages without context.
 # (string value)
 #logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# data to append to log format when level is DEBUG (string
+# Data to append to log format when level is DEBUG. (string
 # value)
 #logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
 
-# prefix each line of exception output with this format
+# Prefix each line of exception output with this format.
 # (string value)
 #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
 
-# list of logger=LEVEL pairs (list value)
-#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN
+# List of logger=LEVEL pairs. (list value)
+#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN
 
-# publish error events (boolean value)
+# Enables or disables publication of error events. (boolean
+# value)
 #publish_errors=false
 
-# make deprecations fatal (boolean value)
+# Enables or disables fatal status of deprecations. (boolean
+# value)
 #fatal_deprecations=false
 
-# If an instance is passed with the log message, format it
-# like this (string value)
+# The format for an instance that is passed with the log
+# message.  (string value)
 #instance_format="[instance: %(uuid)s] "
 
-# If an instance UUID is passed with the log message, format
-# it like this (string value)
+# The format for an instance UUID that is passed with the log
+# message.  (string value)
 #instance_uuid_format="[instance: %(uuid)s] "
 
-# The name of logging configuration file. It does not disable
-# existing loggers, but just appends specified logging
-# configuration to any other existing logging options. Please
-# see the Python logging module documentation for details on
-# logging configuration files. (string value)
+# The name of a logging configuration file. This file is
+# appended to any existing logging configuration files. For
+# details about logging configuration files, see the Python
+# logging module documentation. (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append=<None>
 
@@ -261,7 +276,7 @@
 #log_format=<None>
 
 # Format string for %%(asctime)s in log records. Default:
-# %(default)s (string value)
+# %(default)s . (string value)
 #log_date_format=%Y-%m-%d %H:%M:%S
 
 # (Optional) Name of log file to output to. If no default is
@@ -270,14 +285,23 @@
 #log_file=<None>
 
 # (Optional) The base directory used for relative --log-file
-# paths (string value)
+# paths. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir=<None>
 
-# Use syslog for logging. (boolean value)
+# Use syslog for logging. Existing syslog format is DEPRECATED
+# during I, and will chang in J to honor RFC5424. (boolean
+# value)
 #use_syslog=false
 
-# syslog facility to receive log lines (string value)
+# (Optional) Enables or disables syslog rfc5424 format for
+# logging. If enabled, prefixes the MSG part of the syslog
+# message with APP-NAME (RFC5424). The format without the APP-
+# NAME is deprecated in I, and will be removed in J. (boolean
+# value)
+#use_syslog_rfc_format=false
+
+# Syslog facility to receive log lines. (string value)
 #syslog_log_facility=LOG_USER
 
 
@@ -318,11 +342,11 @@
 # Options defined in heat.openstack.common.policy
 #
 
-# JSON file containing policy (string value)
+# The JSON file that defines policies. (string value)
 #policy_file=policy.json
 
-# Rule enforced when requested rule is not found (string
-# value)
+# Default rule. Enforced when a requested rule is not found.
+# (string value)
 #policy_default_rule=default
 
 
@@ -376,9 +400,9 @@
 # Options defined in heat.openstack.common.rpc.impl_kombu
 #
 
-# SSL version to use (valid only if SSL enabled). valid values
-# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
-# distributions (string value)
+# If SSL is enabled, the SSL version to use. Valid values are
+# TLSv1, SSLv23 and SSLv3. SSLv2 might be available on some
+# distributions. (string value)
 #kombu_ssl_version=
 
 # SSL key file (valid only if SSL enabled) (string value)
@@ -402,33 +426,32 @@
 # RabbitMQ HA cluster host:port pairs (list value)
 #rabbit_hosts=$rabbit_host:$rabbit_port
 
-# connect over SSL for RabbitMQ (boolean value)
+# Connect over SSL for RabbitMQ (boolean value)
 #rabbit_use_ssl=false
 
-# the RabbitMQ userid (string value)
+# The RabbitMQ userid (string value)
 #rabbit_userid=guest
 
-# the RabbitMQ password (string value)
+# The RabbitMQ password (string value)
 #rabbit_password=guest
 
-# the RabbitMQ virtual host (string value)
+# The RabbitMQ virtual host (string value)
 #rabbit_virtual_host=/
 
-# how frequently to retry connecting with RabbitMQ (integer
+# How frequently to retry connecting with RabbitMQ (integer
 # value)
 #rabbit_retry_interval=1
 
-# how long to backoff for between retries when connecting to
+# How long to backoff for between retries when connecting to
 # RabbitMQ (integer value)
 #rabbit_retry_backoff=2
 
-# maximum retries with trying to connect to RabbitMQ (the
-# default of 0 implies an infinite retry count) (integer
-# value)
+# Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count) (integer value)
 #rabbit_max_retries=0
 
-# use H/A queues in RabbitMQ (x-ha-policy: all).You need to
-# wipe RabbitMQ database when changing this option. (boolean
+# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. (boolean
 # value)
 #rabbit_ha_queues=false
 
@@ -613,6 +636,33 @@
 #insecure=false
 
 
+[clients_glance]
+
+#
+# Options defined in heat.common.config
+#
+
+# Type of endpoint in Identity service catalog to use for
+# communication with the OpenStack service. (string value)
+#endpoint_type=publicURL
+
+# Optional CA cert file to use in SSL connections. (string
+# value)
+#ca_file=<None>
+
+# Optional PEM-formatted certificate chain file. (string
+# value)
+#cert_file=<None>
+
+# Optional PEM-formatted file that contains the private key.
+# (string value)
+#key_file=<None>
+
+# If set, then the server's certificate will not be verified.
+# (boolean value)
+#insecure=false
+
+
 [clients_heat]
 
 #
@@ -639,6 +689,11 @@
 # (boolean value)
 #insecure=false
 
+
+#
+# Options defined in heat.common.config
+#
+
 # Optional heat url in format like
 # http://0.0.0.0:8004/v1/%(tenant_id)s. (string value)
 #url=<None>
@@ -698,33 +753,6 @@
 #insecure=false
 
 
-[clients_glance]
-
-#
-# Options defined in heat.common.config
-#
-
-# Type of endpoint in Identity service catalog to use for
-# communication with the OpenStack service. (string value)
-#endpoint_type=publicURL
-
-# Optional CA cert file to use in SSL connections. (string
-# value)
-#ca_file=<None>
-
-# Optional PEM-formatted certificate chain file. (string
-# value)
-#cert_file=<None>
-
-# Optional PEM-formatted file that contains the private key.
-# (string value)
-#key_file=<None>
-
-# If set, then the server's certificate will not be verified.
-# (boolean value)
-#insecure=false
-
-
 [clients_nova]
 
 #
@@ -1037,24 +1065,30 @@
 # Options defined in keystoneclient.middleware.auth_token
 #
 
-# Prefix to prepend at the beginning of the path (string
-# value)
+# Prefix to prepend at the beginning of the path. Deprecated,
+# use identity_uri. (string value)
 #auth_admin_prefix=
 
-# Host providing the admin Identity API endpoint (string
-# value)
+# Host providing the admin Identity API endpoint. Deprecated,
+# use identity_uri. (string value)
 #auth_host=127.0.0.1
 
-# Port of the admin Identity API endpoint (integer value)
+# Port of the admin Identity API endpoint. Deprecated, use
+# identity_uri. (integer value)
 #auth_port=35357
 
-# Protocol of the admin Identity API endpoint(http or https)
-# (string value)
+# Protocol of the admin Identity API endpoint (http or https).
+# Deprecated, use identity_uri. (string value)
 #auth_protocol=https
 
 # Complete public Identity API endpoint (string value)
 #auth_uri=<None>
 
+# Complete admin Identity API endpoint. This should specify
+# the unversioned root endpoint e.g. https://localhost:35357/
+# (string value)
+#identity_uri=<None>
+
 # API version of the admin Identity API endpoint (string
 # value)
 #auth_version=<None>
@@ -1072,9 +1106,12 @@
 # with Identity API Server. (integer value)
 #http_request_max_retries=3
 
-# Single shared secret with the Keystone configuration used
-# for bootstrapping a Keystone installation, or otherwise
-# bypassing the normal authentication process. (string value)
+# This option is deprecated and may be removed in a future
+# release. Single shared secret with the Keystone
+# configuration used for bootstrapping a Keystone
+# installation, or otherwise bypassing the normal
+# authentication process. This option should not be used, use
+# `admin_user` and `admin_password` instead. (string value)
 #admin_token=<None>
 
 # Keystone account username (string value)
@@ -1126,7 +1163,7 @@
 # number of revocation events combined with a low cache
 # duration may significantly reduce performance. (integer
 # value)
-#revocation_cache_time=300
+#revocation_cache_time=10
 
 # (optional) if defined, indicate whether token data should be
 # authenticated or authenticated and encrypted. Acceptable
@@ -1159,6 +1196,23 @@
 # value)
 #enforce_token_bind=permissive
 
+# If true, the revocation list will be checked for cached
+# tokens. This requires that PKI tokens are configured on the
+# Keystone server. (boolean value)
+#check_revocations_for_cached=false
+
+# Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those
+# supported by Python standard hashlib.new(). The hashes will
+# be tried in the order given, so put the preferred one first
+# for performance. The result of the first hash will be stored
+# in the cache. This will typically be set to multiple values
+# only while migrating from a less secure algorithm to a more
+# secure one. Once all the old tokens are expired this option
+# should be set to a single value for better performance.
+# (list value)
+#hash_algorithms=md5
+
 
 [matchmaker_redis]
 
@@ -1223,22 +1277,3 @@
 #topics=notifications
 
 
-[ssl]
-
-#
-# Options defined in heat.openstack.common.sslutils
-#
-
-# CA certificate file to use to verify connecting clients
-# (string value)
-#ca_file=<None>
-
-# Certificate file to use when starting the server securely
-# (string value)
-#cert_file=<None>
-
-# Private key file to use when starting the server securely
-# (string value)
-#key_file=<None>
-
-

heat/common/config.py

@@ -14,7 +14,6 @@
 """
 Routines for configuring Heat
 """
-import copy
 import logging as sys_logging
 import os
 
@@ -173,23 +172,10 @@ clients_opts = [
                 help=_("If set, then the server's certificate will not "
                        "be verified."))]
 
-
-def register_clients_opts():
-    cfg.CONF.register_opts(clients_opts, group='clients')
-    for client in ('nova', 'swift', 'neutron', 'cinder',
-                   'ceilometer', 'keystone', 'heat', 'glance', 'trove'):
-        client_specific_group = 'clients_' + client
-        # register opts copy and put it to globals in order to
-        # generate_sample.sh to work
-        opts_copy = copy.deepcopy(clients_opts)
-        if client == 'heat':
-            opts_copy.append(
-                cfg.StrOpt('url',
-                           help=_('Optional heat url in format like'
-                                  ' http://0.0.0.0:8004/v1/%(tenant_id)s.')))
-        globals()[client_specific_group + '_opts'] = opts_copy
-        cfg.CONF.register_opts(opts_copy, group=client_specific_group)
-
+heat_client_opts = [
+    cfg.StrOpt('url',
+               help=_('Optional heat url in format like'
+                      ' http://0.0.0.0:8004/v1/%(tenant_id)s.'))]
 
 revision_group = cfg.OptGroup('revision')
 revision_opts = [
@@ -200,17 +186,33 @@ revision_opts = [
                       'separately, you can move this section to a different '
                       'file and add it as another config option.'))]
 
-cfg.CONF.register_opts(engine_opts)
-cfg.CONF.register_opts(service_opts)
-cfg.CONF.register_opts(rpc_opts)
-rpc.set_defaults(control_exchange='heat')
+
+def list_opts():
+    yield None, rpc_opts
+    yield None, engine_opts
+    yield None, service_opts
+    yield paste_deploy_group.name, paste_deploy_opts
+    yield auth_password_group.name, auth_password_opts
+    yield revision_group.name, revision_opts
+    yield 'clients', clients_opts
+
+    for client in ('nova', 'swift', 'neutron', 'cinder',
+                   'ceilometer', 'keystone', 'heat', 'glance', 'trove'):
+        client_specific_group = 'clients_' + client
+        yield client_specific_group, clients_opts
+
+    yield 'clients_heat', heat_client_opts
+
+
 cfg.CONF.register_group(paste_deploy_group)
-cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group)
 cfg.CONF.register_group(auth_password_group)
-cfg.CONF.register_opts(auth_password_opts, group=auth_password_group)
 cfg.CONF.register_group(revision_group)
-cfg.CONF.register_opts(revision_opts, group=revision_group)
-register_clients_opts()
+
+for group, opts in list_opts():
+    cfg.CONF.register_opts(opts, group=group)
+
+rpc.set_defaults(control_exchange='heat')
+
 
 # A bit of history:
 # This was added initially by jianingy, then it got added

heat/common/wsgi.py

@@ -161,6 +161,13 @@ json_size_opt = cfg.IntOpt('max_json_body_size',
 cfg.CONF.register_opt(json_size_opt)
 
 
+def list_opts():
+    yield None, [json_size_opt]
+    yield 'heat_api', api_opts
+    yield 'heat_api_cfn', api_cfn_opts
+    yield 'heat_api_cloudwatch', api_cw_opts
+
+
 class WritableLogger(object):
     """A thin wrapper that responds to `write` and logs."""
 

setup.cfg

@@ -32,6 +32,11 @@ scripts =
     bin/heat-keystone-setup-domain
     bin/heat-manage
 
+[entry_points]
+oslo.config.opts =
+    heat.common.config = heat.common.config:list_opts
+    heat.common.wsgi = heat.common.wsgi:list_opts
+
 [global]
 setup-hooks =
     pbr.hooks.setup_hook

tools/config/oslo.config.generator.rc

@@ -1 +1,3 @@
 export HEAT_CONFIG_GENERATOR_EXTRA_MODULES=keystoneclient.middleware.auth_token
+export HEAT_CONFIG_GENERATOR_EXTRA_LIBRARIES="heat.common.config heat.common.wsgi"
+export HEAT_CONFIG_GENERATOR_EXCLUDED_FILES="heat/common/config.py heat/common/wsgi.py heat/openstack/common/sslutils.py"

tox.ini

@@ -17,8 +17,7 @@ whitelist_externals = bash
 [testenv:pep8]
 commands =
     flake8 heat bin/heat-api bin/heat-api-cfn bin/heat-api-cloudwatch bin/heat-engine bin/heat-manage contrib
-    # disable check_uptodate until a resolution is found to bug #1288586
-    #{toxinidir}/tools/config/check_uptodate.sh
+    {toxinidir}/tools/config/check_uptodate.sh
     {toxinidir}/tools/requirements_style_check.sh requirements.txt test-requirements.txt
     # Check that .po and .pot files are valid:
     bash -c "find heat -type f -regex '.*\.pot?' -print0|xargs -0 -n 1 msgfmt --check-format -o /dev/null"