Vendor own option for tls cert file and key file

... instead of using oslo.service. Current usage of oslo.service is too limited to add the dependency, because - oslo.service registers multiple options but only two of these are used - the wrap implementation from oslo.service is not actually used Change-Id: I4e8f18951d73e329a54cf6546344c5704fe4aa90 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-07-05 22:03:00 +09:00
parent 883e3cf057
commit a2739f7e56
6 changed files with 23 additions and 17 deletions
--- a/ironic_python_agent/api/app.py
+++ b/ironic_python_agent/api/app.py
@@ -131,12 +131,8 @@ class Application(object):
    def start(self, tls_cert_file=None, tls_key_file=None):
        """Start the API service in the background."""

-        ssl_group = getattr(self._conf, 'ssl', {})
-
-        self.tls_cert_file = tls_cert_file or getattr(
-            ssl_group, 'cert_file', None)
-        self.tls_key_file = tls_key_file or getattr(
-            ssl_group, 'key_file', None)
+        self.tls_cert_file = tls_cert_file or self._conf.tls_cert_file
+        self.tls_key_file = tls_key_file or self._conf.tls_key_file

        bind_addr = (self.agent.listen_address.hostname,
                     self.agent.listen_address.port)
--- a/ironic_python_agent/cmd/agent.py
+++ b/ironic_python_agent/cmd/agent.py
@@ -16,7 +16,6 @@ import sys

 from oslo_config import cfg
 from oslo_log import log
-from oslo_service import sslutils
 from oslo_utils import strutils

 from ironic_python_agent import agent
@@ -40,8 +39,6 @@ def run():
        ipa_debug = strutils.bool_from_string(ipa_debug)
        CONF.set_override('debug', ipa_debug)
    log.setup(CONF, 'ironic-python-agent')
-    # Used for TLS configuration
-    sslutils.register_opts(CONF)

    logger = log.getLogger(__name__)
    logger.debug("Configuration:")
--- a/ironic_python_agent/config.py
+++ b/ironic_python_agent/config.py
@@ -60,16 +60,26 @@ cli_opts = [
                     'Can be supplied as "ipa-listen-port" kernel parameter.'),

    # This is intentionally not settable via kernel command line, as it
-    # requires configuration parameters from oslo_service which are not
-    # configurable over the command line and require files-on-disk.
+    # requires configuration parameters which are not configurable over
+    # the command line and require files-on-disk.
    # Operators who want to use this support should configure it statically
    # as part of a ramdisk build.
    cfg.BoolOpt('listen_tls',
                default=False,
                help='When true, IPA will host API behind TLS. You will also '
-                     'need to configure [ssl] group options for cert_file, '
-                     'key_file, and, if desired, ca_file to validate client '
-                     'certificates.'),
+                     'need to configure tls_cert_file option and tls_key_file '
+                     'option.'),
+
+    cfg.StrOpt('tls_cert_file',
+               help="Certificate file to use when starting "
+                    "the server securely.",
+               deprecated_group='ssl',
+               deprecated_name='cert_file'),
+    cfg.StrOpt('tls_key_file',
+               help="Private key file to use when starting "
+                    "the server securely.",
+               deprecated_group='ssl',
+               deprecated_name='key_file'),

    cfg.BoolOpt('enable_auto_tls',
                default=True,
--- a/ironic_python_agent/tests/unit/base.py
+++ b/ironic_python_agent/tests/unit/base.py
@@ -21,7 +21,6 @@ from oslo_concurrency import processutils
 from oslo_config import cfg
 from oslo_config import fixture as config_fixture
 from oslo_log import log
-from oslo_service import sslutils
 from oslotest import base as test_base

 from ironic_python_agent import config
@@ -70,7 +69,6 @@ class IronicAgentTest(test_base.BaseTestCase):
        self.cfg_fixture = self.useFixture(config_fixture.Config(CONF))
        # Register options from libraries that are explicitly used in the code
        log.register_options(CONF)
-        sslutils.register_opts(CONF)

    def config(self, **kw):
        """Override config options for a test."""
--- a/releasenotes/notes/tls-opts-50d09bddd5f70ef2.yaml
+++ b/releasenotes/notes/tls-opts-50d09bddd5f70ef2.yaml
@@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    The ``[ssl] key_file`` option and the ``[ssl] cert_file`` option are
+    deprecated. Use the ``[DEFAULT] tls_key_file`` option and
+    the ``[DEFAULT] tls_cert_file`` option instead.
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,6 @@ pbr>=6.0.0 # Apache-2.0
 oslo.config>=9.7.1 # Apache-2.0
 oslo.concurrency>=7.1.0 # Apache-2.0
 oslo.log>=7.1.0 # Apache-2.0
-oslo.service>=4.1.1 # Apache-2.0
 oslo.utils>=8.2.0 # Apache-2.0
 Pint>=0.5 # BSD
 psutil>=3.2.2 # BSD