openstack
/
keystone
Code Issues Proposed changes

Followup for LDAP removal 

Add back in support for ASSIGNMENT driver to be selected based upon
the IDENTITY driver and revert the changes to assert_backend
in test_backend_ldap based upon comments on commit
e6efbe62b8

Change-Id: Id6b753cb846204cf778971d60c2155f3416f8806
This commit is contained in:
Morgan Fainberg 2016-02-07 12:06:11 -08:00 committed by Steve Martinelli
parent 05c58bb35e
commit 10c7a00a64
8 changed files with 55 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
keystone/assignment/core.py
View File

@ -68,6 +68,28 @@ class Manager(manager.Manager):
def __init__(self):
assignment_driver = CONF.assignment.driver
# If there is no explicit assignment driver specified, we let the
# identity driver tell us what to use. This is for backward
# compatibility reasons from the time when identity, resource and
# assignment were all part of identity.
if assignment_driver is None:
msg = _('Use of the identity driver config to automatically '
'configure the same assignment driver has been '
'deprecated, in the "O" release, the assignment driver '
'will need to be expicitly configured if different '
'than the default (SQL).')
versionutils.report_deprecated_feature(LOG, msg)
try:
identity_driver = dependency.get_provider(
'identity_api').driver
assignment_driver = identity_driver.default_assignment_driver()
except ValueError:
msg = _('Attempted automatic driver selection for assignment '
'based upon [identity]\driver option failed since '
'driver %s is not found. Set [assignment]/driver to '
'a valid driver in keystone config.')
LOG.critical(msg)
raise exception.KeystoneConfigurationError(msg)
super(Manager, self).__init__(assignment_driver)
# Make sure it is a driver version we support, and if it is a legacy

8
keystone/common/config.py
View File

@ -408,12 +408,14 @@ FILE_OPTIONS = {
cfg.StrOpt('driver',
help='Entrypoint for the assignment backend driver in the '
'keystone.assignment namespace. Only an SQL driver is '
'supplied.',
default='sql'),
'supplied. If an assignment driver is not '
'specified, the identity driver will choose the '
'assignment driver (driver selection based on '
'`[identity]/driver` option is deprecated and will be '
'removed in the "O" release).'),
cfg.ListOpt('prohibited_implied_role', default=['admin'],
help='A list of role names which are prohibited from '
'being an implied role.'),
],
'resource': [
cfg.StrOpt('driver',

6
keystone/exception.py
View File

@ -393,6 +393,12 @@ class ConfigRegistrationNotFound(Exception):
pass
class KeystoneConfigurationError(Exception):
# This is an exception to be used in the case that Keystone config is
# invalid and Keystone should not start.
pass
class Conflict(Error):
message_format = _("Conflict occurred attempting to store %(type)s -"
" %(details)s")

3
keystone/identity/backends/ldap.py
View File

@ -47,9 +47,6 @@ class Identity(identity.IdentityDriverV8):
self.user = UserApi(self.conf)
self.group = GroupApi(self.conf)
def default_assignment_driver(self):
return 'ldap'
def is_domain_aware(self):
return False

3
keystone/identity/backends/sql.py
View File

@ -158,9 +158,6 @@ class Identity(identity.IdentityDriverV8):
self.conf = conf
super(Identity, self).__init__()
def default_assignment_driver(self):
return 'sql'
@property
def is_sql(self):
return True

5
keystone/identity/core.py
View File

@ -1231,6 +1231,11 @@ class IdentityDriverV8(object):
"""Indicates if Driver supports domains."""
return True
def default_assignment_driver(self):
# TODO(morganfainberg): To be removed when assignment driver based
# upon [identity]/driver option is removed in the "O" release.
return 'sql'
@property
def is_sql(self):
"""Indicates if this Driver uses SQL."""

12
keystone/server/backends.py
View File

@ -39,8 +39,14 @@ def load_backends():
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
# Ensure that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment.
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
# TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly
# instantiated in the DRIVERS dict once assignment driver being selected
# based upon [identity]/driver is removed.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(
@ -52,7 +58,7 @@ def load_backends():
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),

11
keystone/tests/unit/test_backend_ldap.py
View File

@ -998,7 +998,10 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
# credentials) that require a database.
self.useFixture(database.Database())
super(LDAPIdentity, self).setUp()
_assert_backends(self, identity='ldap')
_assert_backends(self,
assignment='sql',
identity='ldap',
resource='sql')
def load_fixtures(self, fixtures):
# Override super impl since need to create group container.
@ -1875,12 +1878,14 @@ class LDAPLimitTests(unit.TestCase, test_backend.LimitTests):
super(LDAPLimitTests, self).setUp()
self.useFixture(ldapdb.LDAPDatabase())
self.useFixture(database.Database())
self.useFixture(database.Database(self.sql_driver_version_overrides))
self.load_backends()
self.load_fixtures(default_fixtures)
test_backend.LimitTests.setUp(self)
_assert_backends(self, identity='ldap')
_assert_backends(self,
assignment='sql',
identity='ldap',
resource='sql')
def config_overrides(self):
super(LDAPLimitTests, self).config_overrides()