openstack/keystone
Code Issues Proposed changes

Followup for LDAP removal

Browse Source 
Add back in support for ASSIGNMENT driver to be selected based upon
the IDENTITY driver and revert the changes to assert_backend
in test_backend_ldap based upon comments on commit
e6efbe62b8b7f226aab22e01edecee0e60745897

Change-Id: Id6b753cb846204cf778971d60c2155f3416f8806
This commit is contained in:
Morgan Fainberg 2016-02-07 12:06:11 -08:00 committed by Steve Martinelli
parent 05c58bb35e
commit 10c7a00a64
8 changed files with 55 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
keystone/assignment/core.py
View File

@ -68,6 +68,28 @@ class Manager(manager.Manager):
def __init__(self):
assignment_driver = CONF.assignment.driver
# If there is no explicit assignment driver specified, we let the
# identity driver tell us what to use. This is for backward
# compatibility reasons from the time when identity, resource and
# assignment were all part of identity.
if assignment_driver is None:
msg = _('Use of the identity driver config to automatically '
'configure the same assignment driver has been '
'deprecated, in the "O" release, the assignment driver '
'will need to be expicitly configured if different '
'than the default (SQL).')
versionutils.report_deprecated_feature(LOG, msg)
try:
identity_driver = dependency.get_provider(
'identity_api').driver
assignment_driver = identity_driver.default_assignment_driver()
except ValueError:
msg = _('Attempted automatic driver selection for assignment '
'based upon [identity]\driver option failed since '
'driver %s is not found. Set [assignment]/driver to '
'a valid driver in keystone config.')
LOG.critical(msg)
raise exception.KeystoneConfigurationError(msg)
super(Manager, self).__init__(assignment_driver)
# Make sure it is a driver version we support, and if it is a legacy

8
keystone/common/config.py
View File

@ -408,12 +408,14 @@ FILE_OPTIONS = {
cfg.StrOpt('driver',
help='Entrypoint for the assignment backend driver in the '
'keystone.assignment namespace. Only an SQL driver is '
'supplied.',
default='sql'),
'supplied. If an assignment driver is not '
'specified, the identity driver will choose the '
'assignment driver (driver selection based on '
'`[identity]/driver` option is deprecated and will be '
'removed in the "O" release).'),
cfg.ListOpt('prohibited_implied_role', default=['admin'],
help='A list of role names which are prohibited from '
'being an implied role.'),
],
'resource': [
cfg.StrOpt('driver',

6
keystone/exception.py
View File

@ -393,6 +393,12 @@ class ConfigRegistrationNotFound(Exception):
pass
class KeystoneConfigurationError(Exception):
# This is an exception to be used in the case that Keystone config is
# invalid and Keystone should not start.
pass
class Conflict(Error):
message_format = _("Conflict occurred attempting to store %(type)s -"
" %(details)s")

3
keystone/identity/backends/ldap.py
View File

@ -47,9 +47,6 @@ class Identity(identity.IdentityDriverV8):
self.user = UserApi(self.conf)
self.group = GroupApi(self.conf)
def default_assignment_driver(self):
return 'ldap'
def is_domain_aware(self):
return False

3
keystone/identity/backends/sql.py
View File

@ -158,9 +158,6 @@ class Identity(identity.IdentityDriverV8):
self.conf = conf
super(Identity, self).__init__()
def default_assignment_driver(self):
return 'sql'
@property
def is_sql(self):
return True

5
keystone/identity/core.py
View File

@ -1231,6 +1231,11 @@ class IdentityDriverV8(object):
"""Indicates if Driver supports domains."""
return True
def default_assignment_driver(self):
# TODO(morganfainberg): To be removed when assignment driver based
# upon [identity]/driver option is removed in the "O" release.
return 'sql'
@property
def is_sql(self):
"""Indicates if this Driver uses SQL."""

12
keystone/server/backends.py
View File

@ -39,8 +39,14 @@ def load_backends():
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
# Ensure that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment.
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
# TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly
# instantiated in the DRIVERS dict once assignment driver being selected
# based upon [identity]/driver is removed.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(
@ -52,7 +58,7 @@ def load_backends():
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),

11
keystone/tests/unit/test_backend_ldap.py
View File

@ -998,7 +998,10 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
# credentials) that require a database.
self.useFixture(database.Database())
super(LDAPIdentity, self).setUp()
_assert_backends(self, identity='ldap')
_assert_backends(self,
assignment='sql',
identity='ldap',
resource='sql')
def load_fixtures(self, fixtures):
# Override super impl since need to create group container.
@ -1875,12 +1878,14 @@ class LDAPLimitTests(unit.TestCase, test_backend.LimitTests):
super(LDAPLimitTests, self).setUp()
self.useFixture(ldapdb.LDAPDatabase())
self.useFixture(database.Database())
self.useFixture(database.Database(self.sql_driver_version_overrides))
self.load_backends()
self.load_fixtures(default_fixtures)
test_backend.LimitTests.setUp(self)
_assert_backends(self, identity='ldap')
_assert_backends(self,
assignment='sql',
identity='ldap',
resource='sql')
def config_overrides(self):
super(LDAPLimitTests, self).config_overrides()