Merge "Revert "Resource backend is SQL only now""

2019-11-14 01:11:04 +00:00 · 2019-11-14 01:11:04 +00:00 · 17e518f1ba
parent 09ba263fb4 9607ed3266
commit 17e518f1ba
6 changed files with 23 additions and 25 deletions
--- a/keystone/conf/resource.py
+++ b/keystone/conf/resource.py
@ -11,7 +11,6 @@
 # under the License.

 from oslo_config import cfg
-from oslo_log import versionutils

 from keystone.conf import utils

@ -19,13 +18,6 @@ from keystone.conf import utils
 driver = cfg.StrOpt(
    'driver',
    default='sql',
-    deprecated_for_removal=True,
-    deprecated_reason='Non-SQL resource cannot be used with SQL Identity and '
-                      'has been unable to be used since Ocata. SQL Resource '
-                      'backend is a requirement as of Pike. Setting this '
-                      'option no longer has an effect on how Keystone '
-                      'operates.',
-    deprecated_since=versionutils.deprecated.PIKE,
    help=utils.fmt("""
 Entry point for the resource driver in the `keystone.resource` namespace. Only
 a `sql` driver is supplied by keystone. Unless you are writing proprietary
--- a/keystone/resource/backends/sql.py
+++ b/keystone/resource/backends/sql.py
@ -26,8 +26,6 @@ LOG = log.getLogger(__name__)


 class Resource(base.ResourceDriverBase):
-    # TODO(morgan): Merge all of this code into the manager, Resource backend
-    # is only SQL. There is no configurable driver.

    def _encode_domain_id(self, ref):
        if 'domain_id' in ref and ref['domain_id'] is None:
--- a/keystone/resource/core.py
+++ b/keystone/resource/core.py
@ -27,7 +27,6 @@ from keystone import exception
 from keystone.i18n import _
 from keystone import notifications
 from keystone.resource.backends import base
-from keystone.resource.backends import sql as resource_sql
 from keystone.token import provider as token_provider

 CONF = keystone.conf.CONF
@ -55,14 +54,8 @@ class Manager(manager.Manager):
    _PROJECT_TAG = 'project tag'

    def __init__(self):
-        # NOTE(morgan): The resource driver must be SQL. This is because there
-        # is a FK between identity and resource. Almost every deployment uses
-        # SQL Identity in some form. Even if SQL Identity is not used, there
-        # is almost no reason to have non-SQL Resource. Keystone requires
-        # SQL in a number of ways, this simply codifies it plainly for resource
-        # the driver_name = None simply implies we don't need to load a driver.
-        self.driver = resource_sql.Resource()
-        super(Manager, self).__init__(driver_name=None)
+        resource_driver = CONF.resource.driver
+        super(Manager, self).__init__(resource_driver)

    def _get_hierarchy_depth(self, parents_list):
        return len(parents_list) + 1
--- a/keystone/tests/unit/test_backend_ldap.py
+++ b/keystone/tests/unit/test_backend_ldap.py
@ -1124,7 +1124,8 @@ class LDAPIdentity(BaseLDAPIdentity):
    def assert_backends(self):
        _assert_backends(self,
                         assignment='sql',
-                         identity='ldap')
+                         identity='ldap',
+                         resource='sql')

    def test_list_domains(self):
        domains = PROVIDERS.resource_api.list_domains()
@ -1988,7 +1989,8 @@ class LDAPLimitTests(unit.TestCase, identity_tests.LimitTests):
        identity_tests.LimitTests.setUp(self)
        _assert_backends(self,
                         assignment='sql',
-                         identity='ldap')
+                         identity='ldap',
+                         resource='sql')

    def config_overrides(self):
        super(LDAPLimitTests, self).config_overrides()
@ -2495,7 +2497,8 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
                             self.domain_default['id']: 'ldap',
                             self.domains['domain1']['id']: 'ldap',
                             self.domains['domain2']['id']: 'ldap',
-                         })
+                         },
+                         resource='sql')

    def config_overrides(self):
        super(MultiLDAPandSQLIdentity, self).config_overrides()
@ -2818,7 +2821,8 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
                             self.domain_default['id']: 'ldap',
                             self.domains['domain1']['id']: 'ldap',
                             self.domains['domain2']['id']: 'ldap',
-                         })
+                         },
+                         resource='sql')

    def enable_multi_domain(self):
        # The values below are the same as in the domain_configs_multi_ldap
@ -3064,7 +3068,8 @@ class DomainSpecificLDAPandSQLIdentity(
                None: 'ldap',
                'default': 'ldap',
                self.domains['domain1']['id']: 'sql',
-            })
+            },
+            resource='sql')

    def config_overrides(self):
        super(DomainSpecificLDAPandSQLIdentity, self).config_overrides()
@ -3238,7 +3243,8 @@ class DomainSpecificSQLIdentity(DomainSpecificLDAPandSQLIdentity):
    def assert_backends(self):
        _assert_backends(self,
                         assignment='sql',
-                         identity='ldap')
+                         identity='ldap',
+                         resource='sql')

    def config_overrides(self):
        super(DomainSpecificSQLIdentity, self).config_overrides()
--- a/releasenotes/notes/resource-driver-33793dd5080ee4d2.yaml
+++ b/releasenotes/notes/resource-driver-33793dd5080ee4d2.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Restores the configurability of the resource driver, so it is now possible
+    to create a custom resource driver if the built-in sql driver does not meet
+    business requirements.
--- a/setup.cfg
+++ b/setup.cfg
@ -137,6 +137,9 @@ keystone.policy =
    rules = keystone.policy.backends.rules:Policy
    sql = keystone.policy.backends.sql:Policy

+keystone.resource =
+    sql = keystone.resource.backends.sql:Resource
+
 keystone.resource.domain_config =
    sql = keystone.resource.config_backends.sql:DomainConfig