Revert "Resource backend is SQL only now"

This reverts commit 3d46c8a5d9.

In the last commit, the foreign key constraints between the project
table and other tables were dropped, which allows us to restore the
configurability of the resource driver.

Change-Id: Iba4951e2d3965be5acec705385967d312456f1c7
This commit is contained in:
Colleen Murphy 2019-10-09 17:45:06 -07:00
parent c4d6097788
commit 9607ed3266
6 changed files with 23 additions and 25 deletions

View File

@ -11,7 +11,6 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -19,13 +18,6 @@ from keystone.conf import utils
driver = cfg.StrOpt(
'driver',
default='sql',
deprecated_for_removal=True,
deprecated_reason='Non-SQL resource cannot be used with SQL Identity and '
'has been unable to be used since Ocata. SQL Resource '
'backend is a requirement as of Pike. Setting this '
'option no longer has an effect on how Keystone '
'operates.',
deprecated_since=versionutils.deprecated.PIKE,
help=utils.fmt("""
Entry point for the resource driver in the `keystone.resource` namespace. Only
a `sql` driver is supplied by keystone. Unless you are writing proprietary

View File

@ -26,8 +26,6 @@ LOG = log.getLogger(__name__)
class Resource(base.ResourceDriverBase):
# TODO(morgan): Merge all of this code into the manager, Resource backend
# is only SQL. There is no configurable driver.
def _encode_domain_id(self, ref):
if 'domain_id' in ref and ref['domain_id'] is None:

View File

@ -27,7 +27,6 @@ from keystone import exception
from keystone.i18n import _
from keystone import notifications
from keystone.resource.backends import base
from keystone.resource.backends import sql as resource_sql
from keystone.token import provider as token_provider
CONF = keystone.conf.CONF
@ -55,14 +54,8 @@ class Manager(manager.Manager):
_PROJECT_TAG = 'project tag'
def __init__(self):
# NOTE(morgan): The resource driver must be SQL. This is because there
# is a FK between identity and resource. Almost every deployment uses
# SQL Identity in some form. Even if SQL Identity is not used, there
# is almost no reason to have non-SQL Resource. Keystone requires
# SQL in a number of ways, this simply codifies it plainly for resource
# the driver_name = None simply implies we don't need to load a driver.
self.driver = resource_sql.Resource()
super(Manager, self).__init__(driver_name=None)
resource_driver = CONF.resource.driver
super(Manager, self).__init__(resource_driver)
def _get_hierarchy_depth(self, parents_list):
return len(parents_list) + 1

View File

@ -1124,7 +1124,8 @@ class LDAPIdentity(BaseLDAPIdentity):
def assert_backends(self):
_assert_backends(self,
assignment='sql',
identity='ldap')
identity='ldap',
resource='sql')
def test_list_domains(self):
domains = PROVIDERS.resource_api.list_domains()
@ -1988,7 +1989,8 @@ class LDAPLimitTests(unit.TestCase, identity_tests.LimitTests):
identity_tests.LimitTests.setUp(self)
_assert_backends(self,
assignment='sql',
identity='ldap')
identity='ldap',
resource='sql')
def config_overrides(self):
super(LDAPLimitTests, self).config_overrides()
@ -2493,7 +2495,8 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
self.domain_default['id']: 'ldap',
self.domains['domain1']['id']: 'ldap',
self.domains['domain2']['id']: 'ldap',
})
},
resource='sql')
def config_overrides(self):
super(MultiLDAPandSQLIdentity, self).config_overrides()
@ -2816,7 +2819,8 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
self.domain_default['id']: 'ldap',
self.domains['domain1']['id']: 'ldap',
self.domains['domain2']['id']: 'ldap',
})
},
resource='sql')
def enable_multi_domain(self):
# The values below are the same as in the domain_configs_multi_ldap
@ -3062,7 +3066,8 @@ class DomainSpecificLDAPandSQLIdentity(
None: 'ldap',
'default': 'ldap',
self.domains['domain1']['id']: 'sql',
})
},
resource='sql')
def config_overrides(self):
super(DomainSpecificLDAPandSQLIdentity, self).config_overrides()
@ -3236,7 +3241,8 @@ class DomainSpecificSQLIdentity(DomainSpecificLDAPandSQLIdentity):
def assert_backends(self):
_assert_backends(self,
assignment='sql',
identity='ldap')
identity='ldap',
resource='sql')
def config_overrides(self):
super(DomainSpecificSQLIdentity, self).config_overrides()

View File

@ -0,0 +1,6 @@
---
features:
- |
Restores the configurability of the resource driver, so it is now possible
to create a custom resource driver if the built-in sql driver does not meet
business requirements.

View File

@ -137,6 +137,9 @@ keystone.policy =
rules = keystone.policy.backends.rules:Policy
sql = keystone.policy.backends.sql:Policy
keystone.resource =
sql = keystone.resource.backends.sql:Resource
keystone.resource.domain_config =
sql = keystone.resource.config_backends.sql:DomainConfig