From 7db01cd64be2ab3ed5ffc00636d187ef432294b2 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Tue, 19 Mar 2013 17:15:25 -0500 Subject: [PATCH] Wrap config module and require manual setup (bug 1143998) This moves keystone.config to keystone.common.config, which requires .configure() to be called manually in order for options to be registered. keystone.config preserves the existing behavior of automatically registering options when imported. keystone.middleware.auth_token and it's dependencies within keystone no longer cause config options to be automatically registered. This is an alternative to https://review.openstack.org/#/c/24251/ Change-Id: If9eb5799bf77595ecb71f2000f8b6d1610ea9700 --- keystone/common/config.py | 364 +++++++++++++++++++++++++++++++ keystone/common/utils.py | 2 +- keystone/common/wsgi.py | 2 +- keystone/config.py | 343 ++--------------------------- keystone/exception.py | 12 +- keystone/middleware/core.py | 2 +- tests/_test_import_auth_token.py | 25 +++ 7 files changed, 414 insertions(+), 336 deletions(-) create mode 100644 keystone/common/config.py create mode 100644 tests/_test_import_auth_token.py diff --git a/keystone/common/config.py b/keystone/common/config.py new file mode 100644 index 0000000000..e60385ccd0 --- /dev/null +++ b/keystone/common/config.py @@ -0,0 +1,364 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2012 OpenStack LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import gettext +import os +import sys + +from oslo.config import cfg + +from keystone.common import logging + + +gettext.install('keystone', unicode=1) + +_DEFAULT_LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s" +_DEFAULT_LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S" +_DEFAULT_AUTH_METHODS = ['password', 'token'] + +COMMON_CLI_OPTS = [ + cfg.BoolOpt('debug', + short='d', + default=False, + help='Print debugging output (set logging level to ' + 'DEBUG instead of default WARNING level).'), + cfg.BoolOpt('verbose', + short='v', + default=False, + help='Print more verbose output (set logging level to ' + 'INFO instead of default WARNING level).'), +] + +LOGGING_CLI_OPTS = [ + cfg.StrOpt('log-config', + metavar='PATH', + help='If this option is specified, the logging configuration ' + 'file specified is used and overrides any other logging ' + 'options specified. Please see the Python logging module ' + 'documentation for details on logging configuration ' + 'files.'), + cfg.StrOpt('log-format', + default=_DEFAULT_LOG_FORMAT, + metavar='FORMAT', + help='A logging.Formatter log message format string which may ' + 'use any of the available logging.LogRecord attributes.'), + cfg.StrOpt('log-date-format', + default=_DEFAULT_LOG_DATE_FORMAT, + metavar='DATE_FORMAT', + help='Format string for %%(asctime)s in log records.'), + cfg.StrOpt('log-file', + metavar='PATH', + help='Name of log file to output. ' + 'If not set, logging will go to stdout.'), + cfg.StrOpt('log-dir', + help='The directory in which to store log files. ' + '(will be prepended to --log-file)'), + cfg.BoolOpt('use-syslog', + default=False, + help='Use syslog for logging.'), + cfg.StrOpt('syslog-log-facility', + default='LOG_USER', + help='syslog facility to receive log lines.') +] + +CONF = cfg.CONF + + +def setup_logging(conf): + """ + Sets up the logging options for a log with supplied name + + :param conf: a cfg.ConfOpts object + """ + + if conf.log_config: + # Use a logging configuration file for all settings... + if os.path.exists(conf.log_config): + logging.config.fileConfig(conf.log_config) + return + else: + raise RuntimeError(_('Unable to locate specified logging ' + 'config file: %s') % conf.log_config) + + root_logger = logging.root + if conf.debug: + root_logger.setLevel(logging.DEBUG) + elif conf.verbose: + root_logger.setLevel(logging.INFO) + else: + root_logger.setLevel(logging.WARNING) + + formatter = logging.Formatter(conf.log_format, conf.log_date_format) + + if conf.use_syslog: + try: + facility = getattr(logging.SysLogHandler, + conf.syslog_log_facility) + except AttributeError: + raise ValueError(_('Invalid syslog facility')) + + handler = logging.SysLogHandler(address='/dev/log', + facility=facility) + elif conf.log_file: + logfile = conf.log_file + if conf.log_dir: + logfile = os.path.join(conf.log_dir, logfile) + handler = logging.WatchedFileHandler(logfile) + else: + handler = logging.StreamHandler(sys.stdout) + + handler.setFormatter(formatter) + root_logger.addHandler(handler) + + +def register_str(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.StrOpt(*args, **kw), group=group) + + +def register_cli_str(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.StrOpt(*args, **kw), group=group) + + +def register_list(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.ListOpt(*args, **kw), group=group) + + +def register_cli_list(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.ListOpt(*args, **kw), group=group) + + +def register_bool(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.BoolOpt(*args, **kw), group=group) + + +def register_cli_bool(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.BoolOpt(*args, **kw), group=group) + + +def register_int(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.IntOpt(*args, **kw), group=group) + + +def register_cli_int(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) + + +def configure(): + CONF.register_cli_opts(COMMON_CLI_OPTS) + CONF.register_cli_opts(LOGGING_CLI_OPTS) + + register_cli_bool('standard-threads', default=False) + + register_cli_str('pydev-debug-host', default=None) + register_cli_int('pydev-debug-port', default=None) + + register_str('admin_token', default='ADMIN') + register_str('bind_host', default='0.0.0.0') + register_int('compute_port', default=8774) + register_int('admin_port', default=35357) + register_int('public_port', default=5000) + register_str( + 'public_endpoint', default='http://localhost:%(public_port)d/') + register_str('admin_endpoint', default='http://localhost:%(admin_port)d/') + register_str('onready') + register_str('auth_admin_prefix', default='') + register_str('policy_file', default='policy.json') + register_str('policy_default_rule', default=None) + # default max request size is 112k + register_int('max_request_body_size', default=114688) + register_int('max_param_size', default=64) + # we allow tokens to be a bit larger to accommodate PKI + register_int('max_token_size', default=8192) + register_str( + 'member_role_id', default='9fe2ff9ee4384b1894a90878d3e92bab') + register_str('member_role_name', default='_member_') + + # identity + register_str('default_domain_id', group='identity', default='default') + + # ssl + register_bool('enable', group='ssl', default=False) + register_str('certfile', group='ssl', default=None) + register_str('keyfile', group='ssl', default=None) + register_str('ca_certs', group='ssl', default=None) + register_bool('cert_required', group='ssl', default=False) + + # signing + register_str( + 'token_format', group='signing', default="PKI") + register_str( + 'certfile', + group='signing', + default="/etc/keystone/ssl/certs/signing_cert.pem") + register_str( + 'keyfile', + group='signing', + default="/etc/keystone/ssl/private/signing_key.pem") + register_str( + 'ca_certs', + group='signing', + default="/etc/keystone/ssl/certs/ca.pem") + register_int('key_size', group='signing', default=1024) + register_int('valid_days', group='signing', default=3650) + register_str('ca_password', group='signing', default=None) + + # sql + register_str('connection', group='sql', default='sqlite:///keystone.db') + register_int('idle_timeout', group='sql', default=200) + + register_str( + 'driver', + group='catalog', + default='keystone.catalog.backends.sql.Catalog') + register_str( + 'driver', + group='identity', + default='keystone.identity.backends.sql.Identity') + register_str( + 'driver', + group='policy', + default='keystone.policy.backends.sql.Policy') + register_str( + 'driver', group='token', default='keystone.token.backends.kvs.Token') + register_str( + 'driver', group='trust', default='keystone.trust.backends.sql.Trust') + register_str( + 'driver', group='ec2', default='keystone.contrib.ec2.backends.kvs.Ec2') + register_str( + 'driver', + group='stats', + default='keystone.contrib.stats.backends.kvs.Stats') + + # ldap + register_str('url', group='ldap', default='ldap://localhost') + register_str('user', group='ldap', default=None) + register_str('password', group='ldap', default=None) + register_str('suffix', group='ldap', default='cn=example,cn=com') + register_bool('use_dumb_member', group='ldap', default=False) + register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent') + register_bool('allow_subtree_delete', group='ldap', default=False) + register_str('query_scope', group='ldap', default='one') + register_int('page_size', group='ldap', default=0) + + register_str('user_tree_dn', group='ldap', default=None) + register_str('user_filter', group='ldap', default=None) + register_str('user_objectclass', group='ldap', default='inetOrgPerson') + register_str('user_id_attribute', group='ldap', default='cn') + register_str('user_name_attribute', group='ldap', default='sn') + register_str('user_mail_attribute', group='ldap', default='email') + register_str('user_pass_attribute', group='ldap', default='userPassword') + register_str('user_enabled_attribute', group='ldap', default='enabled') + register_str( + 'user_domain_id_attribute', group='ldap', default='businessCategory') + register_int('user_enabled_mask', group='ldap', default=0) + register_str('user_enabled_default', group='ldap', default='True') + register_list( + 'user_attribute_ignore', group='ldap', default='tenant_id,tenants') + register_bool('user_allow_create', group='ldap', default=True) + register_bool('user_allow_update', group='ldap', default=True) + register_bool('user_allow_delete', group='ldap', default=True) + register_bool('user_enabled_emulation', group='ldap', default=False) + register_str('user_enabled_emulation_dn', group='ldap', default=None) + + register_str('tenant_tree_dn', group='ldap', default=None) + register_str('tenant_filter', group='ldap', default=None) + register_str('tenant_objectclass', group='ldap', default='groupOfNames') + register_str('tenant_id_attribute', group='ldap', default='cn') + register_str('tenant_member_attribute', group='ldap', default='member') + register_str('tenant_name_attribute', group='ldap', default='ou') + register_str('tenant_desc_attribute', group='ldap', default='description') + register_str('tenant_enabled_attribute', group='ldap', default='enabled') + register_str( + 'tenant_domain_id_attribute', group='ldap', default='businessCategory') + register_list('tenant_attribute_ignore', group='ldap', default='') + register_bool('tenant_allow_create', group='ldap', default=True) + register_bool('tenant_allow_update', group='ldap', default=True) + register_bool('tenant_allow_delete', group='ldap', default=True) + register_bool('tenant_enabled_emulation', group='ldap', default=False) + register_str('tenant_enabled_emulation_dn', group='ldap', default=None) + + register_str('role_tree_dn', group='ldap', default=None) + register_str('role_filter', group='ldap', default=None) + register_str( + 'role_objectclass', group='ldap', default='organizationalRole') + register_str('role_id_attribute', group='ldap', default='cn') + register_str('role_name_attribute', group='ldap', default='ou') + register_str('role_member_attribute', group='ldap', default='roleOccupant') + register_list('role_attribute_ignore', group='ldap', default='') + register_bool('role_allow_create', group='ldap', default=True) + register_bool('role_allow_update', group='ldap', default=True) + register_bool('role_allow_delete', group='ldap', default=True) + + register_str('group_tree_dn', group='ldap', default=None) + register_str('group_filter', group='ldap', default=None) + register_str('group_objectclass', group='ldap', default='groupOfNames') + register_str('group_id_attribute', group='ldap', default='cn') + register_str('group_name_attribute', group='ldap', default='ou') + register_str('group_member_attribute', group='ldap', default='member') + register_str('group_desc_attribute', group='ldap', default='description') + register_str( + 'group_domain_id_attribute', group='ldap', default='businessCategory') + register_list('group_attribute_ignore', group='ldap', default='') + register_bool('group_allow_create', group='ldap', default=True) + register_bool('group_allow_update', group='ldap', default=True) + register_bool('group_allow_delete', group='ldap', default=True) + + register_str('domain_tree_dn', group='ldap', default=None) + register_str('domain_filter', group='ldap', default=None) + register_str('domain_objectclass', group='ldap', default='groupOfNames') + register_str('domain_id_attribute', group='ldap', default='cn') + register_str('domain_name_attribute', group='ldap', default='ou') + register_str('domain_member_attribute', group='ldap', default='member') + register_str('domain_desc_attribute', group='ldap', default='description') + register_str('domain_enabled_attribute', group='ldap', default='enabled') + register_list('domain_attribute_ignore', group='ldap', default='') + register_bool('domain_allow_create', group='ldap', default=True) + register_bool('domain_allow_update', group='ldap', default=True) + register_bool('domain_allow_delete', group='ldap', default=True) + + # pam + register_str('url', group='pam', default=None) + register_str('userid', group='pam', default=None) + register_str('password', group='pam', default=None) + + # default authentication methods + register_list('methods', group='auth', default=_DEFAULT_AUTH_METHODS) + register_str( + 'password', group='auth', default='keystone.auth.plugins.token.Token') + register_str( + 'token', group='auth', + default='keystone.auth.plugins.password.Password') + + # register any non-default auth methods here (used by extensions, etc) + for method_name in CONF.auth.methods: + if method_name not in _DEFAULT_AUTH_METHODS: + register_str(method_name, group='auth') diff --git a/keystone/common/utils.py b/keystone/common/utils.py index e4a77b4718..9812ac8727 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -26,8 +26,8 @@ import time import passlib.hash +from keystone.common import config from keystone.common import logging -from keystone import config from keystone import exception diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py index 8ec0647f63..ac91a6a111 100644 --- a/keystone/common/wsgi.py +++ b/keystone/common/wsgi.py @@ -29,9 +29,9 @@ import ssl import webob.dec import webob.exc +from keystone.common import config from keystone.common import logging from keystone.common import utils -from keystone import config from keystone import exception from keystone.openstack.common import importutils from keystone.openstack.common import jsonutils diff --git a/keystone/config.py b/keystone/config.py index c1706a4642..6414ad641f 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -13,337 +13,20 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. +"""Wrapper for keystone.common.config that configures itself on import.""" -import gettext -import os -import sys - -from oslo.config import cfg - -from keystone.common import logging - -gettext.install('keystone', unicode=1) - -_DEFAULT_LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s" -_DEFAULT_LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S" -_DEFAULT_AUTH_METHODS = ['password', 'token'] - -common_cli_opts = [ - cfg.BoolOpt('debug', - short='d', - default=False, - help='Print debugging output (set logging level to ' - 'DEBUG instead of default WARNING level).'), - cfg.BoolOpt('verbose', - short='v', - default=False, - help='Print more verbose output (set logging level to ' - 'INFO instead of default WARNING level).'), -] - -logging_cli_opts = [ - cfg.StrOpt('log-config', - metavar='PATH', - help='If this option is specified, the logging configuration ' - 'file specified is used and overrides any other logging ' - 'options specified. Please see the Python logging module ' - 'documentation for details on logging configuration ' - 'files.'), - cfg.StrOpt('log-format', - default=_DEFAULT_LOG_FORMAT, - metavar='FORMAT', - help='A logging.Formatter log message format string which may ' - 'use any of the available logging.LogRecord attributes.'), - cfg.StrOpt('log-date-format', - default=_DEFAULT_LOG_DATE_FORMAT, - metavar='DATE_FORMAT', - help='Format string for %%(asctime)s in log records.'), - cfg.StrOpt('log-file', - metavar='PATH', - help='Name of log file to output. ' - 'If not set, logging will go to stdout.'), - cfg.StrOpt('log-dir', - help='The directory in which to store log files. ' - '(will be prepended to --log-file)'), - cfg.BoolOpt('use-syslog', - default=False, - help='Use syslog for logging.'), - cfg.StrOpt('syslog-log-facility', - default='LOG_USER', - help='syslog facility to receive log lines.') -] - -CONF = cfg.CONF -CONF.register_cli_opts(common_cli_opts) -CONF.register_cli_opts(logging_cli_opts) +from keystone.common import config -def setup_logging(conf): - """ - Sets up the logging options for a log with supplied name +config.configure() +CONF = config.CONF - :param conf: a cfg.ConfOpts object - """ - - if conf.log_config: - # Use a logging configuration file for all settings... - if os.path.exists(conf.log_config): - logging.config.fileConfig(conf.log_config) - return - else: - raise RuntimeError(_('Unable to locate specified logging ' - 'config file: %s') % conf.log_config) - - root_logger = logging.root - if conf.debug: - root_logger.setLevel(logging.DEBUG) - elif conf.verbose: - root_logger.setLevel(logging.INFO) - else: - root_logger.setLevel(logging.WARNING) - - formatter = logging.Formatter(conf.log_format, conf.log_date_format) - - if conf.use_syslog: - try: - facility = getattr(logging.SysLogHandler, - conf.syslog_log_facility) - except AttributeError: - raise ValueError(_('Invalid syslog facility')) - - handler = logging.SysLogHandler(address='/dev/log', - facility=facility) - elif conf.log_file: - logfile = conf.log_file - if conf.log_dir: - logfile = os.path.join(conf.log_dir, logfile) - handler = logging.WatchedFileHandler(logfile) - else: - handler = logging.StreamHandler(sys.stdout) - - handler.setFormatter(formatter) - root_logger.addHandler(handler) - - -def register_str(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.StrOpt(*args, **kw), group=group) - - -def register_cli_str(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.StrOpt(*args, **kw), group=group) - - -def register_list(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.ListOpt(*args, **kw), group=group) - - -def register_cli_list(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.ListOpt(*args, **kw), group=group) - - -def register_bool(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.BoolOpt(*args, **kw), group=group) - - -def register_cli_bool(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.BoolOpt(*args, **kw), group=group) - - -def register_int(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.IntOpt(*args, **kw), group=group) - - -def register_cli_int(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) - - -register_cli_bool('standard-threads', default=False) - -register_cli_str('pydev-debug-host', default=None) -register_cli_int('pydev-debug-port', default=None) - -register_str('admin_token', default='ADMIN') -register_str('bind_host', default='0.0.0.0') -register_int('compute_port', default=8774) -register_int('admin_port', default=35357) -register_int('public_port', default=5000) -register_str('public_endpoint', default='http://localhost:%(public_port)d/') -register_str('admin_endpoint', default='http://localhost:%(admin_port)d/') -register_str('onready') -register_str('auth_admin_prefix', default='') -register_str('policy_file', default='policy.json') -register_str('policy_default_rule', default=None) -#default max request size is 112k -register_int('max_request_body_size', default=114688) -register_int('max_param_size', default=64) -# we allow tokens to be a bit larger to accommodate PKI -register_int('max_token_size', default=8192) -register_str('member_role_id', - default='9fe2ff9ee4384b1894a90878d3e92bab') -register_str('member_role_name', default='_member_') - - -# identity -register_str('default_domain_id', group='identity', default='default') - -# ssl -register_bool('enable', group='ssl', default=False) -register_str('certfile', group='ssl', default=None) -register_str('keyfile', group='ssl', default=None) -register_str('ca_certs', group='ssl', default=None) -register_bool('cert_required', group='ssl', default=False) - -# signing -register_str('token_format', group='signing', - default="PKI") -register_str('certfile', group='signing', - default="/etc/keystone/ssl/certs/signing_cert.pem") -register_str('keyfile', group='signing', - default="/etc/keystone/ssl/private/signing_key.pem") -register_str('ca_certs', group='signing', - default="/etc/keystone/ssl/certs/ca.pem") -register_int('key_size', group='signing', default=1024) -register_int('valid_days', group='signing', default=3650) -register_str('ca_password', group='signing', default=None) - - -# sql -register_str('connection', group='sql', default='sqlite:///keystone.db') -register_int('idle_timeout', group='sql', default=200) - - -register_str('driver', group='catalog', - default='keystone.catalog.backends.sql.Catalog') -register_str('driver', group='identity', - default='keystone.identity.backends.sql.Identity') -register_str('driver', group='policy', - default='keystone.policy.backends.sql.Policy') -register_str('driver', group='token', - default='keystone.token.backends.kvs.Token') -register_str('driver', group='trust', - default='keystone.trust.backends.sql.Trust') -register_str('driver', group='ec2', - default='keystone.contrib.ec2.backends.kvs.Ec2') -register_str('driver', group='stats', - default='keystone.contrib.stats.backends.kvs.Stats') - - -# ldap -register_str('url', group='ldap', default='ldap://localhost') -register_str('user', group='ldap', default=None) -register_str('password', group='ldap', default=None) -register_str('suffix', group='ldap', default='cn=example,cn=com') -register_bool('use_dumb_member', group='ldap', default=False) -register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent') -register_bool('allow_subtree_delete', group='ldap', default=False) -register_str('query_scope', group='ldap', default='one') -register_int('page_size', group='ldap', default=0) - -register_str('user_tree_dn', group='ldap', default=None) -register_str('user_filter', group='ldap', default=None) -register_str('user_objectclass', group='ldap', default='inetOrgPerson') -register_str('user_id_attribute', group='ldap', default='cn') -register_str('user_name_attribute', group='ldap', default='sn') -register_str('user_mail_attribute', group='ldap', default='email') -register_str('user_pass_attribute', group='ldap', default='userPassword') -register_str('user_enabled_attribute', group='ldap', default='enabled') -register_str('user_domain_id_attribute', group='ldap', - default='businessCategory') -register_int('user_enabled_mask', group='ldap', default=0) -register_str('user_enabled_default', group='ldap', default='True') -register_list('user_attribute_ignore', group='ldap', - default='tenant_id,tenants') -register_bool('user_allow_create', group='ldap', default=True) -register_bool('user_allow_update', group='ldap', default=True) -register_bool('user_allow_delete', group='ldap', default=True) -register_bool('user_enabled_emulation', group='ldap', default=False) -register_str('user_enabled_emulation_dn', group='ldap', default=None) - -register_str('tenant_tree_dn', group='ldap', default=None) -register_str('tenant_filter', group='ldap', default=None) -register_str('tenant_objectclass', group='ldap', default='groupOfNames') -register_str('tenant_id_attribute', group='ldap', default='cn') -register_str('tenant_member_attribute', group='ldap', default='member') -register_str('tenant_name_attribute', group='ldap', default='ou') -register_str('tenant_desc_attribute', group='ldap', default='description') -register_str('tenant_enabled_attribute', group='ldap', default='enabled') -register_str('tenant_domain_id_attribute', group='ldap', - default='businessCategory') -register_list('tenant_attribute_ignore', group='ldap', default='') -register_bool('tenant_allow_create', group='ldap', default=True) -register_bool('tenant_allow_update', group='ldap', default=True) -register_bool('tenant_allow_delete', group='ldap', default=True) -register_bool('tenant_enabled_emulation', group='ldap', default=False) -register_str('tenant_enabled_emulation_dn', group='ldap', default=None) - -register_str('role_tree_dn', group='ldap', default=None) -register_str('role_filter', group='ldap', default=None) -register_str('role_objectclass', group='ldap', default='organizationalRole') -register_str('role_id_attribute', group='ldap', default='cn') -register_str('role_name_attribute', group='ldap', default='ou') -register_str('role_member_attribute', group='ldap', default='roleOccupant') -register_list('role_attribute_ignore', group='ldap', default='') -register_bool('role_allow_create', group='ldap', default=True) -register_bool('role_allow_update', group='ldap', default=True) -register_bool('role_allow_delete', group='ldap', default=True) - -register_str('group_tree_dn', group='ldap', default=None) -register_str('group_filter', group='ldap', default=None) -register_str('group_objectclass', group='ldap', default='groupOfNames') -register_str('group_id_attribute', group='ldap', default='cn') -register_str('group_name_attribute', group='ldap', default='ou') -register_str('group_member_attribute', group='ldap', default='member') -register_str('group_desc_attribute', group='ldap', default='description') -register_str('group_domain_id_attribute', group='ldap', - default='businessCategory') -register_list('group_attribute_ignore', group='ldap', default='') -register_bool('group_allow_create', group='ldap', default=True) -register_bool('group_allow_update', group='ldap', default=True) -register_bool('group_allow_delete', group='ldap', default=True) - -register_str('domain_tree_dn', group='ldap', default=None) -register_str('domain_filter', group='ldap', default=None) -register_str('domain_objectclass', group='ldap', default='groupOfNames') -register_str('domain_id_attribute', group='ldap', default='cn') -register_str('domain_name_attribute', group='ldap', default='ou') -register_str('domain_member_attribute', group='ldap', default='member') -register_str('domain_desc_attribute', group='ldap', default='description') -register_str('domain_enabled_attribute', group='ldap', default='enabled') -register_list('domain_attribute_ignore', group='ldap', default='') -register_bool('domain_allow_create', group='ldap', default=True) -register_bool('domain_allow_update', group='ldap', default=True) -register_bool('domain_allow_delete', group='ldap', default=True) - -# pam -register_str('url', group='pam', default=None) -register_str('userid', group='pam', default=None) -register_str('password', group='pam', default=None) - -# default authentication methods -register_list('methods', group='auth', - default=_DEFAULT_AUTH_METHODS) -register_str('password', group='auth', - default='keystone.auth.methods.token.Token') -register_str('token', group='auth', - default='keystone.auth.methods.password.Password') - -# register any non-default auth methods here (used by extensions, etc) -for method_name in CONF.auth.methods: - if method_name not in _DEFAULT_AUTH_METHODS: - config.register_str(method_name, group='auth') +setup_logging = config.setup_logging +register_str = config.register_str +register_cli_str = config.register_cli_str +register_list = config.register_list +register_cli_list = config.register_cli_list +register_bool = config.register_bool +register_cli_bool = config.register_cli_bool +register_int = config.register_int +register_cli_int = config.register_cli_int diff --git a/keystone/exception.py b/keystone/exception.py index 5b519cd48d..59023bf7e2 100644 --- a/keystone/exception.py +++ b/keystone/exception.py @@ -15,8 +15,8 @@ # under the License. import re +from keystone.common import config from keystone.common import logging -from keystone import config CONF = config.CONF @@ -116,12 +116,18 @@ class Unauthorized(SecurityError): class AuthPluginException(Unauthorized): """ Authentication plugin error. """ - authentication = {} + + def __init__(self, *args, **kwargs): + super(AuthPluginException, self).__init__(*args, **kwargs) + self.authentication = {} class AuthMethodNotSupported(AuthPluginException): """ Attempted to authenticate with an unsupported method. """ - authentication = {'methods': CONF.auth.methods} + + def __init__(self, *args, **kwargs): + super(AuthMethodNotSupported, self).__init__(*args, **kwargs) + self.authentication = {'methods': CONF.auth.methods} class AdditionalAuthRequired(AuthPluginException): diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index 99cba4a0e8..863ef94884 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -16,11 +16,11 @@ import webob.dec +from keystone.common import config from keystone.common import logging from keystone.common import serializer from keystone.common import utils from keystone.common import wsgi -from keystone import config from keystone import exception from keystone.openstack.common import jsonutils diff --git a/tests/_test_import_auth_token.py b/tests/_test_import_auth_token.py new file mode 100644 index 0000000000..4e16f9a47e --- /dev/null +++ b/tests/_test_import_auth_token.py @@ -0,0 +1,25 @@ +"""This is an isolated test to prevent unexpected imports. + +This module must be run in isolation, e.g.: + + $ ./run_tests.sh _test_import_auth_token.py + +This module can be removed when keystone.middleware.auth_token is removed. + +""" + +import unittest + + +class TestAuthToken(unittest.TestCase): + def test_import(self): + # a consuming service like nova would import oslo.config first + from oslo.config import cfg + conf = cfg.CONF + + # define some config options + conf.register_opt(cfg.BoolOpt('debug', default=False)) + + # and then import auth_token as a filter + from keystone.middleware import auth_token + self.assertTrue(auth_token)