d9c6b50a3a
keystone.common.config is 1200+ lines of super dense, merge-conflict prone, difficult to navigate, and finicky to maintain code. Let's follow nova's lead and break it down into more manageable modules. This patch creates a new Python package, keystone.conf, and moves all of our configuration options into it, mirroring nova's nova.conf package. There are a couple special modules in keystone.conf introduced here as well: - keystone.conf.__init__: This causes all of Keystone options to be registered on import, so consumers of keystone.conf don't have races with config initialization code while trying to use oslo_config.cfg.CONF directly (keystone.conf replaces all uses for oslo_config.cfg.CONF in keystone). - keystone.conf.base: Keystone's [DEFAULT] group options. I'd prefer this to be called 'default.py', but I'm just copying nova's lead here. - keystone.conf.opts: The entry point for oslo.config itself. - keystone.conf.constants: There are a few constants (deprecation messages, default paths, etc) that are used by multiple configuration modules, so they need to live in a common place. Change-Id: Ia3daffe3fef111b42de203762e966cd14d8927e2
31 lines
1.0 KiB
Python
31 lines
1.0 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
"""Constants for use in the keystone.conf package.
|
|
|
|
These constants are shared by more than one module in the keystone.conf
|
|
package.
|
|
|
|
"""
|
|
|
|
from keystone.conf import utils
|
|
|
|
|
|
_DEFAULT_AUTH_METHODS = ['external', 'password', 'token', 'oauth1']
|
|
|
|
_CERTFILE = '/etc/keystone/ssl/certs/signing_cert.pem'
|
|
_KEYFILE = '/etc/keystone/ssl/private/signing_key.pem'
|
|
|
|
_DEPRECATE_PKI_MSG = utils.fmt("""
|
|
PKI token support has been deprecated in the M release and will be removed in
|
|
the O release. Fernet or UUID tokens are recommended.
|
|
""")
|