Centralize config option: trust section
Centralize config option of trust section. Replace oslo_conf cfg to magnum.conf. Change-Id: Ie8e50f62bf41ccc1708b16745e5aaf841379b66b Implements: blueprint centralize-config-magnum
This commit is contained in:
parent
19d80981a7
commit
5abcdadb51
@ -21,40 +21,16 @@ from oslo_config import cfg
|
|||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
from magnum.common import exception
|
from magnum.common import exception
|
||||||
|
import magnum.conf
|
||||||
from magnum.i18n import _
|
from magnum.i18n import _
|
||||||
from magnum.i18n import _LE
|
from magnum.i18n import _LE
|
||||||
from magnum.i18n import _LW
|
from magnum.i18n import _LW
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = magnum.conf.CONF
|
||||||
CFG_GROUP = 'keystone_auth'
|
CFG_GROUP = 'keystone_auth'
|
||||||
CFG_LEGACY_GROUP = 'keystone_authtoken'
|
CFG_LEGACY_GROUP = 'keystone_authtoken'
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
trust_opts = [
|
|
||||||
cfg.StrOpt('trustee_domain_id',
|
|
||||||
help=_('Id of the domain to create trustee for clusters')),
|
|
||||||
cfg.StrOpt('trustee_domain_name',
|
|
||||||
help=_('Name of the domain to create trustee for s')),
|
|
||||||
cfg.StrOpt('trustee_domain_admin_id',
|
|
||||||
help=_('Id of the admin with roles sufficient to manage users'
|
|
||||||
' in the trustee_domain')),
|
|
||||||
cfg.StrOpt('trustee_domain_admin_name',
|
|
||||||
help=_('Name of the admin with roles sufficient to manage users'
|
|
||||||
' in the trustee_domain')),
|
|
||||||
cfg.StrOpt('trustee_domain_admin_domain_id',
|
|
||||||
help=_('Id of the domain admin user\'s domain.'
|
|
||||||
' trustee_domain_id is used by default')),
|
|
||||||
cfg.StrOpt('trustee_domain_admin_domain_name',
|
|
||||||
help=_('Name of the domain admin user\'s domain.'
|
|
||||||
' trustee_domain_name is used by default')),
|
|
||||||
cfg.StrOpt('trustee_domain_admin_password', secret=True,
|
|
||||||
help=_('Password of trustee_domain_admin')),
|
|
||||||
cfg.ListOpt('roles',
|
|
||||||
default=[],
|
|
||||||
help=_('The roles which are delegated to the trustee '
|
|
||||||
'by the trustor'))
|
|
||||||
]
|
|
||||||
|
|
||||||
legacy_session_opts = {
|
legacy_session_opts = {
|
||||||
'certfile': [cfg.DeprecatedOpt('certfile', CFG_LEGACY_GROUP)],
|
'certfile': [cfg.DeprecatedOpt('certfile', CFG_LEGACY_GROUP)],
|
||||||
'keyfile': [cfg.DeprecatedOpt('keyfile', CFG_LEGACY_GROUP)],
|
'keyfile': [cfg.DeprecatedOpt('keyfile', CFG_LEGACY_GROUP)],
|
||||||
@ -66,7 +42,6 @@ legacy_session_opts = {
|
|||||||
keystone_auth_opts = (ka_loading.get_auth_common_conf_options() +
|
keystone_auth_opts = (ka_loading.get_auth_common_conf_options() +
|
||||||
ka_loading.get_auth_plugin_conf_options('password'))
|
ka_loading.get_auth_plugin_conf_options('password'))
|
||||||
|
|
||||||
CONF.register_opts(trust_opts, group='trust')
|
|
||||||
# FIXME(pauloewerton): remove import of authtoken group and legacy options
|
# FIXME(pauloewerton): remove import of authtoken group and legacy options
|
||||||
# after deprecation period
|
# after deprecation period
|
||||||
CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
|
CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
|
||||||
|
@ -34,6 +34,7 @@ from magnum.conf import nova
|
|||||||
from magnum.conf import paths
|
from magnum.conf import paths
|
||||||
from magnum.conf import rpc
|
from magnum.conf import rpc
|
||||||
from magnum.conf import services
|
from magnum.conf import services
|
||||||
|
from magnum.conf import trust
|
||||||
from magnum.conf import utils
|
from magnum.conf import utils
|
||||||
# from magnum.conf import x509
|
# from magnum.conf import x509
|
||||||
|
|
||||||
@ -58,5 +59,6 @@ nova.register_opts(CONF)
|
|||||||
paths.register_opts(CONF)
|
paths.register_opts(CONF)
|
||||||
rpc.register_opts(CONF)
|
rpc.register_opts(CONF)
|
||||||
services.register_opts(CONF)
|
services.register_opts(CONF)
|
||||||
|
trust.register_opts(CONF)
|
||||||
utils.register_opts(CONF)
|
utils.register_opts(CONF)
|
||||||
# x509.register_opts(CONF)
|
# x509.register_opts(CONF)
|
||||||
|
54
magnum/conf/trust.py
Normal file
54
magnum/conf/trust.py
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
# use this file except in compliance with the License. You may obtain a copy
|
||||||
|
# of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
from magnum.i18n import _
|
||||||
|
|
||||||
|
trust_group = cfg.OptGroup(name='trust',
|
||||||
|
title='Trustee options for the magnum services')
|
||||||
|
|
||||||
|
trust_opts = [
|
||||||
|
cfg.StrOpt('trustee_domain_id',
|
||||||
|
help=_('Id of the domain to create trustee for clusters')),
|
||||||
|
cfg.StrOpt('trustee_domain_name',
|
||||||
|
help=_('Name of the domain to create trustee for s')),
|
||||||
|
cfg.StrOpt('trustee_domain_admin_id',
|
||||||
|
help=_('Id of the admin with roles sufficient to manage users'
|
||||||
|
' in the trustee_domain')),
|
||||||
|
cfg.StrOpt('trustee_domain_admin_name',
|
||||||
|
help=_('Name of the admin with roles sufficient to manage users'
|
||||||
|
' in the trustee_domain')),
|
||||||
|
cfg.StrOpt('trustee_domain_admin_domain_id',
|
||||||
|
help=_('Id of the domain admin user\'s domain.'
|
||||||
|
' trustee_domain_id is used by default')),
|
||||||
|
cfg.StrOpt('trustee_domain_admin_domain_name',
|
||||||
|
help=_('Name of the domain admin user\'s domain.'
|
||||||
|
' trustee_domain_name is used by default')),
|
||||||
|
cfg.StrOpt('trustee_domain_admin_password', secret=True,
|
||||||
|
help=_('Password of trustee_domain_admin')),
|
||||||
|
cfg.ListOpt('roles',
|
||||||
|
default=[],
|
||||||
|
help=_('The roles which are delegated to the trustee '
|
||||||
|
'by the trustor'))
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def register_opts(conf):
|
||||||
|
conf.register_group(trust_group)
|
||||||
|
conf.register_opts(trust_opts, group=trust_group)
|
||||||
|
|
||||||
|
|
||||||
|
def list_opts():
|
||||||
|
return {
|
||||||
|
trust_group: trust_opts
|
||||||
|
}
|
@ -44,7 +44,6 @@ docker_registry_opts = [
|
|||||||
|
|
||||||
CONF = magnum.conf.CONF
|
CONF = magnum.conf.CONF
|
||||||
CONF.register_opts(docker_registry_opts, group='docker_registry')
|
CONF.register_opts(docker_registry_opts, group='docker_registry')
|
||||||
CONF.import_opt('trustee_domain_id', 'magnum.common.keystone', group='trust')
|
|
||||||
|
|
||||||
|
|
||||||
class ParameterMapping(object):
|
class ParameterMapping(object):
|
||||||
|
@ -21,7 +21,6 @@ import magnum.drivers.common.template_def
|
|||||||
|
|
||||||
def list_opts():
|
def list_opts():
|
||||||
return [
|
return [
|
||||||
('trust', magnum.common.keystone.trust_opts),
|
|
||||||
('x509', magnum.common.x509.config.x509_opts),
|
('x509', magnum.common.x509.config.x509_opts),
|
||||||
('keystone_auth', magnum.common.keystone.keystone_auth_opts),
|
('keystone_auth', magnum.common.keystone.keystone_auth_opts),
|
||||||
('docker_registry',
|
('docker_registry',
|
||||||
|
@ -15,14 +15,11 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import fixtures
|
import fixtures
|
||||||
from oslo_config import cfg
|
|
||||||
|
|
||||||
from magnum.common import config
|
from magnum.common import config
|
||||||
|
import magnum.conf
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = magnum.conf.CONF
|
||||||
CONF.import_opt('host', 'magnum.common.service')
|
|
||||||
CONF.import_opt('connection', 'oslo_db.options', group='database')
|
|
||||||
CONF.import_opt('sqlite_synchronous', 'oslo_db.options', group='database')
|
|
||||||
|
|
||||||
|
|
||||||
class ConfFixture(fixtures.Fixture):
|
class ConfFixture(fixtures.Fixture):
|
||||||
|
@ -32,12 +32,6 @@ class ClientsTest(base.BaseTestCase):
|
|||||||
|
|
||||||
CONF.set_override('auth_uri', 'http://server.test:5000/v2.0',
|
CONF.set_override('auth_uri', 'http://server.test:5000/v2.0',
|
||||||
group='keystone_authtoken')
|
group='keystone_authtoken')
|
||||||
CONF.import_opt('api_version', 'magnum.common.clients',
|
|
||||||
group='nova_client')
|
|
||||||
CONF.import_opt('api_version', 'magnum.common.clients',
|
|
||||||
group='heat_client')
|
|
||||||
CONF.import_opt('api_version', 'magnum.common.clients',
|
|
||||||
group='glance_client')
|
|
||||||
|
|
||||||
@mock.patch.object(clients.OpenStackClients, 'keystone')
|
@mock.patch.object(clients.OpenStackClients, 'keystone')
|
||||||
def test_url_for(self, mock_keystone):
|
def test_url_for(self, mock_keystone):
|
||||||
|
@ -11,21 +11,20 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
from oslo_config import cfg
|
|
||||||
from oslo_config import fixture
|
from oslo_config import fixture
|
||||||
|
|
||||||
cfg.CONF.import_group('keystone_authtoken',
|
|
||||||
'keystonemiddleware.auth_token')
|
|
||||||
|
|
||||||
from keystoneauth1 import exceptions as ka_exception
|
from keystoneauth1 import exceptions as ka_exception
|
||||||
from keystoneauth1 import identity as ka_identity
|
from keystoneauth1 import identity as ka_identity
|
||||||
import keystoneclient.exceptions as kc_exception
|
import keystoneclient.exceptions as kc_exception
|
||||||
|
|
||||||
from magnum.common import exception
|
from magnum.common import exception
|
||||||
from magnum.common import keystone
|
from magnum.common import keystone
|
||||||
|
import magnum.conf
|
||||||
from magnum.tests import base
|
from magnum.tests import base
|
||||||
from magnum.tests import utils
|
from magnum.tests import utils
|
||||||
|
|
||||||
|
CONF = magnum.conf.CONF
|
||||||
|
|
||||||
|
|
||||||
@mock.patch('keystoneclient.v3.client.Client')
|
@mock.patch('keystoneclient.v3.client.Client')
|
||||||
class KeystoneClientTest(base.TestCase):
|
class KeystoneClientTest(base.TestCase):
|
||||||
@ -148,7 +147,7 @@ class KeystoneClientTest(base.TestCase):
|
|||||||
self.ctx.roles = ['role1', 'role2']
|
self.ctx.roles = ['role1', 'role2']
|
||||||
ks_client = keystone.KeystoneClientV3(self.ctx)
|
ks_client = keystone.KeystoneClientV3(self.ctx)
|
||||||
|
|
||||||
cfg.CONF.set_override('roles', ['role3'], group='trust')
|
CONF.set_override('roles', ['role3'], group='trust')
|
||||||
ks_client.create_trust(trustee_user='888888')
|
ks_client.create_trust(trustee_user='888888')
|
||||||
|
|
||||||
mock_ks.return_value.trusts.create.assert_called_once_with(
|
mock_ks.return_value.trusts.create.assert_called_once_with(
|
||||||
@ -196,7 +195,7 @@ class KeystoneClientTest(base.TestCase):
|
|||||||
def test_get_validate_region_name(self, mock_ks):
|
def test_get_validate_region_name(self, mock_ks):
|
||||||
key = 'region_name'
|
key = 'region_name'
|
||||||
val = 'RegionOne'
|
val = 'RegionOne'
|
||||||
cfg.CONF.set_override(key, val, 'cinder_client')
|
CONF.set_override(key, val, 'cinder_client')
|
||||||
mock_region = mock.MagicMock()
|
mock_region = mock.MagicMock()
|
||||||
mock_region.id = 'RegionOne'
|
mock_region.id = 'RegionOne'
|
||||||
mock_ks.return_value.regions.list.return_value = [mock_region]
|
mock_ks.return_value.regions.list.return_value = [mock_region]
|
||||||
@ -207,7 +206,7 @@ class KeystoneClientTest(base.TestCase):
|
|||||||
def test_get_validate_region_name_not_found(self, mock_ks):
|
def test_get_validate_region_name_not_found(self, mock_ks):
|
||||||
key = 'region_name'
|
key = 'region_name'
|
||||||
val = 'region123'
|
val = 'region123'
|
||||||
cfg.CONF.set_override(key, val, 'cinder_client')
|
CONF.set_override(key, val, 'cinder_client')
|
||||||
ks_client = keystone.KeystoneClientV3(self.ctx)
|
ks_client = keystone.KeystoneClientV3(self.ctx)
|
||||||
self.assertRaises(exception.InvalidParameterValue,
|
self.assertRaises(exception.InvalidParameterValue,
|
||||||
ks_client.get_validate_region_name, val)
|
ks_client.get_validate_region_name, val)
|
||||||
@ -215,7 +214,7 @@ class KeystoneClientTest(base.TestCase):
|
|||||||
def test_get_validate_region_name_is_None(self, mock_ks):
|
def test_get_validate_region_name_is_None(self, mock_ks):
|
||||||
key = 'region_name'
|
key = 'region_name'
|
||||||
val = None
|
val = None
|
||||||
cfg.CONF.set_override(key, val, 'cinder_client')
|
CONF.set_override(key, val, 'cinder_client')
|
||||||
ks_client = keystone.KeystoneClientV3(self.ctx)
|
ks_client = keystone.KeystoneClientV3(self.ctx)
|
||||||
self.assertRaises(exception.InvalidParameterValue,
|
self.assertRaises(exception.InvalidParameterValue,
|
||||||
ks_client.get_validate_region_name, val)
|
ks_client.get_validate_region_name, val)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user