Centralize config option: x509 section

Centralize config option of x509 section.
Replace oslo_conf cfg to magnum.conf.

Change-Id: I1b231d67d792eaa1714751c12798b205d0e2a5d0
Implements: blueprint centralize-config-magnum

magnum/common/x509/operations.py

@@ -21,16 +21,16 @@ from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives import serialization
 from cryptography import x509
-from oslo_config import cfg
 from oslo_log import log as logging
 
 from magnum.common import exception
 from magnum.common.x509 import validator
+import magnum.conf
 from magnum.i18n import _LE
 
 LOG = logging.getLogger(__name__)
 
-cfg.CONF.import_group('x509', 'magnum.common.x509.config')
+CONF = magnum.conf.CONF
 
 
 def generate_ca_certificate(subject_name, encryption_password=None):
@@ -106,7 +106,7 @@ def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None,
 
     private_key = rsa.generate_private_key(
         public_exponent=65537,
-        key_size=cfg.CONF.x509.rsa_key_size,
+        key_size=CONF.x509.rsa_key_size,
         backend=default_backend()
     )
 
@@ -192,7 +192,7 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
             LOG.exception(_LE("Received invalid csr {0}.").format(csr))
             raise exception.InvalidCsr(csr=csr)
 
-    term_of_validity = cfg.CONF.x509.term_of_validity
+    term_of_validity = CONF.x509.term_of_validity
     one_day = datetime.timedelta(1, 0, 0)
     expire_after = datetime.timedelta(term_of_validity, 0, 0)
 

magnum/common/x509/validator.py

@@ -13,31 +13,31 @@
 # under the License.
 
 from cryptography import x509
-from oslo_config import cfg
 
 from magnum.common import exception
 from magnum.common.x509 import extensions
+import magnum.conf
 
 _CA_KEY_USAGES = [
     extensions.KeyUsages.KEY_CERT_SIGN.value[0],
     extensions.KeyUsages.CRL_SIGN.value[0]
 ]
 
-cfg.CONF.import_group('x509', 'magnum.common.x509.config')
+CONF = magnum.conf.CONF
 
 
 def filter_extensions(extensions):
     filtered_extensions = []
-    allowed_key_usage = set(cfg.CONF.x509.allowed_key_usage)
-    if not cfg.CONF.x509.allow_ca:
+    allowed_key_usage = set(CONF.x509.allowed_key_usage)
+    if not CONF.x509.allow_ca:
         allowed_key_usage = _remove_ca_key_usage(allowed_key_usage)
 
     for ext in filter_allowed_extensions(extensions,
-                                         cfg.CONF.x509.allowed_extensions):
+                                         CONF.x509.allowed_extensions):
         if ext.oid == x509.OID_KEY_USAGE:
             ext = _merge_key_usage(ext, allowed_key_usage)
         elif ext.oid == x509.OID_BASIC_CONSTRAINTS:
-            if not cfg.CONF.x509.allow_ca:
+            if not CONF.x509.allow_ca:
                 ext = _disallow_ca_in_basic_constraints(ext)
 
         filtered_extensions.append(ext)

magnum/conf/__init__.py

@@ -36,7 +36,7 @@ from magnum.conf import rpc
 from magnum.conf import services
 from magnum.conf import trust
 from magnum.conf import utils
-# from magnum.conf import x509
+from magnum.conf import x509
 
 CONF = cfg.CONF
 
@@ -61,4 +61,4 @@ rpc.register_opts(CONF)
 services.register_opts(CONF)
 trust.register_opts(CONF)
 utils.register_opts(CONF)
-# x509.register_opts(CONF)
+x509.register_opts(CONF)

magnum/conf/x509.py

@@ -1,16 +1,14 @@
-# Copyright 2015 NEC Corporation.  All rights reserved.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at
 #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
 from oslo_config import cfg
 
@@ -31,6 +29,8 @@ DEFAULT_ALLOWED_KEY_USAGE = [
     extensions.KeyUsages.KEY_ENCIPHERMENT.value[0],
     extensions.KeyUsages.CONTENT_COMMITMENT.value[0]]
 
+x509_group = cfg.OptGroup(name='x509',
+                          title='Options for X509 in Magnum')
 
 x509_opts = [
     cfg.BoolOpt('allow_ca',
@@ -50,4 +50,13 @@ x509_opts = [
     cfg.IntOpt('rsa_key_size',
                default=2048, help=_('Size of generated private key. '))]
 
-cfg.CONF.register_opts(x509_opts, group='x509')
+
+def register_opts(conf):
+    conf.register_group(x509_group)
+    conf.register_opts(x509_opts, group=x509_group)
+
+
+def list_opts():
+    return {
+        x509_group: x509_opts
+    }

magnum/opts.py

@@ -13,13 +13,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import magnum.common.x509.config
 import magnum.drivers.common.template_def
 
 
 def list_opts():
     return [
-        ('x509', magnum.common.x509.config.x509_opts),
         ('docker_registry',
          magnum.drivers.common.template_def.docker_registry_opts)
     ]