Fix loading CertManager method

Currently local_cert_manager is never enabled if 'cert_manager_class' is set to 'neutron_lbaas.common.cert_manager.local_cert_manager'. Because due to initialization order of config parameters. This fixes it to correct order. Change-Id: I0b60e9034e113160ec8347da52d67c4835c90cbf
2015-08-25 14:48:40 +09:00 · 2015-08-25 14:48:40 +09:00 · 2cc700c291
commit 2cc700c291
parent a0bd18c7cd
8 changed files with 66 additions and 17 deletions
--- a/etc/neutron_lbaas.conf
+++ b/etc/neutron_lbaas.conf
@ -63,12 +63,11 @@ service_provider=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.driver
 # service_provider = LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default
 # service_provider = LOADBALANCERV2:LoggingNoop:neutron_lbaas.drivers.logging_noop.driver.LoggingNoopLoadBalancerDriver:default
 # service_provider=LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-# service_provider = LOADBALANCERV2:A10Networks:neutron_lbaas.drivers.a10networks.driver_v2.ThunderDriver:default 
+# service_provider = LOADBALANCERV2:A10Networks:neutron_lbaas.drivers.a10networks.driver_v2.ThunderDriver:default
 # service_provider = LOADBALANCERV2:brocade:neutron_lbaas.drivers.brocade.driver_v2.BrocadeLoadBalancerDriver:default
 # service_provider = LOADBALANCERV2:kemptechnologies:neutron_lbaas.drivers.kemptechnologies.driver_v2.KempLoadMasterDriver:default

 [certificates]
-# cert_manager_class = neutron_lbaas.common.cert_manager.barbican_cert_manager
+# cert_manager_type = barbican
 ## The following option is only valid when using neutron_lbaas.common.cert_manager.local_cert_manager
 # storage_path = /var/lib/neutron-lbaas/certificates/
-
--- a/neutron_lbaas/common/cert_manager/init.py
+++ b/neutron_lbaas/common/cert_manager/init.py
@ -12,17 +12,15 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-import importlib
-
 from oslo_config import cfg
+from stevedore import driver

 CONF = cfg.CONF

-CERT_MANAGER_DEFAULT = ('neutron_lbaas.common.cert_manager.'
-                        'barbican_cert_manager')
+CERT_MANAGER_DEFAULT = 'barbican'

 cert_manager_opts = [
-    cfg.StrOpt('cert_manager_class',
+    cfg.StrOpt('cert_manager_type',
               default=CERT_MANAGER_DEFAULT,
               help='Certificate Manager plugin. '
                    'Defaults to {0}.'.format(CERT_MANAGER_DEFAULT))
@ -30,9 +28,13 @@ cert_manager_opts = [

 CONF.register_opts(cert_manager_opts, group='certificates')

-# Use CERT_MANAGER_PLUGIN.CertManager and CERT_MANAGER_PLUGIN.Cert to reference
-#   the Certificate plugin chosen via the service configuration.
-# TODO(rm_work): Investigate using Stevedore here.
-CERT_MANAGER_PLUGIN = importlib.import_module(
-    CONF.certificates.cert_manager_class
-)
+_CERT_MANAGER_PLUGIN = None
+
+
+def get_backend():
+    global _CERT_MANAGER_PLUGIN
+    if not _CERT_MANAGER_PLUGIN:
+        _CERT_MANAGER_PLUGIN = driver.DriverManager(
+            "neutron_lbaas.cert_manager.backend",
+            cfg.CONF.certificates.cert_manager_type).driver
+    return _CERT_MANAGER_PLUGIN
--- a/neutron_lbaas/drivers/radware/v2_driver.py
+++ b/neutron_lbaas/drivers/radware/v2_driver.py
@ -32,7 +32,7 @@ from neutron_lbaas.drivers.radware import base_v2_driver
 from neutron_lbaas.drivers.radware import exceptions as r_exc
 from neutron_lbaas.drivers.radware import rest_client as rest

-CERT_MANAGER_PLUGIN = neutron_lbaas.common.cert_manager.CERT_MANAGER_PLUGIN
+CERT_MANAGER_PLUGIN = neutron_lbaas.common.cert_manager.get_backend()
 TEMPLATE_HEADER = {'Content-Type':
                   'application/vnd.com.radware.vdirect.'
                   'template-parameters+json'}
--- a/neutron_lbaas/services/loadbalancer/drivers/haproxy/jinja_cfg.py
+++ b/neutron_lbaas/services/loadbalancer/drivers/haproxy/jinja_cfg.py
@ -26,7 +26,7 @@ from neutron_lbaas.common.tls_utils import cert_parser
 from neutron_lbaas.services.loadbalancer import constants
 from neutron_lbaas.services.loadbalancer import data_models

-CERT_MANAGER_PLUGIN = cert_manager.CERT_MANAGER_PLUGIN
+CERT_MANAGER_PLUGIN = cert_manager.get_backend()

 PROTOCOL_MAP = {
    constants.PROTOCOL_TCP: 'tcp',
--- a/neutron_lbaas/services/loadbalancer/plugin.py
+++ b/neutron_lbaas/services/loadbalancer/plugin.py
@ -40,7 +40,7 @@ from neutron_lbaas.services.loadbalancer import agent_scheduler
 from neutron_lbaas.services.loadbalancer import constants as lb_const
 from neutron_lbaas.services.loadbalancer import data_models
 LOG = logging.getLogger(__name__)
-CERT_MANAGER_PLUGIN = neutron_lbaas.common.cert_manager.CERT_MANAGER_PLUGIN
+CERT_MANAGER_PLUGIN = neutron_lbaas.common.cert_manager.get_backend()


 def verify_lbaas_mutual_exclusion():
--- a/neutron_lbaas/tests/unit/common/cert_manager/test_cert_manager.py
+++ b/neutron_lbaas/tests/unit/common/cert_manager/test_cert_manager.py
@ -0,0 +1,44 @@
+# Copyright 2015 NEC Corporation.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_config import cfg
+
+from neutron_lbaas.common import cert_manager
+from neutron_lbaas.common.cert_manager import barbican_cert_manager as bcm
+from neutron_lbaas.common.cert_manager import get_backend
+from neutron_lbaas.common.cert_manager import local_cert_manager as lcm
+from neutron_lbaas.tests import base
+
+
+class TestCertManager(base.BaseTestCase):
+
+    def setUp(self):
+        cert_manager._CERT_MANAGER_PLUGIN = None
+        super(TestCertManager, self).setUp()
+
+    def test_barbican_cert_manager(self):
+        cfg.CONF.set_override(
+            'cert_manager_type',
+            'barbican',
+            group='certificates')
+        self.assertEqual(get_backend().CertManager,
+                         bcm.CertManager)
+
+    def test_local_cert_manager(self):
+        cfg.CONF.set_override(
+            'cert_manager_type',
+            'local',
+            group='certificates')
+        self.assertEqual(get_backend().CertManager,
+                         lcm.CertManager)
--- a/requirements.txt
+++ b/requirements.txt
@ -20,3 +20,4 @@ python-barbicanclient>=3.0.1
 pyasn1
 pyasn1-modules
 pyOpenSSL>=0.14
+stevedore>=1.5.0 # Apache-2.0
--- a/setup.cfg
+++ b/setup.cfg
@ -51,6 +51,9 @@ pool_schedulers =
    neutron.services.loadbalancer.agent_scheduler.LeastPoolAgentScheduler = neutron_lbaas.services.loadbalancer.agent_scheduler:LeastPoolAgentScheduler
 neutron.db.alembic_migrations =
    neutron-lbaas = neutron_lbaas.db.migration:alembic_migrations
+neutron_lbaas.cert_manager.backend =
+    barbican = neutron_lbaas.common.cert_manager.barbican_cert_manager
+    local = neutron_lbaas.common.cert_manager.local_cert_manager

 [build_sphinx]
 all_files = 1