Properly scope password options

enable_instance_password is only used in api.openstack.compute.servers so move it there. password_length is passed as a parameter to every generate_password() call, so just move it into nova.utils and have generate_password() use it by default. Note: using a config option as the default value of a kwarg isn't a good idea because the option value is read when the function is defined which means you can't control its value during unit tests. Instead we use password=None as the default. blueprint: scope-config-opts Change-Id: I445174515fc2eacc56c7cccecadadd2a7e57d4f4
2012-12-12 07:14:12 +00:00
parent 1b7348bc18
commit 75b9e744a3
1 changed files with 15 additions and 5 deletions
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -64,12 +64,17 @@ monkey_patch_opts = [
                  ],
                help='List of modules/decorators to monkey patch'),
 ]
-LOG = logging.getLogger(__name__)
+utils_opts = [
+    cfg.IntOpt('password_length',
+               default=12,
+               help='Length of generated instance admin passwords'),
+    cfg.BoolOpt('disable_process_locking',
+                default=False,
+                help='Whether to disable inter-process locks'),
+]
 CONF = cfg.CONF
 CONF.register_opts(monkey_patch_opts)
-CONF.register_opt(
-    cfg.BoolOpt('disable_process_locking', default=False,
-                help='Whether to disable inter-process locks'))
+CONF.register_opts(utils_opts)
 CONF.import_opt('glance_host', 'nova.config')
 CONF.import_opt('glance_port', 'nova.config')
 CONF.import_opt('glance_protocol', 'nova.config')
@@ -77,6 +82,8 @@ CONF.import_opt('instance_usage_audit_period', 'nova.config')
 CONF.import_opt('rootwrap_config', 'nova.config')
 CONF.import_opt('service_down_time', 'nova.config')

+LOG = logging.getLogger(__name__)
+
 # Used for looking up extensions of text
 # to their 'multiplied' byte amount
 BYTE_MULTIPLIERS = {
@@ -423,7 +430,7 @@ def last_completed_audit_period(unit=None, before=None):
    return (begin, end)


-def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
+def generate_password(length=None, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
    """Generate a random password from the supplied symbol groups.

    At least one symbol from each group will be included. Unpredictable
@@ -432,6 +439,9 @@ def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
    Believed to be reasonably secure (with a reasonable password length!)

    """
+    if length is None:
+        length = CONF.password_length
+
    r = random.SystemRandom()

    # NOTE(jerdfelt): Some password policies require at least one character