diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2013-03-19 17:15:25 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2013-03-20 10:37:48 -0500 |
| commit | 7db01cd64be2ab3ed5ffc00636d187ef432294b2 (patch) | |
| tree | 05d562d8e66b138116b8753efa5d8195c9abfd57 | |
| parent | 5cb8e1f2e5e12cf7e8c6bce91af53b901f6254a9 (diff) | |
| download | keystone-7db01cd64be2ab3ed5ffc00636d187ef432294b2.tar.gz keystone-7db01cd64be2ab3ed5ffc00636d187ef432294b2.tar.xz keystone-7db01cd64be2ab3ed5ffc00636d187ef432294b2.zip | |
Wrap config module and require manual setup (bug 1143998)
This moves keystone.config to keystone.common.config, which requires
.configure() to be called manually in order for options to be
registered.
keystone.config preserves the existing behavior of automatically
registering options when imported.
keystone.middleware.auth_token and it's dependencies within keystone no
longer cause config options to be automatically registered.
This is an alternative to https://review.openstack.org/#/c/24251/
Change-Id: If9eb5799bf77595ecb71f2000f8b6d1610ea9700
| -rw-r--r-- | keystone/common/config.py | 364 | ||||
| -rw-r--r-- | keystone/common/utils.py | 2 | ||||
| -rw-r--r-- | keystone/common/wsgi.py | 2 | ||||
| -rw-r--r-- | keystone/config.py | 343 | ||||
| -rw-r--r-- | keystone/exception.py | 12 | ||||
| -rw-r--r-- | keystone/middleware/core.py | 2 | ||||
| -rw-r--r-- | tests/_test_import_auth_token.py | 25 |
7 files changed, 414 insertions, 336 deletions
diff --git a/keystone/common/config.py b/keystone/common/config.py new file mode 100644 index 00000000..e60385cc --- /dev/null +++ b/keystone/common/config.py @@ -0,0 +1,364 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2012 OpenStack LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import gettext +import os +import sys + +from oslo.config import cfg + +from keystone.common import logging + + +gettext.install('keystone', unicode=1) + +_DEFAULT_LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s" +_DEFAULT_LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S" +_DEFAULT_AUTH_METHODS = ['password', 'token'] + +COMMON_CLI_OPTS = [ + cfg.BoolOpt('debug', + short='d', + default=False, + help='Print debugging output (set logging level to ' + 'DEBUG instead of default WARNING level).'), + cfg.BoolOpt('verbose', + short='v', + default=False, + help='Print more verbose output (set logging level to ' + 'INFO instead of default WARNING level).'), +] + +LOGGING_CLI_OPTS = [ + cfg.StrOpt('log-config', + metavar='PATH', + help='If this option is specified, the logging configuration ' + 'file specified is used and overrides any other logging ' + 'options specified. Please see the Python logging module ' + 'documentation for details on logging configuration ' + 'files.'), + cfg.StrOpt('log-format', + default=_DEFAULT_LOG_FORMAT, + metavar='FORMAT', + help='A logging.Formatter log message format string which may ' + 'use any of the available logging.LogRecord attributes.'), + cfg.StrOpt('log-date-format', + default=_DEFAULT_LOG_DATE_FORMAT, + metavar='DATE_FORMAT', + help='Format string for %%(asctime)s in log records.'), + cfg.StrOpt('log-file', + metavar='PATH', + help='Name of log file to output. ' + 'If not set, logging will go to stdout.'), + cfg.StrOpt('log-dir', + help='The directory in which to store log files. ' + '(will be prepended to --log-file)'), + cfg.BoolOpt('use-syslog', + default=False, + help='Use syslog for logging.'), + cfg.StrOpt('syslog-log-facility', + default='LOG_USER', + help='syslog facility to receive log lines.') +] + +CONF = cfg.CONF + + +def setup_logging(conf): + """ + Sets up the logging options for a log with supplied name + + :param conf: a cfg.ConfOpts object + """ + + if conf.log_config: + # Use a logging configuration file for all settings... + if os.path.exists(conf.log_config): + logging.config.fileConfig(conf.log_config) + return + else: + raise RuntimeError(_('Unable to locate specified logging ' + 'config file: %s') % conf.log_config) + + root_logger = logging.root + if conf.debug: + root_logger.setLevel(logging.DEBUG) + elif conf.verbose: + root_logger.setLevel(logging.INFO) + else: + root_logger.setLevel(logging.WARNING) + + formatter = logging.Formatter(conf.log_format, conf.log_date_format) + + if conf.use_syslog: + try: + facility = getattr(logging.SysLogHandler, + conf.syslog_log_facility) + except AttributeError: + raise ValueError(_('Invalid syslog facility')) + + handler = logging.SysLogHandler(address='/dev/log', + facility=facility) + elif conf.log_file: + logfile = conf.log_file + if conf.log_dir: + logfile = os.path.join(conf.log_dir, logfile) + handler = logging.WatchedFileHandler(logfile) + else: + handler = logging.StreamHandler(sys.stdout) + + handler.setFormatter(formatter) + root_logger.addHandler(handler) + + +def register_str(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.StrOpt(*args, **kw), group=group) + + +def register_cli_str(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.StrOpt(*args, **kw), group=group) + + +def register_list(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.ListOpt(*args, **kw), group=group) + + +def register_cli_list(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.ListOpt(*args, **kw), group=group) + + +def register_bool(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.BoolOpt(*args, **kw), group=group) + + +def register_cli_bool(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.BoolOpt(*args, **kw), group=group) + + +def register_int(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_opt(cfg.IntOpt(*args, **kw), group=group) + + +def register_cli_int(*args, **kw): + conf = kw.pop('conf', CONF) + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) + + +def configure(): + CONF.register_cli_opts(COMMON_CLI_OPTS) + CONF.register_cli_opts(LOGGING_CLI_OPTS) + + register_cli_bool('standard-threads', default=False) + + register_cli_str('pydev-debug-host', default=None) + register_cli_int('pydev-debug-port', default=None) + + register_str('admin_token', default='ADMIN') + register_str('bind_host', default='0.0.0.0') + register_int('compute_port', default=8774) + register_int('admin_port', default=35357) + register_int('public_port', default=5000) + register_str( + 'public_endpoint', default='http://localhost:%(public_port)d/') + register_str('admin_endpoint', default='http://localhost:%(admin_port)d/') + register_str('onready') + register_str('auth_admin_prefix', default='') + register_str('policy_file', default='policy.json') + register_str('policy_default_rule', default=None) + # default max request size is 112k + register_int('max_request_body_size', default=114688) + register_int('max_param_size', default=64) + # we allow tokens to be a bit larger to accommodate PKI + register_int('max_token_size', default=8192) + register_str( + 'member_role_id', default='9fe2ff9ee4384b1894a90878d3e92bab') + register_str('member_role_name', default='_member_') + + # identity + register_str('default_domain_id', group='identity', default='default') + + # ssl + register_bool('enable', group='ssl', default=False) + register_str('certfile', group='ssl', default=None) + register_str('keyfile', group='ssl', default=None) + register_str('ca_certs', group='ssl', default=None) + register_bool('cert_required', group='ssl', default=False) + + # signing + register_str( + 'token_format', group='signing', default="PKI") + register_str( + 'certfile', + group='signing', + default="/etc/keystone/ssl/certs/signing_cert.pem") + register_str( + 'keyfile', + group='signing', + default="/etc/keystone/ssl/private/signing_key.pem") + register_str( + 'ca_certs', + group='signing', + default="/etc/keystone/ssl/certs/ca.pem") + register_int('key_size', group='signing', default=1024) + register_int('valid_days', group='signing', default=3650) + register_str('ca_password', group='signing', default=None) + + # sql + register_str('connection', group='sql', default='sqlite:///keystone.db') + register_int('idle_timeout', group='sql', default=200) + + register_str( + 'driver', + group='catalog', + default='keystone.catalog.backends.sql.Catalog') + register_str( + 'driver', + group='identity', + default='keystone.identity.backends.sql.Identity') + register_str( + 'driver', + group='policy', + default='keystone.policy.backends.sql.Policy') + register_str( + 'driver', group='token', default='keystone.token.backends.kvs.Token') + register_str( + 'driver', group='trust', default='keystone.trust.backends.sql.Trust') + register_str( + 'driver', group='ec2', default='keystone.contrib.ec2.backends.kvs.Ec2') + register_str( + 'driver', + group='stats', + default='keystone.contrib.stats.backends.kvs.Stats') + + # ldap + register_str('url', group='ldap', default='ldap://localhost') + register_str('user', group='ldap', default=None) + register_str('password', group='ldap', default=None) + register_str('suffix', group='ldap', default='cn=example,cn=com') + register_bool('use_dumb_member', group='ldap', default=False) + register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent') + register_bool('allow_subtree_delete', group='ldap', default=False) + register_str('query_scope', group='ldap', default='one') + register_int('page_size', group='ldap', default=0) + + register_str('user_tree_dn', group='ldap', default=None) + register_str('user_filter', group='ldap', default=None) + register_str('user_objectclass', group='ldap', default='inetOrgPerson') + register_str('user_id_attribute', group='ldap', default='cn') + register_str('user_name_attribute', group='ldap', default='sn') + register_str('user_mail_attribute', group='ldap', default='email') + register_str('user_pass_attribute', group='ldap', default='userPassword') + register_str('user_enabled_attribute', group='ldap', default='enabled') + register_str( + 'user_domain_id_attribute', group='ldap', default='businessCategory') + register_int('user_enabled_mask', group='ldap', default=0) + register_str('user_enabled_default', group='ldap', default='True') + register_list( + 'user_attribute_ignore', group='ldap', default='tenant_id,tenants') + register_bool('user_allow_create', group='ldap', default=True) + register_bool('user_allow_update', group='ldap', default=True) + register_bool('user_allow_delete', group='ldap', default=True) + register_bool('user_enabled_emulation', group='ldap', default=False) + register_str('user_enabled_emulation_dn', group='ldap', default=None) + + register_str('tenant_tree_dn', group='ldap', default=None) + register_str('tenant_filter', group='ldap', default=None) + register_str('tenant_objectclass', group='ldap', default='groupOfNames') + register_str('tenant_id_attribute', group='ldap', default='cn') + register_str('tenant_member_attribute', group='ldap', default='member') + register_str('tenant_name_attribute', group='ldap', default='ou') + register_str('tenant_desc_attribute', group='ldap', default='description') + register_str('tenant_enabled_attribute', group='ldap', default='enabled') + register_str( + 'tenant_domain_id_attribute', group='ldap', default='businessCategory') + register_list('tenant_attribute_ignore', group='ldap', default='') + register_bool('tenant_allow_create', group='ldap', default=True) + register_bool('tenant_allow_update', group='ldap', default=True) + register_bool('tenant_allow_delete', group='ldap', default=True) + register_bool('tenant_enabled_emulation', group='ldap', default=False) + register_str('tenant_enabled_emulation_dn', group='ldap', default=None) + + register_str('role_tree_dn', group='ldap', default=None) + register_str('role_filter', group='ldap', default=None) + register_str( + 'role_objectclass', group='ldap', default='organizationalRole') + register_str('role_id_attribute', group='ldap', default='cn') + register_str('role_name_attribute', group='ldap', default='ou') + register_str('role_member_attribute', group='ldap', default='roleOccupant') + register_list('role_attribute_ignore', group='ldap', default='') + register_bool('role_allow_create', group='ldap', default=True) + register_bool('role_allow_update', group='ldap', default=True) + register_bool('role_allow_delete', group='ldap', default=True) + + register_str('group_tree_dn', group='ldap', default=None) + register_str('group_filter', group='ldap', default=None) + register_str('group_objectclass', group='ldap', default='groupOfNames') + register_str('group_id_attribute', group='ldap', default='cn') + register_str('group_name_attribute', group='ldap', default='ou') + register_str('group_member_attribute', group='ldap', default='member') + register_str('group_desc_attribute', group='ldap', default='description') + register_str( + 'group_domain_id_attribute', group='ldap', default='businessCategory') + register_list('group_attribute_ignore', group='ldap', default='') + register_bool('group_allow_create', group='ldap', default=True) + register_bool('group_allow_update', group='ldap', default=True) + register_bool('group_allow_delete', group='ldap', default=True) + + register_str('domain_tree_dn', group='ldap', default=None) + register_str('domain_filter', group='ldap', default=None) + register_str('domain_objectclass', group='ldap', default='groupOfNames') + register_str('domain_id_attribute', group='ldap', default='cn') + register_str('domain_name_attribute', group='ldap', default='ou') + register_str('domain_member_attribute', group='ldap', default='member') + register_str('domain_desc_attribute', group='ldap', default='description') + register_str('domain_enabled_attribute', group='ldap', default='enabled') + register_list('domain_attribute_ignore', group='ldap', default='') + register_bool('domain_allow_create', group='ldap', default=True) + register_bool('domain_allow_update', group='ldap', default=True) + register_bool('domain_allow_delete', group='ldap', default=True) + + # pam + register_str('url', group='pam', default=None) + register_str('userid', group='pam', default=None) + register_str('password', group='pam', default=None) + + # default authentication methods + register_list('methods', group='auth', default=_DEFAULT_AUTH_METHODS) + register_str( + 'password', group='auth', default='keystone.auth.plugins.token.Token') + register_str( + 'token', group='auth', + default='keystone.auth.plugins.password.Password') + + # register any non-default auth methods here (used by extensions, etc) + for method_name in CONF.auth.methods: + if method_name not in _DEFAULT_AUTH_METHODS: + register_str(method_name, group='auth') diff --git a/keystone/common/utils.py b/keystone/common/utils.py index e4a77b47..9812ac87 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -26,8 +26,8 @@ import time import passlib.hash +from keystone.common import config from keystone.common import logging -from keystone import config from keystone import exception diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py index 8ec0647f..ac91a6a1 100644 --- a/keystone/common/wsgi.py +++ b/keystone/common/wsgi.py @@ -29,9 +29,9 @@ import ssl import webob.dec import webob.exc +from keystone.common import config from keystone.common import logging from keystone.common import utils -from keystone import config from keystone import exception from keystone.openstack.common import importutils from keystone.openstack.common import jsonutils diff --git a/keystone/config.py b/keystone/config.py index c1706a46..6414ad64 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -13,337 +13,20 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. +"""Wrapper for keystone.common.config that configures itself on import.""" -import gettext -import os -import sys +from keystone.common import config -from oslo.config import cfg -from keystone.common import logging +config.configure() +CONF = config.CONF -gettext.install('keystone', unicode=1) - -_DEFAULT_LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s" -_DEFAULT_LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S" -_DEFAULT_AUTH_METHODS = ['password', 'token'] - -common_cli_opts = [ - cfg.BoolOpt('debug', - short='d', - default=False, - help='Print debugging output (set logging level to ' - 'DEBUG instead of default WARNING level).'), - cfg.BoolOpt('verbose', - short='v', - default=False, - help='Print more verbose output (set logging level to ' - 'INFO instead of default WARNING level).'), -] - -logging_cli_opts = [ - cfg.StrOpt('log-config', - metavar='PATH', - help='If this option is specified, the logging configuration ' - 'file specified is used and overrides any other logging ' - 'options specified. Please see the Python logging module ' - 'documentation for details on logging configuration ' - 'files.'), - cfg.StrOpt('log-format', - default=_DEFAULT_LOG_FORMAT, - metavar='FORMAT', - help='A logging.Formatter log message format string which may ' - 'use any of the available logging.LogRecord attributes.'), - cfg.StrOpt('log-date-format', - default=_DEFAULT_LOG_DATE_FORMAT, - metavar='DATE_FORMAT', - help='Format string for %%(asctime)s in log records.'), - cfg.StrOpt('log-file', - metavar='PATH', - help='Name of log file to output. ' - 'If not set, logging will go to stdout.'), - cfg.StrOpt('log-dir', - help='The directory in which to store log files. ' - '(will be prepended to --log-file)'), - cfg.BoolOpt('use-syslog', - default=False, - help='Use syslog for logging.'), - cfg.StrOpt('syslog-log-facility', - default='LOG_USER', - help='syslog facility to receive log lines.') -] - -CONF = cfg.CONF -CONF.register_cli_opts(common_cli_opts) -CONF.register_cli_opts(logging_cli_opts) - - -def setup_logging(conf): - """ - Sets up the logging options for a log with supplied name - - :param conf: a cfg.ConfOpts object - """ - - if conf.log_config: - # Use a logging configuration file for all settings... - if os.path.exists(conf.log_config): - logging.config.fileConfig(conf.log_config) - return - else: - raise RuntimeError(_('Unable to locate specified logging ' - 'config file: %s') % conf.log_config) - - root_logger = logging.root - if conf.debug: - root_logger.setLevel(logging.DEBUG) - elif conf.verbose: - root_logger.setLevel(logging.INFO) - else: - root_logger.setLevel(logging.WARNING) - - formatter = logging.Formatter(conf.log_format, conf.log_date_format) - - if conf.use_syslog: - try: - facility = getattr(logging.SysLogHandler, - conf.syslog_log_facility) - except AttributeError: - raise ValueError(_('Invalid syslog facility')) - - handler = logging.SysLogHandler(address='/dev/log', - facility=facility) - elif conf.log_file: - logfile = conf.log_file - if conf.log_dir: - logfile = os.path.join(conf.log_dir, logfile) - handler = logging.WatchedFileHandler(logfile) - else: - handler = logging.StreamHandler(sys.stdout) - - handler.setFormatter(formatter) - root_logger.addHandler(handler) - - -def register_str(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.StrOpt(*args, **kw), group=group) - - -def register_cli_str(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.StrOpt(*args, **kw), group=group) - - -def register_list(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.ListOpt(*args, **kw), group=group) - - -def register_cli_list(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.ListOpt(*args, **kw), group=group) - - -def register_bool(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.BoolOpt(*args, **kw), group=group) - - -def register_cli_bool(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.BoolOpt(*args, **kw), group=group) - - -def register_int(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_opt(cfg.IntOpt(*args, **kw), group=group) - - -def register_cli_int(*args, **kw): - conf = kw.pop('conf', CONF) - group = kw.pop('group', None) - return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) - - -register_cli_bool('standard-threads', default=False) - -register_cli_str('pydev-debug-host', default=None) -register_cli_int('pydev-debug-port', default=None) - -register_str('admin_token', default='ADMIN') -register_str('bind_host', default='0.0.0.0') -register_int('compute_port', default=8774) -register_int('admin_port', default=35357) -register_int('public_port', default=5000) -register_str('public_endpoint', default='http://localhost:%(public_port)d/') -register_str('admin_endpoint', default='http://localhost:%(admin_port)d/') -register_str('onready') -register_str('auth_admin_prefix', default='') -register_str('policy_file', default='policy.json') -register_str('policy_default_rule', default=None) -#default max request size is 112k -register_int('max_request_body_size', default=114688) -register_int('max_param_size', default=64) -# we allow tokens to be a bit larger to accommodate PKI -register_int('max_token_size', default=8192) -register_str('member_role_id', - default='9fe2ff9ee4384b1894a90878d3e92bab') -register_str('member_role_name', default='_member_') - - -# identity -register_str('default_domain_id', group='identity', default='default') - -# ssl -register_bool('enable', group='ssl', default=False) -register_str('certfile', group='ssl', default=None) -register_str('keyfile', group='ssl', default=None) -register_str('ca_certs', group='ssl', default=None) -register_bool('cert_required', group='ssl', default=False) - -# signing -register_str('token_format', group='signing', - default="PKI") -register_str('certfile', group='signing', - default="/etc/keystone/ssl/certs/signing_cert.pem") -register_str('keyfile', group='signing', - default="/etc/keystone/ssl/private/signing_key.pem") -register_str('ca_certs', group='signing', - default="/etc/keystone/ssl/certs/ca.pem") -register_int('key_size', group='signing', default=1024) -register_int('valid_days', group='signing', default=3650) -register_str('ca_password', group='signing', default=None) - - -# sql -register_str('connection', group='sql', default='sqlite:///keystone.db') -register_int('idle_timeout', group='sql', default=200) - - -register_str('driver', group='catalog', - default='keystone.catalog.backends.sql.Catalog') -register_str('driver', group='identity', - default='keystone.identity.backends.sql.Identity') -register_str('driver', group='policy', - default='keystone.policy.backends.sql.Policy') -register_str('driver', group='token', - default='keystone.token.backends.kvs.Token') -register_str('driver', group='trust', - default='keystone.trust.backends.sql.Trust') -register_str('driver', group='ec2', - default='keystone.contrib.ec2.backends.kvs.Ec2') -register_str('driver', group='stats', - default='keystone.contrib.stats.backends.kvs.Stats') - - -# ldap -register_str('url', group='ldap', default='ldap://localhost') -register_str('user', group='ldap', default=None) -register_str('password', group='ldap', default=None) -register_str('suffix', group='ldap', default='cn=example,cn=com') -register_bool('use_dumb_member', group='ldap', default=False) -register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent') -register_bool('allow_subtree_delete', group='ldap', default=False) -register_str('query_scope', group='ldap', default='one') -register_int('page_size', group='ldap', default=0) - -register_str('user_tree_dn', group='ldap', default=None) -register_str('user_filter', group='ldap', default=None) -register_str('user_objectclass', group='ldap', default='inetOrgPerson') -register_str('user_id_attribute', group='ldap', default='cn') -register_str('user_name_attribute', group='ldap', default='sn') -register_str('user_mail_attribute', group='ldap', default='email') -register_str('user_pass_attribute', group='ldap', default='userPassword') -register_str('user_enabled_attribute', group='ldap', default='enabled') -register_str('user_domain_id_attribute', group='ldap', - default='businessCategory') -register_int('user_enabled_mask', group='ldap', default=0) -register_str('user_enabled_default', group='ldap', default='True') -register_list('user_attribute_ignore', group='ldap', - default='tenant_id,tenants') -register_bool('user_allow_create', group='ldap', default=True) -register_bool('user_allow_update', group='ldap', default=True) -register_bool('user_allow_delete', group='ldap', default=True) -register_bool('user_enabled_emulation', group='ldap', default=False) -register_str('user_enabled_emulation_dn', group='ldap', default=None) - -register_str('tenant_tree_dn', group='ldap', default=None) -register_str('tenant_filter', group='ldap', default=None) -register_str('tenant_objectclass', group='ldap', default='groupOfNames') -register_str('tenant_id_attribute', group='ldap', default='cn') -register_str('tenant_member_attribute', group='ldap', default='member') -register_str('tenant_name_attribute', group='ldap', default='ou') -register_str('tenant_desc_attribute', group='ldap', default='description') -register_str('tenant_enabled_attribute', group='ldap', default='enabled') -register_str('tenant_domain_id_attribute', group='ldap', - default='businessCategory') -register_list('tenant_attribute_ignore', group='ldap', default='') -register_bool('tenant_allow_create', group='ldap', default=True) -register_bool('tenant_allow_update', group='ldap', default=True) -register_bool('tenant_allow_delete', group='ldap', default=True) -register_bool('tenant_enabled_emulation', group='ldap', default=False) -register_str('tenant_enabled_emulation_dn', group='ldap', default=None) - -register_str('role_tree_dn', group='ldap', default=None) -register_str('role_filter', group='ldap', default=None) -register_str('role_objectclass', group='ldap', default='organizationalRole') -register_str('role_id_attribute', group='ldap', default='cn') -register_str('role_name_attribute', group='ldap', default='ou') -register_str('role_member_attribute', group='ldap', default='roleOccupant') -register_list('role_attribute_ignore', group='ldap', default='') -register_bool('role_allow_create', group='ldap', default=True) -register_bool('role_allow_update', group='ldap', default=True) -register_bool('role_allow_delete', group='ldap', default=True) - -register_str('group_tree_dn', group='ldap', default=None) -register_str('group_filter', group='ldap', default=None) -register_str('group_objectclass', group='ldap', default='groupOfNames') -register_str('group_id_attribute', group='ldap', default='cn') -register_str('group_name_attribute', group='ldap', default='ou') -register_str('group_member_attribute', group='ldap', default='member') -register_str('group_desc_attribute', group='ldap', default='description') -register_str('group_domain_id_attribute', group='ldap', - default='businessCategory') -register_list('group_attribute_ignore', group='ldap', default='') -register_bool('group_allow_create', group='ldap', default=True) -register_bool('group_allow_update', group='ldap', default=True) -register_bool('group_allow_delete', group='ldap', default=True) - -register_str('domain_tree_dn', group='ldap', default=None) -register_str('domain_filter', group='ldap', default=None) -register_str('domain_objectclass', group='ldap', default='groupOfNames') -register_str('domain_id_attribute', group='ldap', default='cn') -register_str('domain_name_attribute', group='ldap', default='ou') -register_str('domain_member_attribute', group='ldap', default='member') -register_str('domain_desc_attribute', group='ldap', default='description') -register_str('domain_enabled_attribute', group='ldap', default='enabled') -register_list('domain_attribute_ignore', group='ldap', default='') -register_bool('domain_allow_create', group='ldap', default=True) -register_bool('domain_allow_update', group='ldap', default=True) -register_bool('domain_allow_delete', group='ldap', default=True) - -# pam -register_str('url', group='pam', default=None) -register_str('userid', group='pam', default=None) -register_str('password', group='pam', default=None) - -# default authentication methods -register_list('methods', group='auth', - default=_DEFAULT_AUTH_METHODS) -register_str('password', group='auth', - default='keystone.auth.methods.token.Token') -register_str('token', group='auth', - default='keystone.auth.methods.password.Password') - -# register any non-default auth methods here (used by extensions, etc) -for method_name in CONF.auth.methods: - if method_name not in _DEFAULT_AUTH_METHODS: - config.register_str(method_name, group='auth') +setup_logging = config.setup_logging +register_str = config.register_str +register_cli_str = config.register_cli_str +register_list = config.register_list +register_cli_list = config.register_cli_list +register_bool = config.register_bool +register_cli_bool = config.register_cli_bool +register_int = config.register_int +register_cli_int = config.register_cli_int diff --git a/keystone/exception.py b/keystone/exception.py index 5b519cd4..59023bf7 100644 --- a/keystone/exception.py +++ b/keystone/exception.py @@ -15,8 +15,8 @@ # under the License. import re +from keystone.common import config from keystone.common import logging -from keystone import config CONF = config.CONF @@ -116,12 +116,18 @@ class Unauthorized(SecurityError): class AuthPluginException(Unauthorized): """ Authentication plugin error. """ - authentication = {} + + def __init__(self, *args, **kwargs): + super(AuthPluginException, self).__init__(*args, **kwargs) + self.authentication = {} class AuthMethodNotSupported(AuthPluginException): """ Attempted to authenticate with an unsupported method. """ - authentication = {'methods': CONF.auth.methods} + + def __init__(self, *args, **kwargs): + super(AuthMethodNotSupported, self).__init__(*args, **kwargs) + self.authentication = {'methods': CONF.auth.methods} class AdditionalAuthRequired(AuthPluginException): diff --git a/keystone/middleware/core.py b/keystone/middleware/core.py index 99cba4a0..863ef948 100644 --- a/keystone/middleware/core.py +++ b/keystone/middleware/core.py @@ -16,11 +16,11 @@ import webob.dec +from keystone.common import config from keystone.common import logging from keystone.common import serializer from keystone.common import utils from keystone.common import wsgi -from keystone import config from keystone import exception from keystone.openstack.common import jsonutils diff --git a/tests/_test_import_auth_token.py b/tests/_test_import_auth_token.py new file mode 100644 index 00000000..4e16f9a4 --- /dev/null +++ b/tests/_test_import_auth_token.py @@ -0,0 +1,25 @@ +"""This is an isolated test to prevent unexpected imports. + +This module must be run in isolation, e.g.: + + $ ./run_tests.sh _test_import_auth_token.py + +This module can be removed when keystone.middleware.auth_token is removed. + +""" + +import unittest + + +class TestAuthToken(unittest.TestCase): + def test_import(self): + # a consuming service like nova would import oslo.config first + from oslo.config import cfg + conf = cfg.CONF + + # define some config options + conf.register_opt(cfg.BoolOpt('debug', default=False)) + + # and then import auth_token as a filter + from keystone.middleware import auth_token + self.assertTrue(auth_token) |