diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | doc/source/developing.rst | 9 | ||||
| -rw-r--r-- | doc/source/installing.rst | 14 | ||||
| -rw-r--r-- | doc/source/middlewarearchitecture.rst | 3 | ||||
| -rw-r--r-- | etc/policy.json | 2 | ||||
| -rw-r--r-- | keystone/common/bufferedhttp.py | 173 | ||||
| -rw-r--r-- | tox.ini | 2 |
7 files changed, 12 insertions, 192 deletions
@@ -3,6 +3,7 @@ vendor .ksl-venv .venv +.update-venv/ .tox keystone.egg-info/ *.log diff --git a/doc/source/developing.rst b/doc/source/developing.rst index e5751981..b168caf7 100644 --- a/doc/source/developing.rst +++ b/doc/source/developing.rst @@ -33,11 +33,8 @@ To contribute tests, docs, code, etc, refer to our `Gerrit-Jenkins-Github Workfl Setup ----- -.. _setup: setup.rst -.. _configuration: configuration.rst -.. _keystonemanage: man/keystone-manage.rst -Get your development environment set up according to setup_. The +Get your development environment set up according to :doc:`setup`. The instructions from here will assume that you have installed keystone into a virtualenv. If you chose not to, simply exclude "tools/with_venv.sh" from the example commands below. @@ -63,7 +60,7 @@ To run the keystone Admin and API server instances, use:: $ tools/with_venv.sh bin/keystone-all this runs keystone with the configuration the etc/ directory of the project. -See configuration_ for details on how Keystone is configured. By default, +See :doc:`configuration` for details on how Keystone is configured. By default, keystone is configured with KVS backends, so any data entered into keystone run in this fashion will not persist across restarts. @@ -72,7 +69,7 @@ Interacting with Keystone ------------------------- You can interact with Keystone through the command line using -keystonemanage_ which allows you to initialize keystone, etc. +:doc:`man/keystonemanage` which allows you to initialize keystone, etc. You can also interact with Keystone through its REST API. There is a python keystone client library `python-keystoneclient`_ which interacts exclusively diff --git a/doc/source/installing.rst b/doc/source/installing.rst index 2c9a131b..80bc1b4c 100644 --- a/doc/source/installing.rst +++ b/doc/source/installing.rst @@ -18,14 +18,10 @@ =================== Installing Keystone =================== -.. _developing: developing.rst -.. _setup: setup.rst -.. _configuration: configuration.rst -.. _configuring-services: configuringservices.rst This document describes how to install Keystone in order to use it. If you are -intending to develop on or with Keystone, please read developing_ and -setup_. +intending to develop on or with Keystone, please read :doc:`developing` and +:doc:`setup`. Installing from Source ---------------------- @@ -67,7 +63,7 @@ You will find sample configuration files in ``etc/`` * policy.json * default_catalog.templates -From here, refer to configuration_ to choose which backend drivers to +From here, refer to :doc:`configuration` to choose which backend drivers to enable and use. Once configured, you should be able to run keystone by issuing the command:: @@ -75,7 +71,7 @@ the command:: which (by default) will show logging on the console from which it was started. Once started, you can initialize data in keystone for use with the rest of -openstack, as described in configuring-services_. +openstack, as described in :doc:`configuringservices`. An excellent reference implementation of setting up keystone is DEVSTACK_, most commonly used for development and testing setup of not only Keystone, @@ -103,7 +99,7 @@ options for setting up and running Keystone. As of this writing, the defaults for Keystone backends are all SQL based, stored locally in a sqlite. Once installed, you still need to initialize data in Keystone, which you can -find described in configuring-services_. +find described in :doc:`configuringservices`. Installing from packages: Fedora -------------------------------- diff --git a/doc/source/middlewarearchitecture.rst b/doc/source/middlewarearchitecture.rst index b7c5977a..e7704be5 100644 --- a/doc/source/middlewarearchitecture.rst +++ b/doc/source/middlewarearchitecture.rst @@ -20,7 +20,6 @@ Middleware Architecture Abstract ======== -.. _architecture: architecture.rst The Keystone middleware architecture supports a common authentication protocol in use between the OpenStack projects. By using keystone as a common @@ -33,7 +32,7 @@ authentication middleware which acts as the internal API mechanism for OpenStack projects based on the WSGI standard. For the architecture of keystone and its services, please see -architecture_. This documentation primarily describes the implementation +:doc:`architecture`. This documentation primarily describes the implementation in ``keystoneclient/middleware/auth_token.py`` (:py:class:`keystoneclient.middleware.auth_token.AuthProtocol`) diff --git a/etc/policy.json b/etc/policy.json index fcad7a93..fb530921 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -28,7 +28,7 @@ "identity:get_project": [["rule:admin_required"]], "identity:list_projects": [["rule:admin_required"]], "identity:list_user_projects": [["rule:admin_or_owner"]], - "identity:create_project": [["rule:admin_or_owner"]], + "identity:create_project": [["rule:admin_required"]], "identity:update_project": [["rule:admin_required"]], "identity:delete_project": [["rule:admin_required"]], diff --git a/keystone/common/bufferedhttp.py b/keystone/common/bufferedhttp.py deleted file mode 100644 index 554758cd..00000000 --- a/keystone/common/bufferedhttp.py +++ /dev/null @@ -1,173 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright (c) 2010-2012 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" -Monkey Patch httplib.HTTPResponse to buffer reads of headers. This can improve -performance when making large numbers of small HTTP requests. This module -also provides helper functions to make HTTP connections using -BufferedHTTPResponse. - -.. warning:: - - If you use this, be sure that the libraries you are using do not access - the socket directly (xmlrpclib, I'm looking at you :/), and instead - make all calls through httplib. -""" - -import time -import urllib - -from eventlet.green import httplib - -from keystone.common import logging - - -LOG = logging.getLogger(__name__) - - -class BufferedHTTPResponse(httplib.HTTPResponse): - """HTTPResponse class that buffers reading of headers.""" - - def __init__(self, sock, debuglevel=0, strict=0, - method=None): # pragma: no cover - self.sock = sock - self.fp = sock.makefile('rb') - self.debuglevel = debuglevel - self.strict = strict - self._method = method - - self.msg = None - - # from the Status-Line of the response - self.version = httplib._UNKNOWN # HTTP-Version - self.status = httplib._UNKNOWN # Status-Code - self.reason = httplib._UNKNOWN # Reason-Phrase - - self.chunked = httplib._UNKNOWN # is "chunked" being used? - self.chunk_left = httplib._UNKNOWN # bytes left to read in chunk - self.length = httplib._UNKNOWN # number of bytes left in response - self.will_close = httplib._UNKNOWN # conn will close at end of resp - - def expect_response(self): - self.fp = self.sock.makefile('rb', 0) - version, status, reason = self._read_status() - if status != httplib.CONTINUE: - self._read_status = lambda: (version, status, reason) - self.begin() - else: - self.status = status - self.reason = reason.strip() - self.version = 11 - self.msg = httplib.HTTPMessage(self.fp, 0) - self.msg.fp = None - - -class BufferedHTTPConnection(httplib.HTTPConnection): - """HTTPConnection class that uses BufferedHTTPResponse.""" - response_class = BufferedHTTPResponse - - def connect(self): - self._connected_time = time.time() - return httplib.HTTPConnection.connect(self) - - def putrequest(self, method, url, skip_host=0, skip_accept_encoding=0): - self._method = method - self._path = url - return httplib.HTTPConnection.putrequest(self, method, url, skip_host, - skip_accept_encoding) - - def getexpect(self): - response = BufferedHTTPResponse(self.sock, strict=self.strict, - method=self._method) - response.expect_response() - return response - - def getresponse(self): - response = httplib.HTTPConnection.getresponse(self) - LOG.debug(_('HTTP PERF: %(time).5f seconds to %(method)s ' - '%(host)s:%(port)s %(path)s)'), - {'time': time.time() - self._connected_time, - 'method': self._method, - 'host': self.host, - 'port': self.port, - 'path': self._path}) - return response - - -def http_connect(ipaddr, port, device, partition, method, path, - headers=None, query_string=None, ssl=False, key_file=None, - cert_file=None): - """Helper function to create an HTTPConnection object. - - If ssl is set True, HTTPSConnection will be used. However, if ssl=False, - BufferedHTTPConnection will be used, which is buffered for backend Swift - services. - - :param ipaddr: IPv4 address to connect to - :param port: port to connect to - :param device: device of the node to query - :param partition: partition on the device - :param method: HTTP method to request ('GET', 'PUT', 'POST', etc.) - :param path: request path - :param headers: dictionary of headers - :param query_string: request query string - :param ssl: set True if SSL should be used (default: False) - :param key_file Private key file (not needed if cert_file has private key) - :param cert_file Certificate file (Keystore) - :returns: HTTPConnection object - - """ - path = urllib.quote('/' + device + '/' + str(partition) + path) - return http_connect_raw(ipaddr, port, device, partition, method, path, - headers, query_string, ssl, key_file, cert_file) - - -def http_connect_raw(ipaddr, port, method, path, headers=None, - query_string=None, ssl=False, key_file=None, - cert_file=None): - """Helper function to create an HTTPConnection object. - - If ssl is set True, HTTPSConnection will be used. However, if ssl=False, - BufferedHTTPConnection will be used, which is buffered for backend Swift - services. - - :param ipaddr: IPv4 address to connect to - :param port: port to connect to - :param method: HTTP method to request ('GET', 'PUT', 'POST', etc.) - :param path: request path - :param headers: dictionary of headers - :param query_string: request query string - :param ssl: set True if SSL should be used (default: False) - :param key_file Private key file (not needed if cert_file has private key) - :param cert_file Certificate file (Keystore) - :returns: HTTPConnection object - - """ - if ssl: - conn = httplib.HTTPSConnection( - '%s:%s' % (ipaddr, port), key_file=key_file, cert_file=cert_file) - else: - conn = BufferedHTTPConnection('%s:%s' % (ipaddr, port)) - if query_string: - path += '?' + query_string - conn.path = path - conn.putrequest(method, path) - if headers: - for header, value in headers.iteritems(): - conn.putheader(header, value) - conn.endheaders() - return conn @@ -35,4 +35,4 @@ show-source = true ignore = H304 builtins = _ -exclude=.venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor +exclude=.venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,tools,vendor,.update-venv |