Refactor away the flags.DEFINE_* helpers

The next obvious step in porting to cfg is to define all options using
cfg schemas directly rather than using the flags.DEFINE_* helpers.

This is a large change, but it is almost entirely pure refactoring and
does not result in any functional changes.

The only change to note is that the default values for glance_host,
glance_api_servers and default_publisher_id options are now using opt
value interpolation i.e.

 -glance_host=_get_my_ip()
 +glance_host='$my_ip'

 -glance_api_servers=['%s:%d' % (FLAGS.glance_host, FLAGS.glance_port)]
 +glance_api_servers=['$glance_host:$glance_port']

 -default_publisher_id=FLAGS.host
 +default_publisher_id='$host'

Also note that the lower_bound check on the {report,periodic}_interval
options are no more, but this has been true since cfg was first added.

Change-Id: Ia58c8f0aaf61628bb55b1b8485118a2a9852ed17

2 files changed, 108 insertions, 67 deletions

diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index 6f8ae6e67..79da5bd8d 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -27,44 +27,68 @@ public methods.
 import functools
 import sys
 
+from nova.common import cfg
 from nova import exception
 from nova import flags
 from nova import log as logging
 
 
+ldap_opts = [
+    cfg.IntOpt('ldap_schema_version',
+               default=2,
+               help='Current version of the LDAP schema'),
+    cfg.StrOpt('ldap_url',
+               default='ldap://localhost',
+               help='Point this at your ldap server'),
+    cfg.StrOpt('ldap_password',
+               default='changeme',
+               help='LDAP password'),
+    cfg.StrOpt('ldap_user_dn',
+               default='cn=Manager,dc=example,dc=com',
+               help='DN of admin user'),
+    cfg.StrOpt('ldap_user_id_attribute',
+               default='uid',
+               help='Attribute to use as id'),
+    cfg.StrOpt('ldap_user_name_attribute',
+               default='cn',
+               help='Attribute to use as name'),
+    cfg.StrOpt('ldap_user_unit',
+               default='Users',
+               help='OID for Users'),
+    cfg.StrOpt('ldap_user_subtree',
+               default='ou=Users,dc=example,dc=com',
+               help='OU for Users'),
+    cfg.BoolOpt('ldap_user_modify_only',
+                default=False,
+                help='Modify user attributes instead of creating/deleting'),
+    cfg.StrOpt('ldap_project_subtree',
+               default='ou=Groups,dc=example,dc=com',
+               help='OU for Projects'),
+    cfg.StrOpt('role_project_subtree',
+               default='ou=Groups,dc=example,dc=com',
+               help='OU for Roles'),
+
+    # NOTE(vish): mapping with these flags is necessary because we're going
+    #             to tie in to an existing ldap schema
+    cfg.StrOpt('ldap_cloudadmin',
+               default='cn=cloudadmins,ou=Groups,dc=example,dc=com',
+               help='cn for Cloud Admins'),
+    cfg.StrOpt('ldap_itsec',
+               default='cn=itsec,ou=Groups,dc=example,dc=com',
+               help='cn for ItSec'),
+    cfg.StrOpt('ldap_sysadmin',
+               default='cn=sysadmins,ou=Groups,dc=example,dc=com',
+               help='cn for Sysadmins'),
+    cfg.StrOpt('ldap_netadmin',
+               default='cn=netadmins,ou=Groups,dc=example,dc=com',
+               help='cn for NetAdmins'),
+    cfg.StrOpt('ldap_developer',
+               default='cn=developers,ou=Groups,dc=example,dc=com',
+               help='cn for Developers'),
+    ]
+
 FLAGS = flags.FLAGS
-flags.DEFINE_integer('ldap_schema_version', 2,
-                     'Current version of the LDAP schema')
-flags.DEFINE_string('ldap_url', 'ldap://localhost',
-                    'Point this at your ldap server')
-flags.DEFINE_string('ldap_password', 'changeme', 'LDAP password')
-flags.DEFINE_string('ldap_user_dn', 'cn=Manager,dc=example,dc=com',
-                    'DN of admin user')
-flags.DEFINE_string('ldap_user_id_attribute', 'uid', 'Attribute to use as id')
-flags.DEFINE_string('ldap_user_name_attribute', 'cn',
-                    'Attribute to use as name')
-flags.DEFINE_string('ldap_user_unit', 'Users', 'OID for Users')
-flags.DEFINE_string('ldap_user_subtree', 'ou=Users,dc=example,dc=com',
-                    'OU for Users')
-flags.DEFINE_boolean('ldap_user_modify_only', False,
-                    'Modify attributes for users instead of creating/deleting')
-flags.DEFINE_string('ldap_project_subtree', 'ou=Groups,dc=example,dc=com',
-                    'OU for Projects')
-flags.DEFINE_string('role_project_subtree', 'ou=Groups,dc=example,dc=com',
-                    'OU for Roles')
-
-# NOTE(vish): mapping with these flags is necessary because we're going
-#             to tie in to an existing ldap schema
-flags.DEFINE_string('ldap_cloudadmin',
-    'cn=cloudadmins,ou=Groups,dc=example,dc=com', 'cn for Cloud Admins')
-flags.DEFINE_string('ldap_itsec',
-    'cn=itsec,ou=Groups,dc=example,dc=com', 'cn for ItSec')
-flags.DEFINE_string('ldap_sysadmin',
-    'cn=sysadmins,ou=Groups,dc=example,dc=com', 'cn for Sysadmins')
-flags.DEFINE_string('ldap_netadmin',
-    'cn=netadmins,ou=Groups,dc=example,dc=com', 'cn for NetAdmins')
-flags.DEFINE_string('ldap_developer',
-    'cn=developers,ou=Groups,dc=example,dc=com', 'cn for Developers')
+FLAGS.add_options(ldap_opts)
 
 LOG = logging.getLogger("nova.ldapdriver")
 
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index f6f55255d..234b9bf33 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -30,6 +30,7 @@ import tempfile
 import uuid
 import zipfile
 
+from nova.common import cfg
 from nova import context
 from nova import crypto
 from nova import db
@@ -40,45 +41,61 @@ from nova import utils
 from nova.auth import signer
 
 
+auth_opts = [
+    cfg.BoolOpt('use_deprecated_auth',
+                default=False,
+                help='This flag must be set to use old style auth'),
+    cfg.ListOpt('allowed_roles',
+                default=[
+                  'cloudadmin',
+                  'itsec',
+                  'sysadmin',
+                  'netadmin',
+                  'developer'
+                  ],
+                help='Allowed roles for project'),
+
+    # NOTE(vish): a user with one of these roles will be a superuser and
+    #             have access to all api commands
+    cfg.ListOpt('superuser_roles',
+                default=['cloudadmin'],
+                help='Roles that ignore authorization checking completely'),
+
+    # NOTE(vish): a user with one of these roles will have it for every
+    #             project, even if he or she is not a member of the project
+    cfg.ListOpt('global_roles',
+                default=['cloudadmin', 'itsec'],
+                help='Roles that apply to all projects'),
+
+    cfg.StrOpt('credentials_template',
+               default=utils.abspath('auth/novarc.template'),
+               help='Template for creating users rc file'),
+    cfg.StrOpt('vpn_client_template',
+               default=utils.abspath('cloudpipe/client.ovpn.template'),
+               help='Template for creating users vpn file'),
+    cfg.StrOpt('credential_vpn_file',
+               default='nova-vpn.conf',
+               help='Filename of certificate in credentials zip'),
+    cfg.StrOpt('credential_key_file',
+               default='pk.pem',
+               help='Filename of private key in credentials zip'),
+    cfg.StrOpt('credential_cert_file',
+               default='cert.pem',
+               help='Filename of certificate in credentials zip'),
+    cfg.StrOpt('credential_rc_file',
+               default='%src',
+               help='Filename of rc in credentials zip %s will be replaced by '
+                    'name of the region (nova by default)'),
+    cfg.StrOpt('auth_driver',
+               default='nova.auth.dbdriver.DbDriver',
+               help='Driver that auth manager uses'),
+    ]
+
 FLAGS = flags.FLAGS
-flags.DEFINE_bool('use_deprecated_auth',
-                  False,
-                  'This flag must be set to use old style auth')
-
-flags.DEFINE_list('allowed_roles',
-                  ['cloudadmin', 'itsec', 'sysadmin', 'netadmin', 'developer'],
-                  'Allowed roles for project')
-# NOTE(vish): a user with one of these roles will be a superuser and
-#             have access to all api commands
-flags.DEFINE_list('superuser_roles', ['cloudadmin'],
-                  'Roles that ignore authorization checking completely')
-
-# NOTE(vish): a user with one of these roles will have it for every
-#             project, even if he or she is not a member of the project
-flags.DEFINE_list('global_roles', ['cloudadmin', 'itsec'],
-                  'Roles that apply to all projects')
-
-flags.DEFINE_string('credentials_template',
-                    utils.abspath('auth/novarc.template'),
-                    'Template for creating users rc file')
-flags.DEFINE_string('vpn_client_template',
-                    utils.abspath('cloudpipe/client.ovpn.template'),
-                    'Template for creating users vpn file')
-flags.DEFINE_string('credential_vpn_file', 'nova-vpn.conf',
-                    'Filename of certificate in credentials zip')
-flags.DEFINE_string('credential_key_file', 'pk.pem',
-                    'Filename of private key in credentials zip')
-flags.DEFINE_string('credential_cert_file', 'cert.pem',
-                    'Filename of certificate in credentials zip')
-flags.DEFINE_string('credential_rc_file', '%src',
-                    'Filename of rc in credentials zip, %s will be '
-                    'replaced by name of the region (nova by default)')
-flags.DEFINE_string('auth_driver', 'nova.auth.dbdriver.DbDriver',
-                    'Driver that auth manager uses')
+FLAGS.add_options(auth_opts)
 
 flags.DECLARE('osapi_compute_listen_port', 'nova.service')
 
-
 LOG = logging.getLogger('nova.auth.manager')