Properly scope password options

enable_instance_password is only used in api.openstack.compute.servers
so move it there.

password_length is passed as a parameter to every generate_password()
call, so just move it into nova.utils and have generate_password()
use it by default.

Note: using a config option as the default value of a kwarg isn't a
good idea because the option value is read when the function is defined
which means you can't control its value during unit tests. Instead we
use password=None as the default.

blueprint: scope-config-opts
Change-Id: I445174515fc2eacc56c7cccecadadd2a7e57d4f4

9 files changed, 33 insertions, 26 deletions

diff --git a/nova/api/openstack/compute/contrib/rescue.py b/nova/api/openstack/compute/contrib/rescue.py
index 8aff90c38..ce3dfaf97 100644
--- a/nova/api/openstack/compute/contrib/rescue.py
+++ b/nova/api/openstack/compute/contrib/rescue.py
@@ -28,7 +28,6 @@ from nova import utils
 
 
 CONF = cfg.CONF
-CONF.import_opt('password_length', 'nova.config')
 LOG = logging.getLogger(__name__)
 authorize = exts.extension_authorizer('compute', 'rescue')
 
@@ -55,7 +54,7 @@ class RescueController(wsgi.Controller):
         if body['rescue'] and 'adminPass' in body['rescue']:
             password = body['rescue']['adminPass']
         else:
-            password = utils.generate_password(CONF.password_length)
+            password = utils.generate_password()
 
         instance = self._get_instance(context, id)
         try:
diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py
index 68c5372c3..a62740681 100644
--- a/nova/api/openstack/compute/servers.py
+++ b/nova/api/openstack/compute/servers.py
@@ -40,13 +40,19 @@ from nova.openstack.common import uuidutils
 from nova import utils
 
 
-LOG = logging.getLogger(__name__)
+server_opts = [
+    cfg.BoolOpt('enable_instance_password',
+                default=True,
+                help='Allows use of instance password during '
+                     'server creation'),
+]
 CONF = cfg.CONF
-CONF.import_opt('enable_instance_password', 'nova.config')
+CONF.register_opts(server_opts)
 CONF.import_opt('network_api_class', 'nova.config')
-CONF.import_opt('password_length', 'nova.config')
 CONF.import_opt('reclaim_instance_interval', 'nova.compute.manager')
 
+LOG = logging.getLogger(__name__)
+
 
 def make_fault(elem):
     fault = xmlutil.SubTemplateElement(elem, 'fault', selector='fault')
@@ -1204,7 +1210,7 @@ class Controller(wsgi.Controller):
         try:
             password = body['adminPass']
         except (KeyError, TypeError):
-            password = utils.generate_password(CONF.password_length)
+            password = utils.generate_password()
 
         context = req.environ['nova.context']
         instance = self._get_server(context, req, id)
@@ -1346,7 +1352,7 @@ class Controller(wsgi.Controller):
             password = server['adminPass']
             self._validate_admin_password(password)
         except KeyError:
-            password = utils.generate_password(CONF.password_length)
+            password = utils.generate_password()
         except ValueError:
             raise exc.HTTPBadRequest(explanation=_("Invalid adminPass"))
 
diff --git a/nova/compute/manager.py b/nova/compute/manager.py
index e5b97c0ed..d566537eb 100644
--- a/nova/compute/manager.py
+++ b/nova/compute/manager.py
@@ -175,7 +175,6 @@ CONF.import_opt('console_topic', 'nova.config')
 CONF.import_opt('host', 'nova.config')
 CONF.import_opt('my_ip', 'nova.config')
 CONF.import_opt('network_manager', 'nova.config')
-CONF.import_opt('password_length', 'nova.config')
 CONF.import_opt('reclaim_instance_interval', 'nova.config')
 CONF.import_opt('vpn_image_id', 'nova.config')
 CONF.import_opt('my_ip', 'nova.config')
@@ -1464,7 +1463,7 @@ class ComputeManager(manager.SchedulerDependentManager):
 
         if new_pass is None:
             # Generate a random password
-            new_pass = utils.generate_password(CONF.password_length)
+            new_pass = utils.generate_password()
 
         max_tries = 10
 
@@ -1574,7 +1573,7 @@ class ComputeManager(manager.SchedulerDependentManager):
         LOG.audit(_('Rescuing'), context=context, instance=instance)
 
         admin_password = (rescue_password if rescue_password else
-                      utils.generate_password(CONF.password_length))
+                      utils.generate_password())
 
         network_info = self._get_instance_nw_info(context, instance)
 
diff --git a/nova/config.py b/nova/config.py
index ec5ac3ba1..7ae32165a 100644
--- a/nova/config.py
+++ b/nova/config.py
@@ -209,13 +209,6 @@ global_opts = [
     cfg.BoolOpt('use_ipv6',
                 default=False,
                 help='use ipv6'),
-    cfg.BoolOpt('enable_instance_password',
-                default=True,
-                help='Allows use of instance password during '
-                     'server creation'),
-    cfg.IntOpt('password_length',
-               default=12,
-               help='Length of generated instance admin passwords'),
     cfg.IntOpt('service_down_time',
                default=60,
                help='maximum time since last check-in for up service'),
diff --git a/nova/tests/api/openstack/compute/contrib/test_rescue.py b/nova/tests/api/openstack/compute/contrib/test_rescue.py
index 0d735d5ec..2719c1339 100644
--- a/nova/tests/api/openstack/compute/contrib/test_rescue.py
+++ b/nova/tests/api/openstack/compute/contrib/test_rescue.py
@@ -22,7 +22,7 @@ from nova import test
 from nova.tests.api.openstack import fakes
 
 CONF = cfg.CONF
-CONF.import_opt('password_length', 'nova.config')
+CONF.import_opt('password_length', 'nova.utils')
 
 
 def rescue(self, context, instance, rescue_password=None):
diff --git a/nova/tests/api/openstack/compute/contrib/test_volumes.py b/nova/tests/api/openstack/compute/contrib/test_volumes.py
index 17ac244ff..21befe5e6 100644
--- a/nova/tests/api/openstack/compute/contrib/test_volumes.py
+++ b/nova/tests/api/openstack/compute/contrib/test_volumes.py
@@ -32,7 +32,7 @@ from nova.volume import cinder
 from webob import exc
 
 CONF = cfg.CONF
-CONF.import_opt('password_length', 'nova.config')
+CONF.import_opt('password_length', 'nova.utils')
 
 FAKE_UUID = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
 FAKE_UUID_A = '00000000-aaaa-aaaa-aaaa-000000000000'
diff --git a/nova/tests/api/openstack/compute/test_server_actions.py b/nova/tests/api/openstack/compute/test_server_actions.py
index dbb854c58..a0330d2cc 100644
--- a/nova/tests/api/openstack/compute/test_server_actions.py
+++ b/nova/tests/api/openstack/compute/test_server_actions.py
@@ -35,7 +35,7 @@ from nova.tests import matchers
 
 
 CONF = cfg.CONF
-CONF.import_opt('password_length', 'nova.config')
+CONF.import_opt('password_length', 'nova.utils')
 FAKE_UUID = fakes.FAKE_UUID
 INSTANCE_IDS = {FAKE_UUID: 1}
 
diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py
index d8c388865..0afbecb22 100644
--- a/nova/tests/api/openstack/compute/test_servers.py
+++ b/nova/tests/api/openstack/compute/test_servers.py
@@ -54,7 +54,7 @@ from nova.tests import matchers
 
 
 CONF = cfg.CONF
-CONF.import_opt('password_length', 'nova.config')
+CONF.import_opt('password_length', 'nova.utils')
 CONF.import_opt('scheduler_topic', 'nova.config')
 
 FAKE_UUID = fakes.FAKE_UUID
diff --git a/nova/utils.py b/nova/utils.py
index 2491c5fcb..859fe5df8 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -64,12 +64,17 @@ monkey_patch_opts = [
                   ],
                 help='List of modules/decorators to monkey patch'),
 ]
-LOG = logging.getLogger(__name__)
+utils_opts = [
+    cfg.IntOpt('password_length',
+               default=12,
+               help='Length of generated instance admin passwords'),
+    cfg.BoolOpt('disable_process_locking',
+                default=False,
+                help='Whether to disable inter-process locks'),
+]
 CONF = cfg.CONF
 CONF.register_opts(monkey_patch_opts)
-CONF.register_opt(
-    cfg.BoolOpt('disable_process_locking', default=False,
-                help='Whether to disable inter-process locks'))
+CONF.register_opts(utils_opts)
 CONF.import_opt('glance_host', 'nova.config')
 CONF.import_opt('glance_port', 'nova.config')
 CONF.import_opt('glance_protocol', 'nova.config')
@@ -77,6 +82,8 @@ CONF.import_opt('instance_usage_audit_period', 'nova.config')
 CONF.import_opt('rootwrap_config', 'nova.config')
 CONF.import_opt('service_down_time', 'nova.config')
 
+LOG = logging.getLogger(__name__)
+
 # Used for looking up extensions of text
 # to their 'multiplied' byte amount
 BYTE_MULTIPLIERS = {
@@ -423,7 +430,7 @@ def last_completed_audit_period(unit=None, before=None):
     return (begin, end)
 
 
-def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
+def generate_password(length=None, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
     """Generate a random password from the supplied symbol groups.
 
     At least one symbol from each group will be included. Unpredictable
@@ -432,6 +439,9 @@ def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
     Believed to be reasonably secure (with a reasonable password length!)
 
     """
+    if length is None:
+        length = CONF.password_length
+
     r = random.SystemRandom()
 
     # NOTE(jerdfelt): Some password policies require at least one character