Drop service_credential options

Aetos is a proxy service to Prometheus and does not require interaction
with the other OpenStack services (except for keystone which authtoken
middleware uses).

Change-Id: I8da29d75c1886005fe823931d275622c7980aa61

aetos/cmd/aetos-config-generator.conf

@@ -1,7 +1,6 @@
 [DEFAULT]
 wrap_width = 79
 namespace = aetos
-namespace = aetos-auth
 namespace = oslo.log
 namespace = oslo.middleware.cors
 namespace = oslo.middleware.healthcheck

aetos/keystone_client.py

@@ -1,112 +0,0 @@
-#
-# Copyright 2015 eNovance <licensing@enovance.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import os
-
-from keystoneauth1 import exceptions as ka_exception
-from keystoneauth1.identity.generic import password
-from keystoneauth1 import loading as ka_loading
-from keystoneclient.v3 import client as ks_client_v3
-from oslo_config import cfg
-
-
-CFG_GROUP = "service_credentials"
-
-
-def get_session(conf):
-    """Get an aetos service credentials auth session."""
-    auth_plugin = ka_loading.load_auth_from_conf_options(conf, CFG_GROUP)
-    return ka_loading.load_session_from_conf_options(
-        conf, CFG_GROUP, auth=auth_plugin
-    )
-
-
-def get_client(conf):
-    """Return a client for keystone v3 endpoint."""
-    sess = get_session(conf)
-    return ks_client_v3.Client(session=sess)
-
-
-def get_trusted_client(conf, trust_id):
-    # Ideally we would use load_session_from_conf_options, but we can't do that
-    # *and* specify a trust, so let's create the object manually.
-    auth_plugin = password.Password(
-        username=conf[CFG_GROUP].username,
-        password=conf[CFG_GROUP].password,
-        auth_url=conf[CFG_GROUP].auth_url,
-        user_domain_id=conf[CFG_GROUP].user_domain_id,
-        user_domain_name=conf[CFG_GROUP].user_domain_name,
-        trust_id=trust_id)
-
-    sess = ka_loading.load_session_from_conf_options(conf, CFG_GROUP,
-                                                     auth=auth_plugin)
-    return ks_client_v3.Client(session=sess)
-
-
-def get_auth_token(client):
-    return client.session.auth.get_access(client.session).auth_token
-
-
-def get_client_on_behalf_user(conf, auth_plugin):
-    """Return a client for keystone v3 endpoint."""
-    sess = ka_loading.load_session_from_conf_options(conf, CFG_GROUP,
-                                                     auth=auth_plugin)
-    return ks_client_v3.Client(session=sess)
-
-
-def create_trust_id(conf, trustor_user_id, trustor_project_id, roles,
-                    auth_plugin):
-    """Create a new trust using the aetos service user."""
-    admin_client = get_client(conf)
-    trustee_user_id = admin_client.session.get_user_id()
-
-    client = get_client_on_behalf_user(conf, auth_plugin)
-    trust = client.trusts.create(trustor_user=trustor_user_id,
-                                 trustee_user=trustee_user_id,
-                                 project=trustor_project_id,
-                                 impersonation=True,
-                                 role_names=roles)
-    return trust.id
-
-
-def delete_trust_id(conf, trust_id, auth_plugin):
-    """Delete a trust previously setup for the aetos user."""
-    client = get_client_on_behalf_user(conf, auth_plugin)
-    try:
-        client.trusts.delete(trust_id)
-    except ka_exception.NotFound:
-        pass
-
-
-def url_for(conf, **kwargs):
-    sess = get_session(conf)
-    return sess.get_endpoint(**kwargs)
-
-
-OPTS = [
-    cfg.StrOpt('region-name',
-               default=os.environ.get('OS_REGION_NAME'),
-               help='Region name to use for OpenStack service endpoints.'),
-]
-
-
-def register_keystoneauth_opts(conf):
-    ka_loading.register_auth_conf_options(conf, CFG_GROUP)
-    ka_loading.register_session_conf_options(
-        conf, CFG_GROUP,
-        deprecated_opts={'cacert': [
-            cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP),
-            cfg.DeprecatedOpt('os-cacert', group="DEFAULT")]
-        })

aetos/opts.py

@@ -15,11 +15,9 @@
 # under the License.
 import itertools
 
-from keystoneauth1 import loading
 from oslo_config import cfg
 
 import aetos.controllers.api.v1.base
-import aetos.keystone_client
 import aetos.service
 
 
@@ -40,14 +38,4 @@ def list_opts():
         ('DEFAULT',
          itertools.chain(OPTS,
                          aetos.controllers.api.v1.base.OPTS)),
-        ('service_credentials', aetos.keystone_client.OPTS),
     ]
-
-
-def list_keystoneauth_opts():
-    # NOTE(sileht): the configuration file contains only the options
-    # for the password plugin that handles keystone v2 and v3 API
-    # with discovery. But other options are possible.
-    return [('service_credentials', (
-            loading.get_auth_common_conf_options() +
-            loading.get_auth_plugin_conf_options('password')))]

aetos/service.py

@@ -15,7 +15,6 @@
 # under the License.
 import os
 
-from keystoneauth1 import loading as ka_loading
 from oslo_config import cfg
 from oslo_db import options as db_options
 import oslo_i18n
@@ -23,7 +22,6 @@ from oslo_log import log
 from oslo_policy import opts as policy_opts
 
 from aetos.conf import defaults
-from aetos import keystone_client
 from aetos import version
 
 
@@ -31,16 +29,6 @@ def prepare_service(argv=None, config_files=None):
     conf = cfg.ConfigOpts()
     oslo_i18n.enable_lazy()
     log.register_options(conf)
-    log_levels = (
-        conf.default_log_levels +
-        [
-            'futurist=INFO',
-            'keystoneclient=INFO',
-            'oslo_db.sqlalchemy=WARN',
-            'cotyledon=INFO'
-        ]
-    )
-    log.set_defaults(default_log_levels=log_levels)
     defaults.set_cors_middleware_defaults()
     db_options.set_defaults(conf)
     policy_opts.set_defaults(conf, policy_file=os.path.abspath(
@@ -50,13 +38,11 @@ def prepare_service(argv=None, config_files=None):
     for group, options in opts.list_opts():
         conf.register_opts(list(options),
                            group=None if group == "DEFAULT" else group)
-    keystone_client.register_keystoneauth_opts(conf)
 
     conf(argv, project='aetos', validate_default_values=True,
          default_config_files=config_files,
          version=version.version_info.version_string())
 
-    ka_loading.load_auth_from_conf_options(conf, "service_credentials")
     log.setup(conf, 'aetos')
 
     return conf

devstack/plugin.sh

@@ -52,15 +52,6 @@ function configure_aetos {
     # Format logging
     setup_logging $AETOS_CONF DEFAULT
 
-    iniset $AETOS_CONF service_credentials auth_type password
-    iniset $AETOS_CONF service_credentials username aetos
-    iniset $AETOS_CONF service_credentials user_domain_id default
-    iniset $AETOS_CONF service_credentials project_domain_id default
-    iniset $AETOS_CONF service_credentials password $SERVICE_PASSWORD
-    iniset $AETOS_CONF service_credentials project_name $SERVICE_PROJECT_NAME
-    iniset $AETOS_CONF service_credentials region_name $REGION_NAME
-    iniset $AETOS_CONF service_credentials auth_url $KEYSTONE_SERVICE_URI
-
     configure_keystone_authtoken_middleware $AETOS_CONF aetos
 
     # iniset creates these files when it's called if they don't exist.

setup.cfg

@@ -38,7 +38,6 @@ wsgi_scripts =
 
 oslo.config.opts =
     aetos = aetos.opts:list_opts
-    aetos-auth = aetos.opts:list_keystoneauth_opts
 
 oslo.config.opts.defaults =
     aetos = aetos.conf.defaults:set_lib_defaults