diff --git a/aetos/cmd/aetos-config-generator.conf b/aetos/cmd/aetos-config-generator.conf index 735e900..5501a47 100644 --- a/aetos/cmd/aetos-config-generator.conf +++ b/aetos/cmd/aetos-config-generator.conf @@ -1,7 +1,6 @@ [DEFAULT] wrap_width = 79 namespace = aetos -namespace = aetos-auth namespace = oslo.log namespace = oslo.middleware.cors namespace = oslo.middleware.healthcheck diff --git a/aetos/keystone_client.py b/aetos/keystone_client.py deleted file mode 100644 index e06a18d..0000000 --- a/aetos/keystone_client.py +++ /dev/null @@ -1,112 +0,0 @@ -# -# Copyright 2015 eNovance -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os - -from keystoneauth1 import exceptions as ka_exception -from keystoneauth1.identity.generic import password -from keystoneauth1 import loading as ka_loading -from keystoneclient.v3 import client as ks_client_v3 -from oslo_config import cfg - - -CFG_GROUP = "service_credentials" - - -def get_session(conf): - """Get an aetos service credentials auth session.""" - auth_plugin = ka_loading.load_auth_from_conf_options(conf, CFG_GROUP) - return ka_loading.load_session_from_conf_options( - conf, CFG_GROUP, auth=auth_plugin - ) - - -def get_client(conf): - """Return a client for keystone v3 endpoint.""" - sess = get_session(conf) - return ks_client_v3.Client(session=sess) - - -def get_trusted_client(conf, trust_id): - # Ideally we would use load_session_from_conf_options, but we can't do that - # *and* specify a trust, so let's create the object manually. - auth_plugin = password.Password( - username=conf[CFG_GROUP].username, - password=conf[CFG_GROUP].password, - auth_url=conf[CFG_GROUP].auth_url, - user_domain_id=conf[CFG_GROUP].user_domain_id, - user_domain_name=conf[CFG_GROUP].user_domain_name, - trust_id=trust_id) - - sess = ka_loading.load_session_from_conf_options(conf, CFG_GROUP, - auth=auth_plugin) - return ks_client_v3.Client(session=sess) - - -def get_auth_token(client): - return client.session.auth.get_access(client.session).auth_token - - -def get_client_on_behalf_user(conf, auth_plugin): - """Return a client for keystone v3 endpoint.""" - sess = ka_loading.load_session_from_conf_options(conf, CFG_GROUP, - auth=auth_plugin) - return ks_client_v3.Client(session=sess) - - -def create_trust_id(conf, trustor_user_id, trustor_project_id, roles, - auth_plugin): - """Create a new trust using the aetos service user.""" - admin_client = get_client(conf) - trustee_user_id = admin_client.session.get_user_id() - - client = get_client_on_behalf_user(conf, auth_plugin) - trust = client.trusts.create(trustor_user=trustor_user_id, - trustee_user=trustee_user_id, - project=trustor_project_id, - impersonation=True, - role_names=roles) - return trust.id - - -def delete_trust_id(conf, trust_id, auth_plugin): - """Delete a trust previously setup for the aetos user.""" - client = get_client_on_behalf_user(conf, auth_plugin) - try: - client.trusts.delete(trust_id) - except ka_exception.NotFound: - pass - - -def url_for(conf, **kwargs): - sess = get_session(conf) - return sess.get_endpoint(**kwargs) - - -OPTS = [ - cfg.StrOpt('region-name', - default=os.environ.get('OS_REGION_NAME'), - help='Region name to use for OpenStack service endpoints.'), -] - - -def register_keystoneauth_opts(conf): - ka_loading.register_auth_conf_options(conf, CFG_GROUP) - ka_loading.register_session_conf_options( - conf, CFG_GROUP, - deprecated_opts={'cacert': [ - cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP), - cfg.DeprecatedOpt('os-cacert', group="DEFAULT")] - }) diff --git a/aetos/opts.py b/aetos/opts.py index c6dff89..ad93516 100644 --- a/aetos/opts.py +++ b/aetos/opts.py @@ -15,11 +15,9 @@ # under the License. import itertools -from keystoneauth1 import loading from oslo_config import cfg import aetos.controllers.api.v1.base -import aetos.keystone_client import aetos.service @@ -40,14 +38,4 @@ def list_opts(): ('DEFAULT', itertools.chain(OPTS, aetos.controllers.api.v1.base.OPTS)), - ('service_credentials', aetos.keystone_client.OPTS), ] - - -def list_keystoneauth_opts(): - # NOTE(sileht): the configuration file contains only the options - # for the password plugin that handles keystone v2 and v3 API - # with discovery. But other options are possible. - return [('service_credentials', ( - loading.get_auth_common_conf_options() + - loading.get_auth_plugin_conf_options('password')))] diff --git a/aetos/service.py b/aetos/service.py index 50a19b5..ccaa8ec 100644 --- a/aetos/service.py +++ b/aetos/service.py @@ -15,7 +15,6 @@ # under the License. import os -from keystoneauth1 import loading as ka_loading from oslo_config import cfg from oslo_db import options as db_options import oslo_i18n @@ -23,7 +22,6 @@ from oslo_log import log from oslo_policy import opts as policy_opts from aetos.conf import defaults -from aetos import keystone_client from aetos import version @@ -31,16 +29,6 @@ def prepare_service(argv=None, config_files=None): conf = cfg.ConfigOpts() oslo_i18n.enable_lazy() log.register_options(conf) - log_levels = ( - conf.default_log_levels + - [ - 'futurist=INFO', - 'keystoneclient=INFO', - 'oslo_db.sqlalchemy=WARN', - 'cotyledon=INFO' - ] - ) - log.set_defaults(default_log_levels=log_levels) defaults.set_cors_middleware_defaults() db_options.set_defaults(conf) policy_opts.set_defaults(conf, policy_file=os.path.abspath( @@ -50,13 +38,11 @@ def prepare_service(argv=None, config_files=None): for group, options in opts.list_opts(): conf.register_opts(list(options), group=None if group == "DEFAULT" else group) - keystone_client.register_keystoneauth_opts(conf) conf(argv, project='aetos', validate_default_values=True, default_config_files=config_files, version=version.version_info.version_string()) - ka_loading.load_auth_from_conf_options(conf, "service_credentials") log.setup(conf, 'aetos') return conf diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 4c8754f..7812275 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -52,15 +52,6 @@ function configure_aetos { # Format logging setup_logging $AETOS_CONF DEFAULT - iniset $AETOS_CONF service_credentials auth_type password - iniset $AETOS_CONF service_credentials username aetos - iniset $AETOS_CONF service_credentials user_domain_id default - iniset $AETOS_CONF service_credentials project_domain_id default - iniset $AETOS_CONF service_credentials password $SERVICE_PASSWORD - iniset $AETOS_CONF service_credentials project_name $SERVICE_PROJECT_NAME - iniset $AETOS_CONF service_credentials region_name $REGION_NAME - iniset $AETOS_CONF service_credentials auth_url $KEYSTONE_SERVICE_URI - configure_keystone_authtoken_middleware $AETOS_CONF aetos # iniset creates these files when it's called if they don't exist. diff --git a/setup.cfg b/setup.cfg index 126bc4b..7724986 100644 --- a/setup.cfg +++ b/setup.cfg @@ -38,7 +38,6 @@ wsgi_scripts = oslo.config.opts = aetos = aetos.opts:list_opts - aetos-auth = aetos.opts:list_keystoneauth_opts oslo.config.opts.defaults = aetos = aetos.conf.defaults:set_lib_defaults