From ac0fee5d6b8e88f22155fb59872cbe46e720078f Mon Sep 17 00:00:00 2001 From: Kevin_Zheng Date: Fri, 29 Jan 2016 15:01:50 +0800 Subject: [PATCH] config options: centralize section: "crypto" The config options of the "nova.conf" section "crypto" got moved to the new central location "nova/conf/crypto.py" Change-Id: Ia5e970694d384ef39a6050efb5db2f61e6f4205b Implements: blueprint centralize-config-options-newton --- nova/api/openstack/compute/cloudpipe.py | 5 +- .../compute/legacy_v2/contrib/cloudpipe.py | 5 +- nova/cloudpipe/pipelib.py | 1 - nova/conf/__init__.py | 4 +- nova/conf/crypto.py | 66 +++++++++++++++++++ nova/crypto.py | 37 +---------- nova/opts.py | 2 - 7 files changed, 74 insertions(+), 46 deletions(-) create mode 100644 nova/conf/crypto.py diff --git a/nova/api/openstack/compute/cloudpipe.py b/nova/api/openstack/compute/cloudpipe.py index 2529b2b1b1dd..36eb4bf132b9 100644 --- a/nova/api/openstack/compute/cloudpipe.py +++ b/nova/api/openstack/compute/cloudpipe.py @@ -14,7 +14,6 @@ """Connect your vlan to the world.""" -from oslo_config import cfg from oslo_utils import fileutils from webob import exc @@ -26,14 +25,14 @@ from nova.cloudpipe import pipelib from nova import compute from nova.compute import utils as compute_utils from nova.compute import vm_states +import nova.conf from nova import exception from nova.i18n import _ from nova import network from nova import objects from nova import utils -CONF = cfg.CONF -CONF.import_opt('keys_path', 'nova.crypto') +CONF = nova.conf.CONF ALIAS = 'os-cloudpipe' authorize = extensions.os_compute_authorizer(ALIAS) diff --git a/nova/api/openstack/compute/legacy_v2/contrib/cloudpipe.py b/nova/api/openstack/compute/legacy_v2/contrib/cloudpipe.py index 1b51e3df448d..7fb1a7d4241f 100644 --- a/nova/api/openstack/compute/legacy_v2/contrib/cloudpipe.py +++ b/nova/api/openstack/compute/legacy_v2/contrib/cloudpipe.py @@ -14,7 +14,6 @@ """Connect your vlan to the world.""" -from oslo_config import cfg from oslo_utils import fileutils from webob import exc @@ -23,13 +22,13 @@ from nova.cloudpipe import pipelib from nova import compute from nova.compute import utils as compute_utils from nova.compute import vm_states +import nova.conf from nova import exception from nova.i18n import _ from nova import network from nova import utils -CONF = cfg.CONF -CONF.import_opt('keys_path', 'nova.crypto') +CONF = nova.conf.CONF authorize = extensions.extension_authorizer('compute', 'cloudpipe') diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index c2bc5c5b5249..53d87eb5fe77 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -37,7 +37,6 @@ from nova import utils CONF = nova.conf.CONF -CONF.import_opt('keys_path', 'nova.crypto') LOG = logging.getLogger(__name__) diff --git a/nova/conf/__init__.py b/nova/conf/__init__.py index b7d42115da8e..1d4579855ba0 100644 --- a/nova/conf/__init__.py +++ b/nova/conf/__init__.py @@ -36,7 +36,7 @@ from nova.conf import conductor from nova.conf import consoleauth # from nova.conf import cors # from nova.conf import cors.subdomain -# from nova.conf import crypto +from nova.conf import crypto # from nova.conf import database # from nova.conf import disk from nova.conf import ephemeral_storage @@ -99,7 +99,7 @@ conductor.register_opts(CONF) consoleauth.register_opts(CONF) # cors.register_opts(CONF) # cors.subdomain.register_opts(CONF) -# crypto.register_opts(CONF) +crypto.register_opts(CONF) # database.register_opts(CONF) # disk.register_opts(CONF) ephemeral_storage.register_opts(CONF) diff --git a/nova/conf/crypto.py b/nova/conf/crypto.py new file mode 100644 index 000000000000..9d85e3311cb2 --- /dev/null +++ b/nova/conf/crypto.py @@ -0,0 +1,66 @@ +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os + +from oslo_config import cfg + +from nova.i18n import _ +from nova import paths + +crypto_opts = [ + cfg.StrOpt( + 'ca_file', + default='cacert.pem', + help=_('Filename of root CA')), + cfg.StrOpt( + 'key_file', + default=os.path.join('private', 'cakey.pem'), + help=_('Filename of private key')), + cfg.StrOpt( + 'crl_file', + default='crl.pem', + help=_('Filename of root Certificate Revocation List')), + cfg.StrOpt( + 'keys_path', + default=paths.state_path_def('keys'), + help=_('Where we keep our keys')), + cfg.StrOpt( + 'ca_path', + default=paths.state_path_def('CA'), + help=_('Where we keep our root CA')), + cfg.BoolOpt( + 'use_project_ca', + default=False, + help=_('Should we use a CA for each project?')), + cfg.StrOpt( + 'user_cert_subject', + default='/C=US/ST=California/O=OpenStack/' + 'OU=NovaDev/CN=%.16s-%.16s-%s', + help=_('Subject for certificate for users, %s for ' + 'project, user, timestamp')), + cfg.StrOpt( + 'project_cert_subject', + default='/C=US/ST=California/O=OpenStack/' + 'OU=NovaDev/CN=project-ca-%.16s-%s', + help=_('Subject for certificate for projects, %s for ' + 'project, timestamp'))] + + +def register_opts(conf): + conf.register_opts(crypto_opts) + + +def list_opts(): + return {'DEFAULT': crypto_opts} diff --git a/nova/crypto.py b/nova/crypto.py index 7e07fb4763d1..eb954d19a0fd 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -34,56 +34,23 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization from cryptography import x509 from oslo_concurrency import processutils -from oslo_config import cfg from oslo_log import log as logging from oslo_utils import excutils from oslo_utils import fileutils import paramiko import six +import nova.conf from nova import context from nova import db from nova import exception from nova.i18n import _, _LE -from nova import paths from nova import utils LOG = logging.getLogger(__name__) -crypto_opts = [ - cfg.StrOpt('ca_file', - default='cacert.pem', - help=_('Filename of root CA')), - cfg.StrOpt('key_file', - default=os.path.join('private', 'cakey.pem'), - help=_('Filename of private key')), - cfg.StrOpt('crl_file', - default='crl.pem', - help=_('Filename of root Certificate Revocation List')), - cfg.StrOpt('keys_path', - default=paths.state_path_def('keys'), - help=_('Where we keep our keys')), - cfg.StrOpt('ca_path', - default=paths.state_path_def('CA'), - help=_('Where we keep our root CA')), - cfg.BoolOpt('use_project_ca', - default=False, - help=_('Should we use a CA for each project?')), - cfg.StrOpt('user_cert_subject', - default='/C=US/ST=California/O=OpenStack/' - 'OU=NovaDev/CN=%.16s-%.16s-%s', - help=_('Subject for certificate for users, %s for ' - 'project, user, timestamp')), - cfg.StrOpt('project_cert_subject', - default='/C=US/ST=California/O=OpenStack/' - 'OU=NovaDev/CN=project-ca-%.16s-%s', - help=_('Subject for certificate for projects, %s for ' - 'project, timestamp')), - ] - -CONF = cfg.CONF -CONF.register_opts(crypto_opts) +CONF = nova.conf.CONF def ca_folder(project_id=None): diff --git a/nova/opts.py b/nova/opts.py index f83cb8d8baae..09e856842d6b 100644 --- a/nova/opts.py +++ b/nova/opts.py @@ -25,7 +25,6 @@ import nova.console.rpcapi import nova.console.serial import nova.console.xvp import nova.consoleauth.rpcapi -import nova.crypto import nova.db.api import nova.db.base import nova.db.sqlalchemy.api @@ -55,7 +54,6 @@ def list_opts(): nova.console.manager.console_manager_opts, nova.console.rpcapi.rpcapi_opts, nova.console.xvp.xvp_opts, - nova.crypto.crypto_opts, nova.db.api.db_opts, nova.db.sqlalchemy.api.db_opts, nova.exception.exc_log_opts,