4ae627be44
Move sample config to etc/drydock Update docs to generate a config with tox Update configuration for Keystone - Add config generation to tox.ini - Fix default in bootdata config - Add keystone dependencies - Add config generator config - Move sample config to a skeleton etc/drydock tree Use PasteDeploy for WSGI integration Using keystonemiddleware outside of a PasteDeploy pipeline is deprecated. Move Drydock to use PasteDeploy and integrate with keystonemiddleware Update Falcon context object Add keystone identity fields to context object Clean up context marker field Fix AuthMiddleware for keystone Update falcon middleware to harvest headers injected by keystonemiddleware Fix context middleware Update context middleware to enforce a UUID-formatted external context marker Lock keystonemiddleware version Lock keystonemiddleware version to the Newton release Sample drydock.conf with keystone This drydock.conf file is known to integrate successfully with Keystone via keystonemiddleware and the password plugin Add .dockerignore Stop adding .tox environment to docker images Integrate with oslo.policy Add oslo.policy 1.9.0 to requirements (Newton release) Add tox job to generate sample policy.yaml Create DrydockPolicy as facade for RBAC Inject policy engine into API init Create a DrydockPolicy instance and inject it into the Drydock API resources. Remove per-resource authorization Update Drydock context and auth middleware Update Drydock context to use keystone IDs instead of names as required by oslo.policy Update AuthMiddleware to capture headers when request provides a service token Add RBAC for /designs API Add RBAC enforcement for GET and POST of /api/v1.0/designs endpoint Refactor check_policy Refactor check_policy into the base class Enforce RBAC for /designs/id endpoint Enforce RBAC on /designs/id/parts endpoint Enforce RBAC on /designs/id/parts/kind Enforce RBAC on /designs/id/parts/kinds/ Enforce RBAC on /tasks/ endpoints Create unit tests - New unit tests for DrydockPolicy - New unit tests for AuthMiddleware w/ Keystone integration Address impacting keystonemiddleware bug Use v4.9.1 to address https://bugs.launchpad.net/keystonemiddleware/+bug/1653646 Add oslo_config fixtures for unit testing API base class fixes Fix an import error in API resource base class More graceful error handling in drydock_client Create shared function for checking API response status codes Create client errors for auth Create specific Exceptions for Unauthorized and Forbidden responses Ignore generated sample configs Lock iso8601 version oslo.versionedobjects appears to be impcompatible with iso8601 0.1.12 on Python 3.2+ Update docs for Keystone Note Keystone as a external depdendency and add notes on correctly configuring Drydock for Keystone integration Add keystoneauth1 to list_opts Explicitly pull keystoneauth password plugin options when generating a config template Update reference config for keystone Update the reference config template for Keystone integration Add keystoneauth1 to requirements Need to directly include keystoneauth1 so that oslo_config options can be pulled from it Update config doc for keystoneauth1 Use the keystoneauth1 generated configuration options for the configuration docs Remove auth options Force dependence on Keystone as the only authentication backend Clean up imports Fix how falcon modules are imported Default to empty role list Move param extraction Enforce RBAC before starting to parse parameters Implement DocumentedRuleDefault Use DocumentedRuleDefault for policy defaults at request of @tlam. Requires v 1.21.1 of oslo_policy, which is tied to the Pike openstack release. Change sample output filenames Update filenames to follow Openstack convention Fix tests to use hex formatted IDs Openstack resource IDs are not hyphenated, so update unit tests to reflect this Fix formating and whitespace Refactor a few small items for code review Update keystone integration to be more robust with Newton codebase Centralize policy_engine reference to support a decorator-based model RBAC enforcement decorator Add units tests for decorator-based RBAC and the tasks API Minor refactoring and format changes Change-Id: I35f90b0c88ec577fda1077814f5eac5c0ffb41e9
151 lines
6.5 KiB
Python
151 lines
6.5 KiB
Python
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
"""Single point of entry to generate the sample configuration file.
|
|
|
|
This module collects all the necessary info from the other modules in this
|
|
package. It is assumed that:
|
|
|
|
* Every other module in this package has a 'list_opts' function which
|
|
returns a dict where:
|
|
|
|
* The keys are strings which are the group names.
|
|
* The value of each key is a list of config options for that group.
|
|
|
|
* The conf package doesn't have further packages with config options.
|
|
|
|
* This module is only used in the context of sample file generation.
|
|
|
|
"""
|
|
import collections
|
|
import importlib
|
|
import os
|
|
import pkgutil
|
|
|
|
from oslo_config import cfg
|
|
|
|
import keystoneauth1.loading as loading
|
|
|
|
IGNORED_MODULES = ('drydock', 'config')
|
|
|
|
class DrydockConfig(object):
|
|
"""
|
|
Initialize all the core options
|
|
"""
|
|
# Default options
|
|
options = [
|
|
cfg.IntOpt('poll_interval', default=10, help='Polling interval in seconds for checking subtask or downstream status'),
|
|
]
|
|
|
|
# Logging options
|
|
logging_options = [
|
|
cfg.StrOpt('log_level', default='INFO', help='Global log level for Drydock'),
|
|
cfg.StrOpt('global_logger_name', default='drydock', help='Logger name for the top-level logger'),
|
|
cfg.StrOpt('oobdriver_logger_name', default='${global_logger_name}.oobdriver', help='Logger name for OOB driver logging'),
|
|
cfg.StrOpt('nodedriver_logger_name', default='${global_logger_name}.nodedriver', help='Logger name for Node driver logging'),
|
|
cfg.StrOpt('control_logger_name', default='${global_logger_name}.control', help='Logger name for API server logging'),
|
|
]
|
|
|
|
# Enabled plugins
|
|
plugin_options = [
|
|
cfg.MultiStrOpt('ingester',
|
|
default=['drydock_provisioner.ingester.plugins.yaml.YamlIngester'],
|
|
help='Module path string of a input ingester to enable'),
|
|
cfg.MultiStrOpt('oob_driver',
|
|
default=['drydock_provisioner.drivers.oob.pyghmi_driver.PyghmiDriver'],
|
|
help='Module path string of a OOB driver to enable'),
|
|
cfg.StrOpt('node_driver',
|
|
default='drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver',
|
|
help='Module path string of the Node driver to enable'),
|
|
# TODO Network driver not yet implemented
|
|
cfg.StrOpt('network_driver',
|
|
default=None,
|
|
help='Module path string of the Network driver enable'),
|
|
]
|
|
|
|
# Timeouts for various tasks specified in minutes
|
|
timeout_options = [
|
|
cfg.IntOpt('drydock_timeout', default=5, help='Fallback timeout when a specific one is not configured'),
|
|
cfg.IntOpt('create_network_template', default=2, help='Timeout in minutes for creating site network templates'),
|
|
cfg.IntOpt('configure_user_credentials', default=2, help='Timeout in minutes for creating user credentials'),
|
|
cfg.IntOpt('identify_node', default=10, help='Timeout in minutes for initial node identification'),
|
|
cfg.IntOpt('configure_hardware', default=30, help='Timeout in minutes for node commissioning and hardware configuration'),
|
|
cfg.IntOpt('apply_node_networking', default=5, help='Timeout in minutes for configuring node networking'),
|
|
cfg.IntOpt('apply_node_platform', default=5, help='Timeout in minutes for configuring node platform'),
|
|
cfg.IntOpt('deploy_node', default=45, help='Timeout in minutes for deploying a node'),
|
|
]
|
|
|
|
def __init__(self):
|
|
self.conf = cfg.CONF
|
|
|
|
def register_options(self):
|
|
self.conf.register_opts(DrydockConfig.options)
|
|
self.conf.register_opts(DrydockConfig.logging_options, group='logging')
|
|
self.conf.register_opts(DrydockConfig.plugin_options, group='plugins')
|
|
self.conf.register_opts(DrydockConfig.timeout_options, group='timeouts')
|
|
self.conf.register_opts(loading.get_auth_plugin_conf_options('password'), group='keystone_authtoken')
|
|
|
|
config_mgr = DrydockConfig()
|
|
|
|
def list_opts():
|
|
opts = {'DEFAULT': DrydockConfig.options,
|
|
'logging': DrydockConfig.logging_options,
|
|
'plugins': DrydockConfig.plugin_options,
|
|
'timeouts': DrydockConfig.timeout_options
|
|
}
|
|
|
|
package_path = os.path.dirname(os.path.abspath(__file__))
|
|
parent_module = ".".join(__name__.split('.')[:-1])
|
|
module_names = _list_module_names(package_path, parent_module)
|
|
imported_modules = _import_modules(module_names)
|
|
_append_config_options(imported_modules, opts)
|
|
# Assume we'll use the password plugin, so include those options in the configuration template
|
|
opts['keystone_authtoken'] = loading.get_auth_plugin_conf_options('password')
|
|
return _tupleize(opts)
|
|
|
|
def _tupleize(d):
|
|
"""Convert a dict of options to the 2-tuple format."""
|
|
return [(key, value) for key, value in d.items()]
|
|
|
|
def _list_module_names(pkg_path, parent_module):
|
|
module_names = []
|
|
for _, module_name, ispkg in pkgutil.iter_modules(path=[pkg_path]):
|
|
if module_name in IGNORED_MODULES:
|
|
# Skip this module.
|
|
continue
|
|
elif ispkg:
|
|
module_names.extend(_list_module_names(pkg_path + "/" + module_name, parent_module + "." + module_name))
|
|
else:
|
|
module_names.append(parent_module + "." + module_name)
|
|
return module_names
|
|
|
|
def _import_modules(module_names):
|
|
imported_modules = []
|
|
for module_name in module_names:
|
|
module = importlib.import_module(module_name)
|
|
if hasattr(module, 'list_opts'):
|
|
print("Pulling options from module %s" % module.__name__)
|
|
imported_modules.append(module)
|
|
return imported_modules
|
|
|
|
def _append_config_options(imported_modules, config_options):
|
|
for module in imported_modules:
|
|
configs = module.list_opts()
|
|
for key, val in configs.items():
|
|
if key not in config_options:
|
|
config_options[key] = val
|
|
else:
|
|
config_options[key].extend(val)
|