openstack/anchor
Code Issues Proposed changes

Move all plugins to stevedore

Browse Source 
Move validators and authentication to stevedore backend.  There should be no
impact on normal usage. Configuration also remains the same.

Change-Id: Iea2e772efe240656c2824e36e860d8ce5147551e
This commit is contained in:
Stanisław Pitucha 2015-08-03 15:23:07 +10:00
parent 8e19fc9e9c
commit 97418019e4
8 changed files with 50 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
anchor/app.py
View File

@ -23,7 +23,6 @@ from paste import translogger # noqa
import pecan
from anchor import jsonloader
from anchor import validators
logger = logging.getLogger(__name__)
@ -163,7 +162,9 @@ def validate_registration_authority_config(ra_name, conf):
ra_validators = ra_conf['validators']
for step in ra_validators.keys():
if not hasattr(validators, step):
try:
jsonloader.conf.get_validator(step)
except KeyError:
raise ConfigValidationException(
"Unknown validator <{}> found (for registration "
"authority {})".format(step, ra_name))

4
anchor/auth/__init__.py
View File

@ -35,8 +35,8 @@ def validate(ra_name, user, secret):
"""
auth_conf = jsonloader.authentication_for_registration_authority(ra_name)
backend_name = auth_conf['backend']
module = globals()[backend_name]
res = module.login(ra_name, user, secret)
backend = jsonloader.conf.get_authentication(backend_name)
res = backend(ra_name, user, secret)
if res:
return res

2
anchor/certificate_ops.py
View File

@ -81,7 +81,7 @@ def _run_validator(name, body, args):
# perform the actual check
logger.debug("_run_validator: checking <%s> with rules: %s", name, body)
try:
validator = getattr(validators, name)
validator = jsonloader.conf.get_validator(name)
validator(**new_kwargs)
logger.debug("_run_validator: success: <%s> ", name)
return True # validator passed b/c no exceptions

9
anchor/jsonloader.py
View File

@ -60,10 +60,19 @@ class AnchorConf():
def load_extensions(self):
self._signing_backends = stevedore.ExtensionManager(
"anchor.signing_backends")
self._validators = stevedore.ExtensionManager("anchor.validators")
self._authentication = stevedore.ExtensionManager(
"anchor.authentication")
def get_signing_backend(self, name):
return self._signing_backends[name].plugin
def get_validator(self, name):
return self._validators[name].plugin
def get_authentication(self, name):
return self._authentication[name].plugin
@property
def config(self):
'''Property to return the config dictionary

20
setup.cfg
View File

@ -25,6 +25,26 @@ classifier =
anchor.signing_backends =
anchor = anchor.certificate_ops:sign
anchor.validators =
check_domains = anchor.validators:check_domains
iter_alternative_names = anchor.validators:iter_alternative_names
check_networks = anchor.validators:check_networks
check_networks_strict = anchor.validators:check_networks_strict
common_name = anchor.validators:common_name
alternative_names = anchor.validators:alternative_names
alternative_names_ip = anchor.validators:alternative_names_ip
blacklist_names = anchor.validators:blacklist_names
server_group = anchor.validators:server_group
extensions = anchor.validators:extensions
key_usage = anchor.validators:key_usage
ca_status = anchor.validators:ca_status
source_cidrs = anchor.validators:source_cidrs
anchor.authentication =
keystone = anchor.auth.keystone:login
ldap = anchor.auth.ldap:login
static = anchor.auth.static:login
[files]
packages =
anchor

3
tests/auth/test_static.py
View File

@ -21,6 +21,7 @@ from webob import exc as http_status
from anchor import auth
from anchor.auth import results
from anchor import jsonloader
import tests
@ -34,6 +35,7 @@ class AuthStaticTests(tests.DefaultConfigMixin, unittest.TestCase):
def test_validate_static(self):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
self.sample_conf_auth['default_auth'] = {
"backend": "static",
@ -58,6 +60,7 @@ class AuthStaticTests(tests.DefaultConfigMixin, unittest.TestCase):
def test_validate_static_malformed1(self):
"""Test static user/pass authentication with malformed config."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
self.sample_conf_auth['default_auth'] = {'backend': 'static'}
data = self.sample_conf

1
tests/controllers/test_app.py
View File

@ -29,6 +29,7 @@ import tests
class TestApp(tests.DefaultConfigMixin, unittest.TestCase):
def setUp(self):
self.expected_key_permissions = (stat.S_IRUSR | stat.S_IFREG)
jsonloader.conf.load_extensions()
super(TestApp, self).setUp()
def tearDown(self):

16
tests/test_functional.py
View File

@ -22,11 +22,12 @@ import tempfile
import textwrap
import unittest
import mock
import pecan
from pecan import testing as pecan_testing
import stevedore
from anchor import jsonloader
from anchor import validators
from anchor.X509 import certificate as X509_cert
import config
import tests
@ -154,15 +155,20 @@ class TestFunctional(tests.DefaultConfigMixin, unittest.TestCase):
'encoding': 'pem',
'csr': TestFunctional.csr_good}
def derp(**kwdargs):
raise Exception("BOOM")
derp = mock.MagicMock()
derp.side_effect = Exception("BOOM")
derp_ext = stevedore.extension.Extension("broken_validator", None,
derp, None)
manager = jsonloader.conf._validators.make_test_instance([derp_ext])
jsonloader.conf._validators = manager
validators.broken_validator = derp
ra = jsonloader.conf.registration_authority['default_ra']
ra['validators']["broken_validator"] = {}
ra['validators'] = {"broken_validator": {}}
resp = self.app.post('/v1/sign/default_ra', data, expect_errors=True)
self.assertEqual(500, resp.status_int)
self.assertTrue(("Internal Validation Error running validator "
"'broken_validator' for registration authority "
"'default_ra'") in str(resp))
self.assertTrue(derp.called)