API: Fixes to keystone auth

* Make keystone module dynamic to load other auth filters Change-Id: I5ac89e51cc684f1ff945628d892c0d979b695404
2013-05-29 09:40:42 +01:00 · 2013-05-29 09:40:42 +01:00 · f96806b7e3
commit f96806b7e3
parent c6aee764e5
4 changed files with 14 additions and 33 deletions
--- a/etc/sample_libra.cfg
+++ b/etc/sample_libra.cfg
@ -78,8 +78,6 @@ db_user=root
 db_pass=passwd
 db_schema=lbaas
 gearman=127.0.0.1:4730
-keystone_host=keystone.server.com
-keystone_port=35357
-keystone_protocol=https
-keystone_certfile=certfile.key
-keystone_keyfile=keyfile.key
+
+# Keystone options go here
+[keystone]
--- a/libra/api/acl.py
+++ b/libra/api/acl.py
@ -12,19 +12,18 @@
 # License for the specific language governing permissions and limitations
 # under the License.

-from keystoneclient.middleware import auth_token
+import ConfigParser
+import importlib


 def install(app, args):
    """Install ACL check on application."""
-    conf = {
-        'auth_host': args.keystone_host,
-        'auth_port': args.keystone_port,
-        'auth_protocol': args.keystone_protocol,
-        'certfile': args.keystone_certfile,
-        'keyfile': args.keystone_keyfile
-    }
-    return auth_token.AuthProtocol(app, conf)
+    config = ConfigParser.SafeConfigParser()
+    config.read([args.config])
+    module_details = args.keystone_module.split(':')
+    keystone = importlib.import_module(module_details[0])
+    auth_class = getattr(keystone, module_details[1])
+    return auth_class(app, config._sections['keystone'])


 def get_limited_to_project(headers):
--- a/libra/api/app.py
+++ b/libra/api/app.py
@ -107,19 +107,9 @@ def main():
        help='Gearman job servers'
    )
    options.parser.add_argument(
-        '--keystone_host', help='Keystone host'
-    )
-    options.parser.add_argument(
-        '--keystone_port', help='Keystone port', type=int
-    )
-    options.parser.add_argument(
-        '--keystone_protocol', help='Keystone protocol', default='https'
-    )
-    options.parser.add_argument(
-        '--keystone_certfile', help='Keystone certificate file'
-    )
-    options.parser.add_argument(
-        '--keystone_keyfile', help='Keystone key file'
+        '--keystone_module',
+        default='keystoneclient.middleware.auth_token:AuthProtocol',
+        help='A colon separated module and class for keystone middleware'
    )

    args = options.run()
@ -127,11 +117,6 @@ def main():
    required_args = [
        'db_user', 'db_pass', 'db_host', 'db_schema'
    ]
-    if not args.disable_keystone:
-        required_args = required_args + [
-            'keystone_host', 'keystone_port', 'keystone_certfile',
-            'keystone_keyfile'
-        ]

    missing_args = 0
    for req in required_args:
--- a/requirements.txt
+++ b/requirements.txt
@ -10,4 +10,3 @@ pecan
 sqlalchemy>=0.8.0
 wsme>=0.5b2
 MySQL-python
-python-keystoneclient>=0.2.3