From c23fd00818438e8986cf5118554999a15cd796a3 Mon Sep 17 00:00:00 2001 From: Akihiro MOTOKI Date: Thu, 26 Jul 2012 17:48:48 +0900 Subject: [PATCH] Make quantum pipeline configurable from quantum.conf. Fixes bug 1029313. The current api-paste.ini does not provide a way to choose a pipeline: there is no way to switching a pipeline between keystone-enabled and noauth pipelines without modifying the pipeline directly. This commit introduces 'auth_strategy' flag to quantum.conf and a pipeline used is determined depending on the flag. Supported values for this flag are 'keystone' (default) and 'noauth' at the moment. Change-Id: Ieafaf31eaaec2b02727ed5d3bd36c907e50aee5b --- etc/api-paste.ini | 30 ++++++++++++------------------ etc/quantum.conf | 4 ++++ quantum/auth.py | 13 +++++++++++++ quantum/common/config.py | 5 +++-- 4 files changed, 32 insertions(+), 20 deletions(-) diff --git a/etc/api-paste.ini b/etc/api-paste.ini index 8c0ccdff34..2a42529e05 100644 --- a/etc/api-paste.ini +++ b/etc/api-paste.ini @@ -5,26 +5,20 @@ use = egg:Paste#urlmap /v1.1: quantumapi_v1_1 /v2.0: quantumapi_v2_0 -[pipeline:quantumapi_v1_0] -# By default, authentication is disabled. -# To enable Keystone integration comment out the -# following line and uncomment the next one -pipeline = extensions quantumapiapp_v1_0 -# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_0 +[composite:quantumapi_v1_0] +use = call:quantum.auth:pipeline_factory +noauth = extensions quantumapiapp_v1_0 +keystone = authtoken keystonecontext extensions quantumapiapp_v1_0 -[pipeline:quantumapi_v1_1] -# By default, authentication is disabled. -# To enable Keystone integration comment out the -# following line and uncomment the next one -pipeline = extensions quantumapiapp_v1_1 -# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_1 +[composite:quantumapi_v1_1] +use = call:quantum.auth:pipeline_factory +noauth = extensions quantumapiapp_v1_1 +keystone = authtoken keystonecontext extensions quantumapiapp_v1_1 -[pipeline:quantumapi_v2_0] -# By default, authentication is disabled. -# To enable Keystone integration comment out the -# following line and uncomment the next one -pipeline = extensions quantumapiapp_v2_0 -# pipeline = authtoken keystonecontext extensions quantumapiapp_v2_0 +[composite:quantumapi_v2_0] +use = call:quantum.auth:pipeline_factory +noauth = extensions quantumapiapp_v2_0 +keystone = authtoken keystonecontext extensions quantumapiapp_v2_0 [filter:keystonecontext] paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory diff --git a/etc/quantum.conf b/etc/quantum.conf index 90f75a5607..7a563e38fd 100644 --- a/etc/quantum.conf +++ b/etc/quantum.conf @@ -24,6 +24,10 @@ core_plugin = quantum.plugins.sample.SamplePlugin.FakePlugin # Paste configuration file api_paste_config = api-paste.ini +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +# auth_strategy = keystone + # Base MAC address. The first 3 bytes will remain unchanged. The # lower 3 bytes will be randomly generated. # base_mac = fa:16:3e:00:00:00 diff --git a/quantum/auth.py b/quantum/auth.py index 13dfa26840..4492dcdc45 100644 --- a/quantum/auth.py +++ b/quantum/auth.py @@ -21,6 +21,7 @@ import webob.exc from quantum import context from quantum import wsgi +from quantum.openstack.common import cfg LOG = logging.getLogger(__name__) @@ -50,3 +51,15 @@ class QuantumKeystoneContext(wsgi.Middleware): req.environ['quantum.context'] = ctx return self.application + + +def pipeline_factory(loader, global_conf, **local_conf): + """Create a paste pipeline based on the 'auth_strategy' config option.""" + pipeline = local_conf[cfg.CONF.auth_strategy] + pipeline = pipeline.split() + filters = [loader.get_filter(n) for n in pipeline[:-1]] + app = loader.get_app(pipeline[-1]) + filters.reverse() + for filter in filters: + app = filter(app) + return app diff --git a/quantum/common/config.py b/quantum/common/config.py index 2fe9590f01..3d70c665ec 100644 --- a/quantum/common/config.py +++ b/quantum/common/config.py @@ -32,12 +32,13 @@ from quantum.version import version_string LOG = logging.getLogger(__name__) -bind_opts = [ +core_opts = [ cfg.StrOpt('bind_host', default='0.0.0.0'), cfg.IntOpt('bind_port', default=9696), cfg.StrOpt('api_paste_config', default="api-paste.ini"), cfg.StrOpt('api_extensions_path', default=""), cfg.StrOpt('policy_file', default="policy.json"), + cfg.StrOpt('auth_strategy', default='keystone'), cfg.StrOpt('core_plugin', default='quantum.plugins.sample.SamplePlugin.FakePlugin'), cfg.StrOpt('base_mac', default="fa:16:3e:00:00:00"), @@ -45,7 +46,7 @@ bind_opts = [ ] # Register the configuration options -cfg.CONF.register_opts(bind_opts) +cfg.CONF.register_opts(core_opts) def parse(args):