Make quantum pipeline configurable from quantum.conf.
Fixes bug 1029313. The current api-paste.ini does not provide a way to choose a pipeline: there is no way to switching a pipeline between keystone-enabled and noauth pipelines without modifying the pipeline directly. This commit introduces 'auth_strategy' flag to quantum.conf and a pipeline used is determined depending on the flag. Supported values for this flag are 'keystone' (default) and 'noauth' at the moment. Change-Id: Ieafaf31eaaec2b02727ed5d3bd36c907e50aee5b
This commit is contained in:
parent
cf22f5c429
commit
c23fd00818
@ -5,26 +5,20 @@ use = egg:Paste#urlmap
|
||||
/v1.1: quantumapi_v1_1
|
||||
/v2.0: quantumapi_v2_0
|
||||
|
||||
[pipeline:quantumapi_v1_0]
|
||||
# By default, authentication is disabled.
|
||||
# To enable Keystone integration comment out the
|
||||
# following line and uncomment the next one
|
||||
pipeline = extensions quantumapiapp_v1_0
|
||||
# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_0
|
||||
[composite:quantumapi_v1_0]
|
||||
use = call:quantum.auth:pipeline_factory
|
||||
noauth = extensions quantumapiapp_v1_0
|
||||
keystone = authtoken keystonecontext extensions quantumapiapp_v1_0
|
||||
|
||||
[pipeline:quantumapi_v1_1]
|
||||
# By default, authentication is disabled.
|
||||
# To enable Keystone integration comment out the
|
||||
# following line and uncomment the next one
|
||||
pipeline = extensions quantumapiapp_v1_1
|
||||
# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_1
|
||||
[composite:quantumapi_v1_1]
|
||||
use = call:quantum.auth:pipeline_factory
|
||||
noauth = extensions quantumapiapp_v1_1
|
||||
keystone = authtoken keystonecontext extensions quantumapiapp_v1_1
|
||||
|
||||
[pipeline:quantumapi_v2_0]
|
||||
# By default, authentication is disabled.
|
||||
# To enable Keystone integration comment out the
|
||||
# following line and uncomment the next one
|
||||
pipeline = extensions quantumapiapp_v2_0
|
||||
# pipeline = authtoken keystonecontext extensions quantumapiapp_v2_0
|
||||
[composite:quantumapi_v2_0]
|
||||
use = call:quantum.auth:pipeline_factory
|
||||
noauth = extensions quantumapiapp_v2_0
|
||||
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
|
||||
|
||||
[filter:keystonecontext]
|
||||
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
|
||||
|
@ -24,6 +24,10 @@ core_plugin = quantum.plugins.sample.SamplePlugin.FakePlugin
|
||||
# Paste configuration file
|
||||
api_paste_config = api-paste.ini
|
||||
|
||||
# The strategy to be used for auth.
|
||||
# Supported values are 'keystone'(default), 'noauth'.
|
||||
# auth_strategy = keystone
|
||||
|
||||
# Base MAC address. The first 3 bytes will remain unchanged. The
|
||||
# lower 3 bytes will be randomly generated.
|
||||
# base_mac = fa:16:3e:00:00:00
|
||||
|
@ -21,6 +21,7 @@ import webob.exc
|
||||
|
||||
from quantum import context
|
||||
from quantum import wsgi
|
||||
from quantum.openstack.common import cfg
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
@ -50,3 +51,15 @@ class QuantumKeystoneContext(wsgi.Middleware):
|
||||
req.environ['quantum.context'] = ctx
|
||||
|
||||
return self.application
|
||||
|
||||
|
||||
def pipeline_factory(loader, global_conf, **local_conf):
|
||||
"""Create a paste pipeline based on the 'auth_strategy' config option."""
|
||||
pipeline = local_conf[cfg.CONF.auth_strategy]
|
||||
pipeline = pipeline.split()
|
||||
filters = [loader.get_filter(n) for n in pipeline[:-1]]
|
||||
app = loader.get_app(pipeline[-1])
|
||||
filters.reverse()
|
||||
for filter in filters:
|
||||
app = filter(app)
|
||||
return app
|
||||
|
@ -32,12 +32,13 @@ from quantum.version import version_string
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
bind_opts = [
|
||||
core_opts = [
|
||||
cfg.StrOpt('bind_host', default='0.0.0.0'),
|
||||
cfg.IntOpt('bind_port', default=9696),
|
||||
cfg.StrOpt('api_paste_config', default="api-paste.ini"),
|
||||
cfg.StrOpt('api_extensions_path', default=""),
|
||||
cfg.StrOpt('policy_file', default="policy.json"),
|
||||
cfg.StrOpt('auth_strategy', default='keystone'),
|
||||
cfg.StrOpt('core_plugin',
|
||||
default='quantum.plugins.sample.SamplePlugin.FakePlugin'),
|
||||
cfg.StrOpt('base_mac', default="fa:16:3e:00:00:00"),
|
||||
@ -45,7 +46,7 @@ bind_opts = [
|
||||
]
|
||||
|
||||
# Register the configuration options
|
||||
cfg.CONF.register_opts(bind_opts)
|
||||
cfg.CONF.register_opts(core_opts)
|
||||
|
||||
|
||||
def parse(args):
|
||||
|
Loading…
x
Reference in New Issue
Block a user