Make quantum pipeline configurable from quantum.conf.

Fixes bug 1029313.

The current api-paste.ini does not provide a way to choose a pipeline:
there is no way to switching a pipeline between keystone-enabled and
noauth pipelines without modifying the pipeline directly.

This commit introduces 'auth_strategy' flag to quantum.conf and
a pipeline used is determined depending on the flag. Supported values for
this flag are 'keystone' (default) and 'noauth' at the moment.

Change-Id: Ieafaf31eaaec2b02727ed5d3bd36c907e50aee5b
This commit is contained in:
Akihiro MOTOKI 2012-07-26 17:48:48 +09:00
parent cf22f5c429
commit c23fd00818
4 changed files with 32 additions and 20 deletions

View File

@ -5,26 +5,20 @@ use = egg:Paste#urlmap
/v1.1: quantumapi_v1_1
/v2.0: quantumapi_v2_0
[pipeline:quantumapi_v1_0]
# By default, authentication is disabled.
# To enable Keystone integration comment out the
# following line and uncomment the next one
pipeline = extensions quantumapiapp_v1_0
# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_0
[composite:quantumapi_v1_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v1_0
keystone = authtoken keystonecontext extensions quantumapiapp_v1_0
[pipeline:quantumapi_v1_1]
# By default, authentication is disabled.
# To enable Keystone integration comment out the
# following line and uncomment the next one
pipeline = extensions quantumapiapp_v1_1
# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_1
[composite:quantumapi_v1_1]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v1_1
keystone = authtoken keystonecontext extensions quantumapiapp_v1_1
[pipeline:quantumapi_v2_0]
# By default, authentication is disabled.
# To enable Keystone integration comment out the
# following line and uncomment the next one
pipeline = extensions quantumapiapp_v2_0
# pipeline = authtoken keystonecontext extensions quantumapiapp_v2_0
[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory

View File

@ -24,6 +24,10 @@ core_plugin = quantum.plugins.sample.SamplePlugin.FakePlugin
# Paste configuration file
api_paste_config = api-paste.ini
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
# auth_strategy = keystone
# Base MAC address. The first 3 bytes will remain unchanged. The
# lower 3 bytes will be randomly generated.
# base_mac = fa:16:3e:00:00:00

View File

@ -21,6 +21,7 @@ import webob.exc
from quantum import context
from quantum import wsgi
from quantum.openstack.common import cfg
LOG = logging.getLogger(__name__)
@ -50,3 +51,15 @@ class QuantumKeystoneContext(wsgi.Middleware):
req.environ['quantum.context'] = ctx
return self.application
def pipeline_factory(loader, global_conf, **local_conf):
"""Create a paste pipeline based on the 'auth_strategy' config option."""
pipeline = local_conf[cfg.CONF.auth_strategy]
pipeline = pipeline.split()
filters = [loader.get_filter(n) for n in pipeline[:-1]]
app = loader.get_app(pipeline[-1])
filters.reverse()
for filter in filters:
app = filter(app)
return app

View File

@ -32,12 +32,13 @@ from quantum.version import version_string
LOG = logging.getLogger(__name__)
bind_opts = [
core_opts = [
cfg.StrOpt('bind_host', default='0.0.0.0'),
cfg.IntOpt('bind_port', default=9696),
cfg.StrOpt('api_paste_config', default="api-paste.ini"),
cfg.StrOpt('api_extensions_path', default=""),
cfg.StrOpt('policy_file', default="policy.json"),
cfg.StrOpt('auth_strategy', default='keystone'),
cfg.StrOpt('core_plugin',
default='quantum.plugins.sample.SamplePlugin.FakePlugin'),
cfg.StrOpt('base_mac', default="fa:16:3e:00:00:00"),
@ -45,7 +46,7 @@ bind_opts = [
]
# Register the configuration options
cfg.CONF.register_opts(bind_opts)
cfg.CONF.register_opts(core_opts)
def parse(args):