Fixes bug
1029313.
The current api-paste.ini does not provide a way to choose a pipeline:
there is no way to switching a pipeline between keystone-enabled and
noauth pipelines without modifying the pipeline directly.
This commit introduces 'auth_strategy' flag to quantum.conf and
a pipeline used is determined depending on the flag. Supported values for
this flag are 'keystone' (default) and 'noauth' at the moment.
Change-Id: Ieafaf31eaaec2b02727ed5d3bd36c907e50aee5b
/v1.1: quantumapi_v1_1
/v2.0: quantumapi_v2_0
-[pipeline:quantumapi_v1_0]
-# By default, authentication is disabled.
-# To enable Keystone integration comment out the
-# following line and uncomment the next one
-pipeline = extensions quantumapiapp_v1_0
-# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_0
-
-[pipeline:quantumapi_v1_1]
-# By default, authentication is disabled.
-# To enable Keystone integration comment out the
-# following line and uncomment the next one
-pipeline = extensions quantumapiapp_v1_1
-# pipeline = authtoken keystonecontext extensions quantumapiapp_v1_1
-
-[pipeline:quantumapi_v2_0]
-# By default, authentication is disabled.
-# To enable Keystone integration comment out the
-# following line and uncomment the next one
-pipeline = extensions quantumapiapp_v2_0
-# pipeline = authtoken keystonecontext extensions quantumapiapp_v2_0
+[composite:quantumapi_v1_0]
+use = call:quantum.auth:pipeline_factory
+noauth = extensions quantumapiapp_v1_0
+keystone = authtoken keystonecontext extensions quantumapiapp_v1_0
+
+[composite:quantumapi_v1_1]
+use = call:quantum.auth:pipeline_factory
+noauth = extensions quantumapiapp_v1_1
+keystone = authtoken keystonecontext extensions quantumapiapp_v1_1
+
+[composite:quantumapi_v2_0]
+use = call:quantum.auth:pipeline_factory
+noauth = extensions quantumapiapp_v2_0
+keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
# Paste configuration file
api_paste_config = api-paste.ini
+# The strategy to be used for auth.
+# Supported values are 'keystone'(default), 'noauth'.
+# auth_strategy = keystone
+
# Base MAC address. The first 3 bytes will remain unchanged. The
# lower 3 bytes will be randomly generated.
# base_mac = fa:16:3e:00:00:00
from quantum import context
from quantum import wsgi
+from quantum.openstack.common import cfg
LOG = logging.getLogger(__name__)
req.environ['quantum.context'] = ctx
return self.application
+
+
+def pipeline_factory(loader, global_conf, **local_conf):
+ """Create a paste pipeline based on the 'auth_strategy' config option."""
+ pipeline = local_conf[cfg.CONF.auth_strategy]
+ pipeline = pipeline.split()
+ filters = [loader.get_filter(n) for n in pipeline[:-1]]
+ app = loader.get_app(pipeline[-1])
+ filters.reverse()
+ for filter in filters:
+ app = filter(app)
+ return app
LOG = logging.getLogger(__name__)
-bind_opts = [
+core_opts = [
cfg.StrOpt('bind_host', default='0.0.0.0'),
cfg.IntOpt('bind_port', default=9696),
cfg.StrOpt('api_paste_config', default="api-paste.ini"),
cfg.StrOpt('api_extensions_path', default=""),
cfg.StrOpt('policy_file', default="policy.json"),
+ cfg.StrOpt('auth_strategy', default='keystone'),
cfg.StrOpt('core_plugin',
default='quantum.plugins.sample.SamplePlugin.FakePlugin'),
cfg.StrOpt('base_mac', default="fa:16:3e:00:00:00"),
]
# Register the configuration options
-cfg.CONF.register_opts(bind_opts)
+cfg.CONF.register_opts(core_opts)
def parse(args):
Code Review / openstack-build / neutron-build.git / commitdiff