diff options
| author | Mehdi Abaakouk <sileht@redhat.com> | 2016-10-17 11:29:07 +0200 |
|---|---|---|
| committer | Mehdi Abaakouk <sileht@redhat.com> | 2016-12-13 12:35:32 +0100 |
| commit | 638f691a9ec03bf5f0506e5c1016855fe4bdd992 (patch) | |
| tree | 0faeea43ec5d1f4c323a6b0e50fcfa5945890507 /ceilometer/keystone_client.py | |
| parent | f8d1f602a77c652de7d3fe50fdb7e01587cf9f91 (diff) | |
| download | ceilometer-638f691a9ec03bf5f0506e5c1016855fe4bdd992.tar.gz | |
gnocchi: Allow to set a different creds section
This change will allow to remove keystoneauth in Gnocchi
dispatcher for people where authentication of Gnocchi
request doesn't make sense.
Change-Id: If3a47f091a80333a0e7e0246e28040254c4f423b
Diffstat (limited to 'ceilometer/keystone_client.py')
| -rw-r--r-- | ceilometer/keystone_client.py | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/ceilometer/keystone_client.py b/ceilometer/keystone_client.py index fabba2bb..a062f966 100644 --- a/ceilometer/keystone_client.py +++ b/ceilometer/keystone_client.py @@ -19,21 +19,27 @@ from keystoneauth1 import loading as ka_loading from keystoneclient.v3 import client as ks_client_v3 from oslo_config import cfg -CFG_GROUP = "service_credentials" +DEFAULT_GROUP = "service_credentials" +# List of group that can set auth_section to use a different +# credentials section +OVERRIDABLE_GROUPS = ['dispatcher_gnocchi'] + + +def get_session(conf, requests_session=None, group=None): -def get_session(conf, requests_session=None): """Get a ceilometer service credentials auth session.""" - auth_plugin = ka_loading.load_auth_from_conf_options(conf, CFG_GROUP) + group = group or DEFAULT_GROUP + auth_plugin = ka_loading.load_auth_from_conf_options(conf, group) session = ka_loading.load_session_from_conf_options( - conf, CFG_GROUP, auth=auth_plugin, session=requests_session + conf, group, auth=auth_plugin, session=requests_session ) return session -def get_client(conf, trust_id=None, requests_session=None): +def get_client(conf, trust_id=None, requests_session=None, group=None): """Return a client for keystone v3 endpoint, optionally using a trust.""" - session = get_session(conf, requests_session=requests_session) + session = get_session(conf, requests_session=requests_session, group=group) return ks_client_v3.Client(session=session, trust_id=trust_id) @@ -64,10 +70,26 @@ CLI_OPTS = [ def register_keystoneauth_opts(conf): - ka_loading.register_auth_conf_options(conf, CFG_GROUP) + _register_keystoneauth_group(conf, DEFAULT_GROUP) + for group in OVERRIDABLE_GROUPS: + _register_keystoneauth_group(conf, group) + conf.set_default('auth_section', DEFAULT_GROUP, group=group) + + +def _register_keystoneauth_group(conf, group): + ka_loading.register_auth_conf_options(conf, group) ka_loading.register_session_conf_options( - conf, CFG_GROUP, + conf, group, deprecated_opts={'cacert': [ - cfg.DeprecatedOpt('os-cacert', group=CFG_GROUP), + cfg.DeprecatedOpt('os-cacert', group=group), cfg.DeprecatedOpt('os-cacert', group="DEFAULT")] }) + conf.register_opts(CLI_OPTS, group=group) + + +def post_register_keystoneauth_opts(conf): + for group in OVERRIDABLE_GROUPS: + if conf[group].auth_section != DEFAULT_GROUP: + # NOTE(sileht): We register this again after the auth_section have + # been read from the configuration file + _register_keystoneauth_group(conf, conf[group].auth_section) |