remove deprecated options

options was deprecated in previous release. remote them now

Change-Id: I524c13c59b48031b35223f81f363bc4c0862b138
This commit is contained in:
Andrey Pavlov 2018-01-16 15:45:23 +03:00
parent 417b02df65
commit 5fc752ca6f
3 changed files with 6 additions and 108 deletions

View File

@ -46,13 +46,6 @@ from ec2api import wsgi
LOG = logging.getLogger(__name__)
ec2_opts = [
cfg.StrOpt('keystone_url',
default='http://localhost:5000/',
deprecated_for_removal=True,
deprecated_reason='code was switched to common section '
'"keystone_authtoken"',
deprecated_since='Newton',
help='URL for getting admin session.'),
cfg.StrOpt('keystone_ec2_tokens_url',
default='http://localhost:5000/v3/ec2tokens',
help='URL to authenticate token from ec2 request.'),

View File

@ -15,34 +15,16 @@
from cinderclient import client as cinderclient
from glanceclient import client as glanceclient
from keystoneauth1 import loading as ks_loading
from keystoneclient.auth.identity.generic import password as keystone_auth
from keystoneclient import client as keystoneclient
from keystoneclient import session as keystone_session
from neutronclient.v2_0 import client as neutronclient
from novaclient import api_versions as nova_api_versions
from novaclient import client as novaclient
from oslo_config import cfg
from oslo_log import log as logging
from ec2api.i18n import _
logger = logging.getLogger(__name__)
ec2_opts = [
cfg.BoolOpt('ssl_insecure',
default=False,
deprecated_for_removal=True,
deprecated_reason='code was switched to common section '
'"keystone_authtoken"',
deprecated_since='Newton',
help="Verify HTTPS connections."),
cfg.StrOpt('ssl_ca_file',
deprecated_for_removal=True,
deprecated_reason='code was switched to common section '
'"keystone_authtoken"',
deprecated_since='Newton',
help="CA certificate file to use to verify "
"connecting clients"),
cfg.StrOpt('nova_service_type',
default='compute',
help='Service type of Compute API, registered in Keystone '
@ -53,25 +35,6 @@ ec2_opts = [
default='volumev2',
help='Service type of Volume API, registered in Keystone '
'catalog.'),
cfg.StrOpt('admin_user',
deprecated_for_removal=True,
deprecated_reason='code was switched to common section '
'"keystone_authtoken"',
deprecated_since='Newton',
help=_("Admin user to access specific cloud resourses")),
cfg.StrOpt('admin_password',
deprecated_for_removal=True,
deprecated_reason='code was switched to common section '
'"keystone_authtoken"',
deprecated_since='Newton',
help=_("Admin password"),
secret=True),
cfg.StrOpt('admin_tenant_name',
deprecated_for_removal=True,
deprecated_reason='code was switched to common section '
'"keystone_authtoken"',
deprecated_since='Newton',
help=_("Admin tenant name")),
]
CONF = cfg.CONF
@ -179,41 +142,22 @@ def _get_nova_api_version(context):
_admin_session = None
def get_session_from_deprecated():
auth = keystone_auth.Password(
username=CONF.admin_user,
password=CONF.admin_password,
project_name=CONF.admin_tenant_name,
tenant_name=CONF.admin_tenant_name,
auth_url=CONF.keystone_url,
)
params = {'auth': auth}
update_request_params_with_ssl(params)
return keystone_session.Session(**params)
def get_os_admin_session():
"""Create a context to interact with OpenStack as an administrator."""
# NOTE(ft): this is a singletone because keystone's session looks thread
# safe for both regular and token renewal requests
global _admin_session
if not _admin_session:
if not CONF[GROUP_AUTHTOKEN].auth_type:
_admin_session = get_session_from_deprecated()
else:
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF, GROUP_AUTHTOKEN)
_admin_session = ks_loading.load_session_from_conf_options(
CONF, GROUP_AUTHTOKEN, auth=auth_plugin)
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF, GROUP_AUTHTOKEN)
_admin_session = ks_loading.load_session_from_conf_options(
CONF, GROUP_AUTHTOKEN, auth=auth_plugin)
return _admin_session
def update_request_params_with_ssl(params):
if not CONF[GROUP_AUTHTOKEN].auth_type:
verify = CONF.ssl_ca_file or not CONF.ssl_insecure
else:
verify = (CONF[GROUP_AUTHTOKEN].cafile or
not CONF[GROUP_AUTHTOKEN].insecure)
verify = (CONF[GROUP_AUTHTOKEN].cafile or
not CONF[GROUP_AUTHTOKEN].insecure)
if verify is not True:
params['verify'] = verify

View File

@ -24,7 +24,6 @@ from ec2api import clients
from ec2api import context as ec2_context
cfg.CONF.import_opt('keystone_url', 'ec2api.api')
GROUP_AUTHTOKEN = 'keystone_authtoken'
@ -63,41 +62,3 @@ class ContextTestCase(test_base.BaseTestCase):
session.reset_mock()
ec2_context.get_os_admin_context()
self.assertFalse(session.called)
@mock.patch('keystoneclient.auth.identity.generic.password.Password')
def test_get_os_admin_context_deprecated(self, password_plugin):
conf = config_fixture.Config()
clients._admin_session = None
conf.config(auth_type=None, group=GROUP_AUTHTOKEN)
conf.config(admin_user='admin',
admin_password='password',
admin_tenant_name='service')
imp.reload(ec2_context)
# NOTE(ft): initialize a regular context to populate oslo_context's
# local storage to prevent admin context to populate it.
# Used to implicitly validate overwrite=False argument of the call
# RequestContext constructor from inside get_os_admin_context
if not context.get_current():
ec2_context.RequestContext(None, None)
ctx = ec2_context.get_os_admin_context()
conf = cfg.CONF
password_plugin.assert_called_once_with(
username=conf.admin_user,
password=conf.admin_password,
tenant_name=conf.admin_tenant_name,
project_name=conf.admin_tenant_name,
auth_url=conf.keystone_url)
self.assertIsNone(ctx.user_id)
self.assertIsNone(ctx.project_id)
self.assertIsNone(ctx.auth_token)
self.assertEqual([], ctx.service_catalog)
self.assertTrue(ctx.is_os_admin)
self.assertIsNotNone(ctx.session)
self.assertIsNotNone(ctx.session.auth)
self.assertNotEqual(context.get_current(), ctx)
password_plugin.reset_mock()
ec2_context.get_os_admin_context()
self.assertFalse(password_plugin.called)