diff --git a/keystone/conf/resource.py b/keystone/conf/resource.py index 14482cd0fc..afed1c3b5a 100644 --- a/keystone/conf/resource.py +++ b/keystone/conf/resource.py @@ -11,7 +11,6 @@ # under the License. from oslo_config import cfg -from oslo_log import versionutils from keystone.conf import utils @@ -19,13 +18,6 @@ from keystone.conf import utils driver = cfg.StrOpt( 'driver', default='sql', - deprecated_for_removal=True, - deprecated_reason='Non-SQL resource cannot be used with SQL Identity and ' - 'has been unable to be used since Ocata. SQL Resource ' - 'backend is a requirement as of Pike. Setting this ' - 'option no longer has an effect on how Keystone ' - 'operates.', - deprecated_since=versionutils.deprecated.PIKE, help=utils.fmt(""" Entry point for the resource driver in the `keystone.resource` namespace. Only a `sql` driver is supplied by keystone. Unless you are writing proprietary diff --git a/keystone/resource/backends/sql.py b/keystone/resource/backends/sql.py index de286c0005..bf09e789d1 100644 --- a/keystone/resource/backends/sql.py +++ b/keystone/resource/backends/sql.py @@ -26,8 +26,6 @@ LOG = log.getLogger(__name__) class Resource(base.ResourceDriverBase): - # TODO(morgan): Merge all of this code into the manager, Resource backend - # is only SQL. There is no configurable driver. def _encode_domain_id(self, ref): if 'domain_id' in ref and ref['domain_id'] is None: diff --git a/keystone/resource/core.py b/keystone/resource/core.py index 27f1ec6b9e..207b021174 100644 --- a/keystone/resource/core.py +++ b/keystone/resource/core.py @@ -27,7 +27,6 @@ from keystone import exception from keystone.i18n import _ from keystone import notifications from keystone.resource.backends import base -from keystone.resource.backends import sql as resource_sql from keystone.token import provider as token_provider CONF = keystone.conf.CONF @@ -55,14 +54,8 @@ class Manager(manager.Manager): _PROJECT_TAG = 'project tag' def __init__(self): - # NOTE(morgan): The resource driver must be SQL. This is because there - # is a FK between identity and resource. Almost every deployment uses - # SQL Identity in some form. Even if SQL Identity is not used, there - # is almost no reason to have non-SQL Resource. Keystone requires - # SQL in a number of ways, this simply codifies it plainly for resource - # the driver_name = None simply implies we don't need to load a driver. - self.driver = resource_sql.Resource() - super(Manager, self).__init__(driver_name=None) + resource_driver = CONF.resource.driver + super(Manager, self).__init__(resource_driver) def _get_hierarchy_depth(self, parents_list): return len(parents_list) + 1 diff --git a/keystone/tests/unit/test_backend_ldap.py b/keystone/tests/unit/test_backend_ldap.py index cfded416a0..7f3e13315f 100644 --- a/keystone/tests/unit/test_backend_ldap.py +++ b/keystone/tests/unit/test_backend_ldap.py @@ -1124,7 +1124,8 @@ class LDAPIdentity(BaseLDAPIdentity): def assert_backends(self): _assert_backends(self, assignment='sql', - identity='ldap') + identity='ldap', + resource='sql') def test_list_domains(self): domains = PROVIDERS.resource_api.list_domains() @@ -1988,7 +1989,8 @@ class LDAPLimitTests(unit.TestCase, identity_tests.LimitTests): identity_tests.LimitTests.setUp(self) _assert_backends(self, assignment='sql', - identity='ldap') + identity='ldap', + resource='sql') def config_overrides(self): super(LDAPLimitTests, self).config_overrides() @@ -2493,7 +2495,8 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides, self.domain_default['id']: 'ldap', self.domains['domain1']['id']: 'ldap', self.domains['domain2']['id']: 'ldap', - }) + }, + resource='sql') def config_overrides(self): super(MultiLDAPandSQLIdentity, self).config_overrides() @@ -2816,7 +2819,8 @@ class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity): self.domain_default['id']: 'ldap', self.domains['domain1']['id']: 'ldap', self.domains['domain2']['id']: 'ldap', - }) + }, + resource='sql') def enable_multi_domain(self): # The values below are the same as in the domain_configs_multi_ldap @@ -3062,7 +3066,8 @@ class DomainSpecificLDAPandSQLIdentity( None: 'ldap', 'default': 'ldap', self.domains['domain1']['id']: 'sql', - }) + }, + resource='sql') def config_overrides(self): super(DomainSpecificLDAPandSQLIdentity, self).config_overrides() @@ -3236,7 +3241,8 @@ class DomainSpecificSQLIdentity(DomainSpecificLDAPandSQLIdentity): def assert_backends(self): _assert_backends(self, assignment='sql', - identity='ldap') + identity='ldap', + resource='sql') def config_overrides(self): super(DomainSpecificSQLIdentity, self).config_overrides() diff --git a/releasenotes/notes/resource-driver-33793dd5080ee4d2.yaml b/releasenotes/notes/resource-driver-33793dd5080ee4d2.yaml new file mode 100644 index 0000000000..1759129f46 --- /dev/null +++ b/releasenotes/notes/resource-driver-33793dd5080ee4d2.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Restores the configurability of the resource driver, so it is now possible + to create a custom resource driver if the built-in sql driver does not meet + business requirements. diff --git a/setup.cfg b/setup.cfg index 47a9469ad9..defc57c081 100644 --- a/setup.cfg +++ b/setup.cfg @@ -137,6 +137,9 @@ keystone.policy = rules = keystone.policy.backends.rules:Policy sql = keystone.policy.backends.sql:Policy +keystone.resource = + sql = keystone.resource.backends.sql:Resource + keystone.resource.domain_config = sql = keystone.resource.config_backends.sql:DomainConfig