config options: centralize section: "crypto"
The config options of the "nova.conf" section "crypto" got moved to the new central location "nova/conf/crypto.py" Change-Id: Ia5e970694d384ef39a6050efb5db2f61e6f4205b Implements: blueprint centralize-config-options-newton
This commit is contained in:
parent
607eb88b08
commit
ac0fee5d6b
|
@ -14,7 +14,6 @@
|
|||
|
||||
"""Connect your vlan to the world."""
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import fileutils
|
||||
from webob import exc
|
||||
|
||||
|
@ -26,14 +25,14 @@ from nova.cloudpipe import pipelib
|
|||
from nova import compute
|
||||
from nova.compute import utils as compute_utils
|
||||
from nova.compute import vm_states
|
||||
import nova.conf
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import network
|
||||
from nova import objects
|
||||
from nova import utils
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_opt('keys_path', 'nova.crypto')
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
ALIAS = 'os-cloudpipe'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
"""Connect your vlan to the world."""
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import fileutils
|
||||
from webob import exc
|
||||
|
||||
|
@ -23,13 +22,13 @@ from nova.cloudpipe import pipelib
|
|||
from nova import compute
|
||||
from nova.compute import utils as compute_utils
|
||||
from nova.compute import vm_states
|
||||
import nova.conf
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import network
|
||||
from nova import utils
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_opt('keys_path', 'nova.crypto')
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
authorize = extensions.extension_authorizer('compute', 'cloudpipe')
|
||||
|
||||
|
|
|
@ -37,7 +37,6 @@ from nova import utils
|
|||
|
||||
|
||||
CONF = nova.conf.CONF
|
||||
CONF.import_opt('keys_path', 'nova.crypto')
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ from nova.conf import conductor
|
|||
from nova.conf import consoleauth
|
||||
# from nova.conf import cors
|
||||
# from nova.conf import cors.subdomain
|
||||
# from nova.conf import crypto
|
||||
from nova.conf import crypto
|
||||
# from nova.conf import database
|
||||
# from nova.conf import disk
|
||||
from nova.conf import ephemeral_storage
|
||||
|
@ -99,7 +99,7 @@ conductor.register_opts(CONF)
|
|||
consoleauth.register_opts(CONF)
|
||||
# cors.register_opts(CONF)
|
||||
# cors.subdomain.register_opts(CONF)
|
||||
# crypto.register_opts(CONF)
|
||||
crypto.register_opts(CONF)
|
||||
# database.register_opts(CONF)
|
||||
# disk.register_opts(CONF)
|
||||
ephemeral_storage.register_opts(CONF)
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
from nova.i18n import _
|
||||
from nova import paths
|
||||
|
||||
crypto_opts = [
|
||||
cfg.StrOpt(
|
||||
'ca_file',
|
||||
default='cacert.pem',
|
||||
help=_('Filename of root CA')),
|
||||
cfg.StrOpt(
|
||||
'key_file',
|
||||
default=os.path.join('private', 'cakey.pem'),
|
||||
help=_('Filename of private key')),
|
||||
cfg.StrOpt(
|
||||
'crl_file',
|
||||
default='crl.pem',
|
||||
help=_('Filename of root Certificate Revocation List')),
|
||||
cfg.StrOpt(
|
||||
'keys_path',
|
||||
default=paths.state_path_def('keys'),
|
||||
help=_('Where we keep our keys')),
|
||||
cfg.StrOpt(
|
||||
'ca_path',
|
||||
default=paths.state_path_def('CA'),
|
||||
help=_('Where we keep our root CA')),
|
||||
cfg.BoolOpt(
|
||||
'use_project_ca',
|
||||
default=False,
|
||||
help=_('Should we use a CA for each project?')),
|
||||
cfg.StrOpt(
|
||||
'user_cert_subject',
|
||||
default='/C=US/ST=California/O=OpenStack/'
|
||||
'OU=NovaDev/CN=%.16s-%.16s-%s',
|
||||
help=_('Subject for certificate for users, %s for '
|
||||
'project, user, timestamp')),
|
||||
cfg.StrOpt(
|
||||
'project_cert_subject',
|
||||
default='/C=US/ST=California/O=OpenStack/'
|
||||
'OU=NovaDev/CN=project-ca-%.16s-%s',
|
||||
help=_('Subject for certificate for projects, %s for '
|
||||
'project, timestamp'))]
|
||||
|
||||
|
||||
def register_opts(conf):
|
||||
conf.register_opts(crypto_opts)
|
||||
|
||||
|
||||
def list_opts():
|
||||
return {'DEFAULT': crypto_opts}
|
|
@ -34,56 +34,23 @@ from cryptography.hazmat.primitives import hashes
|
|||
from cryptography.hazmat.primitives import serialization
|
||||
from cryptography import x509
|
||||
from oslo_concurrency import processutils
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import excutils
|
||||
from oslo_utils import fileutils
|
||||
import paramiko
|
||||
import six
|
||||
|
||||
import nova.conf
|
||||
from nova import context
|
||||
from nova import db
|
||||
from nova import exception
|
||||
from nova.i18n import _, _LE
|
||||
from nova import paths
|
||||
from nova import utils
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
crypto_opts = [
|
||||
cfg.StrOpt('ca_file',
|
||||
default='cacert.pem',
|
||||
help=_('Filename of root CA')),
|
||||
cfg.StrOpt('key_file',
|
||||
default=os.path.join('private', 'cakey.pem'),
|
||||
help=_('Filename of private key')),
|
||||
cfg.StrOpt('crl_file',
|
||||
default='crl.pem',
|
||||
help=_('Filename of root Certificate Revocation List')),
|
||||
cfg.StrOpt('keys_path',
|
||||
default=paths.state_path_def('keys'),
|
||||
help=_('Where we keep our keys')),
|
||||
cfg.StrOpt('ca_path',
|
||||
default=paths.state_path_def('CA'),
|
||||
help=_('Where we keep our root CA')),
|
||||
cfg.BoolOpt('use_project_ca',
|
||||
default=False,
|
||||
help=_('Should we use a CA for each project?')),
|
||||
cfg.StrOpt('user_cert_subject',
|
||||
default='/C=US/ST=California/O=OpenStack/'
|
||||
'OU=NovaDev/CN=%.16s-%.16s-%s',
|
||||
help=_('Subject for certificate for users, %s for '
|
||||
'project, user, timestamp')),
|
||||
cfg.StrOpt('project_cert_subject',
|
||||
default='/C=US/ST=California/O=OpenStack/'
|
||||
'OU=NovaDev/CN=project-ca-%.16s-%s',
|
||||
help=_('Subject for certificate for projects, %s for '
|
||||
'project, timestamp')),
|
||||
]
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(crypto_opts)
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
|
||||
def ca_folder(project_id=None):
|
||||
|
|
|
@ -25,7 +25,6 @@ import nova.console.rpcapi
|
|||
import nova.console.serial
|
||||
import nova.console.xvp
|
||||
import nova.consoleauth.rpcapi
|
||||
import nova.crypto
|
||||
import nova.db.api
|
||||
import nova.db.base
|
||||
import nova.db.sqlalchemy.api
|
||||
|
@ -55,7 +54,6 @@ def list_opts():
|
|||
nova.console.manager.console_manager_opts,
|
||||
nova.console.rpcapi.rpcapi_opts,
|
||||
nova.console.xvp.xvp_opts,
|
||||
nova.crypto.crypto_opts,
|
||||
nova.db.api.db_opts,
|
||||
nova.db.sqlalchemy.api.db_opts,
|
||||
nova.exception.exc_log_opts,
|
||||
|
|
Loading…
Reference in New Issue