openstack
/
keystone
Code Issues Proposed changes

Merge "Clean up deprecated options for eventlet server"

This commit is contained in:
Zuul 2024-01-26 17:37:17 +00:00 committed by Gerrit Code Review
parent 6c16f975d2 2a3c73c49b
commit 406233f169
13 changed files with 54 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
keystone/catalog/backends/sql.py
View File

@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
import itertools
import sqlalchemy
from sqlalchemy.sql import true
@ -275,8 +273,7 @@ class Catalog(base.CatalogDriverBase):
empty dict.
"""
substitutions = dict(
itertools.chain(CONF.items(), CONF.eventlet_server.items()))
substitutions = dict(CONF.items())
substitutions.update({'user_id': user_id})
silent_keyerror_failures = []
if project_id:
@ -335,8 +332,7 @@ class Catalog(base.CatalogDriverBase):
:returns: A list representing the service catalog or an empty list
"""
d = dict(
itertools.chain(CONF.items(), CONF.eventlet_server.items()))
d = dict(CONF.items())
d.update({'user_id': user_id})
silent_keyerror_failures = []
if project_id:

4
keystone/catalog/backends/templated.py
View File

@ -12,7 +12,6 @@
# License for the specific language governing permissions and limitations
# under the License.
import itertools
import os.path
from oslo_log import log
@ -207,8 +206,7 @@ class Catalog(base.CatalogDriverBase):
empty dict.
"""
substitutions = dict(
itertools.chain(CONF.items(), CONF.eventlet_server.items()))
substitutions = dict(CONF.items())
substitutions.update({'user_id': user_id})
silent_keyerror_failures = []
if project_id:

4
keystone/common/utils.py
View File

@ -44,9 +44,7 @@ CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
WHITELISTED_PROPERTIES = [
'tenant_id', 'project_id', 'user_id',
'public_bind_host', 'admin_bind_host',
'compute_host', 'admin_port', 'public_port',
'public_endpoint', ]
'compute_host', 'public_endpoint', ]
# NOTE(stevermar): This UUID must stay the same, forever, across

24
keystone/conf/__init__.py
View File

@ -15,7 +15,6 @@ import logging
from oslo_cache import core as cache
from oslo_config import cfg
from oslo_log import log
from oslo_log import versionutils
import oslo_messaging
from oslo_middleware import cors
from oslo_policy import opts as policy_opts
@ -30,7 +29,6 @@ from keystone.conf import default
from keystone.conf import domain_config
from keystone.conf import endpoint_filter
from keystone.conf import endpoint_policy
from keystone.conf import eventlet_server
from keystone.conf import federation
from keystone.conf import fernet_receipts
from keystone.conf import fernet_tokens
@ -68,7 +66,6 @@ conf_modules = [
domain_config,
endpoint_filter,
endpoint_policy,
eventlet_server,
federation,
fernet_receipts,
fernet_tokens,
@ -96,8 +93,6 @@ conf_modules = [
oslo_messaging.set_transport_defaults(control_exchange='keystone')
_DEPRECATED_REASON = ('This option is only used by eventlet mode which has '
'been removed from Keystone in Newton release.')
def set_default_for_default_log_levels():
@ -130,25 +125,6 @@ def configure(conf=None):
if conf is None:
conf = CONF
conf.register_cli_opt(
cfg.BoolOpt('standard-threads', default=False,
help='Do not monkey-patch threading system modules.',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.STEIN))
conf.register_cli_opt(
cfg.StrOpt('pydev-debug-host',
help='Host to connect to for remote debugger.',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.STEIN))
conf.register_cli_opt(
cfg.PortOpt('pydev-debug-port',
help='Port to connect to for remote debugger.',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.STEIN))
for module in conf_modules:
module.register_opts(conf)

95
keystone/conf/eventlet_server.py
View File

@ -1,95 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
_DEPRECATE_EVENTLET_MSG = utils.fmt("""
Support for running keystone under eventlet has been removed in the Newton
release. These options remain for backwards compatibility because they are used
for URL substitutions.
""")
public_bind_host = cfg.HostAddressOpt(
'public_bind_host',
default='0.0.0.0', # nosec : Bind to all interfaces by default for
# backwards compatibility.
deprecated_opts=[
cfg.DeprecatedOpt('bind_host', group='DEFAULT'),
cfg.DeprecatedOpt('public_bind_host', group='DEFAULT'),
],
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The IP address of the network interface for the public service to listen on.
"""))
public_port = cfg.PortOpt(
'public_port',
default=5000,
deprecated_name='public_port',
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The port number for the public service to listen on.
"""))
admin_bind_host = cfg.HostAddressOpt(
'admin_bind_host',
default='0.0.0.0', # nosec : Bind to all interfaces by default for
# backwards compatibility.
deprecated_opts=[
cfg.DeprecatedOpt('bind_host', group='DEFAULT'),
cfg.DeprecatedOpt('admin_bind_host', group='DEFAULT'),
],
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The IP address of the network interface for the admin service to listen on.
"""))
admin_port = cfg.PortOpt(
'admin_port',
default=35357,
deprecated_name='admin_port',
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The port number for the admin service to listen on.
"""))
GROUP_NAME = __name__.split('.')[-1]
ALL_OPTS = [
public_bind_host,
public_port,
admin_bind_host,
admin_port,
]
def register_opts(conf):
conf.register_opts(ALL_OPTS, group=GROUP_NAME)
def list_opts():
return {GROUP_NAME: ALL_OPTS}

15
keystone/server/flask/common.py
View File

@ -13,7 +13,6 @@
import abc
import collections
import functools
import itertools
import re
import uuid
import wsgiref.util
@ -1002,12 +1001,9 @@ class ResourceBase(flask_restful.Resource):
def base_url(path=''):
url = CONF['public_endpoint']
if url:
substitutions = dict(
itertools.chain(CONF.items(), CONF.eventlet_server.items()))
url = url % substitutions
elif flask.request.environ:
if not url:
if not flask.request.environ:
raise ValueError('Endpoint cannot be detected')
url = wsgiref.util.application_uri(flask.request.environ)
# remove version from the URL as it may be part of SCRIPT_NAME but
# it should not be part of base URL
@ -1015,11 +1011,6 @@ def base_url(path=''):
# now remove the standard port
url = utils.remove_standard_port(url)
else:
# if we don't have enough information to come up with a base URL,
# then fall back to localhost. This should never happen in
# production environment.
url = 'http://localhost:%d' % CONF.eventlet_server.public_port
if path:
# Cleanup leading /v3 if needed.

15
keystone/server/flask/request_processing/middleware/auth_context.py
View File

@ -12,7 +12,6 @@
import functools
import itertools
import re
import wsgiref.util
@ -73,12 +72,9 @@ def best_match_language(req):
def base_url(context):
url = CONF['public_endpoint']
if url:
substitutions = dict(
itertools.chain(CONF.items(), CONF.eventlet_server.items()))
url = url % substitutions
elif 'environment' in context:
if not url:
if 'environment' not in context:
raise ValueError('Endpoint cannot be detected')
url = wsgiref.util.application_uri(context['environment'])
# remove version from the URL as it may be part of SCRIPT_NAME but
# it should not be part of base URL
@ -86,11 +82,6 @@ def base_url(context):
# now remove the standard port
url = utils.remove_standard_port(url)
else:
# if we don't have enough information to come up with a base URL,
# then fall back to localhost. This should never happen in
# production environment.
url = 'http://localhost:%d' % CONF.eventlet_server.public_port
return url.rstrip('/')

32
keystone/tests/unit/catalog/test_core.py
View File

@ -20,11 +20,10 @@ from keystone.tests import unit
class FormatUrlTests(unit.BaseTestCase):
def test_successful_formatting(self):
url_template = ('http://$(public_bind_host)s:$(admin_port)d/'
url_template = ('http://server:9090/'
'$(tenant_id)s/$(user_id)s/$(project_id)s')
project_id = uuid.uuid4().hex
values = {'public_bind_host': 'server', 'admin_port': 9090,
'tenant_id': 'A', 'user_id': 'B', 'project_id': project_id}
values = {'tenant_id': 'A', 'user_id': 'B', 'project_id': project_id}
actual_url = utils.format_url(url_template, values)
expected_url = 'http://server:9090/A/B/%s' % (project_id,)
@ -33,20 +32,20 @@ class FormatUrlTests(unit.BaseTestCase):
def test_raises_malformed_on_missing_key(self):
self.assertRaises(exception.MalformedEndpoint,
utils.format_url,
"http://$(public_bind_host)s/$(public_port)d",
{"public_bind_host": "1"})
"http://server:9090/$(tenant_id)s",
{})
def test_raises_malformed_on_wrong_type(self):
self.assertRaises(exception.MalformedEndpoint,
utils.format_url,
"http://$(public_bind_host)d",
{"public_bind_host": "something"})
"http://server:9090/$(tenant_id)d",
{"tenant_id": 'A'})
def test_raises_malformed_on_incomplete_format(self):
self.assertRaises(exception.MalformedEndpoint,
utils.format_url,
"http://$(public_bind_host)",
{"public_bind_host": "1"})
"http://server:9090/$(tenant_id)",
{"tenant_id": 'A'})
def test_formatting_a_non_string(self):
def _test(url_template):
@ -62,10 +61,9 @@ class FormatUrlTests(unit.BaseTestCase):
# If the url template contains a substitution that's not in the allowed
# list then MalformedEndpoint is raised.
# For example, admin_token isn't allowed.
url_template = ('http://$(public_bind_host)s:$(public_port)d/'
url_template = ('http://server:9090/'
'$(project_id)s/$(user_id)s/$(admin_token)s')
values = {'public_bind_host': 'server', 'public_port': 9090,
'project_id': 'A', 'user_id': 'B', 'admin_token': 'C'}
values = {'user_id': 'B', 'admin_token': 'C'}
self.assertRaises(exception.MalformedEndpoint,
utils.format_url,
url_template,
@ -78,10 +76,9 @@ class FormatUrlTests(unit.BaseTestCase):
# This is intentional behavior since we don't want to skip
# all the later endpoints once there is an URL of endpoint
# trying to replace 'tenant_id' with None.
url_template = ('http://$(public_bind_host)s:$(admin_port)d/'
url_template = ('http://server:9090/'
'$(tenant_id)s/$(user_id)s')
values = {'public_bind_host': 'server', 'admin_port': 9090,
'user_id': 'B'}
values = {'user_id': 'B'}
self.assertIsNone(utils.format_url(url_template, values,
silent_keyerror_failures=['tenant_id']))
@ -92,9 +89,8 @@ class FormatUrlTests(unit.BaseTestCase):
# This is intentional behavior since we don't want to skip
# all the later endpoints once there is an URL of endpoint
# trying to replace 'project_id' with None.
url_template = ('http://$(public_bind_host)s:$(admin_port)d/'
url_template = ('http://server:9090/'
'$(project_id)s/$(user_id)s')
values = {'public_bind_host': 'server', 'admin_port': 9090,
'user_id': 'B'}
values = {'user_id': 'B'}
self.assertIsNone(utils.format_url(url_template, values,
silent_keyerror_failures=['project_id']))

6
keystone/tests/unit/default_catalog.templates
View File

@ -1,8 +1,8 @@
# config for templated.Catalog, using camelCase because I don't want to do
# translations for keystone compat
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v3
catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v3
catalog.RegionOne.identity.internalURL = http://localhost:$(admin_port)s/v3
catalog.RegionOne.identity.publicURL = http://localhost:5000/v3
catalog.RegionOne.identity.adminURL = http://localhost:35357/v3
catalog.RegionOne.identity.internalURL = http://localhost:35357/v3
catalog.RegionOne.identity.name = 'Identity Service'
catalog.RegionOne.identity.id = 1

14
keystone/tests/unit/default_catalog_multi_region.templates
View File

@ -1,8 +1,8 @@
# config for templated.Catalog, using camelCase because I don't want to do
# translations for keystone compat
catalog.RegionOne.identity.publicURL = http://region-one:$(public_port)s/v3
catalog.RegionOne.identity.adminURL = http://region-one:$(admin_port)s/v3
catalog.RegionOne.identity.internalURL = http://region-one:$(admin_port)s/v3
catalog.RegionOne.identity.publicURL = http://region-one:5000/v3
catalog.RegionOne.identity.adminURL = http://region-one:35357/v3
catalog.RegionOne.identity.internalURL = http://region-one:35357/v3
catalog.RegionOne.identity.name = 'Identity Service'
catalog.RegionOne.identity.id = 1
@ -14,9 +14,9 @@ catalog.RegionOne.compute.name = 'Compute Service'
catalog.RegionOne.compute.id = 2
# second region for multi-region testing
catalog.RegionTwo.identity.publicURL = http://region-two:$(public_port)s/v3
catalog.RegionTwo.identity.adminURL = http://region-two:$(admin_port)s/v3
catalog.RegionTwo.identity.internalURL = http://region-two:$(admin_port)s/v3
catalog.RegionTwo.identity.publicURL = http://region-two:5000/v3
catalog.RegionTwo.identity.adminURL = http://region-two:35357/v3
catalog.RegionTwo.identity.internalURL = http://region-two:35357/v3
catalog.RegionTwo.identity.name = 'Identity Service'
catalog.RegionTwo.identity.id = 1
@ -24,4 +24,4 @@ catalog.RegionTwo.compute.publicURL = http://region-two:8774/v1.1/$(tenant_id)s
catalog.RegionTwo.compute.adminURL = http://region-two:8774/v1.1/$(tenant_id)s
catalog.RegionTwo.compute.internalURL = http://region-two:8774/v1.1/$(tenant_id)s
catalog.RegionTwo.compute.name = 'Compute Service'
catalog.RegionTwo.compute.id = 2
catalog.RegionTwo.compute.id = 2

4
keystone/tests/unit/test_backend_templated.py
View File

@ -311,8 +311,8 @@ class TestTemplatedCatalog(unit.TestCase, catalog_tests.CatalogTests):
self.skip_test_overrides(BROKEN_WRITE_FUNCTIONALITY_MSG)
def test_list_endpoints(self):
expected_urls = set(['http://localhost:$(public_port)s/v3',
'http://localhost:$(admin_port)s/v3',
expected_urls = set(['http://localhost:5000/v3',
'http://localhost:35357/v3',
'http://localhost:8774/v1.1/$(tenant_id)s'])
endpoints = PROVIDERS.catalog_api.list_endpoints()
self.assertEqual(expected_urls, set(e['url'] for e in endpoints))

1
keystone/tests/unit/test_exception.py
View File

@ -180,6 +180,7 @@ class SecurityErrorTestCase(ExceptionTestCase):
def setUp(self):
super(SecurityErrorTestCase, self).setUp()
self.config_fixture = self.useFixture(config_fixture.Config(CONF))
self.config_fixture.config(public_endpoint='http://localhost:5050')
def test_unauthorized_exposure(self):
self.config_fixture.config(debug=False)

17
releasenotes/notes/eventlet-cleanup-f35fc5f83c16ea1c.yaml Normal file
View File

@ -0,0 +1,17 @@
---
upgrade:
- |
The following options have been removed.
- ``[eventlet_server] public_bind_host``
- ``[eventlet_server] public_bind_port``
- ``[eventlet_server] public_admin_host``
- ``[eventlet_server] public_admin_port``
- |
The following command line options have been removed. These options were
used by Keystone eventlet model which was removed in Newton release.
- ``standard-threads``
- ``pydev-debug-host``
- ``pydev-debug-port``