From 2a3c73c49b117fe43d2174dbdb55842a4407377d Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 6 Dec 2023 02:12:59 +0900 Subject: [PATCH] Clean up deprecated options for eventlet server The eventlet server implementation was removed during Newton, and have not been used by any other implementations for a while. Change-Id: I01f9adfc3e610d820c1834209d36c10568cccf41 --- keystone/catalog/backends/sql.py | 8 +- keystone/catalog/backends/templated.py | 4 +- keystone/common/utils.py | 4 +- keystone/conf/__init__.py | 24 ----- keystone/conf/eventlet_server.py | 95 ------------------- keystone/server/flask/common.py | 15 +-- .../middleware/auth_context.py | 15 +-- keystone/tests/unit/catalog/test_core.py | 32 +++---- keystone/tests/unit/default_catalog.templates | 6 +- .../default_catalog_multi_region.templates | 14 +-- keystone/tests/unit/test_backend_templated.py | 4 +- keystone/tests/unit/test_exception.py | 1 + .../eventlet-cleanup-f35fc5f83c16ea1c.yaml | 17 ++++ 13 files changed, 54 insertions(+), 185 deletions(-) delete mode 100644 keystone/conf/eventlet_server.py create mode 100644 releasenotes/notes/eventlet-cleanup-f35fc5f83c16ea1c.yaml diff --git a/keystone/catalog/backends/sql.py b/keystone/catalog/backends/sql.py index 15abeec44c..63c49b8f0f 100644 --- a/keystone/catalog/backends/sql.py +++ b/keystone/catalog/backends/sql.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -import itertools - import sqlalchemy from sqlalchemy.sql import true @@ -275,8 +273,7 @@ class Catalog(base.CatalogDriverBase): empty dict. """ - substitutions = dict( - itertools.chain(CONF.items(), CONF.eventlet_server.items())) + substitutions = dict(CONF.items()) substitutions.update({'user_id': user_id}) silent_keyerror_failures = [] if project_id: @@ -335,8 +332,7 @@ class Catalog(base.CatalogDriverBase): :returns: A list representing the service catalog or an empty list """ - d = dict( - itertools.chain(CONF.items(), CONF.eventlet_server.items())) + d = dict(CONF.items()) d.update({'user_id': user_id}) silent_keyerror_failures = [] if project_id: diff --git a/keystone/catalog/backends/templated.py b/keystone/catalog/backends/templated.py index 8e1fbbfd27..5472b2fde9 100644 --- a/keystone/catalog/backends/templated.py +++ b/keystone/catalog/backends/templated.py @@ -12,7 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -import itertools import os.path from oslo_log import log @@ -207,8 +206,7 @@ class Catalog(base.CatalogDriverBase): empty dict. """ - substitutions = dict( - itertools.chain(CONF.items(), CONF.eventlet_server.items())) + substitutions = dict(CONF.items()) substitutions.update({'user_id': user_id}) silent_keyerror_failures = [] if project_id: diff --git a/keystone/common/utils.py b/keystone/common/utils.py index 3f8088f279..b24e11f8e6 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -44,9 +44,7 @@ CONF = keystone.conf.CONF LOG = log.getLogger(__name__) WHITELISTED_PROPERTIES = [ 'tenant_id', 'project_id', 'user_id', - 'public_bind_host', 'admin_bind_host', - 'compute_host', 'admin_port', 'public_port', - 'public_endpoint', ] + 'compute_host', 'public_endpoint', ] # NOTE(stevermar): This UUID must stay the same, forever, across diff --git a/keystone/conf/__init__.py b/keystone/conf/__init__.py index be12464464..d980d248b3 100644 --- a/keystone/conf/__init__.py +++ b/keystone/conf/__init__.py @@ -15,7 +15,6 @@ import logging from oslo_cache import core as cache from oslo_config import cfg from oslo_log import log -from oslo_log import versionutils import oslo_messaging from oslo_middleware import cors from oslo_policy import opts as policy_opts @@ -30,7 +29,6 @@ from keystone.conf import default from keystone.conf import domain_config from keystone.conf import endpoint_filter from keystone.conf import endpoint_policy -from keystone.conf import eventlet_server from keystone.conf import federation from keystone.conf import fernet_receipts from keystone.conf import fernet_tokens @@ -68,7 +66,6 @@ conf_modules = [ domain_config, endpoint_filter, endpoint_policy, - eventlet_server, federation, fernet_receipts, fernet_tokens, @@ -96,8 +93,6 @@ conf_modules = [ oslo_messaging.set_transport_defaults(control_exchange='keystone') -_DEPRECATED_REASON = ('This option is only used by eventlet mode which has ' - 'been removed from Keystone in Newton release.') def set_default_for_default_log_levels(): @@ -130,25 +125,6 @@ def configure(conf=None): if conf is None: conf = CONF - conf.register_cli_opt( - cfg.BoolOpt('standard-threads', default=False, - help='Do not monkey-patch threading system modules.', - deprecated_for_removal=True, - deprecated_reason=_DEPRECATED_REASON, - deprecated_since=versionutils.deprecated.STEIN)) - conf.register_cli_opt( - cfg.StrOpt('pydev-debug-host', - help='Host to connect to for remote debugger.', - deprecated_for_removal=True, - deprecated_reason=_DEPRECATED_REASON, - deprecated_since=versionutils.deprecated.STEIN)) - conf.register_cli_opt( - cfg.PortOpt('pydev-debug-port', - help='Port to connect to for remote debugger.', - deprecated_for_removal=True, - deprecated_reason=_DEPRECATED_REASON, - deprecated_since=versionutils.deprecated.STEIN)) - for module in conf_modules: module.register_opts(conf) diff --git a/keystone/conf/eventlet_server.py b/keystone/conf/eventlet_server.py deleted file mode 100644 index 8348934c42..0000000000 --- a/keystone/conf/eventlet_server.py +++ /dev/null @@ -1,95 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from oslo_config import cfg -from oslo_log import versionutils - -from keystone.conf import utils - - -_DEPRECATE_EVENTLET_MSG = utils.fmt(""" -Support for running keystone under eventlet has been removed in the Newton -release. These options remain for backwards compatibility because they are used -for URL substitutions. -""") - - -public_bind_host = cfg.HostAddressOpt( - 'public_bind_host', - default='0.0.0.0', # nosec : Bind to all interfaces by default for - # backwards compatibility. - deprecated_opts=[ - cfg.DeprecatedOpt('bind_host', group='DEFAULT'), - cfg.DeprecatedOpt('public_bind_host', group='DEFAULT'), - ], - deprecated_for_removal=True, - deprecated_reason=_DEPRECATE_EVENTLET_MSG, - deprecated_since=versionutils.deprecated.KILO, - help=utils.fmt(""" -The IP address of the network interface for the public service to listen on. -""")) - -public_port = cfg.PortOpt( - 'public_port', - default=5000, - deprecated_name='public_port', - deprecated_group='DEFAULT', - deprecated_for_removal=True, - deprecated_reason=_DEPRECATE_EVENTLET_MSG, - deprecated_since=versionutils.deprecated.KILO, - help=utils.fmt(""" -The port number for the public service to listen on. -""")) - -admin_bind_host = cfg.HostAddressOpt( - 'admin_bind_host', - default='0.0.0.0', # nosec : Bind to all interfaces by default for - # backwards compatibility. - deprecated_opts=[ - cfg.DeprecatedOpt('bind_host', group='DEFAULT'), - cfg.DeprecatedOpt('admin_bind_host', group='DEFAULT'), - ], - deprecated_for_removal=True, - deprecated_reason=_DEPRECATE_EVENTLET_MSG, - deprecated_since=versionutils.deprecated.KILO, - help=utils.fmt(""" -The IP address of the network interface for the admin service to listen on. -""")) - -admin_port = cfg.PortOpt( - 'admin_port', - default=35357, - deprecated_name='admin_port', - deprecated_group='DEFAULT', - deprecated_for_removal=True, - deprecated_reason=_DEPRECATE_EVENTLET_MSG, - deprecated_since=versionutils.deprecated.KILO, - help=utils.fmt(""" -The port number for the admin service to listen on. -""")) - - -GROUP_NAME = __name__.split('.')[-1] -ALL_OPTS = [ - public_bind_host, - public_port, - admin_bind_host, - admin_port, -] - - -def register_opts(conf): - conf.register_opts(ALL_OPTS, group=GROUP_NAME) - - -def list_opts(): - return {GROUP_NAME: ALL_OPTS} diff --git a/keystone/server/flask/common.py b/keystone/server/flask/common.py index f3742e10fe..3b99fb6c5f 100644 --- a/keystone/server/flask/common.py +++ b/keystone/server/flask/common.py @@ -13,7 +13,6 @@ import abc import collections import functools -import itertools import re import uuid import wsgiref.util @@ -1002,12 +1001,9 @@ class ResourceBase(flask_restful.Resource): def base_url(path=''): url = CONF['public_endpoint'] - if url: - substitutions = dict( - itertools.chain(CONF.items(), CONF.eventlet_server.items())) - - url = url % substitutions - elif flask.request.environ: + if not url: + if not flask.request.environ: + raise ValueError('Endpoint cannot be detected') url = wsgiref.util.application_uri(flask.request.environ) # remove version from the URL as it may be part of SCRIPT_NAME but # it should not be part of base URL @@ -1015,11 +1011,6 @@ def base_url(path=''): # now remove the standard port url = utils.remove_standard_port(url) - else: - # if we don't have enough information to come up with a base URL, - # then fall back to localhost. This should never happen in - # production environment. - url = 'http://localhost:%d' % CONF.eventlet_server.public_port if path: # Cleanup leading /v3 if needed. diff --git a/keystone/server/flask/request_processing/middleware/auth_context.py b/keystone/server/flask/request_processing/middleware/auth_context.py index 1945bea6f9..3d7c2abb2f 100644 --- a/keystone/server/flask/request_processing/middleware/auth_context.py +++ b/keystone/server/flask/request_processing/middleware/auth_context.py @@ -12,7 +12,6 @@ import functools -import itertools import re import wsgiref.util @@ -73,12 +72,9 @@ def best_match_language(req): def base_url(context): url = CONF['public_endpoint'] - if url: - substitutions = dict( - itertools.chain(CONF.items(), CONF.eventlet_server.items())) - - url = url % substitutions - elif 'environment' in context: + if not url: + if 'environment' not in context: + raise ValueError('Endpoint cannot be detected') url = wsgiref.util.application_uri(context['environment']) # remove version from the URL as it may be part of SCRIPT_NAME but # it should not be part of base URL @@ -86,11 +82,6 @@ def base_url(context): # now remove the standard port url = utils.remove_standard_port(url) - else: - # if we don't have enough information to come up with a base URL, - # then fall back to localhost. This should never happen in - # production environment. - url = 'http://localhost:%d' % CONF.eventlet_server.public_port return url.rstrip('/') diff --git a/keystone/tests/unit/catalog/test_core.py b/keystone/tests/unit/catalog/test_core.py index b97beefb67..7b74961012 100644 --- a/keystone/tests/unit/catalog/test_core.py +++ b/keystone/tests/unit/catalog/test_core.py @@ -20,11 +20,10 @@ from keystone.tests import unit class FormatUrlTests(unit.BaseTestCase): def test_successful_formatting(self): - url_template = ('http://$(public_bind_host)s:$(admin_port)d/' + url_template = ('http://server:9090/' '$(tenant_id)s/$(user_id)s/$(project_id)s') project_id = uuid.uuid4().hex - values = {'public_bind_host': 'server', 'admin_port': 9090, - 'tenant_id': 'A', 'user_id': 'B', 'project_id': project_id} + values = {'tenant_id': 'A', 'user_id': 'B', 'project_id': project_id} actual_url = utils.format_url(url_template, values) expected_url = 'http://server:9090/A/B/%s' % (project_id,) @@ -33,20 +32,20 @@ class FormatUrlTests(unit.BaseTestCase): def test_raises_malformed_on_missing_key(self): self.assertRaises(exception.MalformedEndpoint, utils.format_url, - "http://$(public_bind_host)s/$(public_port)d", - {"public_bind_host": "1"}) + "http://server:9090/$(tenant_id)s", + {}) def test_raises_malformed_on_wrong_type(self): self.assertRaises(exception.MalformedEndpoint, utils.format_url, - "http://$(public_bind_host)d", - {"public_bind_host": "something"}) + "http://server:9090/$(tenant_id)d", + {"tenant_id": 'A'}) def test_raises_malformed_on_incomplete_format(self): self.assertRaises(exception.MalformedEndpoint, utils.format_url, - "http://$(public_bind_host)", - {"public_bind_host": "1"}) + "http://server:9090/$(tenant_id)", + {"tenant_id": 'A'}) def test_formatting_a_non_string(self): def _test(url_template): @@ -62,10 +61,9 @@ class FormatUrlTests(unit.BaseTestCase): # If the url template contains a substitution that's not in the allowed # list then MalformedEndpoint is raised. # For example, admin_token isn't allowed. - url_template = ('http://$(public_bind_host)s:$(public_port)d/' + url_template = ('http://server:9090/' '$(project_id)s/$(user_id)s/$(admin_token)s') - values = {'public_bind_host': 'server', 'public_port': 9090, - 'project_id': 'A', 'user_id': 'B', 'admin_token': 'C'} + values = {'user_id': 'B', 'admin_token': 'C'} self.assertRaises(exception.MalformedEndpoint, utils.format_url, url_template, @@ -78,10 +76,9 @@ class FormatUrlTests(unit.BaseTestCase): # This is intentional behavior since we don't want to skip # all the later endpoints once there is an URL of endpoint # trying to replace 'tenant_id' with None. - url_template = ('http://$(public_bind_host)s:$(admin_port)d/' + url_template = ('http://server:9090/' '$(tenant_id)s/$(user_id)s') - values = {'public_bind_host': 'server', 'admin_port': 9090, - 'user_id': 'B'} + values = {'user_id': 'B'} self.assertIsNone(utils.format_url(url_template, values, silent_keyerror_failures=['tenant_id'])) @@ -92,9 +89,8 @@ class FormatUrlTests(unit.BaseTestCase): # This is intentional behavior since we don't want to skip # all the later endpoints once there is an URL of endpoint # trying to replace 'project_id' with None. - url_template = ('http://$(public_bind_host)s:$(admin_port)d/' + url_template = ('http://server:9090/' '$(project_id)s/$(user_id)s') - values = {'public_bind_host': 'server', 'admin_port': 9090, - 'user_id': 'B'} + values = {'user_id': 'B'} self.assertIsNone(utils.format_url(url_template, values, silent_keyerror_failures=['project_id'])) diff --git a/keystone/tests/unit/default_catalog.templates b/keystone/tests/unit/default_catalog.templates index f4753ed91d..b00a79cf2e 100644 --- a/keystone/tests/unit/default_catalog.templates +++ b/keystone/tests/unit/default_catalog.templates @@ -1,8 +1,8 @@ # config for templated.Catalog, using camelCase because I don't want to do # translations for keystone compat -catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v3 -catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v3 -catalog.RegionOne.identity.internalURL = http://localhost:$(admin_port)s/v3 +catalog.RegionOne.identity.publicURL = http://localhost:5000/v3 +catalog.RegionOne.identity.adminURL = http://localhost:35357/v3 +catalog.RegionOne.identity.internalURL = http://localhost:35357/v3 catalog.RegionOne.identity.name = 'Identity Service' catalog.RegionOne.identity.id = 1 diff --git a/keystone/tests/unit/default_catalog_multi_region.templates b/keystone/tests/unit/default_catalog_multi_region.templates index 096deb6a12..452535677b 100644 --- a/keystone/tests/unit/default_catalog_multi_region.templates +++ b/keystone/tests/unit/default_catalog_multi_region.templates @@ -1,8 +1,8 @@ # config for templated.Catalog, using camelCase because I don't want to do # translations for keystone compat -catalog.RegionOne.identity.publicURL = http://region-one:$(public_port)s/v3 -catalog.RegionOne.identity.adminURL = http://region-one:$(admin_port)s/v3 -catalog.RegionOne.identity.internalURL = http://region-one:$(admin_port)s/v3 +catalog.RegionOne.identity.publicURL = http://region-one:5000/v3 +catalog.RegionOne.identity.adminURL = http://region-one:35357/v3 +catalog.RegionOne.identity.internalURL = http://region-one:35357/v3 catalog.RegionOne.identity.name = 'Identity Service' catalog.RegionOne.identity.id = 1 @@ -14,9 +14,9 @@ catalog.RegionOne.compute.name = 'Compute Service' catalog.RegionOne.compute.id = 2 # second region for multi-region testing -catalog.RegionTwo.identity.publicURL = http://region-two:$(public_port)s/v3 -catalog.RegionTwo.identity.adminURL = http://region-two:$(admin_port)s/v3 -catalog.RegionTwo.identity.internalURL = http://region-two:$(admin_port)s/v3 +catalog.RegionTwo.identity.publicURL = http://region-two:5000/v3 +catalog.RegionTwo.identity.adminURL = http://region-two:35357/v3 +catalog.RegionTwo.identity.internalURL = http://region-two:35357/v3 catalog.RegionTwo.identity.name = 'Identity Service' catalog.RegionTwo.identity.id = 1 @@ -24,4 +24,4 @@ catalog.RegionTwo.compute.publicURL = http://region-two:8774/v1.1/$(tenant_id)s catalog.RegionTwo.compute.adminURL = http://region-two:8774/v1.1/$(tenant_id)s catalog.RegionTwo.compute.internalURL = http://region-two:8774/v1.1/$(tenant_id)s catalog.RegionTwo.compute.name = 'Compute Service' -catalog.RegionTwo.compute.id = 2 \ No newline at end of file +catalog.RegionTwo.compute.id = 2 diff --git a/keystone/tests/unit/test_backend_templated.py b/keystone/tests/unit/test_backend_templated.py index ad103eb1b2..3fb69d14e6 100644 --- a/keystone/tests/unit/test_backend_templated.py +++ b/keystone/tests/unit/test_backend_templated.py @@ -311,8 +311,8 @@ class TestTemplatedCatalog(unit.TestCase, catalog_tests.CatalogTests): self.skip_test_overrides(BROKEN_WRITE_FUNCTIONALITY_MSG) def test_list_endpoints(self): - expected_urls = set(['http://localhost:$(public_port)s/v3', - 'http://localhost:$(admin_port)s/v3', + expected_urls = set(['http://localhost:5000/v3', + 'http://localhost:35357/v3', 'http://localhost:8774/v1.1/$(tenant_id)s']) endpoints = PROVIDERS.catalog_api.list_endpoints() self.assertEqual(expected_urls, set(e['url'] for e in endpoints)) diff --git a/keystone/tests/unit/test_exception.py b/keystone/tests/unit/test_exception.py index be12e52bd6..e36f3c8fe1 100644 --- a/keystone/tests/unit/test_exception.py +++ b/keystone/tests/unit/test_exception.py @@ -180,6 +180,7 @@ class SecurityErrorTestCase(ExceptionTestCase): def setUp(self): super(SecurityErrorTestCase, self).setUp() self.config_fixture = self.useFixture(config_fixture.Config(CONF)) + self.config_fixture.config(public_endpoint='http://localhost:5050') def test_unauthorized_exposure(self): self.config_fixture.config(debug=False) diff --git a/releasenotes/notes/eventlet-cleanup-f35fc5f83c16ea1c.yaml b/releasenotes/notes/eventlet-cleanup-f35fc5f83c16ea1c.yaml new file mode 100644 index 0000000000..a4330f9d5f --- /dev/null +++ b/releasenotes/notes/eventlet-cleanup-f35fc5f83c16ea1c.yaml @@ -0,0 +1,17 @@ +--- +upgrade: + - | + The following options have been removed. + + - ``[eventlet_server] public_bind_host`` + - ``[eventlet_server] public_bind_port`` + - ``[eventlet_server] public_admin_host`` + - ``[eventlet_server] public_admin_port`` + + - | + The following command line options have been removed. These options were + used by Keystone eventlet model which was removed in Newton release. + + - ``standard-threads`` + - ``pydev-debug-host`` + - ``pydev-debug-port``