diff --git a/armada/conf/default.py b/armada/conf/default.py index acac4fbc..26be474e 100644 --- a/armada/conf/default.py +++ b/armada/conf/default.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from keystoneauth1 import loading +from keystoneauth1 import loading as ks_loading from oslo_config import cfg from armada.conf import utils @@ -94,12 +94,17 @@ path to the private key that includes the name of the key itself.""")), def register_opts(conf): conf.register_opts(default_options) - conf.register_opts( - loading.get_auth_plugin_conf_options('password'), - group='keystone_authtoken') + ks_loading.register_auth_conf_options(conf, group='keystone_authtoken') + ks_loading.register_session_conf_options(conf, group='keystone_authtoken') def list_opts(): return { 'DEFAULT': default_options, - 'keystone_authtoken': loading.get_auth_plugin_conf_options('password')} + 'keystone_authtoken': ( + ks_loading.get_session_conf_options() + + ks_loading.get_auth_common_conf_options() + + ks_loading.get_auth_plugin_conf_options('password') + + ks_loading.get_auth_plugin_conf_options('v3password') + ) + } diff --git a/armada/utils/keystone.py b/armada/utils/keystone.py index 33f48c0c..4a576256 100644 --- a/armada/utils/keystone.py +++ b/armada/utils/keystone.py @@ -13,9 +13,10 @@ # limitations under the License. from keystoneauth1 import loading +from keystoneauth1 import session from oslo_config import cfg def get_keystone_session(): - return loading.load_session_from_conf_options( - cfg.CONF, group="keystone_authtoken") + auth = loading.load_auth_from_conf_options(cfg.CONF, "keystone_authtoken") + return session.Session(auth=auth) diff --git a/etc/armada/armada.conf.sample b/etc/armada/armada.conf.sample index 59041656..6fb38d43 100644 --- a/etc/armada/armada.conf.sample +++ b/etc/armada/armada.conf.sample @@ -26,27 +26,23 @@ # The Keystone project name used for authentication. (string value) #project_name = admin -# Path to SSH private key. (string value) +# Optional path to an SSH private key used for authenticating against a Git +# source repository. The path must be an absolute path to the private key that +# includes the name of the key itself. (string value) #ssh_key_path = /home/user/.ssh/ -# Labels for the tiller pod. (string value) +# Labels for the Tiller pod. (string value) #tiller_pod_labels = app=helm,name=tiller -# Host for the tiller pod. (string value) -#tiller_host = localhost - -# Namespace for the tiller pod. (string value) +# Namespace for the Tiller pod. (string value) #tiller_namespace = kube-system -# Port for the tiller pod. (integer value) +# Port for the Tiller pod. (integer value) #tiller_port = 44134 # IDs of approved API access roles. (list value) #tiller_release_roles = admin -# IDs of approved API access roles. (list value) -#tiller_status_roles = admin - # # From oslo.log # @@ -224,6 +220,29 @@ # From armada.conf # +# PEM encoded Certificate Authority to use when verifying HTTPs connections. +# (string value) +#cafile = + +# PEM encoded client certificate cert file (string value) +#certfile = + +# PEM encoded client certificate key file (string value) +#keyfile = + +# Verify HTTPS connections. (boolean value) +#insecure = false + +# Timeout value for http requests (integer value) +#timeout = + +# Authentication type to load (string value) +# Deprecated group/name - [keystone_authtoken]/auth_plugin +#auth_type = + +# Config Section from which to load plugin specific options (string value) +#auth_section = + # Authentication URL (string value) #auth_url = @@ -234,11 +253,9 @@ #domain_name = # Project ID to scope to (string value) -# Deprecated group/name - [keystone_authtoken]/tenant_id #project_id = # Project name to scope to (string value) -# Deprecated group/name - [keystone_authtoken]/tenant_name #project_name = # Domain ID containing project (string value) @@ -260,7 +277,7 @@ # (string value) #default_domain_name = -# User id (string value) +# User ID (string value) #user_id = # Username (string value)