# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from keystoneauth1 import loading as ks_loading
from oslo_config import cfg
CONF = cfg.CONF
barbican_group = cfg.OptGroup(
name='barbican',
title='Barbican Options',
help="Barbican options for allowing Deckhand to communicate with "
"Barbican.")
barbican_opts = [
# TODO(felipemonteiro): Drop this option once Keystone endpoint lookup is
# implemented.
cfg.StrOpt(
'api_endpoint',
sample_default='http://barbican.example.org:9311/',
help='URL override for the Barbican API endpoint.'),
cfg.IntOpt(
'max_workers', default=10,
help='Maximum number of threads used to call secret storage service '
'concurrently.'),
# TODO(felipemonteiro): This is better off being removed because the same
# effect can be achieved through per-test gabbi fixtures that clean up
# the cache between tests.
cfg.BoolOpt('enable_cache', default=True,
help="Whether to enable Barbican secret caching. Useful "
"for testing to avoid cross-test caching conflicts."),
cfg.StrOpt(
'cache_timeout', default=3600,
help="How long (in seconds) Barbican secret reference/payload lookup "
"results should remain cached in memory.")
]
engine_group = cfg.OptGroup(
name='engine',
title='Engine Options',
help="Engine options for allowing behavior specific to Deckhand's engine "
"to be configured.")
engine_opts = [
# TODO(felipemonteiro): This is better off being removed because the same
# effect can be achieved through per-test gabbi fixtures that clean up
# the cache between tests.
cfg.BoolOpt('enable_cache', default=True,
help="Whether to enable the document rendering caching. Useful"
" for testing to avoid cross-test caching conflicts."),
cfg.IntOpt('cache_timeout', default=3600,
help="How long (in seconds) document rendering results should "
"remain cached in memory."),
]
jsonpath_group = cfg.OptGroup(
name='jsonpath',
title='JSONPath Options',
help="JSONPath options for allowing JSONPath logic to be configured.")
jsonpath_opts = [
cfg.IntOpt('cache_timeout', default=3600,
help="How long (in seconds) JSONPath lookup results should "
"remain cached in memory.")
]
default_opts = [
cfg.BoolOpt('profiler', default=False,
help="Enables profiling of API requests. Do NOT use in "
"production."),
cfg.BoolOpt('development_mode', default=False,
help="Enables development mode, which disables Keystone "
"authentication. Do NOT use in production."),
cfg.IntOpt('secret_create_attempts', default=2,
help="How many times Deckhand should attempt to create a "
"secret in Barbican before raising an exception.")
]
[docs]def register_opts(conf):
conf.register_group(barbican_group)
conf.register_opts(barbican_opts, group=barbican_group)
conf.register_opts(engine_opts, group=engine_group)
conf.register_opts(jsonpath_opts, group=jsonpath_group)
conf.register_opts(default_opts)
ks_loading.register_auth_conf_options(conf, group='keystone_authtoken')
ks_loading.register_auth_conf_options(conf, group=barbican_group.name)
ks_loading.register_session_conf_options(conf, group=barbican_group.name)
[docs]def list_opts():
opts = {
None: default_opts,
'keystone_authtoken': (
ks_loading.get_session_conf_options() +
ks_loading.get_auth_common_conf_options() +
ks_loading.get_auth_plugin_conf_options('password') +
ks_loading.get_auth_plugin_conf_options('v3password')
),
engine_group: engine_opts,
barbican_group: (
barbican_opts +
ks_loading.get_session_conf_options() +
ks_loading.get_auth_common_conf_options() +
ks_loading.get_auth_plugin_conf_options('v3password')
),
jsonpath_group: jsonpath_opts
}
return opts
register_opts(CONF)