Package list python-castellan / f8bcee0 castellan / options.py
f8bcee0

Tree @f8bcee0 (Download .tar.gz)

options.py @f8bcee0raw · history · blame

# Copyright (c) 2015 Red Hat, Inc.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
from stevedore import ExtensionManager

from oslo_config import cfg
from oslo_log import log

from castellan import key_manager
try:
    from castellan.key_manager import barbican_key_manager as bkm
except ImportError:
    bkm = None

try:
    from castellan.key_manager import vault_key_manager as vkm
except ImportError:
    vkm = None

from castellan.common import utils

_DEFAULT_LOG_LEVELS = ['castellan=WARN']

_DEFAULT_LOGGING_CONTEXT_FORMAT = ('%(asctime)s.%(msecs)03d %(process)d '
                                   '%(levelname)s %(name)s [%(request_id)s '
                                   '%(user_identity)s] %(instance)s'
                                   '%(message)s')


def set_defaults(conf, backend=None, barbican_endpoint=None,
                 barbican_api_version=None, auth_endpoint=None,
                 retry_delay=None, number_of_retries=None, verify_ssl=None,
                 api_class=None, vault_root_token_id=None,
                 vault_approle_role_id=None, vault_approle_secret_id=None,
                 vault_kv_mountpoint=None, vault_url=None,
                 vault_ssl_ca_crt_file=None, vault_use_ssl=None,
                 barbican_endpoint_type=None):
    """Set defaults for configuration values.

    Overrides the default options values.
    :param conf: Config instance in which to set default options.
    :param api_class: The full class name of the key manager API class.
    :param barbican_endpoint: Use this endpoint to connect to Barbican.
    :param barbican_api_version: Version of the Barbican API.
    :param auth_endpoint: Use this endpoint to connect to Keystone.
    :param retry_delay: Use this attribute to set retry delay.
    :param number_of_retries: Use this attribute to set number of retries.
    :param verify_ssl: Use this to specify if ssl should be verified.
    :param vault_root_token_id: Use this for the root token id for vault.
    :param vault_approle_role_id: Use this for the approle role_id for vault.
    :param vault_approle_secret_id: Use this for the approle secret_id
                                    for vault.
    :param vault_kv_mountpoint: Mountpoint of KV store in vault to use.
    :param vault_url: Use this for the url for vault.
    :param vault_use_ssl: Use this to force vault driver to use ssl.
    :param vault_ssl_ca_crt_file: Use this for the CA file for vault.
    :param barbican_endpoint_type: Use this to specify the type of URL.
    :                              Valid values are: public, internal or admin.
    """
    conf.register_opts(key_manager.key_manager_opts, group='key_manager')

    ext_mgr = ExtensionManager(
        "castellan.drivers",
        invoke_on_load=True,
        invoke_args=[cfg.CONF])

    for km in ext_mgr.names():
        for group, opts in ext_mgr[km].obj.list_options_for_discovery():
            conf.register_opts(opts, group=group)

    # Use the new backend option if set or fall back to the older api_class
    default_backend = backend or api_class
    if default_backend is not None:
        conf.set_default('backend', default_backend, group='key_manager')

    if bkm is not None:
        if barbican_endpoint is not None:
            conf.set_default('barbican_endpoint', barbican_endpoint,
                             group=bkm._BARBICAN_OPT_GROUP)
        if barbican_api_version is not None:
            conf.set_default('barbican_api_version', barbican_api_version,
                             group=bkm._BARBICAN_OPT_GROUP)
        if auth_endpoint is not None:
            conf.set_default('auth_endpoint', auth_endpoint,
                             group=bkm._BARBICAN_OPT_GROUP)
        if retry_delay is not None:
            conf.set_default('retry_delay', retry_delay,
                             group=bkm._BARBICAN_OPT_GROUP)
        if number_of_retries is not None:
            conf.set_default('number_of_retries', number_of_retries,
                             group=bkm._BARBICAN_OPT_GROUP)
        if verify_ssl is not None:
            conf.set_default('verify_ssl', verify_ssl,
                             group=bkm._BARBICAN_OPT_GROUP)
        if barbican_endpoint_type is not None:
            conf.set_default('barbican_endpoint_type', barbican_endpoint_type,
                             group=bkm._BARBICAN_OPT_GROUP)

    if vkm is not None:
        if vault_root_token_id is not None:
            conf.set_default('root_token_id', vault_root_token_id,
                             group=vkm._VAULT_OPT_GROUP)
        if vault_approle_role_id is not None:
            conf.set_default('approle_role_id', vault_approle_role_id,
                             group=vkm._VAULT_OPT_GROUP)
        if vault_approle_secret_id is not None:
            conf.set_default('approle_secret_id', vault_approle_secret_id,
                             group=vkm._VAULT_OPT_GROUP)
        if vault_kv_mountpoint is not None:
            conf.set_default('kv_mountpoint', vault_kv_mountpoint,
                             group=vkm._VAULT_OPT_GROUP)
        if vault_url is not None:
            conf.set_default('vault_url', vault_url,
                             group=vkm._VAULT_OPT_GROUP)
        if vault_ssl_ca_crt_file is not None:
            conf.set_default('ssl_ca_crt_file', vault_ssl_ca_crt_file,
                             group=vkm._VAULT_OPT_GROUP)
        if vault_use_ssl is not None:
            conf.set_default('use_ssl', vault_use_ssl,
                             group=vkm._VAULT_OPT_GROUP)


def enable_logging(conf=None, app_name='castellan'):
    conf = conf or cfg.CONF

    log.register_options(conf)
    log.set_defaults(_DEFAULT_LOGGING_CONTEXT_FORMAT,
                     _DEFAULT_LOG_LEVELS)

    log.setup(conf, app_name)


def list_opts():
    """Returns a list of oslo.config options available in the library.

    The returned list includes all oslo.config options which may be registered
    at runtime by the library.

    Each element of the list is a tuple. The first element is the name of the
    group under which the list of elements in the second element will be
    registered. A group name of None corresponds to the [DEFAULT] group in
    config files.

    The purpose of this is to allow tools like the Oslo sample config file
    generator to discover the options exposed to users by this library.

    :returns: a list of (group_name, opts) tuples
    """
    key_manager_opts = []
    key_manager_opts.extend(key_manager.key_manager_opts)
    key_manager_opts.extend(utils.credential_opts)
    opts = [('key_manager', key_manager_opts)]

    ext_mgr = ExtensionManager(
        "castellan.drivers",
        invoke_on_load=True,
        invoke_args=[cfg.CONF])

    for driver in ext_mgr.names():
        opts.extend(ext_mgr[driver].obj.list_options_for_discovery())

    return opts