[MediaWiki-commits] [Gerrit] operations/puppet[production]: Keystone: Give custom auth plugins entry points

Andrew Bogott (Code Review) Mon, 19 Dec 2016 14:20:13 -0800

Andrew Bogott has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/328293 )


Change subject: Keystone:  Give custom auth plugins entry points
......................................................................


Keystone:  Give custom auth plugins entry points

Bug: T150773
Change-Id: I0aa5236529fa551d2032f43c0a4ed90ebc72750e
---
A 
modules/openstack/files/liberty/keystone/wmfkeystoneauth.egg-info/entry_points.txt
R modules/openstack/files/liberty/keystone/wmfkeystoneauth/password_whitelist.py
R modules/openstack/files/liberty/keystone/wmfkeystoneauth/wmtotp.py
A 
modules/openstack/files/mitaka/keystone/wmfkeystoneauth.egg-info/entry_points.txt
C modules/openstack/files/mitaka/keystone/wmfkeystoneauth/password_whitelist.py
C modules/openstack/files/mitaka/keystone/wmfkeystoneauth/wmtotp.py
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/templates/liberty/keystone/keystone.conf.erb
M modules/openstack/templates/mitaka/keystone/keystone.conf.erb
9 files changed, 25 insertions(+), 12 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git 
a/modules/openstack/files/liberty/keystone/wmfkeystoneauth.egg-info/entry_points.txt
 
b/modules/openstack/files/liberty/keystone/wmfkeystoneauth.egg-info/entry_points.txt
new file mode 100644
index 0000000..5ab1073
--- /dev/null
+++ 
b/modules/openstack/files/liberty/keystone/wmfkeystoneauth.egg-info/entry_points.txt
@@ -0,0 +1,5 @@
+[keystone.auth.wmtotp]
+default = wmfkeystoneauth.wmtotp:Wmtotp
+
+[keystone.auth.password]
+whitelist = wmfkeystoneauth.password_whitelist:PasswordWhitelist
diff --git a/modules/openstack/files/liberty/keystone/password_whitelist.py 
b/modules/openstack/files/liberty/keystone/wmfkeystoneauth/password_whitelist.py
similarity index 100%
rename from modules/openstack/files/liberty/keystone/password_whitelist.py
rename to 
modules/openstack/files/liberty/keystone/wmfkeystoneauth/password_whitelist.py
diff --git a/modules/openstack/files/liberty/keystone/wmtotp.py 
b/modules/openstack/files/liberty/keystone/wmfkeystoneauth/wmtotp.py
similarity index 98%
rename from modules/openstack/files/liberty/keystone/wmtotp.py
rename to modules/openstack/files/liberty/keystone/wmfkeystoneauth/wmtotp.py
index 9ccee16..2e2b3ce 100644
--- a/modules/openstack/files/liberty/keystone/wmtotp.py
+++ b/modules/openstack/files/liberty/keystone/wmfkeystoneauth/wmtotp.py
@@ -19,7 +19,7 @@
 
 from keystone import auth
 from keystone.auth import plugins as auth_plugins
-from keystone.auth.plugins import password_whitelist
+import password_whitelist
 from keystone.common import dependency
 from keystone import exception
 from keystone.i18n import _
diff --git 
a/modules/openstack/files/mitaka/keystone/wmfkeystoneauth.egg-info/entry_points.txt
 
b/modules/openstack/files/mitaka/keystone/wmfkeystoneauth.egg-info/entry_points.txt
new file mode 100644
index 0000000..5ab1073
--- /dev/null
+++ 
b/modules/openstack/files/mitaka/keystone/wmfkeystoneauth.egg-info/entry_points.txt
@@ -0,0 +1,5 @@
+[keystone.auth.wmtotp]
+default = wmfkeystoneauth.wmtotp:Wmtotp
+
+[keystone.auth.password]
+whitelist = wmfkeystoneauth.password_whitelist:PasswordWhitelist
diff --git a/modules/openstack/files/liberty/keystone/password_whitelist.py 
b/modules/openstack/files/mitaka/keystone/wmfkeystoneauth/password_whitelist.py
similarity index 100%
copy from modules/openstack/files/liberty/keystone/password_whitelist.py
copy to 
modules/openstack/files/mitaka/keystone/wmfkeystoneauth/password_whitelist.py
diff --git a/modules/openstack/files/liberty/keystone/wmtotp.py 
b/modules/openstack/files/mitaka/keystone/wmfkeystoneauth/wmtotp.py
similarity index 98%
copy from modules/openstack/files/liberty/keystone/wmtotp.py
copy to modules/openstack/files/mitaka/keystone/wmfkeystoneauth/wmtotp.py
index 9ccee16..2e2b3ce 100644
--- a/modules/openstack/files/liberty/keystone/wmtotp.py
+++ b/modules/openstack/files/mitaka/keystone/wmfkeystoneauth/wmtotp.py
@@ -19,7 +19,7 @@
 
 from keystone import auth
 from keystone.auth import plugins as auth_plugins
-from keystone.auth.plugins import password_whitelist
+import password_whitelist
 from keystone.common import dependency
 from keystone import exception
 from keystone.i18n import _
diff --git a/modules/openstack/manifests/keystone/service.pp 
b/modules/openstack/manifests/keystone/service.pp
index 229b860..08d77e2 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -39,18 +39,20 @@
             owner   => 'root',
             group   => 'root',
             require => Package['keystone'];
-        '/usr/lib/python2.7/dist-packages/keystone/auth/plugins/wmtotp.py':
-            source  => 
"puppet:///modules/openstack/${openstack_version}/keystone/wmtotp.py",
-            mode    => '0644',
+        '/usr/lib/python2.7/dist-packages/wmfkeystoneauth':
+            source  => 
"puppet:///modules/openstack/${openstack_version}/keystone/wmfkeystoneauth",
             owner   => 'root',
             group   => 'root',
-            require => Package['keystone'];
-        
'/usr/lib/python2.7/dist-packages/keystone/auth/plugins/password_whitelist.py':
-            source  => 
"puppet:///modules/openstack/${openstack_version}/keystone/password_whitelist.py",
             mode    => '0644',
+            notify  => Service['keystone'],
+            recurse => true;
+        '/usr/lib/python2.7/dist-packages/wmfkeystoneauth.egg-info':
+            source  => 
"puppet:///modules/openstack/${openstack_version}/keystone/wmfkeystoneauth.egg-info",
             owner   => 'root',
             group   => 'root',
-            require => Package['keystone'];
+            mode    => '0644',
+            notify  => Service['keystone'],
+            recurse => true;
     }
 
     if $::fqdn == hiera('labs_nova_controller') {
diff --git a/modules/openstack/templates/liberty/keystone/keystone.conf.erb 
b/modules/openstack/templates/liberty/keystone/keystone.conf.erb
index 2b90187..5594c5a 100644
--- a/modules/openstack/templates/liberty/keystone/keystone.conf.erb
+++ b/modules/openstack/templates/liberty/keystone/keystone.conf.erb
@@ -410,10 +410,9 @@
 [auth]
 methods = external,password,token,wmtotp
 
-wmtotp = keystone.auth.plugins.wmtotp.Wmtotp
 # Override the default password plugin with a custom
 #  one that checks source IPs.
-password = keystone.auth.plugins.password_whitelist.PasswordWhitelist
+password = whitelist
 
 <% @labs_networks.each do |subnet| -%>
 password_whitelist = novaobserver:<%=subnet%>
diff --git a/modules/openstack/templates/mitaka/keystone/keystone.conf.erb 
b/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
index ecbfa5e..a493ced 100644
--- a/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
+++ b/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
@@ -410,7 +410,9 @@
 [auth]
 methods = external,password,token,wmtotp
 
-wmtotp = keystone.auth.plugins.wmtotp.Wmtotp
+# Override the default password plugin with a custom
+#  one that checks source IPs.
+password = whitelist
 
 [oath]
 

-- 
To view, visit https://gerrit.wikimedia.org/r/328293
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0aa5236529fa551d2032f43c0a4ed90ebc72750e
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Keystone: Give custom auth plugins entry points

Reply via email to