Hi Mark, Of particular interest are your views on the changes to keystone/common/config.py. The requirement is that we need to be able to instantiate multiple conf objects (built from different sets of config files). We tried two approaches to this:
https://review.openstack.org/#/c/39530/11 which attempts to keep the current keystone config helper apps (register_bool() etc.) by passing on the conf instance, and https://review.openstack.org/#/c/39530/12 which removes these helper apps and just calls the methods on the conf itself (conf.register_opt()) Both functionally work, but interested in your views on both approaches. Henry On 6 Aug 2013, at 19:26, ayoung (Code Review) wrote: > Hello Mark McLoughlin, > > I'd like you to do a code review. Please visit > > https://review.openstack.org/39530 > > to review the following change. > > Change subject: Implement domain specific Identity backends > ...................................................................... > > Implement domain specific Identity backends > > A common scenario in shared clouds will be that a cloud provider will > want to be able to offer larger customers the ability to interface to > their chosen identity provider. In the base case, this might well be > their own corporate LDAP/AD directory. A cloud provider might also > want smaller customers to have their identity managed solely > within the OpenStack cloud, perhaps in a shared SQL database. > > This patch allows domain specifc backends for identity objects > (namely User and groups), which are specified by creation of a domain > configuration file for each domain that requires its own backend. > > A side benefit of this change is that it clearly separates the > backends into those that are domain-aware and those that are not, > allowing, for example, the removal of domain validation from the > LDAP identity backend. > > Implements bp multiple-ldap-servers > > Change-Id: I489e8e50035f88eca4235908ae8b1a532645daab > --- > M doc/source/configuration.rst > M etc/keystone.conf.sample > M keystone/auth/plugins/password.py > M keystone/catalog/backends/templated.py > M keystone/common/config.py > M keystone/common/controller.py > M keystone/common/ldap/fakeldap.py > M keystone/common/utils.py > M keystone/config.py > M keystone/identity/backends/kvs.py > M keystone/identity/backends/ldap.py > M keystone/identity/backends/pam.py > M keystone/identity/backends/sql.py > M keystone/identity/controllers.py > M keystone/identity/core.py > M keystone/test.py > M keystone/token/backends/memcache.py > M keystone/token/core.py > A tests/backend_multi_ldap_sql.conf > A tests/keystone.Default.conf > A tests/keystone.domain1.conf > A tests/keystone.domain2.conf > M tests/test_backend.py > M tests/test_backend_ldap.py > 24 files changed, 1,028 insertions(+), 372 deletions(-) > > > git pull ssh://review.openstack.org:29418/openstack/keystone > refs/changes/30/39530/12 > -- > To view, visit https://review.openstack.org/39530 > To unsubscribe, visit https://review.openstack.org/settings > > Gerrit-MessageType: newchange > Gerrit-Change-Id: I489e8e50035f88eca4235908ae8b1a532645daab > Gerrit-PatchSet: 12 > Gerrit-Project: openstack/keystone > Gerrit-Branch: master > Gerrit-Owner: henry-nash <hen...@linux.vnet.ibm.com> > Gerrit-Reviewer: Brant Knudson <bknud...@us.ibm.com> > Gerrit-Reviewer: Dolph Mathews <dolph.math...@gmail.com> > Gerrit-Reviewer: Jenkins > Gerrit-Reviewer: Mark McLoughlin <mar...@redhat.com> > Gerrit-Reviewer: Sahdev Zala <spz...@us.ibm.com> > Gerrit-Reviewer: SmokeStack > Gerrit-Reviewer: ayoung <ayo...@redhat.com> > Gerrit-Reviewer: henry-nash <hen...@linux.vnet.ibm.com> > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev