keystone-配置文件模块[原创]

keystone.conf与conf模块

在conf文件夹下面，是keystone各个功能模块的默认配置和注册。一个文件代表一个模块，这个配置和keystone.conf是有关系的。文件名和keystone.conf 的section name对应。 section下面的配置项和文件内的配置项对应。每一个配置项都会有一个默认配置，如果在keystone.conf 中没有配置，则会启用默认配置。举个例子：

driver = cfg.StrOpt(
    'driver',
    default='sql',
    help=utils.fmt("""
Entry point for the assignment backend driver (where role assignments are
stored) in the `keystone.assignment` namespace. Only a SQL driver is supplied
by keystone itself. Unless you are writing proprietary drivers for keystone,
you do not need to set this option.
"""))
​
prohibited_implied_role = cfg.ListOpt(
    'prohibited_implied_role',
    default=['admin'],
    help=utils.fmt("""
A list of role names which are prohibited from being an implied role.
"""))
​
​
GROUP_NAME = __name__.split('.')[-1]
ALL_OPTS = [
    driver,
    prohibited_implied_role
]

 

​将配置项注册到全局配置文件管理中

def register_opts(conf):
    conf.register_opts(ALL_OPTS, group=GROUP_NAME)
​
​
def list_opts():
    return {GROUP_NAME: ALL_OPTS}

 

在keystone.conf中assigment的配置：

[assignment]
#driver = sql
#prohibited_implied_role = admin
​

配置文件的使用

    import keystone.conf
    CONF = keystone.conf.CONF

    def create_implied_role(self, prior_role_id, implied_role_id):
        implied_role = self.driver.get_role(implied_role_id)
        prior_role = self.driver.get_role(prior_role_id)
        if implied_role['name'] in CONF.assignment.prohibited_implied_role:  ##获取配置文件中的prohibited_implied_role
            raise exception.InvalidImpliedRole(role_id=implied_role_id)
        if prior_role['domain_id'] is None and implied_role['domain_id']:
            msg = _('Global role cannot imply a domain-specific role')
            raise exception.InvalidImpliedRole(msg,
                                               role_id=implied_role_id)
        response = self.driver.create_implied_role(
            prior_role_id, implied_role_id)
        COMPUTED_ASSIGNMENTS_REGION.invalidate()
        return response