Home > openstack > Exploring directories and files in Openstack ‘keystone’

Exploring directories and files in Openstack ‘keystone’

After I had an occasion to explore openstack ‘keystone’, I decided to note down few things I noticed in my journey.
Directory Structure:
keystone have a very organized directory structure(which is also analogous to other openstack components). keystone has the following directories:

assignment/ auth/ catalog/ common/ contrib/ credential/ identity/ locale/ middleware/ openstack/ policy/ tests/ token/ trust/

Each directory (except few ex: assignment and middleware, locale) have routers.py and controllers.py file which means that each directory is supposed to reroute url and match to actions in its corresponding controllers. For example, if the url is like ‘../user/tokens/’, routes.py inside the ‘token’ directory will be called and controllers.py inside the token directory will have corresponding matching action. This is a pretty good organization. The ‘contrib’ directory contains contributors code and if you add new functionality to keystone (ex. adding session in keystone) you would preferably add it inside ‘contrib’ directory.

Another thing to notice is that everything inside ‘ openstack/common’ directory is common to the whole openstack system. ‘openstack/common/policy.py’ file, for example, implements policy check() mechanism that is used by the whole openstack framework for enforcing policy check.

Files: After kinda skimming over the files in the keystone directory, I have the following insight on “which file do what stuff” (view from thousand miles above):


/opt/stack/etc/policy.json
-- Another file similar to /etc/keystone/policy.json
-- I do not know how it differ from /etc/keystone/policy.json

/opt/stack/keystone/keystone/controllers.py
-- resolve version (2.0/ 3.0) from given url and calls next steps accordingly.

/opt/stack/keystone/keystone/notification.py
-- notifies by sending email for informing admin / stuff for certain actions

/opt/stack/keystone/keystone/auth/routers.py
-- This file is used to match corresponding controller and action from pattern in url
-- works with url like (/auth/tokens).
-- route mapper for check token, validate_token, revoke_token()

/opt/stack/keystone/keystone/policy/controllers.py
-- policy for version 3. Seems not so important for version 2.0.

/opt/stack/keystone/keystone/policy/core.py
-- Probably, interface for get_policy(), update_policy(), delete_policy() and so on..

/opt/stack/keystone/keystone/policy/routers.py
-- loading some script, have only import statements.

/opt/stack/keystone/keystone/policy/backends/rules.py
-- policy engine for keystone. In fact, this is a wrapper for keystone.openstack.common

(common_policy file) which implements sets_rule and check method.,
-- Policy path (which is /etc/keystone/policy.conf) is set here

/opt/stack/keystone/keystone/openstack/common/policy.py
-- Implements set_rules, check method for policy restrictions
-- We can enumerate here all the policy rules that are checked against a given action.

/opt/stack/keystone/keystone/common/wsgi.py
-- Prepare context variable that is passed along subsequent calls in keystone.
-- Class Application member method __call__(), finds appropriate method to call and call it

with context variable.
-- assert_admin() (which is used to ensure admin priviledge) is implemented here.

/opt/stack/keystone/keystone/common/router.py
-- seems to create router path and corresponding controller, action mapping

/opt/stack/keystone/keystone/identity/controllers.py
-- implements the subcommand associated with keystone . ex. keystone user-list

/opt/stack/keystone/keystone/openstack/common/policy.py
-- policy check() method implements here.
-- Stuffs here work for all openstack components(which can also be infurred by '/openstack/common/' as it occours in the path name).

Advertisements
Categories: openstack Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: