Merge "Use keystoneauth1 instead of keystoneclient.auth"

This commit is contained in:
Jenkins 2016-05-31 05:16:04 +00:00 committed by Gerrit Code Review
commit 19dbf0119b
12 changed files with 70 additions and 73 deletions

View File

@ -14,8 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from keystoneclient import exceptions as keystone_exceptions
from keystoneclient import session
from keystoneauth1 import exceptions as keystone_exceptions
from keystoneauth1 import session
from webob import exc
from heat.common import config
@ -34,7 +34,7 @@ class KeystonePasswordAuthProtocol(object):
def __init__(self, app, conf):
self.app = app
self.conf = conf
self.session = session.Session.construct(self._ssl_options())
self.session = session.Session(**config.get_ssl_options('keystone'))
def __call__(self, env, start_response):
"""Authenticate incoming request."""
@ -105,13 +105,6 @@ class KeystonePasswordAuthProtocol(object):
return headers
def _ssl_options(self):
opts = {'cacert': config.get_client_option('keystone', 'ca_file'),
'insecure': config.get_client_option('keystone', 'insecure'),
'cert': config.get_client_option('keystone', 'cert_file'),
'key': config.get_client_option('keystone', 'key_file')}
return opts
def filter_factory(global_conf, **local_conf):
"""Returns a WSGI filter app for use with paste.deploy."""

View File

@ -482,6 +482,21 @@ def get_client_option(client, option):
return getattr(cfg.CONF.clients, option)
def get_ssl_options(client):
# Look for the ssl options in the [clients_${client}] section
cacert = get_client_option(client, 'ca_file')
insecure = get_client_option(client, 'insecure')
cert = get_client_option(client, 'cert_file')
key = get_client_option(client, 'key_file')
if insecure:
verify = False
else:
verify = cacert or True
if cert and key:
cert = (cert, key)
return {'verify': verify, 'cert': cert}
def set_config_defaults():
"""This method updates all configuration default values."""
# CORS Defaults

View File

@ -11,11 +11,11 @@
# License for the specific language governing permissions and limitations
# under the License.
from keystoneclient import access
from keystoneclient import auth
from keystoneclient.auth.identity import access as access_plugin
from keystoneclient.auth.identity import v3
from keystoneclient.auth import token_endpoint
from keystoneauth1 import access
from keystoneauth1.identity import access as access_plugin
from keystoneauth1.identity import v3
from keystoneauth1 import loading as ks_loading
from keystoneauth1 import token_endpoint
from oslo_config import cfg
from oslo_context import context
from oslo_log import log as logging
@ -37,22 +37,23 @@ LOG = logging.getLogger(__name__)
# Note, we yield the options via list_opts to enable generation of the
# sample heat.conf, but we don't register these options directly via
# cfg.CONF.register*, it's done via auth.register_conf_options
# Note, only auth_plugin = v3password is expected to work, example config:
# cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options
# Note, only auth_type = v3password is expected to work, example config:
# [trustee]
# auth_plugin = password
# auth_type = v3password
# auth_url = http://192.168.1.2:35357
# username = heat
# password = password
# user_domain_id = default
V3_PASSWORD_PLUGIN = 'v3password'
TRUSTEE_CONF_GROUP = 'trustee'
auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
def list_opts():
trustee_opts = auth.conf.get_common_conf_options()
trustee_opts.extend(auth.conf.get_plugin_options(V3_PASSWORD_PLUGIN))
trustee_opts = ks_loading.get_auth_common_conf_options()
trustee_opts.extend(ks_loading.get_auth_plugin_conf_options(
V3_PASSWORD_PLUGIN))
yield TRUSTEE_CONF_GROUP, trustee_opts
@ -182,7 +183,7 @@ class RequestContext(context.RequestContext):
if self._trusts_auth_plugin:
return self._trusts_auth_plugin
self._trusts_auth_plugin = auth.load_from_conf_options(
self._trusts_auth_plugin = ks_loading.load_auth_from_conf_options(
cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id)
if self._trusts_auth_plugin:
@ -210,8 +211,8 @@ class RequestContext(context.RequestContext):
def _create_auth_plugin(self):
if self.auth_token_info:
auth_ref = access.AccessInfo.factory(body=self.auth_token_info,
auth_token=self.auth_token)
auth_ref = access.AccessInfoV3(self.auth_token_info,
auth_token=self.auth_token)
return access_plugin.AccessInfoPlugin(
auth_url=self.keystone_v3_endpoint,
auth_ref=auth_ref)

View File

@ -17,9 +17,9 @@ import collections
import uuid
import weakref
from keystoneclient.auth.identity import v3 as kc_auth_v3
from keystoneauth1.identity import v3 as kc_auth_v3
from keystoneauth1 import session
import keystoneclient.exceptions as kc_exception
from keystoneclient import session
from keystoneclient.v3 import client as kc_v3
from oslo_config import cfg
from oslo_log import log as logging
@ -76,7 +76,7 @@ class KeystoneClientV3(object):
self._domain_admin_auth = None
self._domain_admin_client = None
self.session = session.Session.construct(self._ssl_options())
self.session = session.Session(**config.get_ssl_options('keystone'))
self.v3_endpoint = self.context.keystone_v3_endpoint
if self.context.trust_id:
@ -176,13 +176,6 @@ class KeystoneClientV3(object):
return client
def _ssl_options(self):
opts = {'cacert': config.get_client_option('keystone', 'ca_file'),
'insecure': config.get_client_option('keystone', 'insecure'),
'cert': config.get_client_option('keystone', 'cert_file'),
'key': config.get_client_option('keystone', 'key_file')}
return opts
def create_trust_context(self):
"""Create a trust using the trustor identity in the current context.

View File

@ -16,11 +16,11 @@ import functools
import sys
import weakref
from keystoneclient import auth
from keystoneclient.auth.identity import v2
from keystoneclient.auth.identity import v3
from keystoneclient import exceptions
from keystoneclient import session
from keystoneauth1 import exceptions
from keystoneauth1.identity import v2
from keystoneauth1.identity import v3
from keystoneauth1 import plugin
from keystoneauth1 import session
from oslo_config import cfg
import requests
import six
@ -130,12 +130,8 @@ class ClientPlugin(object):
# authentication requests so there is no reason to construct it fresh
# for every client plugin. It should be global and shared amongst them.
if not self._keystone_session_obj:
o = {'cacert': self._get_client_option('keystone', 'ca_file'),
'insecure': self._get_client_option('keystone', 'insecure'),
'cert': self._get_client_option('keystone', 'cert_file'),
'key': self._get_client_option('keystone', 'key_file')}
self._keystone_session_obj = session.Session.construct(o)
self._keystone_session_obj = session.Session(
**config.get_ssl_options('keystone'))
return self._keystone_session_obj
@ -205,8 +201,8 @@ class ClientPlugin(object):
kc = self.clients.client('keystone').client
auth_plugin = self.context.auth_plugin
endpoint = auth_plugin.get_endpoint(None,
interface=auth.AUTH_INTERFACE)
endpoint = auth_plugin.get_endpoint(
None, interface=plugin.AUTH_INTERFACE)
token = auth_plugin.get_token(None)
project_id = auth_plugin.get_project_id(None)

View File

@ -18,7 +18,7 @@ from glanceclient import exc as glance_exc
from glanceclient.openstack.common.apiclient import exceptions as g_a_exc
from heatclient import client as heatclient
from heatclient import exc as heat_exc
from keystoneclient.auth.identity import v3
from keystoneauth1.identity import v3
from keystoneclient import exceptions as keystone_exc
from manilaclient import exceptions as manila_exc
import mock

View File

@ -14,13 +14,13 @@
import json
import uuid
from keystoneclient import access as ks_access
from keystoneclient import auth as ks_auth
from keystoneclient.auth.identity import access as ks_auth_access
from keystoneclient.auth.identity import v3 as ks_auth_v3
from keystoneclient.auth import token_endpoint as ks_token_endpoint
import keystoneclient.exceptions as kc_exception
from keystoneclient import session as ks_session
from keystoneauth1 import access as ks_access
from keystoneauth1 import exceptions as kc_exception
from keystoneauth1.identity import access as ks_auth_access
from keystoneauth1.identity import v3 as ks_auth_v3
from keystoneauth1 import loading as ks_loading
from keystoneauth1 import session as ks_session
from keystoneauth1 import token_endpoint as ks_token_endpoint
from keystoneclient.v3 import client as kc_v3
from keystoneclient.v3 import domains as kc_v3_domains
import mox
@ -52,7 +52,7 @@ class KeystoneClientTest(common.HeatTestCase):
self.m.StubOutWithMock(ks_auth_v3, 'Password')
self.m.StubOutWithMock(ks_token_endpoint, 'Token')
self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin')
self.m.StubOutWithMock(ks_auth, 'load_from_conf_options')
self.m.StubOutWithMock(ks_loading, 'load_auth_from_conf_options')
cfg.CONF.set_override('auth_uri', 'http://server.test:5000/v2.0',
group='keystone_authtoken', enforce_type=True)
@ -77,7 +77,8 @@ class KeystoneClientTest(common.HeatTestCase):
else:
a.AndRaise(kc_exception.Unauthorized)
m = ks_auth.load_from_conf_options(cfg.CONF, 'trustee', trust_id=None)
m = ks_loading.load_auth_from_conf_options(
cfg.CONF, 'trustee', trust_id=None)
m.AndReturn(mock_ks_auth)
def _stub_domain_admin_client(self, domain_id=None):
@ -121,9 +122,9 @@ class KeystoneClientTest(common.HeatTestCase):
user_domain_id='adomain123')
elif method == 'trust':
p = ks_auth.load_from_conf_options(cfg.CONF,
'trustee',
trust_id='atrust123')
p = ks_loading.load_auth_from_conf_options(cfg.CONF,
'trustee',
trust_id='atrust123')
mock_auth_ref.user_id = user_id or 'trustor_user_id'
mock_auth_ref.project_id = project_id or 'test_tenant_id'

View File

@ -18,8 +18,8 @@ wrong the tests might raise AssertionError. I've indicated in comments the
places where actual behavior differs from the spec.
"""
from keystoneclient import auth
from keystoneclient import session
from keystoneauth1 import plugin
from keystoneauth1 import session
from heat.common import context
@ -73,7 +73,7 @@ class FakeClient(object):
pass
class FakeAuth(auth.BaseAuthPlugin):
class FakeAuth(plugin.BaseAuthPlugin):
def __init__(self, auth_token='abcd1234', only_services=None):
self.auth_token = auth_token

View File

@ -14,9 +14,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from keystoneclient.auth.identity import v3 as ks_v3_auth
from keystoneauth1.identity import v3 as ks_v3_auth
from keystoneauth1 import session as ks_session
from keystoneclient import exceptions as keystone_exc
from keystoneclient import session as ks_session
import mox
from oslo_config import cfg
import six

View File

@ -198,7 +198,7 @@ class TestRequestContext(common.HeatTestCase):
ctx = context.RequestContext(auth_url=None,
user_domain_id='non-default',
username='test')
with mock.patch('keystoneclient.auth.identity.v3.Password') as ps:
with mock.patch('keystoneauth1.identity.v3.Password') as ps:
ctx.trusts_auth_plugin
ps.assert_called_once_with(username='heat',
password='password',

View File

@ -16,9 +16,9 @@ from ceilometerclient import client as ceilometer_client
from cinderclient import client as cinder_client
from heat.common.i18n import _
from heatclient import client as heat_client
from keystoneclient.auth.identity.generic import password
from keystoneclient import exceptions as kc_exceptions
from keystoneclient import session
from keystoneauth1 import exceptions as kc_exceptions
from keystoneauth1.identity.generic import password
from keystoneauth1 import session
from neutronclient.v2_0 import client as neutron_client
from novaclient import client as nova_client
from swiftclient import client as swift_client
@ -51,10 +51,7 @@ class KeystoneWrapperClient(object):
def get_endpoint_url(self, service_type, region=None):
kwargs = {
'service_type': service_type,
'endpoint_type': 'publicURL'}
if region:
kwargs.update({'attr': 'region',
'filter_value': region})
'region_name': region}
return self.auth_ref.service_catalog.url_for(**kwargs)

View File

@ -9,6 +9,7 @@ cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
debtcollector>=1.2.0 # Apache-2.0
eventlet!=0.18.3,>=0.18.2 # MIT
greenlet>=0.3.2 # MIT
keystoneauth1>=2.1.0 # Apache-2.0
keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0
lxml>=2.3 # BSD
netaddr!=0.7.16,>=0.7.12 # BSD