Merge "Use keystoneauth1 instead of keystoneclient.auth"
This commit is contained in:
commit
19dbf0119b
@ -14,8 +14,8 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from keystoneclient import exceptions as keystone_exceptions
|
||||
from keystoneclient import session
|
||||
from keystoneauth1 import exceptions as keystone_exceptions
|
||||
from keystoneauth1 import session
|
||||
from webob import exc
|
||||
|
||||
from heat.common import config
|
||||
@ -34,7 +34,7 @@ class KeystonePasswordAuthProtocol(object):
|
||||
def __init__(self, app, conf):
|
||||
self.app = app
|
||||
self.conf = conf
|
||||
self.session = session.Session.construct(self._ssl_options())
|
||||
self.session = session.Session(**config.get_ssl_options('keystone'))
|
||||
|
||||
def __call__(self, env, start_response):
|
||||
"""Authenticate incoming request."""
|
||||
@ -105,13 +105,6 @@ class KeystonePasswordAuthProtocol(object):
|
||||
|
||||
return headers
|
||||
|
||||
def _ssl_options(self):
|
||||
opts = {'cacert': config.get_client_option('keystone', 'ca_file'),
|
||||
'insecure': config.get_client_option('keystone', 'insecure'),
|
||||
'cert': config.get_client_option('keystone', 'cert_file'),
|
||||
'key': config.get_client_option('keystone', 'key_file')}
|
||||
return opts
|
||||
|
||||
|
||||
def filter_factory(global_conf, **local_conf):
|
||||
"""Returns a WSGI filter app for use with paste.deploy."""
|
||||
|
@ -482,6 +482,21 @@ def get_client_option(client, option):
|
||||
return getattr(cfg.CONF.clients, option)
|
||||
|
||||
|
||||
def get_ssl_options(client):
|
||||
# Look for the ssl options in the [clients_${client}] section
|
||||
cacert = get_client_option(client, 'ca_file')
|
||||
insecure = get_client_option(client, 'insecure')
|
||||
cert = get_client_option(client, 'cert_file')
|
||||
key = get_client_option(client, 'key_file')
|
||||
if insecure:
|
||||
verify = False
|
||||
else:
|
||||
verify = cacert or True
|
||||
if cert and key:
|
||||
cert = (cert, key)
|
||||
return {'verify': verify, 'cert': cert}
|
||||
|
||||
|
||||
def set_config_defaults():
|
||||
"""This method updates all configuration default values."""
|
||||
# CORS Defaults
|
||||
|
@ -11,11 +11,11 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystoneclient import access
|
||||
from keystoneclient import auth
|
||||
from keystoneclient.auth.identity import access as access_plugin
|
||||
from keystoneclient.auth.identity import v3
|
||||
from keystoneclient.auth import token_endpoint
|
||||
from keystoneauth1 import access
|
||||
from keystoneauth1.identity import access as access_plugin
|
||||
from keystoneauth1.identity import v3
|
||||
from keystoneauth1 import loading as ks_loading
|
||||
from keystoneauth1 import token_endpoint
|
||||
from oslo_config import cfg
|
||||
from oslo_context import context
|
||||
from oslo_log import log as logging
|
||||
@ -37,22 +37,23 @@ LOG = logging.getLogger(__name__)
|
||||
|
||||
# Note, we yield the options via list_opts to enable generation of the
|
||||
# sample heat.conf, but we don't register these options directly via
|
||||
# cfg.CONF.register*, it's done via auth.register_conf_options
|
||||
# Note, only auth_plugin = v3password is expected to work, example config:
|
||||
# cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options
|
||||
# Note, only auth_type = v3password is expected to work, example config:
|
||||
# [trustee]
|
||||
# auth_plugin = password
|
||||
# auth_type = v3password
|
||||
# auth_url = http://192.168.1.2:35357
|
||||
# username = heat
|
||||
# password = password
|
||||
# user_domain_id = default
|
||||
V3_PASSWORD_PLUGIN = 'v3password'
|
||||
TRUSTEE_CONF_GROUP = 'trustee'
|
||||
auth.register_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
|
||||
ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
|
||||
|
||||
|
||||
def list_opts():
|
||||
trustee_opts = auth.conf.get_common_conf_options()
|
||||
trustee_opts.extend(auth.conf.get_plugin_options(V3_PASSWORD_PLUGIN))
|
||||
trustee_opts = ks_loading.get_auth_common_conf_options()
|
||||
trustee_opts.extend(ks_loading.get_auth_plugin_conf_options(
|
||||
V3_PASSWORD_PLUGIN))
|
||||
yield TRUSTEE_CONF_GROUP, trustee_opts
|
||||
|
||||
|
||||
@ -182,7 +183,7 @@ class RequestContext(context.RequestContext):
|
||||
if self._trusts_auth_plugin:
|
||||
return self._trusts_auth_plugin
|
||||
|
||||
self._trusts_auth_plugin = auth.load_from_conf_options(
|
||||
self._trusts_auth_plugin = ks_loading.load_auth_from_conf_options(
|
||||
cfg.CONF, TRUSTEE_CONF_GROUP, trust_id=self.trust_id)
|
||||
|
||||
if self._trusts_auth_plugin:
|
||||
@ -210,8 +211,8 @@ class RequestContext(context.RequestContext):
|
||||
|
||||
def _create_auth_plugin(self):
|
||||
if self.auth_token_info:
|
||||
auth_ref = access.AccessInfo.factory(body=self.auth_token_info,
|
||||
auth_token=self.auth_token)
|
||||
auth_ref = access.AccessInfoV3(self.auth_token_info,
|
||||
auth_token=self.auth_token)
|
||||
return access_plugin.AccessInfoPlugin(
|
||||
auth_url=self.keystone_v3_endpoint,
|
||||
auth_ref=auth_ref)
|
||||
|
@ -17,9 +17,9 @@ import collections
|
||||
import uuid
|
||||
import weakref
|
||||
|
||||
from keystoneclient.auth.identity import v3 as kc_auth_v3
|
||||
from keystoneauth1.identity import v3 as kc_auth_v3
|
||||
from keystoneauth1 import session
|
||||
import keystoneclient.exceptions as kc_exception
|
||||
from keystoneclient import session
|
||||
from keystoneclient.v3 import client as kc_v3
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
@ -76,7 +76,7 @@ class KeystoneClientV3(object):
|
||||
self._domain_admin_auth = None
|
||||
self._domain_admin_client = None
|
||||
|
||||
self.session = session.Session.construct(self._ssl_options())
|
||||
self.session = session.Session(**config.get_ssl_options('keystone'))
|
||||
self.v3_endpoint = self.context.keystone_v3_endpoint
|
||||
|
||||
if self.context.trust_id:
|
||||
@ -176,13 +176,6 @@ class KeystoneClientV3(object):
|
||||
|
||||
return client
|
||||
|
||||
def _ssl_options(self):
|
||||
opts = {'cacert': config.get_client_option('keystone', 'ca_file'),
|
||||
'insecure': config.get_client_option('keystone', 'insecure'),
|
||||
'cert': config.get_client_option('keystone', 'cert_file'),
|
||||
'key': config.get_client_option('keystone', 'key_file')}
|
||||
return opts
|
||||
|
||||
def create_trust_context(self):
|
||||
"""Create a trust using the trustor identity in the current context.
|
||||
|
||||
|
@ -16,11 +16,11 @@ import functools
|
||||
import sys
|
||||
import weakref
|
||||
|
||||
from keystoneclient import auth
|
||||
from keystoneclient.auth.identity import v2
|
||||
from keystoneclient.auth.identity import v3
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import session
|
||||
from keystoneauth1 import exceptions
|
||||
from keystoneauth1.identity import v2
|
||||
from keystoneauth1.identity import v3
|
||||
from keystoneauth1 import plugin
|
||||
from keystoneauth1 import session
|
||||
from oslo_config import cfg
|
||||
import requests
|
||||
import six
|
||||
@ -130,12 +130,8 @@ class ClientPlugin(object):
|
||||
# authentication requests so there is no reason to construct it fresh
|
||||
# for every client plugin. It should be global and shared amongst them.
|
||||
if not self._keystone_session_obj:
|
||||
o = {'cacert': self._get_client_option('keystone', 'ca_file'),
|
||||
'insecure': self._get_client_option('keystone', 'insecure'),
|
||||
'cert': self._get_client_option('keystone', 'cert_file'),
|
||||
'key': self._get_client_option('keystone', 'key_file')}
|
||||
|
||||
self._keystone_session_obj = session.Session.construct(o)
|
||||
self._keystone_session_obj = session.Session(
|
||||
**config.get_ssl_options('keystone'))
|
||||
|
||||
return self._keystone_session_obj
|
||||
|
||||
@ -205,8 +201,8 @@ class ClientPlugin(object):
|
||||
kc = self.clients.client('keystone').client
|
||||
|
||||
auth_plugin = self.context.auth_plugin
|
||||
endpoint = auth_plugin.get_endpoint(None,
|
||||
interface=auth.AUTH_INTERFACE)
|
||||
endpoint = auth_plugin.get_endpoint(
|
||||
None, interface=plugin.AUTH_INTERFACE)
|
||||
token = auth_plugin.get_token(None)
|
||||
project_id = auth_plugin.get_project_id(None)
|
||||
|
||||
|
@ -18,7 +18,7 @@ from glanceclient import exc as glance_exc
|
||||
from glanceclient.openstack.common.apiclient import exceptions as g_a_exc
|
||||
from heatclient import client as heatclient
|
||||
from heatclient import exc as heat_exc
|
||||
from keystoneclient.auth.identity import v3
|
||||
from keystoneauth1.identity import v3
|
||||
from keystoneclient import exceptions as keystone_exc
|
||||
from manilaclient import exceptions as manila_exc
|
||||
import mock
|
||||
|
@ -14,13 +14,13 @@
|
||||
import json
|
||||
import uuid
|
||||
|
||||
from keystoneclient import access as ks_access
|
||||
from keystoneclient import auth as ks_auth
|
||||
from keystoneclient.auth.identity import access as ks_auth_access
|
||||
from keystoneclient.auth.identity import v3 as ks_auth_v3
|
||||
from keystoneclient.auth import token_endpoint as ks_token_endpoint
|
||||
import keystoneclient.exceptions as kc_exception
|
||||
from keystoneclient import session as ks_session
|
||||
from keystoneauth1 import access as ks_access
|
||||
from keystoneauth1 import exceptions as kc_exception
|
||||
from keystoneauth1.identity import access as ks_auth_access
|
||||
from keystoneauth1.identity import v3 as ks_auth_v3
|
||||
from keystoneauth1 import loading as ks_loading
|
||||
from keystoneauth1 import session as ks_session
|
||||
from keystoneauth1 import token_endpoint as ks_token_endpoint
|
||||
from keystoneclient.v3 import client as kc_v3
|
||||
from keystoneclient.v3 import domains as kc_v3_domains
|
||||
import mox
|
||||
@ -52,7 +52,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
self.m.StubOutWithMock(ks_auth_v3, 'Password')
|
||||
self.m.StubOutWithMock(ks_token_endpoint, 'Token')
|
||||
self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin')
|
||||
self.m.StubOutWithMock(ks_auth, 'load_from_conf_options')
|
||||
self.m.StubOutWithMock(ks_loading, 'load_auth_from_conf_options')
|
||||
|
||||
cfg.CONF.set_override('auth_uri', 'http://server.test:5000/v2.0',
|
||||
group='keystone_authtoken', enforce_type=True)
|
||||
@ -77,7 +77,8 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
else:
|
||||
a.AndRaise(kc_exception.Unauthorized)
|
||||
|
||||
m = ks_auth.load_from_conf_options(cfg.CONF, 'trustee', trust_id=None)
|
||||
m = ks_loading.load_auth_from_conf_options(
|
||||
cfg.CONF, 'trustee', trust_id=None)
|
||||
m.AndReturn(mock_ks_auth)
|
||||
|
||||
def _stub_domain_admin_client(self, domain_id=None):
|
||||
@ -121,9 +122,9 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
user_domain_id='adomain123')
|
||||
|
||||
elif method == 'trust':
|
||||
p = ks_auth.load_from_conf_options(cfg.CONF,
|
||||
'trustee',
|
||||
trust_id='atrust123')
|
||||
p = ks_loading.load_auth_from_conf_options(cfg.CONF,
|
||||
'trustee',
|
||||
trust_id='atrust123')
|
||||
|
||||
mock_auth_ref.user_id = user_id or 'trustor_user_id'
|
||||
mock_auth_ref.project_id = project_id or 'test_tenant_id'
|
||||
|
@ -18,8 +18,8 @@ wrong the tests might raise AssertionError. I've indicated in comments the
|
||||
places where actual behavior differs from the spec.
|
||||
"""
|
||||
|
||||
from keystoneclient import auth
|
||||
from keystoneclient import session
|
||||
from keystoneauth1 import plugin
|
||||
from keystoneauth1 import session
|
||||
|
||||
from heat.common import context
|
||||
|
||||
@ -73,7 +73,7 @@ class FakeClient(object):
|
||||
pass
|
||||
|
||||
|
||||
class FakeAuth(auth.BaseAuthPlugin):
|
||||
class FakeAuth(plugin.BaseAuthPlugin):
|
||||
|
||||
def __init__(self, auth_token='abcd1234', only_services=None):
|
||||
self.auth_token = auth_token
|
||||
|
@ -14,9 +14,9 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from keystoneclient.auth.identity import v3 as ks_v3_auth
|
||||
from keystoneauth1.identity import v3 as ks_v3_auth
|
||||
from keystoneauth1 import session as ks_session
|
||||
from keystoneclient import exceptions as keystone_exc
|
||||
from keystoneclient import session as ks_session
|
||||
import mox
|
||||
from oslo_config import cfg
|
||||
import six
|
||||
|
@ -198,7 +198,7 @@ class TestRequestContext(common.HeatTestCase):
|
||||
ctx = context.RequestContext(auth_url=None,
|
||||
user_domain_id='non-default',
|
||||
username='test')
|
||||
with mock.patch('keystoneclient.auth.identity.v3.Password') as ps:
|
||||
with mock.patch('keystoneauth1.identity.v3.Password') as ps:
|
||||
ctx.trusts_auth_plugin
|
||||
ps.assert_called_once_with(username='heat',
|
||||
password='password',
|
||||
|
@ -16,9 +16,9 @@ from ceilometerclient import client as ceilometer_client
|
||||
from cinderclient import client as cinder_client
|
||||
from heat.common.i18n import _
|
||||
from heatclient import client as heat_client
|
||||
from keystoneclient.auth.identity.generic import password
|
||||
from keystoneclient import exceptions as kc_exceptions
|
||||
from keystoneclient import session
|
||||
from keystoneauth1 import exceptions as kc_exceptions
|
||||
from keystoneauth1.identity.generic import password
|
||||
from keystoneauth1 import session
|
||||
from neutronclient.v2_0 import client as neutron_client
|
||||
from novaclient import client as nova_client
|
||||
from swiftclient import client as swift_client
|
||||
@ -51,10 +51,7 @@ class KeystoneWrapperClient(object):
|
||||
def get_endpoint_url(self, service_type, region=None):
|
||||
kwargs = {
|
||||
'service_type': service_type,
|
||||
'endpoint_type': 'publicURL'}
|
||||
if region:
|
||||
kwargs.update({'attr': 'region',
|
||||
'filter_value': region})
|
||||
'region_name': region}
|
||||
return self.auth_ref.service_catalog.url_for(**kwargs)
|
||||
|
||||
|
||||
|
@ -9,6 +9,7 @@ cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
|
||||
debtcollector>=1.2.0 # Apache-2.0
|
||||
eventlet!=0.18.3,>=0.18.2 # MIT
|
||||
greenlet>=0.3.2 # MIT
|
||||
keystoneauth1>=2.1.0 # Apache-2.0
|
||||
keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0
|
||||
lxml>=2.3 # BSD
|
||||
netaddr!=0.7.16,>=0.7.12 # BSD
|
||||
|
Loading…
Reference in New Issue
Block a user