diff --git a/heat/common/context.py b/heat/common/context.py index 09969a0cb..dcf5bc989 100644 --- a/heat/common/context.py +++ b/heat/common/context.py @@ -12,7 +12,7 @@ # under the License. from keystoneclient import access -from keystoneclient.auth.identity import base +from keystoneclient.auth.identity import access as access_plugin from keystoneclient.auth.identity import v3 from keystoneclient.auth import token_endpoint from oslo_config import cfg @@ -33,41 +33,6 @@ from heat.engine import clients LOG = logging.getLogger(__name__) -# FIXME(jamielennox): I copied this out of a review that is proposed against -# keystoneclient which can be used when available. -# https://review.openstack.org/#/c/143338/ -class _AccessInfoPlugin(base.BaseIdentityPlugin): - """A plugin that turns an existing AccessInfo object into a usable plugin. - - In certain circumstances you already have an auth_ref/AccessInfo object - that you just want to reuse. This could have been from a cache, in - auth_token middleware or other. - - Turn that existing object into a simple identity plugin. This plugin cannot - be refreshed as the AccessInfo object does not contain any authorizing - information. - - :param auth_ref: the existing AccessInfo object. - :type auth_ref: keystoneclient.access.AccessInfo - :param auth_url: the url where this AccessInfo was retrieved from. Required - if using the AUTH_INTERFACE with get_endpoint. (optional) - """ - - def __init__(self, auth_url, auth_ref): - super(_AccessInfoPlugin, self).__init__(auth_url=auth_url, - reauthenticate=False) - self.auth_ref = auth_ref - - def get_auth_ref(self, session, **kwargs): - return self.auth_ref - - def invalidate(self): - # NOTE(jamielennox): Don't allow the default invalidation to occur - # because on next authentication request we will only get the same - # auth_ref object again. - return False - - class RequestContext(context.RequestContext): """ Stores information about the security context under which the user @@ -180,7 +145,9 @@ class RequestContext(context.RequestContext): if self.auth_token_info: auth_ref = access.AccessInfo.factory(body=self.auth_token_info, auth_token=self.auth_token) - return _AccessInfoPlugin(self._keystone_v3_endpoint, auth_ref) + return access_plugin.AccessInfoPlugin( + auth_url=self._keystone_v3_endpoint, + auth_ref=auth_ref) if self.auth_token: # FIXME(jamielennox): This is broken but consistent. If you diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py index 1813e5ff2..de780752b 100644 --- a/heat/tests/test_heatclient.py +++ b/heat/tests/test_heatclient.py @@ -15,6 +15,7 @@ import json import uuid from keystoneclient import access as ks_access +from keystoneclient.auth.identity import access as ks_auth_access from keystoneclient.auth.identity import v3 as ks_auth_v3 from keystoneclient.auth import token_endpoint as ks_token_endpoint import keystoneclient.exceptions as kc_exception @@ -26,7 +27,6 @@ from oslo_config import cfg import six from heat.common import config -from heat.common import context from heat.common import exception from heat.common import heat_keystoneclient from heat.tests import common @@ -50,7 +50,7 @@ class KeystoneClientTest(common.HeatTestCase): self.m.StubOutWithMock(kc_v3, "Client") self.m.StubOutWithMock(ks_auth_v3, 'Password') self.m.StubOutWithMock(ks_token_endpoint, 'Token') - self.m.StubOutWithMock(context, '_AccessInfoPlugin') + self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin') dummy_url = 'http://server.test:5000/v2.0' cfg.CONF.set_override('auth_uri', dummy_url, @@ -117,8 +117,9 @@ class KeystoneClientTest(common.HeatTestCase): p = ks_token_endpoint.Token(token='abcd1234', endpoint='http://server.test:5000/v3') elif method == 'auth_ref': - p = context._AccessInfoPlugin('http://server.test:5000/v3', - mox.IsA(ks_access.AccessInfo)) + p = ks_auth_access.AccessInfoPlugin( + auth_url='http://server.test:5000/v3', + auth_ref=mox.IsA(ks_access.AccessInfo)) elif method == 'password': p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',