Use oslo_config choices support

The oslo_config library added support for a choices keyword argument in
version 1.2.0a3.  This commit leverages the use of choices for StrOpts of
keystonemiddleware configuration.

Change-Id: I8d9ee833263560caaffe083487abc5eda862f8ea
Closes-Bug: 1423973

keystonemiddleware/auth_token/__init__.py

@@ -301,14 +301,15 @@ _OPTS = [
                ' high number of revocation events combined with a low cache'
                ' duration may significantly reduce performance.'),
     cfg.StrOpt('memcache_security_strategy',
-               default=None,
+               default='None',
+               choices=('None', 'MAC', 'ENCRYPT'),
+               ignore_case=True,
                help='(Optional) If defined, indicate whether token data'
                ' should be authenticated or authenticated and encrypted.'
-               ' Acceptable values are MAC or ENCRYPT.  If MAC, token data is'
-               ' authenticated (with HMAC) in the cache. If ENCRYPT, token'
-               ' data is encrypted and authenticated in the cache. If the'
-               ' value is not one of these options or empty, auth_token will'
-               ' raise an exception on initialization.'),
+               ' If MAC, token data is authenticated (with HMAC) in the cache.'
+               ' If ENCRYPT, token data is encrypted and authenticated in the'
+               ' cache. If the value is not one of these options or empty,'
+               ' auth_token will raise an exception on initialization.'),
     cfg.StrOpt('memcache_secret_key',
                default=None,
                secret=True,
@@ -1094,7 +1095,7 @@ class AuthProtocol(BaseAuthProtocol):
             socket_timeout=self._conf_get('memcache_pool_socket_timeout'),
         )
 
-        if security_strategy:
+        if security_strategy.lower() != 'none':
             secret_key = self._conf_get('memcache_secret_key')
             return _cache.SecureTokenCache(self.log,
                                            security_strategy,

keystonemiddleware/auth_token/_auth.py

@@ -159,8 +159,9 @@ OPTS = [
                     'Deprecated, use identity_uri.'),
     cfg.StrOpt('auth_protocol',
                default='https',
-               help='Protocol of the admin Identity API endpoint '
-                    '(http or https). Deprecated, use identity_uri.'),
+               choices=('http', 'https'),
+               help='Protocol of the admin Identity API endpoint. '
+                    'Deprecated, use identity_uri.'),
     cfg.StrOpt('identity_uri',
                default=None,
                help='Complete admin Identity API endpoint. This '

keystonemiddleware/auth_token/_cache.py

@@ -266,11 +266,6 @@ class SecureTokenCache(TokenCache):
     def __init__(self, log, security_strategy, secret_key, **kwargs):
         super(SecureTokenCache, self).__init__(log, **kwargs)
 
-        security_strategy = security_strategy.upper()
-
-        if security_strategy not in ('MAC', 'ENCRYPT'):
-            msg = _('memcache_security_strategy must be ENCRYPT or MAC')
-            raise exc.ConfigurationError(msg)
         if not secret_key:
             msg = _('memcache_secret_key must be defined when a '
                     'memcache_security_strategy is defined')