Merge "Move d-o-a auth library to keystoneauth"

2015-12-11 18:22:08 +00:00 · 2015-12-11 18:22:08 +00:00 · 900a8db378
commit 900a8db378
parent 3715a5f445 8f1e5675c4
11 changed files with 56 additions and 69 deletions
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@ -20,7 +20,7 @@ import pytz
 from django.conf import settings
 from django.utils.module_loading import import_string  # noqa
 from django.utils.translation import ugettext_lazy as _
-from keystoneclient import exceptions as keystone_exceptions
+from keystoneauth1 import exceptions as keystone_exceptions

 from openstack_auth import exceptions
 from openstack_auth import user as auth_user
@ -110,7 +110,7 @@ class KeystoneBackend(object):

        try:
            unscoped_auth_ref = unscoped_auth.get_access(session)
-        except keystone_exceptions.ConnectionRefused as exc:
+        except keystone_exceptions.ConnectFailure as exc:
            LOG.error(str(exc))
            msg = _('Unable to establish connection to keystone endpoint.')
            raise exceptions.KeystoneAuthException(msg)
@ -224,7 +224,8 @@ class KeystoneBackend(object):
        user = auth_user.create_user_from_token(
            request,
            auth_user.Token(scoped_auth_ref, unscoped_token=unscoped_token),
-            scoped_auth_ref.service_catalog.url_for(endpoint_type=interface))
+            scoped_auth_ref.service_catalog.url_for(service_type='identity',
+                                                    interface=interface))

        if request is not None:
            request.session['unscoped_token'] = unscoped_token
--- a/openstack_auth/plugin/base.py
+++ b/openstack_auth/plugin/base.py
@ -13,7 +13,7 @@
 import abc

 from django.utils.translation import ugettext_lazy as _
-from keystoneclient import exceptions as keystone_exceptions
+from keystoneauth1 import exceptions as keystone_exceptions
 from keystoneclient.v2_0 import client as v2_client
 from keystoneclient.v3 import client as v3_client
 import six
--- a/openstack_auth/plugin/password.py
+++ b/openstack_auth/plugin/password.py
@ -12,8 +12,8 @@

 import logging

-from keystoneclient.auth.identity import v2 as v2_auth
-from keystoneclient.auth.identity import v3 as v3_auth
+from keystoneauth1.identity import v2 as v2_auth
+from keystoneauth1.identity import v3 as v3_auth

 from openstack_auth.plugin import base
 from openstack_auth import utils
--- a/openstack_auth/plugin/token.py
+++ b/openstack_auth/plugin/token.py
@ -10,8 +10,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.

-from keystoneclient.auth.identity import v2 as v2_auth
-from keystoneclient.auth.identity import v3 as v3_auth
+from keystoneauth1.identity import v2 as v2_auth
+from keystoneauth1.identity import v3 as v3_auth

 from openstack_auth.plugin import base
 from openstack_auth import utils
--- a/openstack_auth/tests/data_v2.py
+++ b/openstack_auth/tests/data_v2.py
@ -15,8 +15,8 @@ import datetime
 import uuid

 from django.utils import datetime_safe
-from keystoneclient import access
-from keystoneclient import service_catalog
+from keystoneauth1.access import access
+from keystoneauth1.access import service_catalog
 from keystoneclient.v2_0 import roles
 from keystoneclient.v2_0 import tenants
 from keystoneclient.v2_0 import users
@ -116,7 +116,7 @@ def generate_test_data():
        }
    }

-    test_data.scoped_access_info = access.AccessInfo.factory(
+    test_data.scoped_access_info = access.create(
        resp=None,
        body=scoped_token_dict)

@ -132,19 +132,12 @@ def generate_test_data():
            'serviceCatalog': [keystone_service]
        }
    }
-    test_data.unscoped_access_info = access.AccessInfo.factory(
+    test_data.unscoped_access_info = access.create(
        resp=None,
        body=unscoped_token_dict)

    # Service Catalog
-    test_data.service_catalog = service_catalog.ServiceCatalog.factory({
-        'serviceCatalog': [keystone_service, nova_service],
-        'token': {
-            'id': scoped_token_dict['access']['token']['id'],
-            'expires': scoped_token_dict['access']['token']['expires'],
-            'user_id': user_dict['id'],
-            'tenant_id': tenant_dict_1['id']
-        }
-    })
+    test_data.service_catalog = service_catalog.ServiceCatalogV2(
+        [keystone_service, nova_service])

    return test_data
--- a/openstack_auth/tests/data_v3.py
+++ b/openstack_auth/tests/data_v3.py
@ -15,8 +15,8 @@ import datetime
 import uuid

 from django.utils import datetime_safe
-from keystoneclient import access
-from keystoneclient import service_catalog
+from keystoneauth1.access import access
+from keystoneauth1.access import service_catalog
 from keystoneclient.v3 import domains
 from keystoneclient.v3 import projects
 from keystoneclient.v3 import roles
@ -211,7 +211,7 @@ def generate_test_data():
        }
    }

-    test_data.scoped_access_info = access.AccessInfo.factory(
+    test_data.scoped_access_info = access.create(
        resp=auth_response,
        body=scoped_token_dict
    )
@ -236,7 +236,7 @@ def generate_test_data():
            'catalog': [keystone_service, nova_service]
        }
    }
-    test_data.domain_scoped_access_info = access.AccessInfo.factory(
+    test_data.domain_scoped_access_info = access.create(
        resp=auth_response,
        body=domain_token_dict
    )
@ -257,17 +257,14 @@ def generate_test_data():
        }
    }

-    test_data.unscoped_access_info = access.AccessInfo.factory(
+    test_data.unscoped_access_info = access.create(
        resp=auth_response,
        body=unscoped_token_dict
    )

    # Service Catalog
-    test_data.service_catalog = service_catalog.ServiceCatalog.factory({
-        'methods': ['password'],
-        'user': {},
-        'catalog': [keystone_service, nova_service],
-    }, token=auth_token)
+    test_data.service_catalog = service_catalog.ServiceCatalogV3(
+        [keystone_service, nova_service])

    # federated user
    federated_scoped_token_dict = {
@ -303,7 +300,7 @@ def generate_test_data():
        }
    }

-    test_data.federated_scoped_access_info = access.AccessInfo.factory(
+    test_data.federated_scoped_access_info = access.create(
        resp=auth_response,
        body=federated_scoped_token_dict
    )
@ -332,7 +329,7 @@ def generate_test_data():
        }
    }

-    test_data.federated_unscoped_access_info = access.AccessInfo.factory(
+    test_data.federated_unscoped_access_info = access.create(
        resp=auth_response,
        body=federated_unscoped_token_dict
    )
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@ -18,11 +18,11 @@ from django.contrib import auth
 from django.core.urlresolvers import reverse
 from django import http
 from django import test
-from keystoneclient.auth.identity import v2 as auth_v2
-from keystoneclient.auth.identity import v3 as auth_v3
-from keystoneclient.auth import token_endpoint
-from keystoneclient import exceptions as keystone_exceptions
-from keystoneclient import session
+from keystoneauth1 import exceptions as keystone_exceptions
+from keystoneauth1.identity import v2 as v2_auth
+from keystoneauth1.identity import v3 as v3_auth
+from keystoneauth1 import session
+from keystoneauth1 import token_endpoint
 from keystoneclient.v2_0 import client as client_v2
 from keystoneclient.v3 import client as client_v3
 import mock
@ -100,7 +100,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
    def setUp(self):
        super(OpenStackAuthTestsV2, self).setUp()

-        if self.interface:
+        if getattr(self, 'interface', None):
            override = self.settings(OPENSTACK_ENDPOINT_TYPE=self.interface)
            override.enable()
            self.addCleanup(override.disable)
@ -116,8 +116,8 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
        settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"

        self.mox.StubOutClassWithMocks(token_endpoint, 'Token')
-        self.mox.StubOutClassWithMocks(auth_v2, 'Token')
-        self.mox.StubOutClassWithMocks(auth_v2, 'Password')
+        self.mox.StubOutClassWithMocks(v2_auth, 'Token')
+        self.mox.StubOutClassWithMocks(v2_auth, 'Password')
        self.mox.StubOutClassWithMocks(client_v2, 'Client')

    def _mock_unscoped_list_tenants(self, client, tenants):
@ -152,7 +152,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
        if not url:
            url = settings.OPENSTACK_KEYSTONE_URL

-        return auth_v2.Password(auth_url=url,
+        return v2_auth.Password(auth_url=url,
                                password=password,
                                username=username)

@ -163,7 +163,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
        if not url:
            url = settings.OPENSTACK_KEYSTONE_URL

-        return auth_v2.Token(auth_url=url,
+        return v2_auth.Token(auth_url=url,
                             token=token,
                             tenant_id=project_id,
                             reauthenticate=False)
@ -332,7 +332,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
        scoped = self.data.scoped_access_info
        sc = self.data.service_catalog
        et = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL')
-        endpoint = sc.url_for(endpoint_type=et)
+        endpoint = sc.url_for(service_type='identity', interface=et)

        form_data = self.get_form_data(user)

@ -354,7 +354,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):

        url = reverse('switch_tenants', args=[tenant.id])

-        scoped['token']['tenant']['id'] = self.data.tenant_two.id
+        scoped._token['tenant']['id'] = self.data.tenant_two.id

        if next:
            form_data.update({auth.REDIRECT_FIELD_NAME: next})
@ -492,7 +492,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
        if not url:
            url = settings.OPENSTACK_KEYSTONE_URL

-        return auth_v3.Password(auth_url=url,
+        return v3_auth.Password(auth_url=url,
                                password=password,
                                username=username,
                                user_domain_name=DEFAULT_DOMAIN,
@ -507,12 +507,12 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
            url = settings.OPENSTACK_KEYSTONE_URL

        if domain_name:
-            return auth_v3.Token(auth_url=url,
+            return v3_auth.Token(auth_url=url,
                                 token=token,
                                 domain_name=domain_name,
                                 reauthenticate=False)
        else:
-            return auth_v3.Token(auth_url=url,
+            return v3_auth.Token(auth_url=url,
                                 token=token,
                                 project_id=project_id,
                                 reauthenticate=False)
@ -535,8 +535,8 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
        settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3"

        self.mox.StubOutClassWithMocks(token_endpoint, 'Token')
-        self.mox.StubOutClassWithMocks(auth_v3, 'Token')
-        self.mox.StubOutClassWithMocks(auth_v3, 'Password')
+        self.mox.StubOutClassWithMocks(v3_auth, 'Token')
+        self.mox.StubOutClassWithMocks(v3_auth, 'Password')
        self.mox.StubOutClassWithMocks(client_v3, 'Client')

    def test_login(self):
@ -696,7 +696,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
        self._mock_scoped_client_for_tenant(
            scoped,
            project.id,
-            url=sc.url_for(endpoint_type=et),
+            url=sc.url_for(service_type='identity', interface=et),
            client=False)

        self.mox.ReplayAll()
@ -711,7 +711,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):

        url = reverse('switch_tenants', args=[project.id])

-        scoped['project']['id'] = self.data.project_two.id
+        scoped._project['id'] = self.data.project_two.id

        if next:
            form_data.update({auth.REDIRECT_FIELD_NAME: next})
@ -800,7 +800,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, test.TestCase):
        if not url:
            url = settings.OPENSTACK_KEYSTONE_URL

-        return auth_v3.Token(auth_url=url,
+        return v3_auth.Token(auth_url=url,
                             token=token,
                             project_id=project_id,
                             reauthenticate=False)
@ -854,8 +854,8 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, test.TestCase):
        }

        self.mox.StubOutClassWithMocks(token_endpoint, 'Token')
-        self.mox.StubOutClassWithMocks(auth_v3, 'Token')
-        self.mox.StubOutClassWithMocks(auth_v3, 'Password')
+        self.mox.StubOutClassWithMocks(v3_auth, 'Token')
+        self.mox.StubOutClassWithMocks(v3_auth, 'Password')
        self.mox.StubOutClassWithMocks(client_v3, 'Client')

    def test_login_form(self):
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@ -17,8 +17,8 @@ import logging
 from django.conf import settings
 from django.contrib.auth import models
 from django.db import models as db_models
+from keystoneauth1 import exceptions as keystone_exceptions
 from keystoneclient.common import cms as keystone_cms
-from keystoneclient import exceptions as keystone_exceptions
 import six

 from openstack_auth import utils
@ -113,13 +113,8 @@ class Token(object):

        # Federation-related attributes
        self.is_federated = auth_ref.is_federated
-
-        if auth_ref.version == 'v2.0':
-            self.roles = auth_ref['user'].get('roles', [])
-        else:
-            self.roles = auth_ref.get('roles', [])
-
-        self.serviceCatalog = auth_ref.service_catalog.get_data()
+        self.roles = [{'name': role} for role in auth_ref.role_names]
+        self.serviceCatalog = auth_ref.service_catalog.catalog


 class User(models.AbstractBaseUser, models.AnonymousUser):
--- a/openstack_auth/utils.py
+++ b/openstack_auth/utils.py
@ -19,10 +19,10 @@ from django.contrib import auth
 from django.contrib.auth import middleware
 from django.contrib.auth import models
 from django.utils import timezone
-from keystoneclient.auth.identity import v2 as v2_auth
-from keystoneclient.auth.identity import v3 as v3_auth
-from keystoneclient.auth import token_endpoint
-from keystoneclient import session
+from keystoneauth1.identity import v2 as v2_auth
+from keystoneauth1.identity import v3 as v3_auth
+from keystoneauth1 import session
+from keystoneauth1 import token_endpoint
 from keystoneclient.v2_0 import client as client_v2
 from keystoneclient.v3 import client as client_v3
 from six.moves.urllib import parse as urlparse
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@ -28,8 +28,8 @@ from django.views.decorators.cache import never_cache  # noqa
 from django.views.decorators.csrf import csrf_exempt  # noqa
 from django.views.decorators.csrf import csrf_protect  # noqa
 from django.views.decorators.debug import sensitive_post_parameters  # noqa
-from keystoneclient.auth import token_endpoint
-from keystoneclient import exceptions as keystone_exceptions
+from keystoneauth1 import exceptions as keystone_exceptions
+from keystoneauth1 import token_endpoint
 import six

 from openstack_auth import exceptions
--- a/requirements.txt
+++ b/requirements.txt
@ -6,4 +6,5 @@ Django<1.9,>=1.8
 oslo.config>=2.7.0 # Apache-2.0
 oslo.policy>=0.5.0 # Apache-2.0
 python-keystoneclient!=1.8.0,>=1.6.0
+keystoneauth1>=2.1.0
 six>=1.9.0