Short names for auth plugins

A "default" entrypoint is defined for each auth method. The default driver will be used if there's no config option for the method, or the config option is not set, or if the config option is set to "default". For the external methods, since there's several of them, each gets a short name that can be used rather than the qualified class. bp stevedore DocImpact Change-Id: I2484af32e9eb3703869cf441e4f9851b54b0db2b
2015-05-11 17:43:59 -05:00 · 2015-05-11 17:43:59 -05:00 · 04ff3541be
parent 437d5bf941
commit 04ff3541be
10 changed files with 31 additions and 51 deletions
--- a/doc/source/extensions/federation.rst
+++ b/doc/source/extensions/federation.rst
@ -31,8 +31,6 @@ To enable the federation extension:

       [auth]
       methods = external,password,token,saml2,oidc
-       saml2 = keystone.auth.plugins.mapped.Mapped
-       oidc = keystone.auth.plugins.mapped.Mapped

 .. NOTE::
    The ``external`` method should be dropped to avoid any interference with
--- a/doc/source/extensions/oauth1.rst
+++ b/doc/source/extensions/oauth1.rst
@ -29,7 +29,6 @@ To enable the OAuth1 extension:

    [auth]
    methods = external,password,token,oauth1
-    oauth1 = keystone.auth.plugins.oauth1.OAuth

 3. Add the ``oauth1_extension`` filter to the ``api_v3`` pipeline in
   ``keystone-paste.ini``. This must be added after ``json_body`` and before
--- a/doc/source/external-auth.rst
+++ b/doc/source/external-auth.rst
@ -28,15 +28,14 @@ To configure the plugin that should be used set the ``external`` option again
 in the ``auth`` section. There are two external authentication method plugins
 provided by Keystone:

-* ``keystone.auth.plugins.external.Default``: This plugin won't take into
-  account the domain information that the external authentication method may
-  pass down to Keystone and will always use the configured default domain. The
-  ``REMOTE_USER`` variable is the username.
+* ``DefaultDomain``: This plugin won't take into account the domain information
+  that the external authentication method may pass down to Keystone and will
+  always use the configured default domain. The ``REMOTE_USER`` variable is the
+  username. This is the default if no plugin is given.

-* ``keystone.auth.plugins.external.Domain``: This plugin expects that the
-  ``REMOTE_DOMAIN`` variable contains the domain for the user. If this variable
-  is not present, the configured default domain will be used. The
-  ``REMOTE_USER`` variable is the username.
+* ``Domain``: This plugin expects that the ``REMOTE_DOMAIN`` variable contains
+  the domain for the user. If this variable is not present, the configured
+  default domain will be used. The ``REMOTE_USER`` variable is the username.

 Using HTTPD authentication
 ==========================
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@ -44,7 +44,7 @@ AUTH_PLUGINS_LOADED = False


 def load_auth_method(method):
-    plugin_name = CONF.auth[method]
+    plugin_name = CONF.auth.get(method) or 'default'
    try:
        namespace = 'keystone.auth.%s' % method
        driver_manager = stevedore.DriverManager(namespace, plugin_name,
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@ -822,20 +822,17 @@ FILE_OPTIONS = {
    ],
    'auth': [
        cfg.ListOpt('methods', default=_DEFAULT_AUTH_METHODS,
-                    help='Default auth methods.'),
+                    help='Allowed authentication methods.'),
        cfg.StrOpt('password',
-                   default='keystone.auth.plugins.password.Password',
-                   help='The password auth plugin module.'),
+                   help='Entrypoint for the password auth plugin module.'),
        cfg.StrOpt('token',
-                   default='keystone.auth.plugins.token.Token',
-                   help='The token auth plugin module.'),
+                   help='Entrypoint for the token auth plugin module.'),
        # deals with REMOTE_USER authentication
        cfg.StrOpt('external',
-                   default='keystone.auth.plugins.external.DefaultDomain',
-                   help='The external (REMOTE_USER) auth plugin module.'),
+                   help='Entrypoint for the external (REMOTE_USER) auth '
+                        'plugin module.'),
        cfg.StrOpt('oauth1',
-                   default='keystone.auth.plugins.oauth1.OAuth',
-                   help='The oAuth1.0 auth plugin module.'),
+                   help='Entrypoint for the oAuth1.0 auth plugin module.'),
    ],
    'paste_deploy': [
        cfg.StrOpt('config_file', default='keystone-paste.ini',
--- a/keystone/tests/unit/config_files/test_auth_plugin.conf
+++ b/keystone/tests/unit/config_files/test_auth_plugin.conf
@ -1,7 +1,4 @@
 [auth]
 methods = external,password,token,simple_challenge_response,saml2,openid,x509
 simple_challenge_response = keystone.tests.unit.test_auth_plugin.SimpleChallengeResponse
-saml2 = keystone.auth.plugins.mapped.Mapped
-openid = keystone.auth.plugins.mapped.Mapped
-x509 = keystone.auth.plugins.mapped.Mapped

--- a/keystone/tests/unit/test_config.py
+++ b/keystone/tests/unit/test_config.py
@ -46,10 +46,8 @@ class ConfigTestCase(tests.TestCase):
                         config.find_paste_config())

    def test_config_default(self):
-        self.assertEqual('keystone.auth.plugins.password.Password',
-                         CONF.auth.password)
-        self.assertEqual('keystone.auth.plugins.token.Token',
-                         CONF.auth.token)
+        self.assertIs(None, CONF.auth.password)
+        self.assertIs(None, CONF.auth.token)


 class DeprecatedTestCase(tests.TestCase):
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -1584,8 +1584,7 @@ class TestAuthExternalDomain(test_v3.RestfulTestCase):
    def config_overrides(self):
        super(TestAuthExternalDomain, self).config_overrides()
        self.kerberos = False
-        self.auth_plugin_config_override(
-            external='keystone.auth.plugins.external.Domain')
+        self.auth_plugin_config_override(external='Domain')

    def test_remote_user_with_realm(self):
        api = auth.controllers.Auth()
@ -1697,8 +1696,7 @@ class TestAuthKerberos(TestAuthExternalDomain):
        super(TestAuthKerberos, self).config_overrides()
        self.kerberos = True
        self.auth_plugin_config_override(
-            methods=['kerberos', 'password', 'token'],
-            kerberos='keystone.auth.plugins.external.KerberosDomain')
+            methods=['kerberos', 'password', 'token'])


 class TestAuth(test_v3.RestfulTestCase):
--- a/keystone/tests/unit/test_v3_federation.py
+++ b/keystone/tests/unit/test_v3_federation.py
@ -1995,9 +1995,7 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):

    def auth_plugin_config_override(self):
        methods = ['saml2']
-        method_classes = {'saml2': 'keystone.auth.plugins.saml2.Saml2'}
-        super(FederatedTokenTests, self).auth_plugin_config_override(
-            methods, **method_classes)
+        super(FederatedTokenTests, self).auth_plugin_config_override(methods)

    def setUp(self):
        super(FederatedTokenTests, self).setUp()
@ -2919,10 +2917,8 @@ class FernetFederatedTokenTests(FederationTests, FederatedSetupMixin):

    def auth_plugin_config_override(self):
        methods = ['saml2', 'token', 'password']
-        method_classes = dict(
-            saml2='keystone.auth.plugins.saml2.Saml2')
        super(FernetFederatedTokenTests,
-              self).auth_plugin_config_override(methods, **method_classes)
+              self).auth_plugin_config_override(methods)

    def test_federated_unscoped_token(self):
        resp = self._issue_unscoped_token()
@ -2976,10 +2972,8 @@ class FederatedTokenTestsMethodToken(FederatedTokenTests):

    def auth_plugin_config_override(self):
        methods = ['saml2', 'token']
-        method_classes = dict(
-            saml2='keystone.auth.plugins.saml2.Saml2')
        super(FederatedTokenTests,
-              self).auth_plugin_config_override(methods, **method_classes)
+              self).auth_plugin_config_override(methods)


 class JsonHomeTests(FederationTests, test_v3.JsonHomeTestMixin):
--- a/setup.cfg
+++ b/setup.cfg
@ -68,30 +68,30 @@ keystone.assignment =
    sql = keystone.assignment.backends.sql:Assignment

 keystone.auth.external =
-    keystone.auth.plugins.external.DefaultDomain = keystone.auth.plugins.external:DefaultDomain
-    keystone.auth.plugins.external.Domain = keystone.auth.plugins.external:Domain
+    default = keystone.auth.plugins.external:DefaultDomain
+    DefaultDomain = keystone.auth.plugins.external:DefaultDomain
+    Domain = keystone.auth.plugins.external:Domain

 keystone.auth.kerberos =
-    keystone.auth.plugins.external.KerberosDomain = keystone.auth.plugins.external:KerberosDomain
+    default = keystone.auth.plugins.external:KerberosDomain

 keystone.auth.oauth1 =
-    keystone.auth.plugins.oauth1.OAuth = keystone.auth.plugins.oauth1:OAuth
+    default = keystone.auth.plugins.oauth1:OAuth

 keystone.auth.openid =
-    keystone.auth.plugins.mapped.Mapped = keystone.auth.plugins.mapped:Mapped
+    default = keystone.auth.plugins.mapped:Mapped

 keystone.auth.password =
-    keystone.auth.plugins.password.Password = keystone.auth.plugins.password:Password
+    default = keystone.auth.plugins.password:Password

 keystone.auth.saml2 =
-    keystone.auth.plugins.mapped.Mapped = keystone.auth.plugins.mapped:Mapped
-    keystone.auth.plugins.saml2.Saml2 = keystone.auth.plugins.saml2:Saml2
+    default = keystone.auth.plugins.mapped:Mapped

 keystone.auth.token =
-    keystone.auth.plugins.token.Token = keystone.auth.plugins.token:Token
+    default = keystone.auth.plugins.token:Token

 keystone.auth.x509 =
-    keystone.auth.plugins.mapped.Mapped = keystone.auth.plugins.mapped:Mapped
+    default = keystone.auth.plugins.mapped:Mapped

 keystone.catalog =
    kvs = keystone.catalog.backends.kvs:Catalog