Short names for auth plugins
A "default" entrypoint is defined for each auth method. The default driver will be used if there's no config option for the method, or the config option is not set, or if the config option is set to "default". For the external methods, since there's several of them, each gets a short name that can be used rather than the qualified class. bp stevedore DocImpact Change-Id: I2484af32e9eb3703869cf441e4f9851b54b0db2b
This commit is contained in:
parent
437d5bf941
commit
04ff3541be
|
@ -31,8 +31,6 @@ To enable the federation extension:
|
|||
|
||||
[auth]
|
||||
methods = external,password,token,saml2,oidc
|
||||
saml2 = keystone.auth.plugins.mapped.Mapped
|
||||
oidc = keystone.auth.plugins.mapped.Mapped
|
||||
|
||||
.. NOTE::
|
||||
The ``external`` method should be dropped to avoid any interference with
|
||||
|
|
|
@ -29,7 +29,6 @@ To enable the OAuth1 extension:
|
|||
|
||||
[auth]
|
||||
methods = external,password,token,oauth1
|
||||
oauth1 = keystone.auth.plugins.oauth1.OAuth
|
||||
|
||||
3. Add the ``oauth1_extension`` filter to the ``api_v3`` pipeline in
|
||||
``keystone-paste.ini``. This must be added after ``json_body`` and before
|
||||
|
|
|
@ -28,15 +28,14 @@ To configure the plugin that should be used set the ``external`` option again
|
|||
in the ``auth`` section. There are two external authentication method plugins
|
||||
provided by Keystone:
|
||||
|
||||
* ``keystone.auth.plugins.external.Default``: This plugin won't take into
|
||||
account the domain information that the external authentication method may
|
||||
pass down to Keystone and will always use the configured default domain. The
|
||||
``REMOTE_USER`` variable is the username.
|
||||
* ``DefaultDomain``: This plugin won't take into account the domain information
|
||||
that the external authentication method may pass down to Keystone and will
|
||||
always use the configured default domain. The ``REMOTE_USER`` variable is the
|
||||
username. This is the default if no plugin is given.
|
||||
|
||||
* ``keystone.auth.plugins.external.Domain``: This plugin expects that the
|
||||
``REMOTE_DOMAIN`` variable contains the domain for the user. If this variable
|
||||
is not present, the configured default domain will be used. The
|
||||
``REMOTE_USER`` variable is the username.
|
||||
* ``Domain``: This plugin expects that the ``REMOTE_DOMAIN`` variable contains
|
||||
the domain for the user. If this variable is not present, the configured
|
||||
default domain will be used. The ``REMOTE_USER`` variable is the username.
|
||||
|
||||
Using HTTPD authentication
|
||||
==========================
|
||||
|
|
|
@ -44,7 +44,7 @@ AUTH_PLUGINS_LOADED = False
|
|||
|
||||
|
||||
def load_auth_method(method):
|
||||
plugin_name = CONF.auth[method]
|
||||
plugin_name = CONF.auth.get(method) or 'default'
|
||||
try:
|
||||
namespace = 'keystone.auth.%s' % method
|
||||
driver_manager = stevedore.DriverManager(namespace, plugin_name,
|
||||
|
|
|
@ -822,20 +822,17 @@ FILE_OPTIONS = {
|
|||
],
|
||||
'auth': [
|
||||
cfg.ListOpt('methods', default=_DEFAULT_AUTH_METHODS,
|
||||
help='Default auth methods.'),
|
||||
help='Allowed authentication methods.'),
|
||||
cfg.StrOpt('password',
|
||||
default='keystone.auth.plugins.password.Password',
|
||||
help='The password auth plugin module.'),
|
||||
help='Entrypoint for the password auth plugin module.'),
|
||||
cfg.StrOpt('token',
|
||||
default='keystone.auth.plugins.token.Token',
|
||||
help='The token auth plugin module.'),
|
||||
help='Entrypoint for the token auth plugin module.'),
|
||||
# deals with REMOTE_USER authentication
|
||||
cfg.StrOpt('external',
|
||||
default='keystone.auth.plugins.external.DefaultDomain',
|
||||
help='The external (REMOTE_USER) auth plugin module.'),
|
||||
help='Entrypoint for the external (REMOTE_USER) auth '
|
||||
'plugin module.'),
|
||||
cfg.StrOpt('oauth1',
|
||||
default='keystone.auth.plugins.oauth1.OAuth',
|
||||
help='The oAuth1.0 auth plugin module.'),
|
||||
help='Entrypoint for the oAuth1.0 auth plugin module.'),
|
||||
],
|
||||
'paste_deploy': [
|
||||
cfg.StrOpt('config_file', default='keystone-paste.ini',
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
[auth]
|
||||
methods = external,password,token,simple_challenge_response,saml2,openid,x509
|
||||
simple_challenge_response = keystone.tests.unit.test_auth_plugin.SimpleChallengeResponse
|
||||
saml2 = keystone.auth.plugins.mapped.Mapped
|
||||
openid = keystone.auth.plugins.mapped.Mapped
|
||||
x509 = keystone.auth.plugins.mapped.Mapped
|
||||
|
||||
|
|
|
@ -46,10 +46,8 @@ class ConfigTestCase(tests.TestCase):
|
|||
config.find_paste_config())
|
||||
|
||||
def test_config_default(self):
|
||||
self.assertEqual('keystone.auth.plugins.password.Password',
|
||||
CONF.auth.password)
|
||||
self.assertEqual('keystone.auth.plugins.token.Token',
|
||||
CONF.auth.token)
|
||||
self.assertIs(None, CONF.auth.password)
|
||||
self.assertIs(None, CONF.auth.token)
|
||||
|
||||
|
||||
class DeprecatedTestCase(tests.TestCase):
|
||||
|
|
|
@ -1584,8 +1584,7 @@ class TestAuthExternalDomain(test_v3.RestfulTestCase):
|
|||
def config_overrides(self):
|
||||
super(TestAuthExternalDomain, self).config_overrides()
|
||||
self.kerberos = False
|
||||
self.auth_plugin_config_override(
|
||||
external='keystone.auth.plugins.external.Domain')
|
||||
self.auth_plugin_config_override(external='Domain')
|
||||
|
||||
def test_remote_user_with_realm(self):
|
||||
api = auth.controllers.Auth()
|
||||
|
@ -1697,8 +1696,7 @@ class TestAuthKerberos(TestAuthExternalDomain):
|
|||
super(TestAuthKerberos, self).config_overrides()
|
||||
self.kerberos = True
|
||||
self.auth_plugin_config_override(
|
||||
methods=['kerberos', 'password', 'token'],
|
||||
kerberos='keystone.auth.plugins.external.KerberosDomain')
|
||||
methods=['kerberos', 'password', 'token'])
|
||||
|
||||
|
||||
class TestAuth(test_v3.RestfulTestCase):
|
||||
|
|
|
@ -1995,9 +1995,7 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||
|
||||
def auth_plugin_config_override(self):
|
||||
methods = ['saml2']
|
||||
method_classes = {'saml2': 'keystone.auth.plugins.saml2.Saml2'}
|
||||
super(FederatedTokenTests, self).auth_plugin_config_override(
|
||||
methods, **method_classes)
|
||||
super(FederatedTokenTests, self).auth_plugin_config_override(methods)
|
||||
|
||||
def setUp(self):
|
||||
super(FederatedTokenTests, self).setUp()
|
||||
|
@ -2919,10 +2917,8 @@ class FernetFederatedTokenTests(FederationTests, FederatedSetupMixin):
|
|||
|
||||
def auth_plugin_config_override(self):
|
||||
methods = ['saml2', 'token', 'password']
|
||||
method_classes = dict(
|
||||
saml2='keystone.auth.plugins.saml2.Saml2')
|
||||
super(FernetFederatedTokenTests,
|
||||
self).auth_plugin_config_override(methods, **method_classes)
|
||||
self).auth_plugin_config_override(methods)
|
||||
|
||||
def test_federated_unscoped_token(self):
|
||||
resp = self._issue_unscoped_token()
|
||||
|
@ -2976,10 +2972,8 @@ class FederatedTokenTestsMethodToken(FederatedTokenTests):
|
|||
|
||||
def auth_plugin_config_override(self):
|
||||
methods = ['saml2', 'token']
|
||||
method_classes = dict(
|
||||
saml2='keystone.auth.plugins.saml2.Saml2')
|
||||
super(FederatedTokenTests,
|
||||
self).auth_plugin_config_override(methods, **method_classes)
|
||||
self).auth_plugin_config_override(methods)
|
||||
|
||||
|
||||
class JsonHomeTests(FederationTests, test_v3.JsonHomeTestMixin):
|
||||
|
|
20
setup.cfg
20
setup.cfg
|
@ -68,30 +68,30 @@ keystone.assignment =
|
|||
sql = keystone.assignment.backends.sql:Assignment
|
||||
|
||||
keystone.auth.external =
|
||||
keystone.auth.plugins.external.DefaultDomain = keystone.auth.plugins.external:DefaultDomain
|
||||
keystone.auth.plugins.external.Domain = keystone.auth.plugins.external:Domain
|
||||
default = keystone.auth.plugins.external:DefaultDomain
|
||||
DefaultDomain = keystone.auth.plugins.external:DefaultDomain
|
||||
Domain = keystone.auth.plugins.external:Domain
|
||||
|
||||
keystone.auth.kerberos =
|
||||
keystone.auth.plugins.external.KerberosDomain = keystone.auth.plugins.external:KerberosDomain
|
||||
default = keystone.auth.plugins.external:KerberosDomain
|
||||
|
||||
keystone.auth.oauth1 =
|
||||
keystone.auth.plugins.oauth1.OAuth = keystone.auth.plugins.oauth1:OAuth
|
||||
default = keystone.auth.plugins.oauth1:OAuth
|
||||
|
||||
keystone.auth.openid =
|
||||
keystone.auth.plugins.mapped.Mapped = keystone.auth.plugins.mapped:Mapped
|
||||
default = keystone.auth.plugins.mapped:Mapped
|
||||
|
||||
keystone.auth.password =
|
||||
keystone.auth.plugins.password.Password = keystone.auth.plugins.password:Password
|
||||
default = keystone.auth.plugins.password:Password
|
||||
|
||||
keystone.auth.saml2 =
|
||||
keystone.auth.plugins.mapped.Mapped = keystone.auth.plugins.mapped:Mapped
|
||||
keystone.auth.plugins.saml2.Saml2 = keystone.auth.plugins.saml2:Saml2
|
||||
default = keystone.auth.plugins.mapped:Mapped
|
||||
|
||||
keystone.auth.token =
|
||||
keystone.auth.plugins.token.Token = keystone.auth.plugins.token:Token
|
||||
default = keystone.auth.plugins.token:Token
|
||||
|
||||
keystone.auth.x509 =
|
||||
keystone.auth.plugins.mapped.Mapped = keystone.auth.plugins.mapped:Mapped
|
||||
default = keystone.auth.plugins.mapped:Mapped
|
||||
|
||||
keystone.catalog =
|
||||
kvs = keystone.catalog.backends.kvs:Catalog
|
||||
|
|
Loading…
Reference in New Issue