Remove extraenous instantiations of managers

There were cases where a number of the API managers were being
instantiated more than one time. This could cause a number of
odd edge cases where the managers would have different
configurations and/or different dependency injection results.

The managers should now be properly instantiated only once
unless explicitly required (e.g. testing the token provider
manager raises an exception in badly configured states).

Closes-Bug: #1294994
Change-Id: I1babb065065cb5b06899f59568020a1c38f1156c

keystone/auth/plugins/token.py

@@ -13,30 +13,28 @@
 # under the License.
 
 from keystone import auth
+from keystone.common import dependency
 from keystone.common import wsgi
 from keystone import exception
 from keystone.openstack.common import log
 from keystone.openstack.common import timeutils
-from keystone.token import provider
 
 
 LOG = log.getLogger(__name__)
 
 
+@dependency.requires('token_provider_api')
 class Token(auth.AuthMethodHandler):
 
     method = 'token'
 
-    def __init__(self):
-        self.provider = provider.Manager()
-
     def authenticate(self, context, auth_payload, user_context):
         try:
             if 'id' not in auth_payload:
                 raise exception.ValidationError(attribute='id',
                                                 target=self.method)
             token_id = auth_payload['id']
-            response = self.provider.validate_token(token_id)
+            response = self.token_provider_api.validate_token(token_id)
             # For V3 tokens, the essential data is under the 'token' value.
             # For V2, the comparable data was nested under 'access'.
             token_ref = response.get('token', response.get('access'))

keystone/tests/test_auth.py

@@ -73,9 +73,6 @@ class AuthTest(tests.TestCase):
         self.load_backends()
         self.load_fixtures(default_fixtures)
 
-        # need to register the token provider first because auth controller
-        # depends on it
-        token.provider.Manager()
         self.context_with_remote_user = {'environment':
                                          {'REMOTE_USER': 'FOO',
                                           'AUTH_TYPE': 'Negotiate'}}
@@ -645,7 +642,6 @@ class AuthWithTrust(AuthTest):
     def setUp(self):
         super(AuthWithTrust, self).setUp()
 
-        trust.Manager()
         self.trust_controller = trust.controllers.TrustV3()
         self.auth_v3_controller = auth.controllers.Auth()
         self.trustor = self.user_foo

keystone/tests/test_auth_plugin.py

@@ -18,7 +18,6 @@ from keystone import auth
 from keystone.common import config
 from keystone import exception
 from keystone import tests
-from keystone import token
 
 
 # for testing purposes only
@@ -59,10 +58,6 @@ class TestAuthPlugin(tests.SQLDriverOverrides, tests.TestCase):
         super(TestAuthPlugin, self).setUp()
         self.load_backends()
 
-        # need to register the token provider first because auth controller
-        # depends on it
-        token.provider.Manager()
-
         self.api = auth.controllers.Auth()
 
     def config_files(self):

keystone/tests/test_sql_upgrade.py

@@ -43,7 +43,6 @@ from keystone.common.sql import migration_helpers
 from keystone.common import utils
 from keystone import config
 from keystone.contrib import federation
-from keystone import credential
 from keystone import exception
 from keystone.openstack.common.db import exception as db_exception
 from keystone.openstack.common.db.sqlalchemy import migration
@@ -1406,11 +1405,9 @@ class SqlUpgradeTests(SqlMigrateBase):
             id=expected_credential_id).one()
         self.assertEqual(cred.user_id, ec2_credential['user_id'])
         self.assertEqual(cred.project_id, ec2_credential['tenant_id'])
-        # test list credential using credential manager.
-        credential_api = credential.Manager()
-        self.assertNotEmpty(credential_api.
-                            list_credentials(
-                                user_id=ec2_credential['user_id']))
+        credential_list = session.query(cred_table).filter_by(
+            user_id=ec2_credential['user_id']).all()
+        self.assertNotEmpty(credential_list)
         self.downgrade(32)
         session.commit()
         self.assertTableExists('ec2_credential')

keystone/tests/test_token_provider.py

@@ -729,22 +729,12 @@ class TestTokenProvider(tests.TestCase):
         self.config_fixture.config(group='signing', token_format='UUID')
         self.config_fixture.config(group='token',
                                    provider=token.provider.PKI_PROVIDER)
-        try:
-            token.provider.Manager()
-            raise Exception(
-                'expecting ValueError on token provider misconfiguration')
-        except exception.UnexpectedError:
-            pass
+        self.assertRaises(exception.UnexpectedError, token.provider.Manager)
 
         self.config_fixture.config(group='signing', token_format='PKI')
         self.config_fixture.config(group='token',
                                    provider=token.provider.UUID_PROVIDER)
-        try:
-            token.provider.Manager()
-            raise Exception(
-                'expecting ValueError on token provider misconfiguration')
-        except exception.UnexpectedError:
-            pass
+        self.assertRaises(exception.UnexpectedError, token.provider.Manager)
 
         # should be OK as token_format and provider aligns
         self.config_fixture.config(group='signing', token_format='PKI')
@@ -828,14 +818,22 @@ class TestTokenProvider(tests.TestCase):
             None,
             self.token_provider_api._is_valid_token(create_v3_token()))
 
-    def test_uuid_provider_no_oauth_fails_oauth(self):
-        self.load_fixtures(default_fixtures)
+
+class TestTokenProviderOAuth1(tests.TestCase):
+    def setUp(self):
+        super(TestTokenProviderOAuth1, self).setUp()
+        self.load_backends()
+
+    def config_overrides(self):
+        super(TestTokenProviderOAuth1, self).config_overrides()
         self.config_fixture.config(group='token',
                                    provider=token.provider.UUID_PROVIDER)
-        driver = token.provider.Manager().driver
-        driver.oauth_api = None
+
+    def test_uuid_provider_no_oauth_fails_oauth(self):
+        self.load_fixtures(default_fixtures)
+        self.token_provider_api.driver.oauth_api = None
         self.assertRaises(exception.Forbidden,
-                          driver.issue_v3_token,
+                          self.token_provider_api.driver.issue_v3_token,
                           self.user_foo['id'], ['oauth1'])
 
 

keystone/token/providers/common.py

@@ -25,7 +25,6 @@ from keystone import exception
 from keystone.openstack.common.gettextutils import _
 from keystone import token
 from keystone.token import provider
-from keystone import trust
 
 
 from keystone.openstack.common import log
@@ -136,8 +135,8 @@ class V2TokenDataHelper(object):
 class V3TokenDataHelper(object):
     """Token data helper."""
     def __init__(self):
-        if CONF.trust.enabled:
-            self.trust_api = trust.Manager()
+        # Keep __init__ around to ensure dependency injection works.
+        super(V3TokenDataHelper, self).__init__()
 
     def _get_filtered_domain(self, domain_id):
         domain_ref = self.assignment_api.get_domain(domain_id)
@@ -361,8 +360,6 @@ class V3TokenDataHelper(object):
 class BaseProvider(provider.Provider):
     def __init__(self, *args, **kwargs):
         super(BaseProvider, self).__init__(*args, **kwargs)
-        if CONF.trust.enabled:
-            self.trust_api = trust.Manager()
         self.v3_token_data_helper = V3TokenDataHelper()
         self.v2_token_data_helper = V2TokenDataHelper()