openstack/keystone
Code Issues Proposed changes

Merge "Remove support for loading auth plugin by class"

Browse Source
This commit is contained in:
Jenkins 2015-05-12 01:42:34 +00:00 committed by Gerrit Code Review
commit 147afbb213
7 changed files with 6 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
keystone/auth/controllers.py
View File

@ -51,27 +51,9 @@ def load_auth_methods():
# have setup all the appropriate configuration options we may need.
config.setup_authentication()
for plugin in set(CONF.auth.methods):
if '.' in plugin:
# NOTE(morganfainberg): if '.' is in the plugin name, it should be
# imported rather than used as a plugin identifier.
plugin_class = plugin
driver = importutils.import_object(plugin)
if not hasattr(driver, 'method'):
raise ValueError(_('Cannot load an auth-plugin by class-name '
'without a "method" attribute defined: %s'),
plugin_class)
LOG.info(_LI('Loading auth-plugins by class-name is deprecated.'))
plugin_name = driver.method
else:
plugin_name = plugin
plugin_class = CONF.auth[plugin]
driver = importutils.import_object(plugin_class)
if plugin_name in AUTH_METHODS:
raise ValueError(_('Auth plugin %(plugin)s is requesting '
'previously registered method %(method)s') %
{'plugin': plugin_class, 'method': driver.method})
AUTH_METHODS[plugin_name] = driver
plugin_class = CONF.auth[plugin]
driver = importutils.import_object(plugin_class)
AUTH_METHODS[plugin] = driver
AUTH_PLUGINS_LOADED = True

5
keystone/auth/plugins/external.py
View File

@ -31,9 +31,6 @@ CONF = cfg.CONF
@six.add_metaclass(abc.ABCMeta)
class Base(auth.AuthMethodHandler):
method = 'external'
def authenticate(self, context, auth_info, auth_context):
"""Use REMOTE_USER to look up the user in the identity backend.
@ -99,8 +96,6 @@ class Domain(Base):
@dependency.requires('assignment_api', 'identity_api')
class KerberosDomain(Domain):
"""Allows `kerberos` as a method."""
method = 'kerberos'
def _authenticate(self, remote_user, context):
auth_type = context['environment'].get('AUTH_TYPE')
if auth_type != 'Negotiate':

3
keystone/auth/plugins/oauth1.py
View File

@ -29,9 +29,6 @@ LOG = log.getLogger(__name__)
@dependency.requires('oauth_api')
class OAuth(auth.AuthMethodHandler):
method = 'oauth1'
def authenticate(self, context, auth_info, auth_context):
"""Turn a signed request with an access key into a keystone token."""

4
keystone/auth/plugins/password.py
View File

@ -29,11 +29,9 @@ LOG = log.getLogger(__name__)
@dependency.requires('identity_api')
class Password(auth.AuthMethodHandler):
method = METHOD_NAME
def authenticate(self, context, auth_payload, auth_context):
"""Try to authenticate against the identity backend."""
user_info = auth_plugins.UserAuthInfo.create(auth_payload, self.method)
user_info = auth_plugins.UserAuthInfo.create(auth_payload, METHOD_NAME)
# FIXME(gyee): identity.authenticate() can use some refactoring since
# all we care is password matches

3
keystone/auth/plugins/saml2.py
View File

@ -23,5 +23,4 @@ This plugin subclasses mapped.Mapped, and may be specified in keystone.conf:
class Saml2(mapped.Mapped):
method = 'saml2'
pass

4
keystone/auth/plugins/token.py
View File

@ -33,8 +33,6 @@ CONF = cfg.CONF
@dependency.requires('federation_api', 'identity_api', 'token_provider_api')
class Token(auth.AuthMethodHandler):
method = 'token'
def _get_token_ref(self, auth_payload):
token_id = auth_payload['id']
response = self.token_provider_api.validate_token(token_id)
@ -44,7 +42,7 @@ class Token(auth.AuthMethodHandler):
def authenticate(self, context, auth_payload, user_context):
if 'id' not in auth_payload:
raise exception.ValidationError(attribute='id',
target=self.method)
target='token')
token_ref = self._get_token_ref(auth_payload)
if token_ref.is_federated_user and self.federation_api:
mapped.handle_scoped_token(

36
keystone/tests/unit/test_auth_plugin.py
View File

@ -28,9 +28,6 @@ DEMO_USER_ID = uuid.uuid4().hex
class SimpleChallengeResponse(auth.AuthMethodHandler):
method = METHOD_NAME
def authenticate(self, context, auth_payload, user_context):
if 'response' in auth_payload:
if auth_payload['response'] != EXPECTED_RESPONSE:
@ -40,20 +37,6 @@ class SimpleChallengeResponse(auth.AuthMethodHandler):
return {"challenge": "What's the name of your high school?"}
class DuplicateAuthPlugin(SimpleChallengeResponse):
"""Duplicate simple challenge response auth plugin."""
class MismatchedAuthPlugin(SimpleChallengeResponse):
method = uuid.uuid4().hex
class NoMethodAuthPlugin(auth.AuthMethodHandler):
"""An auth plugin that does not supply a method attribute."""
def authenticate(self, context, auth_payload, auth_context):
pass
class TestAuthPlugin(tests.SQLDriverOverrides, tests.TestCase):
def setUp(self):
super(TestAuthPlugin, self).setUp()
@ -145,25 +128,6 @@ class TestAuthPluginDynamicOptions(TestAuthPlugin):
return config_files
class TestInvalidAuthMethodRegistration(tests.TestCase):
def test_duplicate_auth_method_registration(self):
self.config_fixture.config(
group='auth',
methods=[
'keystone.tests.unit.test_auth_plugin.SimpleChallengeResponse',
'keystone.tests.unit.test_auth_plugin.DuplicateAuthPlugin'])
self.clear_auth_plugin_registry()
self.assertRaises(ValueError, auth.controllers.load_auth_methods)
def test_no_method_attribute_auth_method_by_class_name_registration(self):
self.config_fixture.config(
group='auth',
methods=['keystone.tests.unit.test_auth_plugin.NoMethodAuthPlugin']
)
self.clear_auth_plugin_registry()
self.assertRaises(ValueError, auth.controllers.load_auth_methods)
class TestMapped(tests.TestCase):
def setUp(self):
super(TestMapped, self).setUp()