Merge "Remove deprecated external authentication plugins"

2015-06-08 13:29:05 +00:00 · 2015-06-08 13:29:05 +00:00 · 7f76f23bcc
parent bb73bed64f b532457235
commit 7f76f23bcc
2 changed files with 0 additions and 155 deletions
--- a/keystone/auth/plugins/external.py
+++ b/keystone/auth/plugins/external.py
@ -23,7 +23,6 @@ from keystone import auth
 from keystone.common import dependency
 from keystone import exception
 from keystone.i18n import _
-from keystone.openstack.common import versionutils


 CONF = cfg.CONF
@ -100,81 +99,3 @@ class KerberosDomain(Domain):
        if auth_type != 'Negotiate':
            raise exception.Unauthorized(_("auth_type is not Negotiate"))
        return super(KerberosDomain, self)._authenticate(remote_user, context)
-
-
-class ExternalDefault(DefaultDomain):
-    """Deprecated. Please use keystone.auth.external.DefaultDomain instead."""
-
-    @versionutils.deprecated(
-        as_of=versionutils.deprecated.ICEHOUSE,
-        in_favor_of='keystone.auth.external.DefaultDomain',
-        remove_in=+1)
-    def __init__(self):
-        super(ExternalDefault, self).__init__()
-
-
-class ExternalDomain(Domain):
-    """Deprecated. Please use keystone.auth.external.Domain instead."""
-
-    @versionutils.deprecated(
-        as_of=versionutils.deprecated.ICEHOUSE,
-        in_favor_of='keystone.auth.external.Domain',
-        remove_in=+1)
-    def __init__(self):
-        super(ExternalDomain, self).__init__()
-
-
-@dependency.requires('identity_api')
-class LegacyDefaultDomain(Base):
-    """Deprecated. Please use keystone.auth.external.DefaultDomain instead.
-
-    This plugin exists to provide compatibility for the unintended behavior
-    described here: https://bugs.launchpad.net/keystone/+bug/1253484
-
-    """
-
-    @versionutils.deprecated(
-        as_of=versionutils.deprecated.ICEHOUSE,
-        in_favor_of='keystone.auth.external.DefaultDomain',
-        remove_in=+1)
-    def __init__(self):
-        super(LegacyDefaultDomain, self).__init__()
-
-    def _authenticate(self, remote_user, context):
-        """Use remote_user to look up the user in the identity backend."""
-        # NOTE(dolph): this unintentionally discards half the REMOTE_USER value
-        names = remote_user.split('@')
-        username = names.pop(0)
-        domain_id = CONF.identity.default_domain_id
-        user_ref = self.identity_api.get_user_by_name(username, domain_id)
-        return user_ref
-
-
-@dependency.requires('identity_api', 'resource_api')
-class LegacyDomain(Base):
-    """Deprecated. Please use keystone.auth.external.Domain instead."""
-
-    @versionutils.deprecated(
-        as_of=versionutils.deprecated.ICEHOUSE,
-        in_favor_of='keystone.auth.external.Domain',
-        remove_in=+1)
-    def __init__(self):
-        super(LegacyDomain, self).__init__()
-
-    def _authenticate(self, remote_user, context):
-        """Use remote_user to look up the user in the identity backend.
-
-        If remote_user contains an `@` assume that the substring before the
-        rightmost `@` is the username, and the substring after the @ is the
-        domain name.
-        """
-        names = remote_user.rsplit('@', 1)
-        username = names.pop(0)
-        if names:
-            domain_name = names[0]
-            domain_ref = self.resource_api.get_domain_by_name(domain_name)
-            domain_id = domain_ref['id']
-        else:
-            domain_id = CONF.identity.default_domain_id
-        user_ref = self.identity_api.get_user_by_name(username, domain_id)
-        return user_ref
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -1588,82 +1588,6 @@ class TestAuthExternalDisabled(test_v3.RestfulTestCase):
                          auth_context)


-class TestAuthExternalLegacyDefaultDomain(test_v3.RestfulTestCase):
-    content_type = 'json'
-
-    def auth_plugin_config_override(self):
-        super(TestAuthExternalLegacyDefaultDomain,
-              self).auth_plugin_config_override(
-            external='keystone.auth.plugins.external.LegacyDefaultDomain')
-
-    def test_remote_user_no_realm(self):
-        api = auth.controllers.Auth()
-        context, auth_info, auth_context = self.build_external_auth_request(
-            self.default_domain_user['name'])
-        api.authenticate(context, auth_info, auth_context)
-        self.assertEqual(self.default_domain_user['id'],
-                         auth_context['user_id'])
-
-    def test_remote_user_no_domain(self):
-        api = auth.controllers.Auth()
-        context, auth_info, auth_context = self.build_external_auth_request(
-            self.user['name'])
-        self.assertRaises(exception.Unauthorized,
-                          api.authenticate,
-                          context,
-                          auth_info,
-                          auth_context)
-
-
-class TestAuthExternalLegacyDomain(test_v3.RestfulTestCase):
-    content_type = 'json'
-
-    def auth_plugin_config_override(self):
-        super(TestAuthExternalLegacyDomain, self).auth_plugin_config_override(
-            external='keystone.auth.plugins.external.LegacyDomain')
-
-    def test_remote_user_with_realm(self):
-        api = auth.controllers.Auth()
-        remote_user = '%s@%s' % (self.user['name'], self.domain['name'])
-        context, auth_info, auth_context = self.build_external_auth_request(
-            remote_user)
-
-        api.authenticate(context, auth_info, auth_context)
-        self.assertEqual(self.user['id'], auth_context['user_id'])
-
-        # Now test to make sure the user name can, itself, contain the
-        # '@' character.
-        user = {'name': 'myname@mydivision'}
-        self.identity_api.update_user(self.user['id'], user)
-        remote_user = '%s@%s' % (user['name'], self.domain['name'])
-        context, auth_info, auth_context = self.build_external_auth_request(
-            remote_user)
-
-        api.authenticate(context, auth_info, auth_context)
-        self.assertEqual(self.user['id'], auth_context['user_id'])
-
-    def test_project_id_scoped_with_remote_user(self):
-        self.config_fixture.config(group='token', bind=['kerberos'])
-        auth_data = self.build_authentication_request(
-            project_id=self.project['id'])
-        remote_user = '%s@%s' % (self.user['name'], self.domain['name'])
-        self.admin_app.extra_environ.update({'REMOTE_USER': remote_user,
-                                             'AUTH_TYPE': 'Negotiate'})
-        r = self.v3_authenticate_token(auth_data)
-        token = self.assertValidProjectScopedTokenResponse(r)
-        self.assertEqual(self.user['name'], token['bind']['kerberos'])
-
-    def test_unscoped_bind_with_remote_user(self):
-        self.config_fixture.config(group='token', bind=['kerberos'])
-        auth_data = self.build_authentication_request()
-        remote_user = '%s@%s' % (self.user['name'], self.domain['name'])
-        self.admin_app.extra_environ.update({'REMOTE_USER': remote_user,
-                                             'AUTH_TYPE': 'Negotiate'})
-        r = self.v3_authenticate_token(auth_data)
-        token = self.assertValidUnscopedTokenResponse(r)
-        self.assertEqual(self.user['name'], token['bind']['kerberos'])
-
-
 class TestAuthExternalDomain(test_v3.RestfulTestCase):
    content_type = 'json'