Removal of deprecated direct driver loading

The direct loading of drivers was deprecated in Liberty and noted
to be removed in Newton. This patch cleans up the deprecation and
fixes the unit tests. Some of the example request/response json
message bodies of the domain config API were also updated to the
correct way of loading a driver now.

bp removed-as-of-rocky

Change-Id: If3f4c2303da6e264e5e0d73280cc21fa01a3cfd4

api-ref/source/v3/samples/admin/domain-config-group-option-update-response.json

@@ -1,7 +1,7 @@
 {
     "config": {
         "identity": {
-            "driver": "keystone.identity.backends.ldap.Identity"
+            "driver": "ldap"
         },
         "ldap": {
             "url": "http://myldap/my_other_root",

api-ref/source/v3/samples/admin/domain-config-group-update-response.json

@@ -1,7 +1,7 @@
 {
     "config": {
         "identity": {
-            "driver": "keystone.identity.backends.ldap.Identity"
+            "driver": "ldap"
         },
         "ldap": {
             "url": "http://myldap/my_new_root",

api-ref/source/v3/samples/admin/domain-config-show-response.json

@@ -1,7 +1,7 @@
 {
     "config": {
         "identity": {
-            "driver": "keystone.identity.backends.ldap.Identity"
+            "driver": "ldap"
         },
         "ldap": {
             "url": "http://myldap/root",

api-ref/source/v3/samples/admin/domain-config-update-response.json

@@ -1,7 +1,7 @@
 {
     "config": {
         "identity": {
-            "driver": "keystone.identity.backends.ldap.Identity"
+            "driver": "ldap"
         },
         "ldap": {
             "url": "http://myldap/my_new_root",

keystone/auth/core.py

@@ -14,8 +14,6 @@ from functools import partial
 import sys
 
 from oslo_log import log
-from oslo_log import versionutils
-from oslo_utils import importutils
 import six
 import stevedore
 
@@ -37,28 +35,15 @@ AUTH_METHODS = {}
 AUTH_PLUGINS_LOADED = False
 
 
+def _get_auth_driver_manager(namespace, plugin_name):
+    return stevedore.DriverManager(namespace, plugin_name, invoke_on_load=True)
+
+
 def load_auth_method(method):
     plugin_name = CONF.auth.get(method) or 'default'
     namespace = 'keystone.auth.%s' % method
-    try:
-        driver_manager = stevedore.DriverManager(namespace, plugin_name,
-                                                 invoke_on_load=True)
-        return driver_manager.driver
-    except RuntimeError:
-        LOG.debug('Failed to load the %s driver (%s) using stevedore, will '
-                  'attempt to load using import_object instead.',
-                  method, plugin_name)
-
-    driver = importutils.import_object(plugin_name)
-
-    msg = (_(
-        'Direct import of auth plugin %(name)r is deprecated as of Liberty in '
-        'favor of its entrypoint from %(namespace)r and may be removed in '
-        'N.') %
-        {'name': plugin_name, 'namespace': namespace})
-    versionutils.report_deprecated_feature(LOG, msg)
-
-    return driver
+    driver_manager = _get_auth_driver_manager(namespace, plugin_name)
+    return driver_manager.driver
 
 
 def load_auth_methods():

keystone/tests/unit/auth/test_controllers.py

@@ -18,7 +18,6 @@ import fixtures
 import mock
 from oslo_config import cfg
 from oslo_config import fixture as config_fixture
-from oslo_utils import importutils
 import stevedore
 from stevedore import extension
 
@@ -55,7 +54,7 @@ class TestLoadAuthMethod(unit.BaseTestCase):
             auth_plugin_namespace, plugin_name, invoke_on_load=True)
         self.assertIs(mock.sentinel.driver, driver)
 
-    def test_entrypoint_fails_import_works(self):
+    def test_entrypoint_fails(self):
         method = uuid.uuid4().hex
         plugin_name = self.getUniqueString()
 
@@ -69,37 +68,4 @@ class TestLoadAuthMethod(unit.BaseTestCase):
         self.useFixture(fixtures.MockPatchObject(
             stevedore, 'DriverManager', side_effect=RuntimeError))
 
-        self.useFixture(fixtures.MockPatchObject(
-            importutils, 'import_object', return_value=mock.sentinel.driver))
-
-        log_fixture = self.useFixture(fixtures.FakeLogger())
-
-        driver = core.load_auth_method(method)
-
-        # Loading entrypoint fails
-        self.assertIn('Direct import of auth plugin', log_fixture.output)
-
-        # Import works
-        self.assertIs(mock.sentinel.driver, driver)
-
-    def test_entrypoint_fails_import_fails(self):
-        method = uuid.uuid4().hex
-        plugin_name = self.getUniqueString()
-
-        # Register the method using the given plugin
-        cf = self.useFixture(config_fixture.Config())
-        cf.register_opt(cfg.StrOpt(method), group='auth')
-        cf.config(group='auth', **{method: plugin_name})
-
-        # stevedore.DriverManager raises RuntimeError if it can't load the
-        # driver.
-        self.useFixture(fixtures.MockPatchObject(
-            stevedore, 'DriverManager', side_effect=RuntimeError))
-
-        class TestException(Exception):
-            pass
-
-        self.useFixture(fixtures.MockPatchObject(
-            importutils, 'import_object', side_effect=TestException))
-
-        self.assertRaises(TestException, core.load_auth_method, method)
+        self.assertRaises(RuntimeError, core.load_auth_method, method)

keystone/tests/unit/test_auth_plugin.py

@@ -15,6 +15,7 @@
 import uuid
 
 import mock
+import stevedore
 
 from keystone import auth
 from keystone.auth.plugins import base
@@ -26,10 +27,6 @@ from keystone.tests.unit.ksfixtures import auth_plugins
 
 # for testing purposes only
 METHOD_NAME = 'simple_challenge_response'
-METHOD_OPTS = {
-    METHOD_NAME:
-        'keystone.tests.unit.test_auth_plugin.SimpleChallengeResponse',
-}
 EXPECTED_RESPONSE = uuid.uuid4().hex
 DEMO_USER_ID = uuid.uuid4().hex
 
@@ -66,11 +63,19 @@ class TestAuthPlugin(unit.SQLDriverOverrides, unit.TestCase):
                           auth.core.AuthInfo.create,
                           auth_data)
 
-    def test_addition_auth_steps(self):
+    @mock.patch.object(auth.core, '_get_auth_driver_manager')
+    def test_addition_auth_steps(self, stevedore_mock):
+        simple_challenge_plugin = SimpleChallengeResponse()
+        extension = stevedore.extension.Extension(
+            name='simple_challenge', entry_point=None, plugin=None,
+            obj=simple_challenge_plugin
+        )
+        test_manager = stevedore.DriverManager.make_test_instance(extension)
+        stevedore_mock.return_value = test_manager
+
         self.useFixture(
             auth_plugins.ConfigAuthPlugins(self.config_fixture,
-                                           methods=[METHOD_NAME],
-                                           **METHOD_OPTS))
+                                           methods=[METHOD_NAME]))
         self.useFixture(auth_plugins.LoadAuthPlugins(METHOD_NAME))
 
         auth_data = {'methods': [METHOD_NAME]}

keystone/tests/unit/test_v3_auth.py

@@ -3671,8 +3671,7 @@ class TestAuthExternalDefaultDomain(object):
     def config_overrides(self):
         super(TestAuthExternalDefaultDomain, self).config_overrides()
         self.kerberos = False
-        self.auth_plugin_config_override(
-            external='keystone.auth.plugins.external.DefaultDomain')
+        self.auth_plugin_config_override(external='DefaultDomain')
 
     def test_remote_user_with_default_domain(self):
         api = auth.controllers.Auth()

releasenotes/notes/removed-as-of-rocky-f44c3ba7c3e73d01.yaml

@@ -4,3 +4,8 @@ other:
     [`blueprint removed-as-of-rocky <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-rocky>`_]
     The ``sql`` token driver and ``uuid`` token providers have been removed
     in favor of the ``fernet`` token provider.
+  - >
+    [`blueprint removed-as-of-rocky <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-rocky>`_]
+    Removed support for direct import of authentication drivers. If you're
+    using full path names for authentication methods in configuration, please
+    update your configuration to use the corresponding namespaces.