Session loading is being tested as part of the base session testing
file. It should be moved into the loading folder with other loading
specific tests.
Change-Id: I42ac48553ecd7fdda0357938387e17bdaf5e80a9
A common case is for Nova (or other service) to create an admin
authentication from a CONF file and then have many greenlet threads that
want to reuse that authentication. If a token expires then many threads
all try and fetch a new token to use and can step over each other.
I was hoping for a way to put a lock in so that all plugins were thread
safe however fixing it for identity plugins solves almost all real world
situations and anyone doing non-identity plugins will have to manage
threads themselves.
Closes-Bug: #1493835
Change-Id: Ie478499a086a4b0db4fb9e5b820f6f5cd4074763
There are cases, such as os_auth in ansible, where a user wants to
be able to get at the raw catalog content. This is often extremely
useful when debugging cloud applications.
Change-Id: Ibe51b5f1a4b1d93efb6076b5f97b0fd10376cd16
I noticed a lot of tests were still in directories from
the past and things were not as easy as you might hope to find.
Change-Id: Iae3d75cee9f48a09d2c9aa2a5b18301b4832bef0
Raise meaningful discovery exception for v2 with domain scope.
Previously, the exception reported the vague message:
Exception raised: Could not determine a suitable URL for the plugin
Now:
Exception raised: Cannot use v2 authentication with domain scope
Change-Id: I5cf509c24863b35deca8d13fa5655f3665c3b29a
This was something that OSC has pushed for a long time now, and it's
better to be consistent than worry about wording.
Change --os-auth-plugin and auth_plugin= in CONF to be --os-auth-type
and auth_type= by default. We deprecated (but will probably keep for a
long time) the auth_plugin name.
Change-Id: I9748aeb4a490f88c73ef22ebe49e9b4ac6af78cd
Now we have loading functions for both auth and session we want to mix
them into the same loading namespace so that users only have to import
one thing. To do this we need to disambiguate the names as they are
purposefully similar.
Change-Id: Ic6b874bc878e72c0399f4ad91a8dcbe9e014576e
The functions in loading.conf should return oslo.config options as the
descriptions say. These are often used by services to register
additional config options.
Change-Id: I9d7711b6ff2426e66e6d0c9d457dbb0029d67c12
In the generic password loader plugin, where you don't know if it's
tenant or project - we still want to indicate that tenant and in fact v2
are the wrong way to think about things anymore.
Change-Id: I7b3d9ba7937c20aa56ba8ade4460e49cf6f8524b
For v3 if you provide project_name or user_name without the
corresponding id it is going to fail. To get around this OSC and OCC
have been doing pre plugin loading validation checks.
Now that loading is separate from the plugin itself it makes sense that
we can enforce certain requirements on plugin loaders such that only
valid configurations may be loaded.
Change-Id: Ife6ff07214d702d76ce8b1d0e87f60f732aa0230
Provide a parameters for testing if scoping options were provided to a
parameter. This will allow for consumers like OSC to provide an early
earning message if the plugin they have loaded has no scoping
parameters and they are trying to make calls against non keystone
services.
Change-Id: I9c2595ac96fc320f4d41622b34f72ca11dc7efcb
get_available_loaders is a way to fetch all loader objects on a system
so that something like OSC can enumerate them without having to copy the
stevedore entry point.
Now that loaders are objects and not the plugin classes themselves we
should return the loader objects.
Change-Id: I6592c78a80f77f307e7940c5f1b71767f7b59842
Change options requirement testing so that it is performed on the base
load_from_options method. This will mean it gets shared between all
loading mechanisms.
I removed the verify_auth function because it is a bit too specific to
the OSC/OCC case. auth_type is not something that is part of
keystoneauth. I also modified the exception as it should no longer take
the plugin name as this would be knowledge any calling function has.
OSC/OCC could use this function to implement a higher level error
message, but I think it should be keystoneauth's responsibility to
validate auth plugins and they should just offload the options.
Change-Id: I1531b95562382e955fab44d01e7ba705d26d352f
The loading tests still relied upon some base classes from the auth/
test area that were no longer being used over there. Move them into
there own loading.utils file.
Change-Id: Iee31f49b292018dc0c37621aac3a267680f3e31c
While completing review https://review.openstack.org/#/c/207585
several issues were noted that apply equally to this plugin.
It's important that the ksa and ksc versions of this plugin remain
in sync.
This patch addresses the following issues:
- don't use str()
- clarify what the sp id is
- include docstrings where appropriate
- don't define a new constant for 302
bp k2k-auth-plugin
Change-Id: Ic86d6a62af53005790f637a3b572b6a19350182b
The intention with putting load_from_conf_options and
load_form_argparse_arguments on the plugin object was so that a plugin
could specify refinements for how you load from CLI or similar. This was
ok whilst keystoneauth/keystoneclient controlled all the loading
mechanisms but with openstack-client-config this scheme wouldn't work.
Remove the methods from the classes (keep the methods a user would use)
until we can figure out a more extensible way for a plugin to specify
loading refinements.
Change-Id: I13c3fc2819f95cb95de5e7e8ba9f0a055d69ebf1
Session loading is a bit more complicated than plugins because people
like OSC override it. We still want the loader class but for most cases
we just want to use standard methods so we provide both.
Move from passing to base load_from_argparse_arguments and
load_from_conf_options as these are going away.
Change-Id: I7fb0d4977b97b3c0c1745b634c2c8827a863a7da
The plugin loading tests weren't being run because there was no
__init__.py in the loading folder. Add the file and fix the test
breakages that we have otherwise missed.
Change-Id: If5aae690774c47794b5ba3af91878d9fcfacacb6
As keystoneauth comes out with new releases, it would be
convenient if the logger name did not change.
Change-Id: Ica4102db27fa6cd2a3eaa1dac647abe02b4543a2
The v2 prefix is implied by the file they are in and this is the name
that is referenced from the setup.cfg entrypoint.
Change-Id: I40723f4639be4a14d9c72fb7e1836bcb80b9b967
Do not log binary data during debug logging of a session.
Replace the binary data with the string <binary_data> instead.
Change-Id: I5184002f3a21c5e0ee510b21b9a7884c8dccd1e3
In https://review.openstack.org/#/c/212670/ there was some
discussion about cleaning up these exception messages. Here
it is.
Change-Id: I6bf1d7351f5fd90451f6d0d7c7e2575e584cbc62
Processing a parameter dict and extracting the declared parameters for
the given auth plugin is clearly in the problem domain of keystoneauth.
It's also just simple data transformations. Move it here.
Change-Id: I6da32fee4061ab31207cb06503ec78bb45629fb2
