Create an extras directory and add some explanatory documentation for
dealing with plugins defined in extras.
Change-Id: Ibdd6bc16f38d1b9ca38db775671876458ec60e7a
The loaders are a companion part to the authentication plugins that
assist in loading a specific plugin from options supplied via a config
file, command line arguments or other mechanisms.
The Base loaders handle the options that are common to a specific
identity authentication mechanism. They were added to the private
directory in the move from keystoneclient as they are only used by the
loaders defined in that directory and it gave us time to settle the
interfaces.
They are not expected to be private forever as they are expected to be
reused by anyone that is developing identity plugins outside of the
keystoneauth repository.
Closes-Bug: #1507423
Change-Id: I4b2fc321ae75e92509aacb15ac21e96880f2b20e
The bind information is a standard part of the token data and can be
access from auth_token middleware so it should be exposed as part of the
AccessInfo object.
Change-Id: I45fc6eeed43f335aa1d771bdf1a11257432cb85c
The create_plugin method can be called multiple times with different
version values and the generic plugin should return an object if it is
suitable. By raising an error here when you have invalid parameters it
prevents the generic handler attempting additional version options.
Change-Id: I3391c6607fc53a154e10bee7e741bf73afeae5fa
There were some basic small issues with AccessInfo accessors and it
appears that the tests were never transferred across from
keystoneclient.
Copy those tests as closely as possible.
Change-Id: I391bf23097c5a8a176a50a938c04fa259df1de12
Converting a keystoneauth Opt to an oslo_config Opt fails because we
convert the deprecated options to a real oslo_config Opt rather than a
DeprecatedOpt.
Change-Id: I1c86bec7cddcc5751e6584b381e60115b84e1d27
Closes-Bug: #1505906
In order for us to transition python-openstackclient to keystoneauth,
we need a path forward so that people can move from using the in-tree
token-endpoint plugin to just using the admin-token plugin (which is the
thing that should be used for the bootstrapping-keystone usecase)
We could do fancy things in OCC to accomplish this (I have a patch) -
but instead of doing that, which is, as Dean says, really a layer
violation, why don't we just put url in here and be done with it.
Change-Id: Ia240d9599aad0c3e6727fcde451e3ddd21bc242f
currently there is no release history for keystoneauth, though
sometimes the commits are lacking context, this automated approach
is far better than nothing.
Change-Id: I584ded3921db9ecb8cad8f99d610bd2987394501
RST parsers will throw a warning if the length doesn't match the title,
because they're less sure that you intended to create a section title.
Change-Id: I28cd4ce3f1b4468de796ab7ab3c9fa8038d5d7dc
Such an empty section is pointless when we're actually tracking features
with wishlist bugs and specs anyway. This section should never exist in
mature projects.
Change-Id: I4ee657b3795fe8dc2ae55ee2085b441650bd0b07
Using a mutable type implies that it's acceptable for the set of
publicly-accessible attributes to be mutated at runtime, which defeats
their intended purpose of documenting the public interface. Tuples are
immutable.
Change-Id: Ib3ab93224ba240040b08ece481ef5ba620c3f658
Because UnknownConnectionError is not in __all__ it doesn't get imported
into the keystoneauth1.exceptions module and so it can't be used from
the session module.
Change-Id: I16061ee55871fc0eeaab752f21637d52158055fc
Closes-Bug: #1501022
not sure what this was doing here in the first place, but the
CLI reference and man page have to go!
Change-Id: I68885014bd9c7ce2741580c8026567b698ed9361
At the moment we only have access to the loading.Opts for a plugin,
which is fine most of the time but in places like auth_token middleware
we sometimes need to manually register a plugin options.
Extend the existing function to get the options from a Loader directly
if one is passed.
Change-Id: I3fd0cead78d5cc8ee2a3d19f056b5eff15208f84
Refactor and add the existing password based plugin that exists
in keystoneclient:
https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/contrib/auth/v3/oidc.py
It's been refactored so that a base class is created with arguments
that are common to several openid connect flows.
The patch also includes support for a few auth flow called
authorization code.
Co-Authored-By: Zhao Jian <jianzj@cn.ibm.com>
Change-Id: I35db68e288e174617a05c0db3d77d5a86048fe9e
When we are missing a required option we should use option.dest rather
then option.name so a user is presented with the correct value to use
(otherwise we say auth-url is missing when auth_url is what we actually
wanted, for example).
Change-Id: Ie1d72f6969bfcebdf94619158eb94ccac3bc75ba
There are two tests for loading options for generic plugins that were in
the regular plugin folder and not the loading folder. Move them.
Change-Id: Id0b1508afd20be84fb33154c18119da3b0674c3c
Session loading is being tested as part of the base session testing
file. It should be moved into the loading folder with other loading
specific tests.
Change-Id: I42ac48553ecd7fdda0357938387e17bdaf5e80a9
A common case is for Nova (or other service) to create an admin
authentication from a CONF file and then have many greenlet threads that
want to reuse that authentication. If a token expires then many threads
all try and fetch a new token to use and can step over each other.
I was hoping for a way to put a lock in so that all plugins were thread
safe however fixing it for identity plugins solves almost all real world
situations and anyone doing non-identity plugins will have to manage
threads themselves.
Closes-Bug: #1493835
Change-Id: Ie478499a086a4b0db4fb9e5b820f6f5cd4074763
I am not sure how folks feel about this, but I think os-testr
makes failures a little easier to debug when tests fail. For
one thing you get stdout/stderr in the test output. Running a
single test is a little different:
tox -e py27 -- --regex keystoneauth1.tests.unit.identity.test_token
Change-Id: Iea05633af3708c5e9443d86c8ddf947e68c0bebe