Use stevedore to load authorization plugins
Add basic infrastructure to load authorization plugins with stevedore. Change-Id: I4828be6537bbe865b43ec43de41f6060ea8f2c98
This commit is contained in:
parent
549301b24b
commit
836b9e852d
|
@ -47,17 +47,20 @@ class TestAuthenticator(base.BaseAuthPlugin):
|
|||
|
||||
|
||||
def make_authenticate(opts):
|
||||
return authenticator.create(
|
||||
username=opts.username,
|
||||
password=opts.password,
|
||||
token=opts.token,
|
||||
auth_url=opts.auth_url,
|
||||
version=opts.identity_api_version,
|
||||
project_name=opts.project_name,
|
||||
domain_name=opts.domain_name,
|
||||
project_domain_name=opts.project_domain_name,
|
||||
user_domain_name=opts.user_domain_name,
|
||||
)
|
||||
args = {
|
||||
'auth_plugin': opts.auth_plugin,
|
||||
'auth_url': opts.auth_url,
|
||||
'project_name': opts.project_name,
|
||||
'domain_name': opts.domain_name,
|
||||
'project_domain_name': opts.project_domain_name,
|
||||
'user_domain_name': opts.user_domain_name,
|
||||
'user_name': opts.user_name,
|
||||
'password': opts.password,
|
||||
'region_name': opts.region_name,
|
||||
'verify': opts.verify,
|
||||
'token': opts.token,
|
||||
}
|
||||
return authenticator.create(**args)
|
||||
|
||||
|
||||
def run_authenticate(opts):
|
||||
|
|
|
@ -116,6 +116,13 @@ def option_parser():
|
|||
parser = argparse.ArgumentParser(
|
||||
description='A demonstration framework')
|
||||
# Global arguments
|
||||
parser.add_argument(
|
||||
'--os-auth-plugin',
|
||||
dest='auth_plugin',
|
||||
metavar='<auth-plugin>',
|
||||
default=env('OS_AUTH_PLUGIN', default='identity_v3'),
|
||||
help='Authentication plugin (Env: OS_AUTH_PLUGIN)',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--os-auth-url',
|
||||
dest='auth_url',
|
||||
|
@ -157,7 +164,7 @@ def option_parser():
|
|||
)
|
||||
parser.add_argument(
|
||||
'--os-username',
|
||||
dest='username',
|
||||
dest='user_name',
|
||||
metavar='<auth-username>',
|
||||
default=env('OS_USERNAME'),
|
||||
help='Authentication username (Env: OS_USERNAME)',
|
||||
|
@ -194,15 +201,6 @@ def option_parser():
|
|||
action='store_false',
|
||||
help='Disable server certificate verification',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--os-identity-api-version',
|
||||
dest='identity_api_version',
|
||||
metavar='<identity-api-version>',
|
||||
default=env(
|
||||
'OS_IDENTITY_API_VERSION',
|
||||
default=None),
|
||||
help='Force Identity API version (Env: OS_IDENTITY_API_VERSION)',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--os-token',
|
||||
dest='token',
|
||||
|
|
|
@ -28,19 +28,23 @@ from openstack import session
|
|||
|
||||
|
||||
def make_session(opts):
|
||||
args = {
|
||||
'auth_plugin': opts.auth_plugin,
|
||||
'auth_url': opts.auth_url,
|
||||
'project_name': opts.project_name,
|
||||
'domain_name': opts.domain_name,
|
||||
'project_domain_name': opts.project_domain_name,
|
||||
'user_domain_name': opts.user_domain_name,
|
||||
'user_name': opts.user_name,
|
||||
'password': opts.password,
|
||||
'region_name': opts.region_name,
|
||||
'verify': opts.verify,
|
||||
'token': opts.token,
|
||||
}
|
||||
return session.Session.create(
|
||||
username=opts.username,
|
||||
password=opts.password,
|
||||
token=opts.token,
|
||||
auth_url=opts.auth_url,
|
||||
version=opts.identity_api_version,
|
||||
project_name=opts.project_name,
|
||||
domain_name=opts.domain_name,
|
||||
project_domain_name=opts.project_domain_name,
|
||||
user_domain_name=opts.user_domain_name,
|
||||
verify=opts.verify,
|
||||
user_agent='SDKExample',
|
||||
region=opts.region_name,
|
||||
**args
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -10,60 +10,43 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from openstack.auth.identity import v2
|
||||
from openstack.auth.identity import v3
|
||||
from openstack import exceptions
|
||||
|
||||
from stevedore import driver
|
||||
|
||||
def create(username=None, password=None, token=None, auth_url=None,
|
||||
version=None, project_name=None, domain_name=None,
|
||||
project_domain_name=None, user_domain_name=None):
|
||||
|
||||
def create(auth_plugin=None, **auth_args):
|
||||
"""Temporary code for creating an authenticator
|
||||
|
||||
This is temporary code to create an authenticator. This code will be
|
||||
removed in the future.
|
||||
|
||||
:param string username: User name for authentication.
|
||||
:param string password: Password associated with the user.
|
||||
:param string token: Authentication token to use if available.
|
||||
:param string auth_url: The URL to use for authentication.
|
||||
:param string version: Version of authentication to use.
|
||||
:param string project_name: Project name to athenticate.
|
||||
:param string domain_name: Domain name to athenticate.
|
||||
:param string project_domain_name: Project domain name to athenticate.
|
||||
:param string user_domain_name: User domain name to athenticate.
|
||||
:param string auth_plugin: Name of authentication plugin to use.
|
||||
:param auth_args: Arguments for auth plugin.
|
||||
|
||||
:returns string: An authenticator.
|
||||
"""
|
||||
if auth_url is None:
|
||||
msg = ("auth_url wasn't provided.")
|
||||
raise exceptions.AuthorizationFailure(msg)
|
||||
|
||||
endpoint_version = auth_url.split('v')[-1]
|
||||
if version is None:
|
||||
version = endpoint_version
|
||||
if auth_plugin is None:
|
||||
if 'auth_url' not in auth_args:
|
||||
msg = ("auth_url was not provided.")
|
||||
raise exceptions.AuthorizationFailure(msg)
|
||||
auth_url = auth_args['auth_url']
|
||||
endpoint_version = auth_url.split('v')[-1][0]
|
||||
if endpoint_version == '2':
|
||||
auth_plugin = 'identity_v2'
|
||||
else:
|
||||
auth_plugin = 'identity_v3'
|
||||
|
||||
version = version.lower().replace('v', '')
|
||||
version = version.split('.')[0]
|
||||
if version == '3':
|
||||
args = {'user_name': username, 'password': password}
|
||||
if project_name:
|
||||
args['project_name'] = project_name
|
||||
if domain_name:
|
||||
args['domain_name'] = domain_name
|
||||
if project_domain_name:
|
||||
args['project_domain_name'] = project_domain_name
|
||||
if user_domain_name:
|
||||
args['user_domain_name'] = user_domain_name
|
||||
if token:
|
||||
args['token'] = token
|
||||
return v3.Auth(auth_url, **args)
|
||||
elif version == '2':
|
||||
args = {'user_name': username, 'password': password}
|
||||
if project_name:
|
||||
args['project_name'] = project_name
|
||||
if token:
|
||||
args['token'] = token
|
||||
return v2.Auth(auth_url, **args)
|
||||
msg = ("No support for identity version: %s" % version)
|
||||
raise exceptions.NoMatchingPlugin(msg)
|
||||
mgr = driver.DriverManager(
|
||||
namespace="openstack.auth.plugin",
|
||||
name=auth_plugin,
|
||||
invoke_on_load=False,
|
||||
)
|
||||
plugin = mgr.driver
|
||||
valid_list = plugin.valid_options
|
||||
args = {}
|
||||
for k in valid_list:
|
||||
if k in auth_args:
|
||||
args[k] = auth_args[k]
|
||||
return plugin(**args)
|
||||
|
|
|
@ -39,24 +39,9 @@ class Session(object):
|
|||
self.preference = preference
|
||||
|
||||
@classmethod
|
||||
def create(cls, username=None, password=None, token=None, auth_url=None,
|
||||
version=None, project_name=None, verify=None, user_agent=None,
|
||||
region=None, domain_name=None, project_domain_name=None,
|
||||
user_domain_name=None):
|
||||
xport = transport.Transport(verify=verify, user_agent=user_agent)
|
||||
args = {
|
||||
'username': username,
|
||||
'password': password,
|
||||
'token': token,
|
||||
'auth_url': auth_url,
|
||||
'project_name': project_name,
|
||||
'domain_name': domain_name,
|
||||
'project_domain_name': project_domain_name,
|
||||
'user_domain_name': user_domain_name,
|
||||
}
|
||||
if version:
|
||||
args['version'] = version
|
||||
auth = authenticator.create(**args)
|
||||
def create(cls, verify=True, region=None, **auth_args):
|
||||
xport = transport.Transport(verify=verify)
|
||||
auth = authenticator.create(**auth_args)
|
||||
preference = service_filter.ServiceFilter(region=region)
|
||||
return cls(xport, auth, preference=preference)
|
||||
|
||||
|
|
|
@ -18,11 +18,11 @@ from openstack.tests import base
|
|||
class TestAuthenticatorCreate(base.TestCase):
|
||||
def test_create_3_password(self):
|
||||
auth = authenticator.create(
|
||||
username='1',
|
||||
user_name='1',
|
||||
password='2',
|
||||
token=None,
|
||||
auth_url='4',
|
||||
version='3',
|
||||
auth_plugin='identity_v3',
|
||||
project_name='6',
|
||||
domain_name='7',
|
||||
project_domain_name='8',
|
||||
|
@ -38,11 +38,11 @@ class TestAuthenticatorCreate(base.TestCase):
|
|||
|
||||
def test_create_3_token(self):
|
||||
auth = authenticator.create(
|
||||
username='1',
|
||||
user_name='1',
|
||||
password='2',
|
||||
token='3',
|
||||
auth_url='4',
|
||||
version='3',
|
||||
auth_plugin='identity_v3',
|
||||
project_name='6',
|
||||
)
|
||||
self.assertEqual('3', auth.auth_methods[0].token)
|
||||
|
@ -50,11 +50,11 @@ class TestAuthenticatorCreate(base.TestCase):
|
|||
|
||||
def test_create_2_password(self):
|
||||
auth = authenticator.create(
|
||||
username='1',
|
||||
user_name='1',
|
||||
password='2',
|
||||
token=None,
|
||||
auth_url='4',
|
||||
version='2',
|
||||
auth_plugin='identity_v2',
|
||||
project_name='6',
|
||||
)
|
||||
self.assertEqual('1', auth.user_name)
|
||||
|
@ -64,11 +64,11 @@ class TestAuthenticatorCreate(base.TestCase):
|
|||
|
||||
def test_create_2_token(self):
|
||||
auth = authenticator.create(
|
||||
username='1',
|
||||
user_name='1',
|
||||
password='2',
|
||||
token='3',
|
||||
auth_url='4',
|
||||
version='2',
|
||||
auth_plugin='identity_v2',
|
||||
project_name='6',
|
||||
)
|
||||
self.assertEqual('3', auth.token)
|
||||
|
@ -76,13 +76,13 @@ class TestAuthenticatorCreate(base.TestCase):
|
|||
|
||||
def test_create_bogus(self):
|
||||
self.assertRaises(
|
||||
exceptions.NoMatchingPlugin,
|
||||
RuntimeError,
|
||||
authenticator.create,
|
||||
username='1',
|
||||
user_name='1',
|
||||
password='2',
|
||||
token='3',
|
||||
auth_url='4',
|
||||
version='99',
|
||||
auth_plugin='identity_v99',
|
||||
project_name='6',
|
||||
)
|
||||
|
||||
|
@ -97,14 +97,14 @@ class TestAuthenticatorCreate(base.TestCase):
|
|||
project_name='6',
|
||||
)
|
||||
|
||||
def test_create_no_version_2(self):
|
||||
def test_create_2(self):
|
||||
auth = authenticator.create(token='1', auth_url='url/v2.0')
|
||||
self.assertTrue('v2' in str(auth))
|
||||
|
||||
def test_create_no_version_3(self):
|
||||
def test_create_3(self):
|
||||
auth = authenticator.create(token='1', auth_url='url/v3.0')
|
||||
self.assertTrue('v3' in str(auth))
|
||||
|
||||
def test_create_version_unlike_auth_url(self):
|
||||
auth = authenticator.create(token='1', version='2', auth_url='url/v3')
|
||||
self.assertTrue('v2' in str(auth))
|
||||
def test_create_unlike(self):
|
||||
auth = authenticator.create(token='1', auth_url='url/somethingelse')
|
||||
self.assertTrue('v3' in str(auth))
|
||||
|
|
|
@ -86,18 +86,16 @@ class TestSession(base.TestCase):
|
|||
class TestSessionCreate(base.TestCase):
|
||||
def test_create(self):
|
||||
sess = session.Session.create(
|
||||
username='1',
|
||||
user_name='1',
|
||||
password='2',
|
||||
token=None,
|
||||
auth_url='4',
|
||||
version='3',
|
||||
auth_plugin='identity_v3',
|
||||
project_name='6',
|
||||
verify='7',
|
||||
user_agent='9',
|
||||
region='10',
|
||||
)
|
||||
self.assertEqual('1', sess.authenticator.auth_methods[0].user_name)
|
||||
self.assertEqual('2', sess.authenticator.auth_methods[0].password)
|
||||
self.assertEqual('7', sess.transport.verify)
|
||||
self.assertEqual('9', sess.transport._user_agent)
|
||||
self.assertEqual('10', sess.preference.region)
|
||||
|
|
|
@ -4,3 +4,4 @@
|
|||
pbr>=0.6,!=0.7,<1.0
|
||||
iso8601>=0.1.9
|
||||
requests>=1.2.1,!=2.4.0
|
||||
stevedore>=1.0.0 # Apache-2.0
|
||||
|
|
Loading…
Reference in New Issue