Use stevedore to load authorization plugins

Add basic infrastructure to load authorization plugins with
stevedore.

Change-Id: I4828be6537bbe865b43ec43de41f6060ea8f2c98

examples/authenticate.py

@@ -47,17 +47,20 @@ class TestAuthenticator(base.BaseAuthPlugin):
 
 
 def make_authenticate(opts):
-    return authenticator.create(
-        username=opts.username,
-        password=opts.password,
-        token=opts.token,
-        auth_url=opts.auth_url,
-        version=opts.identity_api_version,
-        project_name=opts.project_name,
-        domain_name=opts.domain_name,
-        project_domain_name=opts.project_domain_name,
-        user_domain_name=opts.user_domain_name,
-    )
+    args = {
+        'auth_plugin': opts.auth_plugin,
+        'auth_url': opts.auth_url,
+        'project_name': opts.project_name,
+        'domain_name': opts.domain_name,
+        'project_domain_name': opts.project_domain_name,
+        'user_domain_name': opts.user_domain_name,
+        'user_name': opts.user_name,
+        'password': opts.password,
+        'region_name': opts.region_name,
+        'verify': opts.verify,
+        'token': opts.token,
+    }
+    return authenticator.create(**args)
 
 
 def run_authenticate(opts):

examples/common.py

@@ -116,6 +116,13 @@ def option_parser():
     parser = argparse.ArgumentParser(
         description='A demonstration framework')
     # Global arguments
+    parser.add_argument(
+        '--os-auth-plugin',
+        dest='auth_plugin',
+        metavar='<auth-plugin>',
+        default=env('OS_AUTH_PLUGIN', default='identity_v3'),
+        help='Authentication plugin (Env: OS_AUTH_PLUGIN)',
+    )
     parser.add_argument(
         '--os-auth-url',
         dest='auth_url',
@@ -157,7 +164,7 @@ def option_parser():
     )
     parser.add_argument(
         '--os-username',
-        dest='username',
+        dest='user_name',
         metavar='<auth-username>',
         default=env('OS_USERNAME'),
         help='Authentication username (Env: OS_USERNAME)',
@@ -194,15 +201,6 @@ def option_parser():
         action='store_false',
         help='Disable server certificate verification',
     )
-    parser.add_argument(
-        '--os-identity-api-version',
-        dest='identity_api_version',
-        metavar='<identity-api-version>',
-        default=env(
-            'OS_IDENTITY_API_VERSION',
-            default=None),
-        help='Force Identity API version (Env: OS_IDENTITY_API_VERSION)',
-    )
     parser.add_argument(
         '--os-token',
         dest='token',

examples/session.py

@@ -28,19 +28,23 @@ from openstack import session
 
 
 def make_session(opts):
+    args = {
+        'auth_plugin': opts.auth_plugin,
+        'auth_url': opts.auth_url,
+        'project_name': opts.project_name,
+        'domain_name': opts.domain_name,
+        'project_domain_name': opts.project_domain_name,
+        'user_domain_name': opts.user_domain_name,
+        'user_name': opts.user_name,
+        'password': opts.password,
+        'region_name': opts.region_name,
+        'verify': opts.verify,
+        'token': opts.token,
+    }
     return session.Session.create(
-        username=opts.username,
-        password=opts.password,
-        token=opts.token,
-        auth_url=opts.auth_url,
-        version=opts.identity_api_version,
-        project_name=opts.project_name,
-        domain_name=opts.domain_name,
-        project_domain_name=opts.project_domain_name,
-        user_domain_name=opts.user_domain_name,
-        verify=opts.verify,
         user_agent='SDKExample',
         region=opts.region_name,
+        **args
     )
 
 

openstack/auth/identity/authenticator.py

@@ -10,60 +10,43 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-from openstack.auth.identity import v2
-from openstack.auth.identity import v3
 from openstack import exceptions
 
+from stevedore import driver
 
-def create(username=None, password=None, token=None, auth_url=None,
-           version=None, project_name=None, domain_name=None,
-           project_domain_name=None, user_domain_name=None):
+
+def create(auth_plugin=None, **auth_args):
     """Temporary code for creating an authenticator
 
     This is temporary code to create an authenticator.  This code will be
     removed in the future.
 
-    :param string username: User name for authentication.
-    :param string password: Password associated with the user.
-    :param string token: Authentication token to use if available.
-    :param string auth_url: The URL to use for authentication.
-    :param string version: Version of authentication to use.
-    :param string project_name: Project name to athenticate.
-    :param string domain_name: Domain name to athenticate.
-    :param string project_domain_name: Project domain name to athenticate.
-    :param string user_domain_name: User domain name to athenticate.
+    :param string auth_plugin: Name of authentication plugin to use.
+    :param auth_args: Arguments for auth plugin.
 
     :returns string: An authenticator.
     """
-    if auth_url is None:
-        msg = ("auth_url wasn't provided.")
-        raise exceptions.AuthorizationFailure(msg)
 
-    endpoint_version = auth_url.split('v')[-1]
-    if version is None:
-        version = endpoint_version
+    if auth_plugin is None:
+        if 'auth_url' not in auth_args:
+            msg = ("auth_url was not provided.")
+            raise exceptions.AuthorizationFailure(msg)
+        auth_url = auth_args['auth_url']
+        endpoint_version = auth_url.split('v')[-1][0]
+        if endpoint_version == '2':
+            auth_plugin = 'identity_v2'
+        else:
+            auth_plugin = 'identity_v3'
 
-    version = version.lower().replace('v', '')
-    version = version.split('.')[0]
-    if version == '3':
-        args = {'user_name': username, 'password': password}
-        if project_name:
-            args['project_name'] = project_name
-        if domain_name:
-            args['domain_name'] = domain_name
-        if project_domain_name:
-            args['project_domain_name'] = project_domain_name
-        if user_domain_name:
-            args['user_domain_name'] = user_domain_name
-        if token:
-            args['token'] = token
-        return v3.Auth(auth_url, **args)
-    elif version == '2':
-        args = {'user_name': username, 'password': password}
-        if project_name:
-            args['project_name'] = project_name
-        if token:
-            args['token'] = token
-        return v2.Auth(auth_url, **args)
-    msg = ("No support for identity version: %s" % version)
-    raise exceptions.NoMatchingPlugin(msg)
+    mgr = driver.DriverManager(
+        namespace="openstack.auth.plugin",
+        name=auth_plugin,
+        invoke_on_load=False,
+    )
+    plugin = mgr.driver
+    valid_list = plugin.valid_options
+    args = {}
+    for k in valid_list:
+        if k in auth_args:
+            args[k] = auth_args[k]
+    return plugin(**args)

openstack/session.py

@@ -39,24 +39,9 @@ class Session(object):
         self.preference = preference
 
     @classmethod
-    def create(cls, username=None, password=None, token=None, auth_url=None,
-               version=None, project_name=None, verify=None, user_agent=None,
-               region=None, domain_name=None, project_domain_name=None,
-               user_domain_name=None):
-        xport = transport.Transport(verify=verify, user_agent=user_agent)
-        args = {
-            'username': username,
-            'password': password,
-            'token': token,
-            'auth_url': auth_url,
-            'project_name': project_name,
-            'domain_name': domain_name,
-            'project_domain_name': project_domain_name,
-            'user_domain_name': user_domain_name,
-        }
-        if version:
-            args['version'] = version
-        auth = authenticator.create(**args)
+    def create(cls, verify=True, region=None, **auth_args):
+        xport = transport.Transport(verify=verify)
+        auth = authenticator.create(**auth_args)
         preference = service_filter.ServiceFilter(region=region)
         return cls(xport, auth, preference=preference)
 

openstack/tests/auth/identity/test_authenticator.py

@@ -18,11 +18,11 @@ from openstack.tests import base
 class TestAuthenticatorCreate(base.TestCase):
     def test_create_3_password(self):
         auth = authenticator.create(
-            username='1',
+            user_name='1',
             password='2',
             token=None,
             auth_url='4',
-            version='3',
+            auth_plugin='identity_v3',
             project_name='6',
             domain_name='7',
             project_domain_name='8',
@@ -38,11 +38,11 @@ class TestAuthenticatorCreate(base.TestCase):
 
     def test_create_3_token(self):
         auth = authenticator.create(
-            username='1',
+            user_name='1',
             password='2',
             token='3',
             auth_url='4',
-            version='3',
+            auth_plugin='identity_v3',
             project_name='6',
         )
         self.assertEqual('3', auth.auth_methods[0].token)
@@ -50,11 +50,11 @@ class TestAuthenticatorCreate(base.TestCase):
 
     def test_create_2_password(self):
         auth = authenticator.create(
-            username='1',
+            user_name='1',
             password='2',
             token=None,
             auth_url='4',
-            version='2',
+            auth_plugin='identity_v2',
             project_name='6',
         )
         self.assertEqual('1', auth.user_name)
@@ -64,11 +64,11 @@ class TestAuthenticatorCreate(base.TestCase):
 
     def test_create_2_token(self):
         auth = authenticator.create(
-            username='1',
+            user_name='1',
             password='2',
             token='3',
             auth_url='4',
-            version='2',
+            auth_plugin='identity_v2',
             project_name='6',
         )
         self.assertEqual('3', auth.token)
@@ -76,13 +76,13 @@ class TestAuthenticatorCreate(base.TestCase):
 
     def test_create_bogus(self):
         self.assertRaises(
-            exceptions.NoMatchingPlugin,
+            RuntimeError,
             authenticator.create,
-            username='1',
+            user_name='1',
             password='2',
             token='3',
             auth_url='4',
-            version='99',
+            auth_plugin='identity_v99',
             project_name='6',
         )
 
@@ -97,14 +97,14 @@ class TestAuthenticatorCreate(base.TestCase):
             project_name='6',
         )
 
-    def test_create_no_version_2(self):
+    def test_create_2(self):
         auth = authenticator.create(token='1', auth_url='url/v2.0')
         self.assertTrue('v2' in str(auth))
 
-    def test_create_no_version_3(self):
+    def test_create_3(self):
         auth = authenticator.create(token='1', auth_url='url/v3.0')
         self.assertTrue('v3' in str(auth))
 
-    def test_create_version_unlike_auth_url(self):
-        auth = authenticator.create(token='1', version='2', auth_url='url/v3')
-        self.assertTrue('v2' in str(auth))
+    def test_create_unlike(self):
+        auth = authenticator.create(token='1', auth_url='url/somethingelse')
+        self.assertTrue('v3' in str(auth))

openstack/tests/test_session.py

@@ -86,18 +86,16 @@ class TestSession(base.TestCase):
 class TestSessionCreate(base.TestCase):
     def test_create(self):
         sess = session.Session.create(
-            username='1',
+            user_name='1',
             password='2',
             token=None,
             auth_url='4',
-            version='3',
+            auth_plugin='identity_v3',
             project_name='6',
             verify='7',
-            user_agent='9',
             region='10',
         )
         self.assertEqual('1', sess.authenticator.auth_methods[0].user_name)
         self.assertEqual('2', sess.authenticator.auth_methods[0].password)
         self.assertEqual('7', sess.transport.verify)
-        self.assertEqual('9', sess.transport._user_agent)
         self.assertEqual('10', sess.preference.region)

requirements.txt

@@ -4,3 +4,4 @@
 pbr>=0.6,!=0.7,<1.0
 iso8601>=0.1.9
 requests>=1.2.1,!=2.4.0
+stevedore>=1.0.0  # Apache-2.0

setup.cfg

@@ -47,3 +47,8 @@ output_file = openstack/locale/python-openstacksdk.pot
 
 [wheel]
 universal = 1
+
+[entry_points]
+openstack.auth.plugin =
+    identity_v2 = openstack.auth.identity.v2:Auth
+    identity_v3 = openstack.auth.identity.v3:Auth