Switch to keystoneauth

This patch migrates designateclient to using keystoneauth Session instead of deprecated keystoneclient's Session and plugins. Also, this patch removes the old designateclient.auth module as it is not used anywhere else in the code base and its purpose is overridden by the fact that keystoneauth acts as an abstraction layer for authentication (handling requests and reauthentication internally). Change-Id: Ic3cc0fbb76977a04bab322ebcb1c818e75646772
2016-05-06 18:10:53 -03:00 · 2016-05-06 18:10:53 -03:00 · b68dca09b1
parent 11416b4726
commit b68dca09b1
9 changed files with 13 additions and 108 deletions
--- a/designateclient/auth.py
+++ b/designateclient/auth.py
@ -1,95 +0,0 @@
-# Copyright 2012 Managed I.T.
-#
-# Author: Kiall Mac Innes <kiall@managedit.ie>
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystoneclient.v2_0.client import Client
-from requests.auth import AuthBase
-from six.moves.urllib.parse import urlparse
-
-
-class KeystoneAuth(AuthBase):
-    def __init__(self, auth_url, username=None, password=None, tenant_id=None,
-                 tenant_name=None, token=None, service_type=None,
-                 endpoint_type=None, region_name=None, sudo_tenant_id=None):
-        self.auth_url = str(auth_url).rstrip('/')
-        self.username = username
-        self.password = password
-        self.tenant_id = tenant_id
-        self.tenant_name = tenant_name
-        self.token = token
-        self.sudo_tenant_id = sudo_tenant_id
-
-        if (not username and not password) and not token:
-            raise ValueError('A username and password, or token is required')
-
-        if not service_type or not endpoint_type:
-            raise ValueError("Need service_type and/or endpoint_type")
-
-        self.service_type = service_type
-        self.endpoint_type = endpoint_type
-        self.region_name = region_name
-
-        self.refresh_auth()
-
-    def __call__(self, request):
-        if not self.token:
-            self.refresh_auth()
-
-        request.headers['X-Auth-Token'] = self.token
-
-        if self.sudo_tenant_id:
-            request.headers['X-Designate-Sudo-Tenant-ID'] = self.sudo_tenant_id
-
-        return request
-
-    def get_ksclient(self):
-        insecure = urlparse(self.auth_url).scheme != 'https'
-
-        return Client(username=self.username,
-                      password=self.password,
-                      tenant_id=self.tenant_id,
-                      tenant_name=self.tenant_name,
-                      auth_url=self.auth_url,
-                      insecure=insecure)
-
-    def get_endpoints(self, service_type=None, endpoint_type=None,
-                      region_name=None):
-        return self.service_catalog.get_endpoints(
-            service_type=service_type,
-            endpoint_type=endpoint_type,
-            region_name=region_name)
-
-    def get_url(self, service_type=None, endpoint_type=None, region_name=None):
-        service_type = service_type or self.service_type
-        endpoint_type = endpoint_type or self.endpoint_type
-        region_name = region_name or self.region_name
-
-        endpoints = self.get_endpoints(service_type, endpoint_type,
-                                       region_name)
-
-        url = endpoints[service_type][0][endpoint_type]
-
-        # NOTE(kiall): The Version 1 API is the only API that has ever included
-        #              the version number in the endpoint. Thus, it's safe to
-        #              simply remove it if present.
-        url = url.rstrip('/')
-        if url.endswith('/v1'):
-            url = url[:-3]
-        return url
-
-    def refresh_auth(self):
-        ks = self.get_ksclient()
-        self.token = ks.auth_token
-        self.service_catalog = ks.service_catalog
--- a/designateclient/cli/base.py
+++ b/designateclient/cli/base.py
@ -18,7 +18,7 @@ import abc
 from cliff.command import Command as CliffCommand
 from cliff.lister import Lister
 from cliff.show import ShowOne
-from keystoneclient import exceptions as ks_exceptions
+from keystoneauth1 import exceptions as ks_exceptions
 import six

 from designateclient import exceptions
--- a/designateclient/tests/base.py
+++ b/designateclient/tests/base.py
@ -18,7 +18,7 @@ import json as json_
 import os

 import fixtures
-from keystoneclient import session as keystone_session
+from keystoneauth1 import session as keystone_session
 from oslotest import base as test
 from requests_mock.contrib import fixture as req_fixture
 import six
--- a/designateclient/tests/test_v1/test_client.py
+++ b/designateclient/tests/test_v1/test_client.py
@ -18,7 +18,7 @@ from designateclient.tests import test_v1
 from designateclient import utils
 from designateclient import v1

-from keystoneclient import session as keystone_session
+from keystoneauth1 import session as keystone_session


 class TestClient(test_v1.APIV1TestCase):
--- a/designateclient/tests/v2/test_client.py
+++ b/designateclient/tests/v2/test_client.py
@ -14,8 +14,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.

-from keystoneclient import adapter
-from keystoneclient import session as keystone_session
+from keystoneauth1 import adapter
+from keystoneauth1 import session as keystone_session

 from designateclient.tests.base import TestCase
 from designateclient.v2.client import Client
--- a/designateclient/tests/v2/test_timeout.py
+++ b/designateclient/tests/v2/test_timeout.py
@ -14,8 +14,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.

-from keystoneclient.auth.identity import generic
-from keystoneclient import session as keystone_session
+from keystoneauth1.identity import generic
+from keystoneauth1 import session as keystone_session
 from mock import Mock

 from designateclient.tests import v2
--- a/designateclient/utils.py
+++ b/designateclient/utils.py
@ -19,10 +19,10 @@ import os
 import uuid

 from debtcollector import removals
-from keystoneclient import adapter
-from keystoneclient.auth.identity import generic
-from keystoneclient.auth import token_endpoint
-from keystoneclient import session as ks_session
+from keystoneauth1 import adapter
+from keystoneauth1.identity import generic
+from keystoneauth1 import session as ks_session
+from keystoneauth1 import token_endpoint
 import pkg_resources
 import six

--- a/designateclient/v2/client.py
+++ b/designateclient/v2/client.py
@ -13,7 +13,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from keystoneclient import adapter
+from keystoneauth1 import adapter

 from designateclient import exceptions
 from designateclient.v2.blacklists import BlacklistController
--- a/requirements.txt
+++ b/requirements.txt
@ -5,7 +5,7 @@ cliff!=1.16.0,!=1.17.0,>=1.15.0 # Apache-2.0
 jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
 oslo.utils>=3.5.0 # Apache-2.0
 pbr>=1.6 # Apache-2.0
-python-keystoneclient!=1.8.0,!=2.1.0,>=1.6.0 # Apache-2.0
+keystoneauth1>=2.1.0 # Apache-2.0
 requests!=2.9.0,>=2.8.1 # Apache-2.0
 six>=1.9.0 # MIT
 stevedore>=1.10.0 # Apache-2.0