Proper deprecation for BaseIdentityPlugin username, password, token_id properties

BaseIdentityPlugin's username, password, and token_id properties
weren't properly deprecated since all they had was a comment in
the code. Proper deprecation requires use of warnings and
documentation.

Where the plugins already provide their own properties, the
properties need to be un-deprecated.

bp deprecations

Change-Id: Ic9fce89b8544d8c01f16e8f9c2f9dd2659d03c18

keystoneclient/auth/identity/base.py

@@ -12,6 +12,7 @@
 
 import abc
 import logging
+import warnings
 
 from oslo_config import cfg
 import six
@@ -54,13 +55,85 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
 
         self._endpoint_cache = {}
 
+        self._username = username
+        self._password = password
+        self._token = token
         # NOTE(jamielennox): DEPRECATED. The following should not really be set
         # here but handled by the individual auth plugin.
-        self.username = username
-        self.password = password
-        self.token = token
         self.trust_id = trust_id
 
+    @property
+    def username(self):
+        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        release.
+        """
+
+        warnings.warn(
+            'username is deprecated as of the 1.7.0 release and may be '
+            'removed in the 2.0.0 release.', DeprecationWarning)
+
+        return self._username
+
+    @username.setter
+    def username(self, value):
+        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        release.
+        """
+
+        warnings.warn(
+            'username is deprecated as of the 1.7.0 release and may be '
+            'removed in the 2.0.0 release.', DeprecationWarning)
+
+        self._username = value
+
+    @property
+    def password(self):
+        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        release.
+        """
+
+        warnings.warn(
+            'password is deprecated as of the 1.7.0 release and may be '
+            'removed in the 2.0.0 release.', DeprecationWarning)
+
+        return self._password
+
+    @password.setter
+    def password(self, value):
+        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        release.
+        """
+
+        warnings.warn(
+            'password is deprecated as of the 1.7.0 release and may be '
+            'removed in the 2.0.0 release.', DeprecationWarning)
+
+        self._password = value
+
+    @property
+    def token(self):
+        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        release.
+        """
+
+        warnings.warn(
+            'token is deprecated as of the 1.7.0 release and may be '
+            'removed in the 2.0.0 release.', DeprecationWarning)
+
+        return self._token
+
+    @token.setter
+    def token(self, value):
+        """Deprecated as of the 1.7.0 release and may be removed in the 2.0.0
+        release.
+        """
+
+        warnings.warn(
+            'token is deprecated as of the 1.7.0 release and may be '
+            'removed in the 2.0.0 release.', DeprecationWarning)
+
+        self._token = value
+
     @abc.abstractmethod
     def get_auth_ref(self, session, **kwargs):
         """Obtain a token from an OpenStack Identity Service.

keystoneclient/auth/identity/v2.py

@@ -131,8 +131,28 @@ class Password(Auth):
             user_id = None
 
         self.user_id = user_id
-        self.username = username
+        self._username = username
-        self.password = password
+        self._password = password
+
+    @property
+    def username(self):
+        # Override to remove deprecation.
+        return self._username
+
+    @username.setter
+    def username(self, value):
+        # Override to remove deprecation.
+        self._username = value
+
+    @property
+    def password(self):
+        # Override to remove deprecation.
+        return self._password
+
+    @password.setter
+    def password(self, value):
+        # Override to remove deprecation.
+        self._password = value
 
     def get_auth_data(self, headers=None):
         auth = {'password': self.password}
@@ -182,7 +202,17 @@ class Token(Auth):
 
     def __init__(self, auth_url, token, **kwargs):
         super(Token, self).__init__(auth_url, **kwargs)
-        self.token = token
+        self._token = token
+
+    @property
+    def token(self):
+        # Override to remove deprecation.
+        return self._token
+
+    @token.setter
+    def token(self, value):
+        # Override to remove deprecation.
+        self._token = value
 
     def get_auth_data(self, headers=None):
         if headers is not None:

keystoneclient/contrib/auth/v3/oidc.py

@@ -87,14 +87,34 @@ class OidcPassword(federated.FederatedBaseAuth):
         """
         super(OidcPassword, self).__init__(auth_url, identity_provider,
                                            protocol)
-        self.username = username
+        self._username = username
-        self.password = password
+        self._password = password
         self.client_id = client_id
         self.client_secret = client_secret
         self.access_token_endpoint = access_token_endpoint
         self.scope = scope
         self.grant_type = grant_type
 
+    @property
+    def username(self):
+        # Override to remove deprecation.
+        return self._username
+
+    @username.setter
+    def username(self, value):
+        # Override to remove deprecation.
+        self._username = value
+
+    @property
+    def password(self):
+        # Override to remove deprecation.
+        return self._password
+
+    @password.setter
+    def password(self, value):
+        # Override to remove deprecation.
+        self._password = value
+
     def get_unscoped_auth_ref(self, session):
         """Authenticate with OpenID Connect and get back claims.
 

keystoneclient/contrib/auth/v3/saml2.py

@@ -170,7 +170,27 @@ class Saml2UnscopedToken(_BaseSAMLPlugin):
         super(Saml2UnscopedToken, self).__init__(auth_url=auth_url, **kwargs)
         self.identity_provider = identity_provider
         self.identity_provider_url = identity_provider_url
-        self.username, self.password = username, password
+        self._username, self._password = username, password
+
+    @property
+    def username(self):
+        # Override to remove deprecation.
+        return self._username
+
+    @username.setter
+    def username(self, value):
+        # Override to remove deprecation.
+        self._username = value
+
+    @property
+    def password(self):
+        # Override to remove deprecation.
+        return self._password
+
+    @password.setter
+    def password(self, value):
+        # Override to remove deprecation.
+        self._password = value
 
     def _handle_http_302_ecp_redirect(self, session, response, method,
                                       **kwargs):
@@ -490,7 +510,27 @@ class ADFSUnscopedToken(_BaseSAMLPlugin):
         self.identity_provider = identity_provider
         self.identity_provider_url = identity_provider_url
         self.service_provider_endpoint = service_provider_endpoint
-        self.username, self.password = username, password
+        self._username, self._password = username, password
+
+    @property
+    def username(self):
+        # Override to remove deprecation.
+        return self._username
+
+    @username.setter
+    def username(self, value):
+        # Override to remove deprecation.
+        self._username = value
+
+    @property
+    def password(self):
+        # Override to remove deprecation.
+        return self._password
+
+    @password.setter
+    def password(self, value):
+        # Override to remove deprecation.
+        self._password = value
 
     @classmethod
     def get_options(cls):