Remove token_endpoint auth type

The token_endpoint was a compatibility auth type to maintain support
for the --url global option that dated back to the beginning of
OpenStack CLI auth.  The common keystoneauth library implements
'admin_token' which provides the same functionality using
--endpoint rather than --url.

Change-Id: I1b9fbb96e447889a41b705324725a2ffc8ecfd9f
Signed-off-by: Dean Troyer <dtroyer@gmail.com>

doc/source/cli/authentication.rst

@@ -39,15 +39,6 @@ There are at least three authentication types that are always available:
   (described below as token/endpoint) in that a token and an authentication
   URL are supplied and the plugin retrieves a new token.
   [Required: ``--os-auth-url``, ``--os-token``]
-* **Token/Endpoint**: This is the original token authentication (known as 'token
-  flow' in the early CLI documentation in the OpenStack wiki).  It requires
-  a token and a direct endpoint that is used in the API call.  The difference
-  from the new Token type is this token is used as-is, no call is made
-  to the Identity service from the client.  This type is most often used to
-  bootstrap a Keystone server where the token is the ``admin_token`` configured
-  in ``keystone.conf``.  It will also work with other services and a regular
-  scoped token such as one obtained from a ``token issue`` command.
-  [Required: ``--os-url``, ``--os-token``]
 * **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
   are under development and also supported. To use them, they must be selected
   by supplying the ``--os-auth-type`` option.

doc/source/cli/backwards-incompatible.rst

@@ -96,6 +96,14 @@ Release 4.0
   * Removed in: 4.0
   * Commit: https://review.opendev.org/612751
 
+14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``).
+    This remained as a compatibility for the ``admin_token`` auth type to
+    support the ``--url`` global option.  That option is also now removed,
+    use ``--endpoint`` instead.
+
+  * Removed in: 4.0
+  * Commit: https://review.opendev.org/<tbd>
+
 Release 3.12
 ------------
 

openstackclient/api/auth_plugin.py

@@ -1,61 +0,0 @@
-#   Licensed under the Apache License, Version 2.0 (the "License"); you may
-#   not use this file except in compliance with the License. You may obtain
-#   a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#   License for the specific language governing permissions and limitations
-#   under the License.
-#
-
-"""Authentication Plugin Library"""
-
-from keystoneauth1 import loading
-from keystoneauth1 import token_endpoint
-
-from openstackclient.i18n import _
-
-
-class TokenEndpoint(loading.BaseLoader):
-    """Auth plugin to handle traditional token/endpoint usage
-
-    Keystoneauth contains a Token plugin class that now correctly
-    handles the token/endpoint auth compatible with OSC.  However,
-    the AdminToken loader deprecates the 'url' argument, which breaks
-    OSC compatibility, so make one that works.
-    """
-
-    @property
-    def plugin_class(self):
-        return token_endpoint.Token
-
-    def load_from_options(self, url, token, **kwargs):
-        """A plugin for static authentication with an existing token
-
-        :param string url: Service endpoint
-        :param string token: Existing token
-        """
-
-        return super(TokenEndpoint, self).load_from_options(
-            endpoint=url,
-            token=token,
-        )
-
-    def get_options(self):
-        """Return the legacy options"""
-
-        options = [
-            loading.Opt(
-                'url',
-                help=_('Specific service endpoint to use'),
-            ),
-            loading.Opt(
-                'token',
-                secret=True,
-                help=_('Authentication token to use'),
-            ),
-        ]
-        return options

openstackclient/shell.py

@@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell):
     def _final_defaults(self):
         super(OpenStackShell, self)._final_defaults()
 
-        # Set the default plugin to token_endpoint if url and token are given
-        if (self.options.url and self.options.token):
-            # Use service token authentication
-            self._auth_type = 'token_endpoint'
+        # Set the default plugin to admin_token if endpoint and token are given
+        if (self.options.endpoint and self.options.token):
+            # Use token authentication
+            self._auth_type = 'admin_token'
         else:
             self._auth_type = 'password'
 

openstackclient/tests/functional/common/test_args.py

@@ -12,6 +12,8 @@
 
 import json
 
+from tempest.lib import exceptions as tempest_exc
+
 from openstackclient.tests.functional import base
 
 
@@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase):
         )
 
     def test_auth_type_token_endpoint_opt(self):
-        cmd_output = json.loads(self.openstack(
-            'configuration show -f json --os-auth-type token_endpoint',
-            cloud=None,
-        ))
-        self.assertIsNotNone(cmd_output)
-        self.assertIn(
-            'auth_type',
-            cmd_output.keys(),
-        )
-        self.assertEqual(
-            'token_endpoint',
-            cmd_output['auth_type'],
-        )
+        # Make sure token_endpoint is really gone
+        try:
+            self.openstack(
+                'configuration show -f json --os-auth-type token_endpoint',
+                cloud=None,
+            )
+        except tempest_exc.CommandFailed as e:
+            self.assertIn('--os-auth-type: invalid choice:', str(e))
+            self.assertIn('token_endpoint', str(e))
+        else:
+            self.fail('CommandFailed should be raised')
 
     def test_auth_type_password_opt(self):
         cmd_output = json.loads(self.openstack(

openstackclient/tests/unit/common/test_clientmanager.py

@@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager):
         """Allow subclasses to override the ClientManager class"""
         return clientmanager.ClientManager
 
-    def test_client_manager_token_endpoint(self):
+    def test_client_manager_admin_token(self):
         token_auth = {
-            'url': fakes.AUTH_URL,
+            'endpoint': fakes.AUTH_URL,
             'token': fakes.AUTH_TOKEN,
         }
         client_manager = self._make_clientmanager(
             auth_args=token_auth,
-            auth_plugin_name='token_endpoint',
+            auth_plugin_name='admin_token',
         )
 
         self.assertEqual(
             fakes.AUTH_URL,
-            client_manager._cli_options.config['auth']['url'],
+            client_manager._cli_options.config['auth']['endpoint'],
         )
         self.assertEqual(
             fakes.AUTH_TOKEN,

openstackclient/tests/unit/test_shell.py

@@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell):
         #                released in osc-lib
         self.shell_class = importutils.import_class(self.shell_class_name)
 
-    def _assert_token_endpoint_auth(self, cmd_options, default_args):
+    def _assert_admin_token_auth(self, cmd_options, default_args):
         with mock.patch(
                 self.shell_class_name + ".initialize_app",
                 self.app,
@@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell):
                 "token",
             )
             self.assertEqual(
-                default_args.get("url", ''),
-                _shell.options.url,
-                "url",
+                default_args.get("endpoint", ''),
+                _shell.options.endpoint,
+                "endpoint",
             )
 
     def _assert_token_auth(self, cmd_options, default_args):
@@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
         super(TestShellTokenEndpointAuthEnv, self).setUp()
         env = {
             "OS_TOKEN": DEFAULT_TOKEN,
-            "OS_URL": DEFAULT_SERVICE_URL,
+            "OS_ENDPOINT": DEFAULT_SERVICE_URL,
         }
         self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
 
@@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell):
         flag = ""
         kwargs = {
             "token": DEFAULT_TOKEN,
-            "url": DEFAULT_SERVICE_URL,
+            "endpoint": DEFAULT_SERVICE_URL,
         }
-        self._assert_token_endpoint_auth(flag, kwargs)
+        self._assert_admin_token_auth(flag, kwargs)
 
     def test_only_token(self):
         flag = "--os-token xyzpdq"
         kwargs = {
             "token": "xyzpdq",
-            "url": DEFAULT_SERVICE_URL,
+            "endpoint": DEFAULT_SERVICE_URL,
         }
         self._assert_token_auth(flag, kwargs)
 
     def test_only_url(self):
-        flag = "--os-url http://cloud.local:555"
+        flag = "--os-endpoint http://cloud.local:555"
         kwargs = {
             "token": DEFAULT_TOKEN,
-            "url": "http://cloud.local:555",
+            "endpoint": "http://cloud.local:555",
         }
         self._assert_token_auth(flag, kwargs)
 
@@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
         flag = ""
         kwargs = {
             "token": '',
-            "url": '',
+            "endpoint": '',
         }
         self._assert_token_auth(flag, kwargs)
 

setup.cfg

@@ -27,9 +27,6 @@ packages =
 console_scripts =
     openstack = openstackclient.shell:main
 
-keystoneauth1.plugin =
-    token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint
-
 openstack.cli =
     command_list = openstackclient.common.module:ListCommand
     module_list = openstackclient.common.module:ListModule