Remove token_endpoint auth type

The token_endpoint was a compatibility auth type to maintain support for the --url global option that dated back to the beginning of OpenStack CLI auth. The common keystoneauth library implements 'admin_token' which provides the same functionality using --endpoint rather than --url. Change-Id: I1b9fbb96e447889a41b705324725a2ffc8ecfd9f Signed-off-by: Dean Troyer <dtroyer@gmail.com>
2019-08-21 12:20:41 -05:00 · 2019-08-21 12:20:41 -05:00 · 6fcc2608b1
commit 6fcc2608b1
parent 6c818c4925
8 changed files with 40 additions and 105 deletions
--- a/doc/source/cli/authentication.rst
+++ b/doc/source/cli/authentication.rst
@ -39,15 +39,6 @@ There are at least three authentication types that are always available:
  (described below as token/endpoint) in that a token and an authentication
  URL are supplied and the plugin retrieves a new token.
  [Required: ``--os-auth-url``, ``--os-token``]
 * **Token/Endpoint**: This is the original token authentication (known as 'token
  flow' in the early CLI documentation in the OpenStack wiki).  It requires
  a token and a direct endpoint that is used in the API call.  The difference
  from the new Token type is this token is used as-is, no call is made
  to the Identity service from the client.  This type is most often used to
  bootstrap a Keystone server where the token is the ``admin_token`` configured
  in ``keystone.conf``.  It will also work with other services and a regular
  scoped token such as one obtained from a ``token issue`` command.
  [Required: ``--os-url``, ``--os-token``]
 * **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
  are under development and also supported. To use them, they must be selected
  by supplying the ``--os-auth-type`` option.
--- a/doc/source/cli/backwards-incompatible.rst
+++ b/doc/source/cli/backwards-incompatible.rst
@ -96,6 +96,14 @@ Release 4.0
  * Removed in: 4.0
  * Commit: https://review.opendev.org/612751
 14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``).
    This remained as a compatibility for the ``admin_token`` auth type to
    support the ``--url`` global option.  That option is also now removed,
    use ``--endpoint`` instead.
  * Removed in: 4.0
  * Commit: https://review.opendev.org/<tbd>
 Release 3.12
 ------------
--- a/openstackclient/api/auth_plugin.py
+++ b/openstackclient/api/auth_plugin.py
@ -1,61 +0,0 @@
 #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 #   not use this file except in compliance with the License. You may obtain
 #   a copy of the License at
 #
 #        http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 #   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #   License for the specific language governing permissions and limitations
 #   under the License.
 #
 """Authentication Plugin Library"""
 from keystoneauth1 import loading
 from keystoneauth1 import token_endpoint
 from openstackclient.i18n import _
 class TokenEndpoint(loading.BaseLoader):
    """Auth plugin to handle traditional token/endpoint usage
    Keystoneauth contains a Token plugin class that now correctly
    handles the token/endpoint auth compatible with OSC.  However,
    the AdminToken loader deprecates the 'url' argument, which breaks
    OSC compatibility, so make one that works.
    """
    @property
    def plugin_class(self):
        return token_endpoint.Token
    def load_from_options(self, url, token, **kwargs):
        """A plugin for static authentication with an existing token
        :param string url: Service endpoint
        :param string token: Existing token
        """
        return super(TokenEndpoint, self).load_from_options(
            endpoint=url,
            token=token,
        )
    def get_options(self):
        """Return the legacy options"""
        options = [
            loading.Opt(
                'url',
                help=_('Specific service endpoint to use'),
            ),
            loading.Opt(
                'token',
                secret=True,
                help=_('Authentication token to use'),
            ),
        ]
        return options
--- a/openstackclient/shell.py
+++ b/openstackclient/shell.py
@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell):
    def _final_defaults(self):
        super(OpenStackShell, self)._final_defaults()
-        # Set the default plugin to token_endpoint if url and token are given
+        # Set the default plugin to admin_token if endpoint and token are given
-        if (self.options.url and self.options.token):
+        if (self.options.endpoint and self.options.token):
-            # Use service token authentication
+            # Use token authentication
-            self._auth_type = 'token_endpoint'
+            self._auth_type = 'admin_token'
        else:
            self._auth_type = 'password'
--- a/openstackclient/tests/functional/common/test_args.py
+++ b/openstackclient/tests/functional/common/test_args.py
@ -12,6 +12,8 @@
 import json
 from tempest.lib import exceptions as tempest_exc
 from openstackclient.tests.functional import base
@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase):
        )
    def test_auth_type_token_endpoint_opt(self):
-        cmd_output = json.loads(self.openstack(
+        # Make sure token_endpoint is really gone
        try:
            self.openstack(
                'configuration show -f json --os-auth-type token_endpoint',
                cloud=None,
        ))
        self.assertIsNotNone(cmd_output)
        self.assertIn(
            'auth_type',
            cmd_output.keys(),
        )
        self.assertEqual(
            'token_endpoint',
            cmd_output['auth_type'],
            )
        except tempest_exc.CommandFailed as e:
            self.assertIn('--os-auth-type: invalid choice:', str(e))
            self.assertIn('token_endpoint', str(e))
        else:
            self.fail('CommandFailed should be raised')
    def test_auth_type_password_opt(self):
        cmd_output = json.loads(self.openstack(
--- a/openstackclient/tests/unit/common/test_clientmanager.py
+++ b/openstackclient/tests/unit/common/test_clientmanager.py
@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager):
        """Allow subclasses to override the ClientManager class"""
        return clientmanager.ClientManager
-    def test_client_manager_token_endpoint(self):
+    def test_client_manager_admin_token(self):
        token_auth = {
-            'url': fakes.AUTH_URL,
+            'endpoint': fakes.AUTH_URL,
            'token': fakes.AUTH_TOKEN,
        }
        client_manager = self._make_clientmanager(
            auth_args=token_auth,
-            auth_plugin_name='token_endpoint',
+            auth_plugin_name='admin_token',
        )
        self.assertEqual(
            fakes.AUTH_URL,
-            client_manager._cli_options.config['auth']['url'],
+            client_manager._cli_options.config['auth']['endpoint'],
        )
        self.assertEqual(
            fakes.AUTH_TOKEN,
--- a/openstackclient/tests/unit/test_shell.py
+++ b/openstackclient/tests/unit/test_shell.py
@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell):
        #                released in osc-lib
        self.shell_class = importutils.import_class(self.shell_class_name)
-    def _assert_token_endpoint_auth(self, cmd_options, default_args):
+    def _assert_admin_token_auth(self, cmd_options, default_args):
        with mock.patch(
                self.shell_class_name + ".initialize_app",
                self.app,
@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell):
                "token",
            )
            self.assertEqual(
-                default_args.get("url", ''),
+                default_args.get("endpoint", ''),
-                _shell.options.url,
+                _shell.options.endpoint,
-                "url",
+                "endpoint",
            )
    def _assert_token_auth(self, cmd_options, default_args):
@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
        super(TestShellTokenEndpointAuthEnv, self).setUp()
        env = {
            "OS_TOKEN": DEFAULT_TOKEN,
-            "OS_URL": DEFAULT_SERVICE_URL,
+            "OS_ENDPOINT": DEFAULT_SERVICE_URL,
        }
        self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell):
        flag = ""
        kwargs = {
            "token": DEFAULT_TOKEN,
-            "url": DEFAULT_SERVICE_URL,
+            "endpoint": DEFAULT_SERVICE_URL,
        }
-        self._assert_token_endpoint_auth(flag, kwargs)
+        self._assert_admin_token_auth(flag, kwargs)
    def test_only_token(self):
        flag = "--os-token xyzpdq"
        kwargs = {
            "token": "xyzpdq",
-            "url": DEFAULT_SERVICE_URL,
+            "endpoint": DEFAULT_SERVICE_URL,
        }
        self._assert_token_auth(flag, kwargs)
    def test_only_url(self):
-        flag = "--os-url http://cloud.local:555"
+        flag = "--os-endpoint http://cloud.local:555"
        kwargs = {
            "token": DEFAULT_TOKEN,
-            "url": "http://cloud.local:555",
+            "endpoint": "http://cloud.local:555",
        }
        self._assert_token_auth(flag, kwargs)
@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
        flag = ""
        kwargs = {
            "token": '',
-            "url": '',
+            "endpoint": '',
        }
        self._assert_token_auth(flag, kwargs)
--- a/setup.cfg
+++ b/setup.cfg
@ -27,9 +27,6 @@ packages =
 console_scripts =
    openstack = openstackclient.shell:main
 keystoneauth1.plugin =
    token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint
 openstack.cli =
    command_list = openstackclient.common.module:ListCommand
    module_list = openstackclient.common.module:ListModule