keystoneclient to keystoneauth migration

Keystoneauth was extracted from keystoneclient so we need
to migrate to keystoneauth.
But keystoneclient shouldn't be removed completely because
we are using its HTTPClient.

Change-Id: Ifca0e7423a884ac56389fa88e285516688197f9e
bp: keystoneclient-to-keystoneauth

doc/source/devref/development.guidelines.rst

@@ -180,7 +180,7 @@ keystone ``Session`` and auth plugin objects(for example, ``Token`` or
 ``Password``). Sahara is migrating all clients to use this authentication
 methodology, where available. For more information on using sessions with
 keystone, please see
-http://docs.openstack.org/developer/python-keystoneclient/using-sessions.html
+http://docs.openstack.org/developer/keystoneauth/using-sessions.html
 
 Storing sensitive information
 -----------------------------

releasenotes/notes/keystoneclient-to-keystonauth-migration-c75988975ad1a506.yaml

@@ -0,0 +1,4 @@
+---
+upgrade:
+  - migration from keystoneclient to keystoneauth is done for
+    using auth features of keystone.

requirements.txt

@@ -12,6 +12,7 @@ Flask<1.0,>=0.10 # BSD
 iso8601>=0.1.9 # MIT
 Jinja2>=2.8 # BSD License (3 clause)
 jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
+keystoneauth1>=2.1.0 # Apache-2.0
 keystonemiddleware!=4.1.0,>=4.0.0 # Apache-2.0
 oslo.config>=3.9.0 # Apache-2.0
 oslo.concurrency>=3.5.0 # Apache-2.0

sahara/service/sessions.py

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from keystoneclient import session as keystone
+from keystoneauth1 import session as keystone
 from oslo_config import cfg
 from oslo_log import log as logging
 

sahara/tests/unit/service/test_sessions.py

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from keystoneclient import session as keystone
+from keystoneauth1 import session as keystone
 import mock
 
 from sahara import exceptions as ex
@@ -32,7 +32,7 @@ class TestSessionCache(base.SaharaTestCase):
                           sc.get_session,
                           session_type='bad service')
 
-    @mock.patch('keystoneclient.session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_get_keystone_session(self, keystone_session):
         sc = sessions.SessionCache()
         self.override_config('ca_file', '/some/cacert', group='keystone')
@@ -52,7 +52,7 @@ class TestSessionCache(base.SaharaTestCase):
         sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
         self.assertFalse(keystone_session.called)
 
-    @mock.patch('keystoneclient.session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_get_nova_session(self, keystone_session):
         sc = sessions.SessionCache()
         self.override_config('ca_file', '/some/cacert', group='nova')
@@ -72,7 +72,7 @@ class TestSessionCache(base.SaharaTestCase):
         sc.get_session(sessions.SESSION_TYPE_NOVA)
         self.assertFalse(keystone_session.called)
 
-    @mock.patch('keystoneclient.session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_get_cinder_session(self, keystone_session):
         sc = sessions.SessionCache()
         self.override_config('ca_file', '/some/cacert', group='cinder')
@@ -92,7 +92,7 @@ class TestSessionCache(base.SaharaTestCase):
         sc.get_session(sessions.SESSION_TYPE_CINDER)
         self.assertFalse(keystone_session.called)
 
-    @mock.patch('keystoneclient.session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_get_neutron_session(self, keystone_session):
         sc = sessions.SessionCache()
         self.override_config('ca_file', '/some/cacert', group='neutron')
@@ -112,7 +112,7 @@ class TestSessionCache(base.SaharaTestCase):
         sc.get_session(sessions.SESSION_TYPE_NEUTRON)
         self.assertFalse(keystone_session.called)
 
-    @mock.patch('keystoneclient.session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_insecure_session(self, session):
         sc = sessions.SessionCache()
         sc.get_session(sessions.SESSION_TYPE_INSECURE)

sahara/tests/unit/utils/openstack/test_base.py

@@ -16,7 +16,7 @@
 
 from cinderclient import exceptions as cinder_exc
 from heatclient import exc as heat_exc
-from keystoneclient import exceptions as keystone_exc
+from keystoneauth1 import exceptions as keystone_exc
 import mock
 from neutronclient.common import exceptions as neutron_exc
 from novaclient import exceptions as nova_exc

sahara/utils/cluster.py

@@ -15,7 +15,7 @@
 
 import socket
 
-from keystoneclient import exceptions as keystone_ex
+from keystoneauth1 import exceptions as keystone_ex
 from oslo_log import log as logging
 from six.moves.urllib import parse
 

sahara/utils/openstack/base.py

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from keystoneclient import exceptions as keystone_ex
-from keystoneclient import service_catalog as keystone_service_catalog
+from keystoneauth1.access import service_catalog as keystone_service_catalog
+from keystoneauth1 import exceptions as keystone_ex
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_serialization import jsonutils as json
@@ -53,14 +53,13 @@ def url_for(service_catalog=None, service_type='identity',
         service_catalog = context.current().service_catalog
     try:
         return keystone_service_catalog.ServiceCatalogV2(
-            {'serviceCatalog': json.loads(service_catalog)}).url_for(
-                service_type=service_type, endpoint_type=endpoint_type,
+            json.loads(service_catalog)).url_for(
+                service_type=service_type, interface=endpoint_type,
                 region_name=CONF.os_region_name)
     except keystone_ex.EndpointNotFound:
         return keystone_service_catalog.ServiceCatalogV3(
-            context.get_auth_token(),
-            {'catalog': json.loads(service_catalog)}).url_for(
-                service_type=service_type, endpoint_type=endpoint_type,
+            json.loads(service_catalog)).url_for(
+                service_type=service_type, interface=endpoint_type,
                 region_name=CONF.os_region_name)
 
 

sahara/utils/openstack/keystone.py

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from keystoneclient.auth import identity as keystone_identity
-from keystoneclient import session as keystone_session
+from keystoneauth1 import identity as keystone_identity
+from keystoneauth1 import session as keystone_session
 from keystoneclient.v2_0 import client as keystone_client
 from keystoneclient.v3 import client as keystone_client_v3
 from oslo_config import cfg
@@ -160,12 +160,12 @@ def service_catalog_from_auth(auth):
 
     :returns: a list containing the service catalog.
     '''
-    if CONF.use_identity_api_v3:
-        return auth.get_access(
-            sessions.cache().get_session()).get('catalog', [])
+    access_info = auth.get_access(
+        sessions.cache().get_session(sessions.SESSION_TYPE_KEYSTONE))
+    if access_info.has_service_catalog():
+        return access_info.service_catalog.catalog
     else:
-        return auth.get_access(
-            sessions.cache().get_session()).get('serviceCatalog', [])
+        return []
 
 
 # TODO(elmiko) factor this out when redoing the barbicanclient
@@ -217,8 +217,7 @@ def token_from_auth(auth):
 
     :returns: an auth token in string format.
     '''
-    return keystone_session.Session(
-        auth=auth, verify=CONF.generic_session_verify).get_token()
+    return sessions.cache().token_for_auth(auth)
 
 
 def user_id_from_auth(auth):