From 4a5cae03774c7dda9f996597d061bf78aee4ff82 Mon Sep 17 00:00:00 2001 From: liusheng Date: Sat, 29 Jul 2017 16:20:45 +0800 Subject: [PATCH] Remove legacy auth loading remove support for specifying client auth in keystone_authtoken config section. This was deprecated about a year ago and now can safely be removed. This change reference to the ironic patch[1] [1] https://review.openstack.org/#/c/469626/ Change-Id: I9d22dd41e603e618230e656e91496462bde1c0e0 --- mogan/common/keystone.py | 59 +++++------------------------- mogan/conf/auth.py | 27 +------------- mogan/tests/unit/conf/test_auth.py | 15 -------- 3 files changed, 11 insertions(+), 90 deletions(-) diff --git a/mogan/common/keystone.py b/mogan/common/keystone.py index d2e84e5e..29e040ae 100644 --- a/mogan/common/keystone.py +++ b/mogan/common/keystone.py @@ -17,34 +17,14 @@ from keystoneauth1 import exceptions as kaexception from keystoneauth1 import loading as kaloading from oslo_log import log as logging import six -from six.moves.urllib import parse # for legacy options loading only from mogan.common import exception -from mogan.common.i18n import _ -from mogan.conf import auth as mogan_auth from mogan.conf import CONF LOG = logging.getLogger(__name__) -# FIXME(pas-ha): for backward compat with legacy options loading only -def _is_apiv3(auth_url, auth_version): - """Check if V3 version of API is being used or not. - - This method inspects auth_url and auth_version, and checks whether V3 - version of the API is being used or not. - When no auth_version is specified and auth_url is not a versioned - endpoint, v2.0 is assumed. - :param auth_url: a http or https url to be inspected (like - 'http://127.0.0.1:9898/'). - :param auth_version: a string containing the version (like 'v2', 'v3.0') - or None - :returns: True if V3 of the API is being used. - """ - return auth_version == 'v3.0' or '/v3' in parse.urlparse(auth_url).path - - def ks_exceptions(f): """Wraps keystoneclient functions and centralizes exception handling.""" @six.wraps(f) @@ -70,41 +50,20 @@ def ks_exceptions(f): @ks_exceptions def get_session(group): - auth = mogan_auth.load_auth(CONF, group) or _get_legacy_auth() - if not auth: - msg = _("Failed to load auth from either [%(new)s] or [%(old)s] " - "config sections.") - raise exception.ConfigInvalid(message=msg, new=group, - old=mogan_auth.LEGACY_SECTION) + try: + auth = kaloading.load_auth_from_conf_options(CONF, group) + except kaexception.MissingRequiredOptions: + LOG.error('Failed to load auth plugin from group %s', group) + raise session = kaloading.load_session_from_conf_options( CONF, group, auth=auth) return session -# FIXME(pas-ha) remove legacy path after deprecation -def _get_legacy_auth(): - """Load auth from keystone_authtoken config section - - Used only to provide backward compatibility with old configs. - """ - conf = getattr(CONF, mogan_auth.LEGACY_SECTION) - legacy_loader = kaloading.get_plugin_loader('password') - auth_params = { - 'auth_url': conf.auth_uri, - 'username': conf.admin_user, - 'password': conf.admin_password, - 'tenant_name': conf.admin_tenant_name - } - api_v3 = _is_apiv3(conf.auth_uri, conf.auth_version) - if api_v3: - # NOTE(pas-ha): mimic defaults of keystoneclient - auth_params.update({ - 'project_domain_id': 'default', - 'user_domain_id': 'default', - }) - return legacy_loader.load_from_options(**auth_params) - - +# TODO(pas-ha) we actually should barely need this at all: +# if we instantiate a identity.Token auth plugin from incoming +# request context we could build a session with it, and each client +# would know its service_type already, looking up the endpoint by itself @ks_exceptions def get_service_url(session, service_type='baremetal_compute', endpoint_type='internal'): diff --git a/mogan/conf/auth.py b/mogan/conf/auth.py index 26dcdac1..1590ba36 100644 --- a/mogan/conf/auth.py +++ b/mogan/conf/auth.py @@ -14,30 +14,7 @@ import copy -from keystoneauth1 import exceptions as kaexception from keystoneauth1 import loading as kaloading -from oslo_config import cfg - - -LEGACY_SECTION = 'keystone_authtoken' -OLD_SESSION_OPTS = { - 'certfile': [cfg.DeprecatedOpt('certfile', LEGACY_SECTION)], - 'keyfile': [cfg.DeprecatedOpt('keyfile', LEGACY_SECTION)], - 'cafile': [cfg.DeprecatedOpt('cafile', LEGACY_SECTION)], - 'insecure': [cfg.DeprecatedOpt('insecure', LEGACY_SECTION)], - 'timeout': [cfg.DeprecatedOpt('timeout', LEGACY_SECTION)], -} - -# FIXME(pas-ha) remove import of auth_token section after deprecation period -cfg.CONF.import_group(LEGACY_SECTION, 'keystonemiddleware.auth_token') - - -def load_auth(conf, group): - try: - auth = kaloading.load_auth_from_conf_options(conf, group) - except kaexception.MissingRequiredOptions: - auth = None - return auth def register_auth_opts(conf, group): @@ -46,8 +23,7 @@ def register_auth_opts(conf, group): Registers only basic auth options shared by all auth plugins. The rest are registered at runtime depending on auth plugin used. """ - kaloading.register_session_conf_options( - conf, group, deprecated_opts=OLD_SESSION_OPTS) + kaloading.register_session_conf_options(conf, group) kaloading.register_auth_conf_options(conf, group) @@ -58,6 +34,7 @@ def add_auth_opts(options): this adds options for most used auth_plugins when generating sample config. """ + def add_options(opts, opts_to_add): for new_opt in opts_to_add: for opt in opts: diff --git a/mogan/tests/unit/conf/test_auth.py b/mogan/tests/unit/conf/test_auth.py index b55f35a8..fcd74232 100644 --- a/mogan/tests/unit/conf/test_auth.py +++ b/mogan/tests/unit/conf/test_auth.py @@ -12,7 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -from keystoneauth1 import identity as kaidentity from keystoneauth1 import loading as kaloading from oslo_config import cfg @@ -54,17 +53,3 @@ class AuthConfTestCase(base.TestCase): 'tenant_name', 'project_name', 'trust_id', 'domain_id', 'user_domain_id', 'project_domain_id'} self.assertTrue(expected.issubset(names)) - - def test_load_auth(self): - auth = mogan_auth.load_auth(self.cfg_fixture.conf, self.test_group) - # NOTE(pas-ha) 'password' auth_plugin is used - self.assertIsInstance(auth, kaidentity.generic.password.Password) - self.assertEqual('http://127.0.0.1:9898', auth.auth_url) - - def test_load_auth_missing_options(self): - # NOTE(pas-ha) 'password' auth_plugin is used, - # so when we set the required auth_url to None, - # MissingOption is raised - self.config(auth_url=None, group=self.test_group) - self.assertIsNone(mogan_auth.load_auth( - self.cfg_fixture.conf, self.test_group))