x/mogan
Code Issues Proposed changes

Remove legacy auth loading

Browse Source 
remove support for specifying client auth in keystone_authtoken config section.
This was deprecated about a year ago and now can safely be removed.

This change reference to the ironic patch[1]

[1] https://review.openstack.org/#/c/469626/

Change-Id: I9d22dd41e603e618230e656e91496462bde1c0e0
This commit is contained in:
liusheng 2017-07-29 16:20:45 +08:00
parent b58a2d26fc
commit 4a5cae0377
3 changed files with 11 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
mogan/common/keystone.py
View File

@ -17,34 +17,14 @@ from keystoneauth1 import exceptions as kaexception
from keystoneauth1 import loading as kaloading from keystoneauth1 import loading as kaloading
from oslo_log import log as logging from oslo_log import log as logging
import six import six
from six.moves.urllib import parse # for legacy options loading only
from mogan.common import exception from mogan.common import exception
from mogan.common.i18n import _
from mogan.conf import auth as mogan_auth
from mogan.conf import CONF from mogan.conf import CONF
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
# FIXME(pas-ha): for backward compat with legacy options loading only
def _is_apiv3(auth_url, auth_version):
"""Check if V3 version of API is being used or not.
This method inspects auth_url and auth_version, and checks whether V3
version of the API is being used or not.
When no auth_version is specified and auth_url is not a versioned
endpoint, v2.0 is assumed.
:param auth_url: a http or https url to be inspected (like
'http://127.0.0.1:9898/').
:param auth_version: a string containing the version (like 'v2', 'v3.0')
or None
:returns: True if V3 of the API is being used.
"""
return auth_version == 'v3.0' or '/v3' in parse.urlparse(auth_url).path
def ks_exceptions(f): def ks_exceptions(f):
"""Wraps keystoneclient functions and centralizes exception handling.""" """Wraps keystoneclient functions and centralizes exception handling."""
@six.wraps(f) @six.wraps(f)
@ -70,41 +50,20 @@ def ks_exceptions(f):
@ks_exceptions @ks_exceptions
def get_session(group): def get_session(group):
auth = mogan_auth.load_auth(CONF, group) or _get_legacy_auth() try:
if not auth: auth = kaloading.load_auth_from_conf_options(CONF, group)
msg = _("Failed to load auth from either [%(new)s] or [%(old)s] " except kaexception.MissingRequiredOptions:
"config sections.") LOG.error('Failed to load auth plugin from group %s', group)
raise exception.ConfigInvalid(message=msg, new=group, raise
old=mogan_auth.LEGACY_SECTION)
session = kaloading.load_session_from_conf_options( session = kaloading.load_session_from_conf_options(
CONF, group, auth=auth) CONF, group, auth=auth)
return session return session
# FIXME(pas-ha) remove legacy path after deprecation # TODO(pas-ha) we actually should barely need this at all:
def _get_legacy_auth(): # if we instantiate a identity.Token auth plugin from incoming
"""Load auth from keystone_authtoken config section # request context we could build a session with it, and each client
# would know its service_type already, looking up the endpoint by itself
Used only to provide backward compatibility with old configs.
"""
conf = getattr(CONF, mogan_auth.LEGACY_SECTION)
legacy_loader = kaloading.get_plugin_loader('password')
auth_params = {
'auth_url': conf.auth_uri,
'username': conf.admin_user,
'password': conf.admin_password,
'tenant_name': conf.admin_tenant_name
}
api_v3 = _is_apiv3(conf.auth_uri, conf.auth_version)
if api_v3:
# NOTE(pas-ha): mimic defaults of keystoneclient
auth_params.update({
'project_domain_id': 'default',
'user_domain_id': 'default',
})
return legacy_loader.load_from_options(**auth_params)
@ks_exceptions @ks_exceptions
def get_service_url(session, service_type='baremetal_compute', def get_service_url(session, service_type='baremetal_compute',
endpoint_type='internal'): endpoint_type='internal'):

27
mogan/conf/auth.py
View File

@ -14,30 +14,7 @@
import copy import copy
from keystoneauth1 import exceptions as kaexception
from keystoneauth1 import loading as kaloading from keystoneauth1 import loading as kaloading
from oslo_config import cfg
LEGACY_SECTION = 'keystone_authtoken'
OLD_SESSION_OPTS = {
'certfile': [cfg.DeprecatedOpt('certfile', LEGACY_SECTION)],
'keyfile': [cfg.DeprecatedOpt('keyfile', LEGACY_SECTION)],
'cafile': [cfg.DeprecatedOpt('cafile', LEGACY_SECTION)],
'insecure': [cfg.DeprecatedOpt('insecure', LEGACY_SECTION)],
'timeout': [cfg.DeprecatedOpt('timeout', LEGACY_SECTION)],
}
# FIXME(pas-ha) remove import of auth_token section after deprecation period
cfg.CONF.import_group(LEGACY_SECTION, 'keystonemiddleware.auth_token')
def load_auth(conf, group):
try:
auth = kaloading.load_auth_from_conf_options(conf, group)
except kaexception.MissingRequiredOptions:
auth = None
return auth
def register_auth_opts(conf, group): def register_auth_opts(conf, group):
@ -46,8 +23,7 @@ def register_auth_opts(conf, group):
Registers only basic auth options shared by all auth plugins. Registers only basic auth options shared by all auth plugins.
The rest are registered at runtime depending on auth plugin used. The rest are registered at runtime depending on auth plugin used.
""" """
kaloading.register_session_conf_options( kaloading.register_session_conf_options(conf, group)
conf, group, deprecated_opts=OLD_SESSION_OPTS)
kaloading.register_auth_conf_options(conf, group) kaloading.register_auth_conf_options(conf, group)
@ -58,6 +34,7 @@ def add_auth_opts(options):
this adds options for most used auth_plugins this adds options for most used auth_plugins
when generating sample config. when generating sample config.
""" """
def add_options(opts, opts_to_add): def add_options(opts, opts_to_add):
for new_opt in opts_to_add: for new_opt in opts_to_add:
for opt in opts: for opt in opts:

15
mogan/tests/unit/conf/test_auth.py
View File

@ -12,7 +12,6 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
from keystoneauth1 import identity as kaidentity
from keystoneauth1 import loading as kaloading from keystoneauth1 import loading as kaloading
from oslo_config import cfg from oslo_config import cfg
@ -54,17 +53,3 @@ class AuthConfTestCase(base.TestCase):
'tenant_name', 'project_name', 'trust_id', 'tenant_name', 'project_name', 'trust_id',
'domain_id', 'user_domain_id', 'project_domain_id'} 'domain_id', 'user_domain_id', 'project_domain_id'}
self.assertTrue(expected.issubset(names)) self.assertTrue(expected.issubset(names))
def test_load_auth(self):
auth = mogan_auth.load_auth(self.cfg_fixture.conf, self.test_group)
# NOTE(pas-ha) 'password' auth_plugin is used
self.assertIsInstance(auth, kaidentity.generic.password.Password)
self.assertEqual('http://127.0.0.1:9898', auth.auth_url)
def test_load_auth_missing_options(self):
# NOTE(pas-ha) 'password' auth_plugin is used,
# so when we set the required auth_url to None,
# MissingOption is raised
self.config(auth_url=None, group=self.test_group)
self.assertIsNone(mogan_auth.load_auth(
self.cfg_fixture.conf, self.test_group))