Merge "Move OSC auth plugins so they can be found"

1 files changed, 118 insertions, 0 deletions

diff --git a/openstackclient/api/auth_plugin.py b/openstackclient/api/auth_plugin.py
new file mode 100644
index 00000000..a995476a
--- /dev/null
+++ b/openstackclient/api/auth_plugin.py
@@ -0,0 +1,118 @@
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+"""Authentication Plugin Library"""
+
+import logging
+
+from oslo_config import cfg
+from six.moves.urllib import parse as urlparse
+
+from keystoneclient.auth import base
+from keystoneclient.auth.identity.generic import password as ksc_password
+
+
+LOG = logging.getLogger(__name__)
+
+
+class TokenEndpoint(base.BaseAuthPlugin):
+    """Auth plugin to handle traditional token/endpoint usage
+
+    Implements the methods required to handle token authentication
+    with a user-specified token and service endpoint; no Identity calls
+    are made for re-scoping, service catalog lookups or the like.
+
+    The purpose of this plugin is to get rid of the special-case paths
+    in the code to handle this authentication format. Its primary use
+    is for bootstrapping the Keystone database.
+    """
+
+    def __init__(self, url, token, **kwargs):
+        """A plugin for static authentication with an existing token
+
+        :param string url: Service endpoint
+        :param string token: Existing token
+        """
+        super(TokenEndpoint, self).__init__()
+        self.endpoint = url
+        self.token = token
+
+    def get_endpoint(self, session, **kwargs):
+        """Return the supplied endpoint"""
+        return self.endpoint
+
+    def get_token(self, session):
+        """Return the supplied token"""
+        return self.token
+
+    def get_auth_ref(self, session, **kwargs):
+        """Stub this method for compatibility"""
+        return None
+
+    # Override this because it needs to be a class method...
+    @classmethod
+    def get_options(self):
+        options = super(TokenEndpoint, self).get_options()
+
+        options.extend([
+            # Maintain name 'url' for compatibility
+            cfg.StrOpt('url',
+                       help='Specific service endpoint to use'),
+            cfg.StrOpt('token',
+                       secret=True,
+                       help='Authentication token to use'),
+        ])
+
+        return options
+
+
+class OSCGenericPassword(ksc_password.Password):
+    """Auth plugin hack to work around broken Keystone configurations
+
+    The default Keystone configuration uses http://localhost:xxxx in
+    admin_endpoint and public_endpoint and are returned in the links.href
+    attribute by the version routes.  Deployments that do not set these
+    are unusable with newer keystoneclient version discovery.
+
+    """
+
+    def create_plugin(self, session, version, url, raw_status=None):
+        """Handle default Keystone endpoint configuration
+
+        Build the actual API endpoint from the scheme, host and port of the
+        original auth URL and the rest from the returned version URL.
+        """
+
+        ver_u = urlparse.urlparse(url)
+
+        # Only hack this if it is the default setting
+        if ver_u.netloc.startswith('localhost'):
+            auth_u = urlparse.urlparse(self.auth_url)
+            # from original auth_url: scheme, netloc
+            # from api_url: path, query (basically, the rest)
+            url = urlparse.urlunparse((
+                auth_u.scheme,
+                auth_u.netloc,
+                ver_u.path,
+                ver_u.params,
+                ver_u.query,
+                ver_u.fragment,
+            ))
+            LOG.debug('Version URL updated: %s' % url)
+
+        return super(OSCGenericPassword, self).create_plugin(
+            session=session,
+            version=version,
+            url=url,
+            raw_status=raw_status,
+        )