Moving authentication from keystoneclient to keystoneauth

Currently OpenStackClient uses keystoneclient for authentication. This change will update OpenStackClient to use keystoneauth for authentication. All dependant test have been updated. Updating how auth_ref is set in the tests to use KSA fixtures had some racy side-effects. The user_role_list tests failed when they picked up an auth_ref that was a fixture. This exposed a weakness in ListUserRole that needed to be fixed at the same time re handling of unscoped tokens and options. Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00 Closes-Bug: 1533369
author: Navid Pustchi <npustchi@gmail.com> 2016-02-04 16:45:38 +0000
committer: Alvaro Lopez Garcia <aloga@ifca.unican.es> 2016-06-09 18:00:40 +0200
commit: 6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e (patch)
tree: 5833e88147e71524b49a5b25979fd17869dd455c /openstackclient/api
parent: ada6abb30e6b1c49229817ae53ab96d88c50fd21 (diff)
download: python-openstackclient-6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e.tar.gz
2 files changed, 18 insertions, 30 deletions
diff --git a/openstackclient/api/auth.py b/openstackclient/api/auth.py
index c74e8005..ded0e369 100644
--- a/openstackclient/api/auth.py
+++ b/openstackclient/api/auth.py
@@ -16,15 +16,12 @@
 import argparse
 import logging
 
-import stevedore
-
-from keystoneclient.auth import base
+from keystoneauth1.loading import base
 
 from openstackclient.common import exceptions as exc
 from openstackclient.common import utils
 from openstackclient.i18n import _
 
-
 LOG = logging.getLogger(__name__)
 
 # Initialize the list of Authentication plugins early in order
@@ -37,15 +34,10 @@ OPTIONS_LIST = {}
 
 def get_plugin_list():
     """Gather plugin list and cache it"""
-
     global PLUGIN_LIST
 
     if PLUGIN_LIST is None:
-        PLUGIN_LIST = stevedore.ExtensionManager(
-            base.PLUGIN_NAMESPACE,
-            invoke_on_load=False,
-            propagate_map_exceptions=True,
-        )
+        PLUGIN_LIST = base.get_available_plugin_names()
     return PLUGIN_LIST
 
 
@@ -55,8 +47,9 @@ def get_options_list():
     global OPTIONS_LIST
 
     if not OPTIONS_LIST:
-        for plugin in get_plugin_list():
-            for o in plugin.plugin.get_options():
+        for plugin_name in get_plugin_list():
+            plugin_options = base.get_plugin_options(plugin_name)
+            for o in plugin_options:
                 os_name = o.dest.lower().replace('_', '-')
                 os_env_name = 'OS_' + os_name.upper().replace('-', '_')
                 OPTIONS_LIST.setdefault(
@@ -66,7 +59,7 @@ def get_options_list():
                 # help texts if they vary from one auth plugin to another
                 # also the text rendering is ugly in the CLI ...
                 OPTIONS_LIST[os_name]['help'] += 'With %s: %s\n' % (
-                    plugin.name,
+                    plugin_name,
                     o.help,
                 )
     return OPTIONS_LIST
@@ -83,7 +76,7 @@ def select_auth_plugin(options):
     if options.auth.get('url') and options.auth.get('token'):
         # service token authentication
         auth_plugin_name = 'token_endpoint'
-    elif options.auth_type in [plugin.name for plugin in PLUGIN_LIST]:
+    elif options.auth_type in PLUGIN_LIST:
         # A direct plugin name was given, use it
         auth_plugin_name = options.auth_type
     elif options.auth.get('username'):
@@ -115,7 +108,7 @@ def build_auth_params(auth_plugin_name, cmd_options):
     auth_params = dict(cmd_options.auth)
     if auth_plugin_name:
         LOG.debug('auth_type: %s', auth_plugin_name)
-        auth_plugin_class = base.get_plugin_class(auth_plugin_name)
+        auth_plugin_loader = base.get_plugin_loader(auth_plugin_name)
         # grab tenant from project for v2.0 API compatibility
         if auth_plugin_name.startswith("v2"):
             if 'project_id' in auth_params:
@@ -127,12 +120,12 @@ def build_auth_params(auth_plugin_name, cmd_options):
     else:
         LOG.debug('no auth_type')
         # delay the plugin choice, grab every option
-        auth_plugin_class = None
+        auth_plugin_loader = None
         plugin_options = set([o.replace('-', '_') for o in get_options_list()])
         for option in plugin_options:
             LOG.debug('fetching option %s', option)
             auth_params[option] = getattr(cmd_options.auth, option, None)
-    return (auth_plugin_class, auth_params)
+    return (auth_plugin_loader, auth_params)
 
 
 def check_valid_auth_options(options, auth_plugin_name, required_scope=True):
@@ -188,7 +181,7 @@ def build_auth_plugins_option_parser(parser):
     authentication plugin.
 
     """
-    available_plugins = [plugin.name for plugin in get_plugin_list()]
+    available_plugins = list(get_plugin_list())
     parser.add_argument(
         '--os-auth-type',
         metavar='<auth-type>',
diff --git a/openstackclient/api/auth_plugin.py b/openstackclient/api/auth_plugin.py
index cff0b75d..44d3b38e 100644
--- a/openstackclient/api/auth_plugin.py
+++ b/openstackclient/api/auth_plugin.py
@@ -18,13 +18,13 @@ import logging
 from oslo_config import cfg
 from six.moves.urllib import parse as urlparse
 
-from keystoneclient.auth.identity.generic import password as ksc_password
-from keystoneclient.auth import token_endpoint
+from keystoneauth1.loading._plugins import admin_token as token_endpoint
+from keystoneauth1.loading._plugins.identity import generic as ksa_password
 
 LOG = logging.getLogger(__name__)
 
 
-class TokenEndpoint(token_endpoint.Token):
+class TokenEndpoint(token_endpoint.AdminToken):
     """Auth plugin to handle traditional token/endpoint usage
 
     Implements the methods required to handle token authentication
@@ -36,20 +36,15 @@ class TokenEndpoint(token_endpoint.Token):
     is for bootstrapping the Keystone database.
     """
 
-    def __init__(self, url, token, **kwargs):
+    def load_from_options(self, url, token):
         """A plugin for static authentication with an existing token
 
         :param string url: Service endpoint
         :param string token: Existing token
         """
-        super(TokenEndpoint, self).__init__(endpoint=url,
-                                            token=token)
+        return super(TokenEndpoint, self).load_from_options(endpoint=url,
+                                                            token=token)
 
-    def get_auth_ref(self, session, **kwargs):
-        # Stub this method for compatibility
-        return None
-
-    @classmethod
     def get_options(self):
         options = super(TokenEndpoint, self).get_options()
 
@@ -65,7 +60,7 @@ class TokenEndpoint(token_endpoint.Token):
         return options
 
 
-class OSCGenericPassword(ksc_password.Password):
+class OSCGenericPassword(ksa_password.Password):
     """Auth plugin hack to work around broken Keystone configurations
 
     The default Keystone configuration uses http://localhost:xxxx in
author	Navid Pustchi <npustchi@gmail.com>	2016-02-04 16:45:38 +0000
committer	Alvaro Lopez Garcia <aloga@ifca.unican.es>	2016-06-09 18:00:40 +0200
commit	6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e (patch)
tree	5833e88147e71524b49a5b25979fd17869dd455c /openstackclient/api
parent	ada6abb30e6b1c49229817ae53ab96d88c50fd21 (diff)
download	python-openstackclient-6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e.tar.gz