From 712e85763b869fb206a46995005d959d1205f80f Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Wed, 1 Jun 2016 22:15:50 +1000 Subject: [PATCH] Use keystoneauth1 instead of keystoneclient The keystoneclient session has been deprecated in favour of keystoneauth1. To make this cleaner a few unnecessary usages of keystoneclient are cleaned up. Change-Id: I8bfcff53165a18f94c600797dd8105d64d948e7a --- castellan/key_manager/barbican_key_manager.py | 13 ++--- .../key_manager/test_barbican_key_manager.py | 52 +++++++------------ doc/source/usage.rst | 24 ++++----- 3 files changed, 39 insertions(+), 50 deletions(-) diff --git a/castellan/key_manager/barbican_key_manager.py b/castellan/key_manager/barbican_key_manager.py index e3157506..a9c14a1d 100644 --- a/castellan/key_manager/barbican_key_manager.py +++ b/castellan/key_manager/barbican_key_manager.py @@ -22,8 +22,9 @@ import time from cryptography.hazmat import backends from cryptography.hazmat.primitives import serialization from cryptography import x509 as cryptography_x509 -from keystoneclient.auth import identity -from keystoneclient import session +from keystoneauth1 import identity +from keystoneauth1 import loading +from keystoneauth1 import session from oslo_config import cfg from oslo_log import log as logging from oslo_utils import excutils @@ -85,7 +86,7 @@ class BarbicanKeyManager(key_manager.KeyManager): self._base_url = None self.conf = configuration self.conf.register_opts(barbican_opts, group=BARBICAN_OPT_GROUP) - session.Session.register_conf_options(self.conf, BARBICAN_OPT_GROUP) + loading.register_session_conf_options(self.conf, BARBICAN_OPT_GROUP) def _get_barbican_client(self, context): """Creates a client to connect to the Barbican service. @@ -130,7 +131,7 @@ class BarbicanKeyManager(key_manager.KeyManager): auth_url = self.conf.barbican.auth_endpoint if context.__class__.__name__ is 'KeystonePassword': - return identity.v3.Password( + return identity.V3Password( auth_url=auth_url, username=context.username, password=context.password, @@ -146,7 +147,7 @@ class BarbicanKeyManager(key_manager.KeyManager): project_domain_name=context.project_domain_name, reauthenticate=context.reauthenticate) elif context.__class__.__name__ is 'KeystoneToken': - return identity.v3.Token( + return identity.V3Token( auth_url=auth_url, token=context.token, trust_id=context.trust_id, @@ -160,7 +161,7 @@ class BarbicanKeyManager(key_manager.KeyManager): # this will be kept for oslo.context compatibility until # projects begin to use utils.credential_factory elif context.__class__.__name__ is 'RequestContext': - return identity.v3.Token( + return identity.V3Token( auth_url=auth_url, token=context.auth_token, project_id=context.tenant) diff --git a/castellan/tests/functional/key_manager/test_barbican_key_manager.py b/castellan/tests/functional/key_manager/test_barbican_key_manager.py index 13fde2b0..a2ac2fe9 100644 --- a/castellan/tests/functional/key_manager/test_barbican_key_manager.py +++ b/castellan/tests/functional/key_manager/test_barbican_key_manager.py @@ -21,9 +21,8 @@ Note: This requires local running instances of Barbican and Keystone. import abc import uuid -from keystoneclient.auth.identity import v3 -from keystoneclient import session -from keystoneclient.v3 import client +from keystoneauth1 import identity +from keystoneauth1 import session from oslo_config import cfg from oslo_context import context from oslotest import base @@ -113,22 +112,16 @@ class BarbicanKeyManagerOSLOContextTestCase(BarbicanKeyManagerTestCase, user_domain_name = CONF.identity.user_domain_name project_domain_name = CONF.identity.project_domain_name - auth = v3.Password(auth_url=auth_url, - username=username, - password=password, - project_name=project_name, - user_domain_name=user_domain_name, - project_domain_name=project_domain_name) + auth = identity.V3Password(auth_url=auth_url, + username=username, + password=password, + project_name=project_name, + user_domain_name=user_domain_name, + project_domain_name=project_domain_name) sess = session.Session(auth=auth) - keystone_client = client.Client(session=sess) - project_list = keystone_client.projects.list(name=project_name) - - ctxt = context.RequestContext( - auth_token=auth.auth_ref.auth_token, - tenant=project_list[0].id) - - return ctxt + return context.RequestContext(auth_token=auth.get_token(sess), + tenant=auth.get_project_id(sess)) class BarbicanKeyManagerKSPasswordTestCase(BarbicanKeyManagerTestCase, @@ -161,19 +154,14 @@ class BarbicanKeyManagerKSTokenTestCase(BarbicanKeyManagerTestCase, user_domain_name = CONF.identity.user_domain_name project_domain_name = CONF.identity.project_domain_name - auth = v3.Password(auth_url=auth_url, - username=username, - password=password, - project_name=project_name, - user_domain_name=user_domain_name, - project_domain_name=project_domain_name) - sess = session.Session(auth=auth) - keystone_client = client.Client(session=sess) + auth = identity.V3Password(auth_url=auth_url, + username=username, + password=password, + project_name=project_name, + user_domain_name=user_domain_name, + project_domain_name=project_domain_name) + sess = session.Session() - project_list = keystone_client.projects.list(name=project_name) - - ctxt = keystone_token.KeystoneToken( - token=auth.auth_ref.auth_token, - project_id=project_list[0].id) - - return ctxt + return keystone_token.KeystoneToken( + token=auth.get_token(sess), + project_id=auth.get_project_id(sess)) diff --git a/doc/source/usage.rst b/doc/source/usage.rst index ca438558..b1508a20 100644 --- a/doc/source/usage.rst +++ b/doc/source/usage.rst @@ -52,7 +52,7 @@ provided. .. note:: Keystone Token and Password authentication is achieved using - keystoneclient.auth.identity.v3 Token and Password auth plugins. + keystoneauth1.identity Token and Password auth plugins. There are a variety of different variables which can be set for the keystone credential options. @@ -88,23 +88,23 @@ that is being abstracted. .. code:: python - from keystoneclient.v3 import client + from keystoneauth1 import identity + from keystoneauth1 import session from oslo_context import context username = 'admin' password = 'openstack' project_name = 'admin' - auth_url = 'http://localhost:5000/v3' - keystone_client = client.Client(username=username, - password=password, - project_name=project_name, - auth_url=auth_url, - project_domain_id='default') + auth_url = 'http://localhost:5000/' + auth = identity.Password(auth_url=auth_url, + username=username, + password=password, + project_name=project_name, + default_domain_id='default') + sess = session.Session() - project_list = keystone_client.projects.list(name=project_name) - - ctxt = context.RequestContext(auth_token=keystone_client.auth_token, - tenant=project_list[0].id) + ctxt = context.RequestContext(auth_token=auth.get_token(sess), + tenant=auth.get_project_id(sess)) ctxt can then be passed into any key_manager api call.