openstack/castellan
Code Issues Proposed changes

Merge "Fix retrieving barbican endpoint from service catalog"

Browse Source
This commit is contained in:
Jenkins 2017-07-28 09:07:40 +00:00 committed by Gerrit Code Review
commit dfce4df2f5
7 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
castellan/common/credentials/keystone_password.py
View File

@ -23,13 +23,14 @@ from castellan.common.credentials import password
class KeystonePassword(password.Password): class KeystonePassword(password.Password):
"""This class represents a keystone password credential.""" """This class represents a keystone password credential."""
def __init__(self, password, username=None, user_id=None, def __init__(self, password, auth_url=None, username=None, user_id=None,
user_domain_id=None, user_domain_name=None, trust_id=None, user_domain_id=None, user_domain_name=None, trust_id=None,
domain_id=None, domain_name=None, project_id=None, domain_id=None, domain_name=None, project_id=None,
project_name=None, project_domain_id=None, project_name=None, project_domain_id=None,
project_domain_name=None, reauthenticate=True): project_domain_name=None, reauthenticate=True):
"""Create a new Keystone Password Credential. """Create a new Keystone Password Credential.
:param string auth_url: Use this endpoint to connect to Keystone.
:param string password: Password for authentication. :param string password: Password for authentication.
:param string username: Username for authentication. :param string username: Username for authentication.
:param string user_id: User ID for authentication. :param string user_id: User ID for authentication.
@ -46,6 +47,7 @@ class KeystonePassword(password.Password):
one is going to expire. (optional) default True one is going to expire. (optional) default True
""" """
self._auth_url = auth_url
self._user_id = user_id self._user_id = user_id
self._user_domain_id = user_domain_id self._user_domain_id = user_domain_id
self._user_domain_name = user_domain_name self._user_domain_name = user_domain_name
@ -61,6 +63,11 @@ class KeystonePassword(password.Password):
super(KeystonePassword, self).__init__(username, super(KeystonePassword, self).__init__(username,
password) password)
@property
def auth_url(self):
"""This method returns an auth_url."""
return self._auth_url
@property @property
def user_id(self): def user_id(self):
"""This method returns a user_id.""" """This method returns a user_id."""

14
castellan/common/credentials/keystone_token.py
View File

@ -23,13 +23,15 @@ from castellan.common.credentials import token
class KeystoneToken(token.Token): class KeystoneToken(token.Token):
"""This class represents a keystone token credential.""" """This class represents a keystone token credential."""
def __init__(self, token, trust_id=None, domain_id=None, domain_name=None, def __init__(self, token, auth_url=None, trust_id=None, domain_id=None,
project_id=None, project_name=None, project_domain_id=None, domain_name=None, project_id=None, project_name=None,
project_domain_name=None, reauthenticate=True): project_domain_id=None, project_domain_name=None,
reauthenticate=True):
"""Create a new Keystone Token Credential. """Create a new Keystone Token Credential.
:param string token: Token for authentication. The type of token :param string token: Token for authentication. The type of token
formats accepted are UUID, PKI, and Fernet. formats accepted are UUID, PKI, and Fernet.
:param string auth_url: Use this endpoint to connect to Keystone.
:param string trust_id: Trust ID for trust scoping. :param string trust_id: Trust ID for trust scoping.
:param string domain_id: Domain ID for domain scoping. :param string domain_id: Domain ID for domain scoping.
:param string domain_name: Domain name for domain scoping. :param string domain_name: Domain name for domain scoping.
@ -41,6 +43,7 @@ class KeystoneToken(token.Token):
one is going to expire. (optional) default True one is going to expire. (optional) default True
""" """
self._auth_url = auth_url
self._trust_id = trust_id self._trust_id = trust_id
self._domain_id = domain_id self._domain_id = domain_id
self._domain_name = domain_name self._domain_name = domain_name
@ -52,6 +55,11 @@ class KeystoneToken(token.Token):
super(KeystoneToken, self).__init__(token) super(KeystoneToken, self).__init__(token)
@property
def auth_url(self):
"""This method returns an auth_url."""
return self._auth_url
@property @property
def trust_id(self): def trust_id(self):
"""This method returns a trust_id.""" """This method returns a trust_id."""

4
castellan/common/utils.py
View File

@ -51,6 +51,8 @@ credential_opts = [
"'keystone_password' auth_type."), "'keystone_password' auth_type."),
# keystone credential opts # keystone credential opts
cfg.StrOpt('auth_url',
help="Use this endpoint to connect to Keystone."),
cfg.StrOpt('user_id', cfg.StrOpt('user_id',
help="User ID for authentication. Optional for " help="User ID for authentication. Optional for "
"'keystone_token' and 'keystone_password' auth_type."), "'keystone_token' and 'keystone_password' auth_type."),
@ -130,6 +132,7 @@ def credential_factory(conf=None, context=None):
elif conf.key_manager.auth_type == 'keystone_password': elif conf.key_manager.auth_type == 'keystone_password':
return keystone_password.KeystonePassword( return keystone_password.KeystonePassword(
conf.key_manager.password, conf.key_manager.password,
auth_url=conf.key_manager.auth_url,
username=conf.key_manager.username, username=conf.key_manager.username,
user_id=conf.key_manager.user_id, user_id=conf.key_manager.user_id,
user_domain_id=conf.key_manager.user_domain_id, user_domain_id=conf.key_manager.user_domain_id,
@ -153,6 +156,7 @@ def credential_factory(conf=None, context=None):
return keystone_token.KeystoneToken( return keystone_token.KeystoneToken(
auth_token, auth_token,
auth_url=conf.key_manager.auth_url,
trust_id=conf.key_manager.trust_id, trust_id=conf.key_manager.trust_id,
domain_id=conf.key_manager.domain_id, domain_id=conf.key_manager.domain_id,
domain_name=conf.key_manager.domain_name, domain_name=conf.key_manager.domain_name,

12
castellan/key_manager/barbican_key_manager.py
View File

@ -55,6 +55,8 @@ barbican_opts = [
help='Version of the Barbican API, for example: "v1"'), help='Version of the Barbican API, for example: "v1"'),
cfg.StrOpt('auth_endpoint', cfg.StrOpt('auth_endpoint',
default='http://localhost/identity/v3', default='http://localhost/identity/v3',
deprecated_name='auth_url',
deprecated_group='key_manager',
help='Use this endpoint to connect to Keystone'), help='Use this endpoint to connect to Keystone'),
cfg.IntOpt('retry_delay', cfg.IntOpt('retry_delay',
default=1, default=1,
@ -123,6 +125,8 @@ class BarbicanKeyManager(key_manager.KeyManager):
endpoint=self._barbican_endpoint) endpoint=self._barbican_endpoint)
self._current_context = context self._current_context = context
# TODO(pbourke): more fine grained exception handling - we are eating
# tracebacks here
except Exception as e: except Exception as e:
LOG.error("Error creating Barbican client: %s", e) LOG.error("Error creating Barbican client: %s", e)
raise exception.KeyManagerError(reason=e) raise exception.KeyManagerError(reason=e)
@ -134,11 +138,9 @@ class BarbicanKeyManager(key_manager.KeyManager):
return self._barbican_client return self._barbican_client
def _get_keystone_auth(self, context): def _get_keystone_auth(self, context):
auth_url = self.conf.barbican.auth_endpoint
if context.__class__.__name__ is 'KeystonePassword': if context.__class__.__name__ is 'KeystonePassword':
return identity.Password( return identity.Password(
auth_url=auth_url, auth_url=context.auth_url,
username=context.username, username=context.username,
password=context.password, password=context.password,
user_id=context.user_id, user_id=context.user_id,
@ -154,7 +156,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
reauthenticate=context.reauthenticate) reauthenticate=context.reauthenticate)
elif context.__class__.__name__ is 'KeystoneToken': elif context.__class__.__name__ is 'KeystoneToken':
return identity.Token( return identity.Token(
auth_url=auth_url, auth_url=context.auth_url,
token=context.token, token=context.token,
trust_id=context.trust_id, trust_id=context.trust_id,
domain_id=context.domain_id, domain_id=context.domain_id,
@ -168,7 +170,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
# projects begin to use utils.credential_factory # projects begin to use utils.credential_factory
elif context.__class__.__name__ is 'RequestContext': elif context.__class__.__name__ is 'RequestContext':
return identity.Token( return identity.Token(
auth_url=auth_url, auth_url=self.conf.barbican.auth_endpoint,
token=context.auth_token, token=context.auth_token,
project_id=context.tenant) project_id=context.tenant)
else: else:

4
castellan/tests/functional/key_manager/test_barbican_key_manager.py
View File

@ -129,6 +129,7 @@ class BarbicanKeyManagerKSPasswordTestCase(BarbicanKeyManagerTestCase,
base.BaseTestCase): base.BaseTestCase):
def get_context(self): def get_context(self):
auth_url = CONF.identity.auth_url
username = CONF.identity.username username = CONF.identity.username
password = CONF.identity.password password = CONF.identity.password
project_name = CONF.identity.project_name project_name = CONF.identity.project_name
@ -136,7 +137,7 @@ class BarbicanKeyManagerKSPasswordTestCase(BarbicanKeyManagerTestCase,
project_domain_name = CONF.identity.project_domain_name project_domain_name = CONF.identity.project_domain_name
ctxt = keystone_password.KeystonePassword( ctxt = keystone_password.KeystonePassword(
username=username, password=password, auth_url=auth_url, username=username, password=password,
project_name=project_name, project_name=project_name,
user_domain_name=user_domain_name, user_domain_name=user_domain_name,
project_domain_name=project_domain_name) project_domain_name=project_domain_name)
@ -165,4 +166,5 @@ class BarbicanKeyManagerKSTokenTestCase(BarbicanKeyManagerTestCase,
return keystone_token.KeystoneToken( return keystone_token.KeystoneToken(
token=auth.get_token(sess), token=auth.get_token(sess),
auth_url=auth_url,
project_id=auth.get_project_id(sess)) project_id=auth.get_project_id(sess))

2
doc/source/user/index.rst
View File

@ -37,12 +37,14 @@ provided.
# keystone token credential # keystone token credential
[key_manager] [key_manager]
auth_url = 'http://192.169.5.254:5000'
auth_type = 'keystone_token' auth_type = 'keystone_token'
token = '5b4de0bb77064f289f7cc58e33bea8c7' token = '5b4de0bb77064f289f7cc58e33bea8c7'
project_id = 'a1e19934af81420d980a5d02b4afe9fb' project_id = 'a1e19934af81420d980a5d02b4afe9fb'
# keystone password credential # keystone password credential
[key_manager] [key_manager]
auth_url = 'http://192.169.5.254:5000'
auth_type = 'keystone_password' auth_type = 'keystone_password'
username = 'admin' username = 'admin'
password = 'passw0rd1' password = 'passw0rd1'

5
releasenotes/notes/deprecate-auth-endpoint-b91a3e67b5c7263f.yaml Normal file
View File

@ -0,0 +1,5 @@
---
deprecations:
- |
Config option barbican/auth_endpoint is unnecessary and deprecated in
favor of the more standard key_manager/auth_url.