Merge "s3token config with auth URI"

keystonemiddleware/s3_token.py

@@ -40,7 +40,7 @@ import requests
 import six
 from six.moves import urllib
 
-from keystonemiddleware.i18n import _, _LI
+from keystonemiddleware.i18n import _, _LI, _LW
 
 
 PROTOCOL_NAME = 'S3 Token Authentication'
@@ -109,12 +109,19 @@ class S3Token(object):
         self._reseller_prefix = conf.get('reseller_prefix', 'AUTH_')
         # where to find the auth service (we use this to validate tokens)
 
-        auth_host = conf.get('auth_host')
-        auth_port = int(conf.get('auth_port', 35357))
-        auth_protocol = conf.get('auth_protocol', 'https')
+        self._request_uri = conf.get('auth_uri')
+        if not self._request_uri:
+            self._logger.warning(_LW(
+                "Use of the auth_host, auth_port, and auth_protocol "
+                "configuration options was deprecated in the Newton release "
+                "in favor of auth_uri. These options may be removed in a "
+                "future release."))
+            auth_host = conf.get('auth_host')
+            auth_port = int(conf.get('auth_port', 35357))
+            auth_protocol = conf.get('auth_protocol', 'https')
 
-        self._request_uri = '%s://%s:%s' % (auth_protocol, auth_host,
-                                            auth_port)
+            self._request_uri = '%s://%s:%s' % (auth_protocol, auth_host,
+                                                auth_port)
 
         # SSL
         insecure = strutils.bool_from_string(conf.get('insecure', False))

keystonemiddleware/tests/unit/test_s3_token_middleware.py

@@ -39,20 +39,14 @@ class FakeApp(object):
 
 class S3TokenMiddlewareTestBase(utils.TestCase):
 
-    TEST_PROTOCOL = 'https'
-    TEST_HOST = 'fakehost'
-    TEST_PORT = 35357
-    TEST_URL = '%s://%s:%d/v2.0/s3tokens' % (TEST_PROTOCOL,
-                                             TEST_HOST,
-                                             TEST_PORT)
+    TEST_AUTH_URI = 'https://fakehost/identity'
+    TEST_URL = '%s/v2.0/s3tokens' % (TEST_AUTH_URI, )
 
     def setUp(self):
         super(S3TokenMiddlewareTestBase, self).setUp()
 
         self.conf = {
-            'auth_host': self.TEST_HOST,
-            'auth_port': self.TEST_PORT,
-            'auth_protocol': self.TEST_PROTOCOL,
+            'auth_uri': self.TEST_AUTH_URI,
         }
 
         self.requests_mock = self.useFixture(rm_fixture.Fixture())
@@ -101,14 +95,17 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
         self.assertEqual(req.headers['X-Auth-Token'], 'TOKEN_ID')
 
     def test_authorized_http(self):
-        self.requests_mock.post(self.TEST_URL.replace('https', 'http'),
-                                status_code=201,
-                                json=GOOD_RESPONSE)
+        protocol = 'http'
+        host = 'fakehost'
+        port = 35357
+        self.requests_mock.post(
+            '%s://%s:%s/v2.0/s3tokens' % (protocol, host, port),
+            status_code=201, json=GOOD_RESPONSE)
 
         self.middleware = (
-            s3_token.filter_factory({'auth_protocol': 'http',
-                                     'auth_host': self.TEST_HOST,
-                                     'auth_port': self.TEST_PORT})(FakeApp()))
+            s3_token.filter_factory({'auth_protocol': protocol,
+                                     'auth_host': host,
+                                     'auth_port': port})(FakeApp()))
         req = webob.Request.blank('/v1/AUTH_cfa/c/o')
         req.headers['Authorization'] = 'access:signature'
         req.headers['X-Storage-Token'] = 'token'

releasenotes/notes/s3token_auth_uri-490c1287d90b9df7.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - A new configuration option for the s3token middleware called auth_uri can
+    be used to set the URI to be used for authentication. This replaces
+    auth_host, auth_port, and auth_protocol.
+deprecations:
+  - The auth_host, auth_port, and auth_protocol configuration options to the
+    s3token middleware are now deprecated.