From 3b5c93f8642cdf2e547a1c60be0009bbbc1f773a Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@redhat.com>
Date: Mon, 20 Oct 2014 10:27:00 +0200
Subject: [PATCH] Revert "Support service user and project in non-default
 domain"

This case can be handled by default/design by using a v3 authentication
plugin. The values also don't make sense for v2 authentication.

Having them here means extra values to support in the default case.

There has not been a release with this patch.

This reverts commit bb00caf15be9336663521a913984795af9bed185.
Related-bug: #1372142

Change-Id: I690f39284010906a0171178511729749ccc566b8
---
 doc/source/middlewarearchitecture.rst         | 25 ++----------
 keystonemiddleware/auth_token.py              | 29 +-------------
 .../tests/test_auth_token_middleware.py       | 38 -------------------
 keystonemiddleware/tests/test_opts.py         |  4 --
 4 files changed, 6 insertions(+), 90 deletions(-)

diff --git a/doc/source/middlewarearchitecture.rst b/doc/source/middlewarearchitecture.rst
index 80b93ac5..be2c690a 100644
--- a/doc/source/middlewarearchitecture.rst
+++ b/doc/source/middlewarearchitecture.rst
@@ -167,12 +167,6 @@ a WSGI component. Example for the auth_token middleware:
     # Keystone account username (string value)
     #admin_user=<None>
 
-    # Keystone service account user domain ID. (string value)
-    #admin_user_domain_id=<None>
-
-    # Keystone service account user domain name. (string value)
-    #admin_user_domain_name=<None>
-
     # Keystone account password (string value)
     admin_password=SuperSekretPassword
 
@@ -180,12 +174,6 @@ a WSGI component. Example for the auth_token middleware:
     # (string value)
     #admin_tenant_name=admin
 
-    # Keystone service account project domain ID. (string value)
-    #admin_project_domain_id=<None>
-
-    # Keystone service account project domain name. (string value)
-    #admin_project_domain_name=<None>
-
     # Env key for the swift cache (string value)
     #cache=<None>
 
@@ -309,15 +297,10 @@ Configuration Options
 * ``admin_token``: either this or the following three options are required. If
   set, this is a single shared secret with the keystone configuration used to
   validate tokens.
-* ``admin_user``, ``admin_user_domain_name``, ``admin_user_domain_id``,
-  ``admin_password``, ``admin_tenant_name``, ``admin_project_domain_id``,
-  ``admin_project_domain_name``: if ``admin_token``
-  is not set, or invalid, then ``admin_user``, ``admin_password``, and
-  ``admin_tenant_name`` are defined as a service account which is expected to
-  have been previously configured in Keystone to validate user tokens. If the
-  service user isn't in the default domain, set ``admin_user_domain_name`` or
-  ``admin_user_domain_id``. If the service project isn't in the default domain,
-  set ``admin_project_domain_id`` or ``admin_project_domain_name``.
+* ``admin_user``, ``admin_password``, ``admin_tenant_name``: if ``admin_token``
+  is not set, or invalid, then admin_user, admin_password, and
+  admin_tenant_name are defined as a service account which is expected to have
+  been previously configured in Keystone to validate user tokens.
 
 * ``cache``: (optional) Env key for the swift cache
 
diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py
index efecf6e4..93b0871b 100644
--- a/keystonemiddleware/auth_token.py
+++ b/keystonemiddleware/auth_token.py
@@ -175,7 +175,6 @@ import time
 from keystoneclient import access
 from keystoneclient.auth.identity import base as base_identity
 from keystoneclient.auth.identity import v2
-from keystoneclient.auth.identity import v3
 from keystoneclient.auth import token_endpoint
 from keystoneclient.common import cms
 from keystoneclient import exceptions
@@ -272,10 +271,6 @@ _OPTS = [
                ' instead.'),
     cfg.StrOpt('admin_user',
                help='Keystone account username'),
-    cfg.StrOpt('admin_user_domain_id',
-               help='Keystone service account user domain ID.'),
-    cfg.StrOpt('admin_user_domain_name',
-               help='Keystone service account user domain name.'),
     cfg.StrOpt('admin_password',
                secret=True,
                help='Keystone account password'),
@@ -283,10 +278,6 @@ _OPTS = [
                default='admin',
                help='Keystone service account tenant name to validate'
                ' user tokens'),
-    cfg.StrOpt('admin_project_domain_id',
-               help='Keystone service account project domain ID.'),
-    cfg.StrOpt('admin_project_domain_name',
-               help='Keystone service account project domain name.'),
     cfg.StrOpt('cache',
                default=None,
                help='Env key for the swift cache'),
@@ -1241,37 +1232,21 @@ class AuthProtocol(object):
         # of this can be changed when we get keystoneclient 0.10. For now this
         # hardcoded path is EXACTLY the same as the original auth_token did.
         auth_url = '%s/v2.0' % self._identity_uri
-        auth_plugin = None
 
         admin_token = self._conf_get('admin_token')
-        admin_user_domain_id = self._conf_get('admin_user_domain_id')
-        admin_user_domain_name = self._conf_get('admin_user_domain_name')
         if admin_token:
             self._LOG.warning(
                 "The admin_token option in the auth_token middleware is "
                 "deprecated and should not be used. The admin_user and "
                 "admin_password options should be used instead. The "
                 "admin_token option may be removed in a future release.")
-            auth_plugin = token_endpoint.Token(auth_url, admin_token)
-        elif admin_user_domain_id or admin_user_domain_name:
-            auth_url = '%s/v3' % self._identity_uri
-            project_domain_name = self._conf_get('admin_project_domain_name')
-            auth_plugin = v3.Password(
-                auth_url,
-                username=self._conf_get('admin_user'),
-                user_domain_id=admin_user_domain_id,
-                user_domain_name=admin_user_domain_name,
-                password=self._conf_get('admin_password'),
-                project_name=self._conf_get('admin_tenant_name'),
-                project_domain_id=self._conf_get('admin_project_domain_id'),
-                project_domain_name=project_domain_name)
+            sess.auth = token_endpoint.Token(auth_url, admin_token)
         else:
-            auth_plugin = v2.Password(
+            sess.auth = v2.Password(
                 auth_url,
                 username=self._conf_get('admin_user'),
                 password=self._conf_get('admin_password'),
                 tenant_name=self._conf_get('admin_tenant_name'))
-        sess.auth = auth_plugin
         return sess
 
     def _identity_server_factory(self):
diff --git a/keystonemiddleware/tests/test_auth_token_middleware.py b/keystonemiddleware/tests/test_auth_token_middleware.py
index 5f080f5d..8114fbef 100644
--- a/keystonemiddleware/tests/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/test_auth_token_middleware.py
@@ -643,44 +643,6 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         self.assertRaises(auth_token.ConfigurationError,
                           auth_token.AuthProtocol, self.fake_app, conf)
 
-    def test_service_auth_domain_name(self):
-        # When the service user and project domain name is configured, the V3
-        # password plugin is used.
-
-        user_domain_name = uuid.uuid4().hex
-        project_domain_name = uuid.uuid4().hex
-
-        conf = {
-            'admin_user_domain_name': user_domain_name,
-            'admin_project_domain_name': project_domain_name,
-        }
-        self.set_middleware(conf=conf)
-
-        auth_plugin = self.middleware._session.auth
-        self.assertEqual(project_domain_name, auth_plugin.project_domain_name)
-
-        auth_method = auth_plugin.auth_methods[0]
-        self.assertEqual(user_domain_name, auth_method.user_domain_name)
-
-    def test_service_user_domain_id(self):
-        # When the service user and project domain ID is configured, the V3
-        # password plugin is used.
-
-        user_domain_id = uuid.uuid4().hex
-        project_domain_id = uuid.uuid4().hex
-
-        conf = {
-            'admin_user_domain_id': user_domain_id,
-            'admin_project_domain_id': project_domain_id,
-        }
-        self.set_middleware(conf=conf)
-
-        auth_plugin = self.middleware._session.auth
-        self.assertEqual(project_domain_id, auth_plugin.project_domain_id)
-
-        auth_method = auth_plugin.auth_methods[0]
-        self.assertEqual(user_domain_id, auth_method.user_domain_id)
-
 
 class CommonAuthTokenMiddlewareTest(object):
     """These tests are run once using v2 tokens and again using v3 tokens."""
diff --git a/keystonemiddleware/tests/test_opts.py b/keystonemiddleware/tests/test_opts.py
index 33906bec..eeeb84fe 100644
--- a/keystonemiddleware/tests/test_opts.py
+++ b/keystonemiddleware/tests/test_opts.py
@@ -40,12 +40,8 @@ class OptsTestCase(utils.TestCase):
             'http_request_max_retries',
             'admin_token',
             'admin_user',
-            'admin_user_domain_id',
-            'admin_user_domain_name',
             'admin_password',
             'admin_tenant_name',
-            'admin_project_domain_id',
-            'admin_project_domain_name',
             'cache',
             'certfile',
             'keyfile',