openstack/keystonemiddleware
Code Issues Proposed changes

Merge "Use keystoneauth"

Browse Source
This commit is contained in:
Jenkins 2015-12-01 19:04:42 +00:00 committed by Gerrit Code Review
commit a52eb9860c
14 changed files with 192 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
keystonemiddleware/auth_token/__init__.py
View File

@ -169,8 +169,8 @@ keystone.token_info
well as basic information about the project and user.
keystone.token_auth
A keystoneclient auth plugin that may be used with a
:py:class:`keystoneclient.session.Session`. This plugin will load the
A keystoneauth1 auth plugin that may be used with a
:py:class:`keystoneauth1.session.Session`. This plugin will load the
authentication data provided to auth_token middleware.
@ -210,13 +210,14 @@ import binascii
import datetime
import logging
from keystoneclient import access
from keystoneclient import adapter
from keystoneclient import auth
from keystoneauth1 import access
from keystoneauth1 import adapter
from keystoneauth1 import discover
from keystoneauth1 import exceptions as ksa_exceptions
from keystoneauth1 import loading
from keystoneauth1.loading import session as session_loading
from keystoneclient.common import cms
from keystoneclient import discover
from keystoneclient import exceptions as ksc_exceptions
from keystoneclient import session
from oslo_config import cfg
from oslo_serialization import jsonutils
import pkg_resources
@ -368,7 +369,7 @@ _OPTS = [
' only while migrating from a less secure algorithm to a more'
' secure one. Once all the old tokens are expired this option'
' should be set to a single value for better performance.'),
]
] + _auth.OPTS
CONF = cfg.CONF
CONF.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP)
@ -398,7 +399,7 @@ def _conf_values_type_convert(conf):
return {}
opt_types = {}
for o in (_OPTS + _auth.AuthTokenPlugin.get_options()):
for o in _OPTS:
type_dest = (getattr(o, 'type', str), o.dest)
opt_types[o.dest] = type_dest
# Also add the deprecated name with the same type and dest.
@ -506,7 +507,7 @@ class _BaseAuthProtocol(object):
"""Perform the validation steps on the token.
:param auth_ref: The token data
:type auth_ref: keystoneclient.access.AccessInfo
:type auth_ref: keystoneauth1.access.AccessInfo
:raises exc.InvalidToken: if token is rejected
"""
@ -519,7 +520,7 @@ class _BaseAuthProtocol(object):
data = self._fetch_token(token)
try:
return data, access.AccessInfo.factory(body=data, auth_token=token)
return data, access.create(body=data, auth_token=token)
except Exception:
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
@ -561,21 +562,11 @@ class _BaseAuthProtocol(object):
if self._enforce_token_bind == _BIND_MODE.DISABLED:
return
try:
if auth_ref.version == 'v2.0':
bind = auth_ref['token']['bind']
elif auth_ref.version == 'v3':
bind = auth_ref['bind']
else:
self._invalid_user_token()
except KeyError:
bind = {}
# permissive and strict modes don't require there to be a bind
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
_BIND_MODE.STRICT)
if not bind:
if not auth_ref.bind:
if permissive:
# no bind provided and none required
return
@ -589,12 +580,12 @@ class _BaseAuthProtocol(object):
else:
name = self._enforce_token_bind
if name and name not in bind:
if name and name not in auth_ref.bind:
self.log.info(_LI('Named bind mode %s not in bind information'),
name)
self._invalid_user_token()
for bind_type, identifier in six.iteritems(bind):
for bind_type, identifier in six.iteritems(auth_ref.bind):
if bind_type == _BIND_MODE.KERBEROS:
if req.auth_type != 'negotiate':
self.log.info(_LI('Kerberos credentials required and '
@ -658,8 +649,8 @@ class AuthProtocol(_BaseAuthProtocol):
self._local_oslo_config.register_opts(
_OPTS, group=_base.AUTHTOKEN_GROUP)
auth.register_conf_options(self._local_oslo_config,
group=_base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(self._local_oslo_config,
group=_base.AUTHTOKEN_GROUP)
super(AuthProtocol, self).__init__(
app,
@ -851,8 +842,8 @@ class AuthProtocol(_BaseAuthProtocol):
self._token_cache.store(token_hashes[0], data)
except (ksc_exceptions.ConnectionRefused,
ksc_exceptions.RequestTimeout,
except (ksa_exceptions.ConnectFailure,
ksa_exceptions.RequestTimeout,
ksm_exceptions.RevocationListError,
ksm_exceptions.ServiceError) as e:
self.log.critical(_LC('Unable to validate token: %s'), e)
@ -975,17 +966,33 @@ class AuthProtocol(_BaseAuthProtocol):
# !!! - UNDER NO CIRCUMSTANCES COPY ANY OF THIS CODE - !!!
group = self._conf_get('auth_section') or _base.AUTHTOKEN_GROUP
plugin_name = self._conf_get('auth_plugin', group=group)
# NOTE(jamielennox): auth_plugin was deprecated to auth_type. _conf_get
# doesn't handle that deprecation in the case of conf dict options so
# we have to manually check the value
plugin_name = (self._conf_get('auth_type', group=group)
or self._conf.get('auth_plugin'))
if not plugin_name:
return _auth.AuthTokenPlugin(
log=self.log,
auth_admin_prefix=self._conf_get('auth_admin_prefix',
group=group),
auth_host=self._conf_get('auth_host', group=group),
auth_port=self._conf_get('auth_port', group=group),
auth_protocol=self._conf_get('auth_protocol', group=group),
identity_uri=self._conf_get('identity_uri', group=group),
admin_token=self._conf_get('admin_token', group=group),
admin_user=self._conf_get('admin_user', group=group),
admin_password=self._conf_get('admin_password', group=group),
admin_tenant_name=self._conf_get('admin_tenant_name',
group=group)
)
plugin_loader = loading.get_plugin_loader(plugin_name)
plugin_opts = [o._to_oslo_opt() for o in plugin_loader.get_options()]
plugin_kwargs = dict()
if plugin_name:
plugin_class = auth.get_plugin_class(plugin_name)
else:
plugin_class = _auth.AuthTokenPlugin
# logger object is a required parameter of the default plugin
plugin_kwargs['log'] = self.log
plugin_opts = plugin_class.get_options()
(self._local_oslo_config or CONF).register_opts(plugin_opts,
group=group)
@ -995,7 +1002,7 @@ class AuthProtocol(_BaseAuthProtocol):
val = opt.type(val)
plugin_kwargs[opt.dest] = val
return plugin_class.load_from_options(**plugin_kwargs)
return plugin_loader.load_from_options(**plugin_kwargs)
def _determine_project(self):
"""Determine a project name from all available config sources.
@ -1041,14 +1048,14 @@ class AuthProtocol(_BaseAuthProtocol):
# same as calling Session.load_from_conf_options(CONF, GROUP)
# however we can't do that because we have to use _conf_get to
# support the paste.ini options.
sess = session.Session.construct(dict(
sess = session_loading.Session().load_from_options(
cert=self._conf_get('certfile'),
key=self._conf_get('keyfile'),
cacert=self._conf_get('cafile'),
insecure=self._conf_get('insecure'),
timeout=self._conf_get('http_connect_timeout'),
user_agent=self._build_useragent_string()
))
)
auth_plugin = self._get_auth_plugin()

104
keystonemiddleware/auth_token/_auth.py
View File

@ -12,10 +12,11 @@
import logging
from keystoneclient import auth
from keystoneclient.auth.identity import v2
from keystoneclient.auth import token_endpoint
from keystoneclient import discover
from keystoneauth1 import discover
from keystoneauth1.identity import v2
from keystoneauth1 import loading
from keystoneauth1 import plugin
from keystoneauth1 import token_endpoint
from oslo_config import cfg
from keystonemiddleware.auth_token import _base
@ -25,7 +26,7 @@ from keystonemiddleware.i18n import _, _LW
_LOG = logging.getLogger(__name__)
class AuthTokenPlugin(auth.BaseAuthPlugin):
class AuthTokenPlugin(plugin.BaseAuthPlugin):
def __init__(self, auth_host, auth_port, auth_protocol, auth_admin_prefix,
admin_user, admin_password, admin_tenant_name, admin_token,
@ -104,7 +105,7 @@ class AuthTokenPlugin(auth.BaseAuthPlugin):
service or None if not available.
:rtype: string
"""
if interface == auth.AUTH_INTERFACE:
if interface == plugin.AUTH_INTERFACE:
return self._identity_uri
if not version:
@ -114,7 +115,7 @@ class AuthTokenPlugin(auth.BaseAuthPlugin):
if not self._discover:
self._discover = discover.Discover(session,
auth_url=self._identity_uri,
url=self._identity_uri,
authenticated=False)
if not self._discover.url_for(version):
@ -142,53 +143,48 @@ class AuthTokenPlugin(auth.BaseAuthPlugin):
def invalidate(self):
return self._plugin.invalidate()
@classmethod
def get_options(cls):
options = super(AuthTokenPlugin, cls).get_options()
options.extend([
cfg.StrOpt('auth_admin_prefix',
default='',
help='Prefix to prepend at the beginning of the path. '
'Deprecated, use identity_uri.'),
cfg.StrOpt('auth_host',
default='127.0.0.1',
help='Host providing the admin Identity API endpoint. '
'Deprecated, use identity_uri.'),
cfg.IntOpt('auth_port',
default=35357,
help='Port of the admin Identity API endpoint. '
'Deprecated, use identity_uri.'),
cfg.StrOpt('auth_protocol',
default='https',
help='Protocol of the admin Identity API endpoint '
'(http or https). Deprecated, use identity_uri.'),
cfg.StrOpt('identity_uri',
default=None,
help='Complete admin Identity API endpoint. This '
'should specify the unversioned root endpoint '
'e.g. https://localhost:35357/'),
cfg.StrOpt('admin_token',
secret=True,
help='This option is deprecated and may be removed in '
'a future release. Single shared secret with the '
'Keystone configuration used for bootstrapping a '
'Keystone installation, or otherwise bypassing '
'the normal authentication process. This option '
'should not be used, use `admin_user` and '
'`admin_password` instead.'),
cfg.StrOpt('admin_user',
help='Service username.'),
cfg.StrOpt('admin_password',
secret=True,
help='Service user password.'),
cfg.StrOpt('admin_tenant_name',
default='admin',
help='Service tenant name.'),
])
return options
OPTS = [
cfg.StrOpt('auth_admin_prefix',
default='',
help='Prefix to prepend at the beginning of the path. '
'Deprecated, use identity_uri.'),
cfg.StrOpt('auth_host',
default='127.0.0.1',
help='Host providing the admin Identity API endpoint. '
'Deprecated, use identity_uri.'),
cfg.IntOpt('auth_port',
default=35357,
help='Port of the admin Identity API endpoint. '
'Deprecated, use identity_uri.'),
cfg.StrOpt('auth_protocol',
default='https',
help='Protocol of the admin Identity API endpoint '
'(http or https). Deprecated, use identity_uri.'),
cfg.StrOpt('identity_uri',
default=None,
help='Complete admin Identity API endpoint. This '
'should specify the unversioned root endpoint '
'e.g. https://localhost:35357/'),
cfg.StrOpt('admin_token',
secret=True,
help='This option is deprecated and may be removed in '
'a future release. Single shared secret with the '
'Keystone configuration used for bootstrapping a '
'Keystone installation, or otherwise bypassing '
'the normal authentication process. This option '
'should not be used, use `admin_user` and '
'`admin_password` instead.'),
cfg.StrOpt('admin_user',
help='Service username.'),
cfg.StrOpt('admin_password',
secret=True,
help='Service user password.'),
cfg.StrOpt('admin_tenant_name',
default='admin',
help='Service tenant name.'),
]
auth.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
AuthTokenPlugin.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
cfg.CONF.register_opts(OPTS, group=_base.AUTHTOKEN_GROUP)

19
keystonemiddleware/auth_token/_identity.py
View File

@ -12,8 +12,9 @@
import functools
from keystoneclient import auth
from keystoneclient import discover
from keystoneauth1 import discover
from keystoneauth1 import exceptions as ksa_exceptions
from keystoneauth1 import plugin
from keystoneclient import exceptions as ksc_exceptions
from keystoneclient.v2_0 import client as v2_client
from keystoneclient.v3 import client as v3_client
@ -29,7 +30,7 @@ def _convert_fetch_cert_exception(fetch_cert):
def wrapper(self):
try:
text = fetch_cert(self)
except ksc_exceptions.HTTPError as e:
except ksa_exceptions.HttpError as e:
raise ksc_exceptions.CertificateConfigError(e.details)
return text
@ -145,7 +146,7 @@ class IdentityServer(object):
@property
def auth_uri(self):
auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE)
auth_uri = self._adapter.get_endpoint(interface=plugin.AUTH_INTERFACE)
# NOTE(jamielennox): This weird stripping of the prefix hack is
# only relevant to the legacy case. We urljoin '/' to get just the
@ -204,18 +205,18 @@ class IdentityServer(object):
user authentication when an indeterminate
response is received. Optional.
:returns: access info received from identity server on success
:rtype: :py:class:`keystoneclient.access.AccessInfo`
:rtype: :py:class:`keystoneauth1.access.AccessInfo`
:raises exc.InvalidToken: if token is rejected
:raises exc.ServiceError: if unable to authenticate token
"""
try:
auth_ref = self._request_strategy.verify_token(user_token)
except ksc_exceptions.NotFound as e:
except ksa_exceptions.NotFound as e:
self._LOG.warning(_LW('Authorization failed for token'))
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
except ksc_exceptions.Unauthorized as e:
except ksa_exceptions.Unauthorized as e:
self._LOG.info(_LI('Identity server rejected authorization'))
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
if retry:
@ -224,7 +225,7 @@ class IdentityServer(object):
msg = _('Identity server rejected authorization necessary to '
'fetch token data')
raise ksm_exceptions.ServiceError(msg)
except ksc_exceptions.HttpError as e:
except ksa_exceptions.HttpError as e:
self._LOG.error(
_LE('Bad response code while validating token: %s'),
e.http_status)
@ -237,7 +238,7 @@ class IdentityServer(object):
def fetch_revocation_list(self):
try:
data = self._request_strategy.fetch_revocation_list()
except ksc_exceptions.HTTPError as e:
except ksa_exceptions.HttpError as e:
msg = _('Failed to fetch token revocation list: %d')
raise ksm_exceptions.RevocationListError(msg % e.http_status)
if 'signed' not in data:

4
keystonemiddleware/auth_token/_request.py
View File

@ -165,13 +165,13 @@ class _AuthTokenRequest(webob.Request):
doc info at start of __init__ file for details of headers to be defined
:param auth_ref: The token data
:type auth_ref: keystoneclient.access.AccessInfo
:type auth_ref: keystoneauth.access.AccessInfo
"""
if not auth_ref.has_service_catalog():
self.headers.pop(self._SERVICE_CATALOG_HEADER, None)
return
catalog = auth_ref.service_catalog.get_data()
catalog = auth_ref.service_catalog.catalog
if auth_ref.version == 'v3':
catalog = _v3_to_v2_catalog(catalog)

2
keystonemiddleware/auth_token/_user_plugin.py
View File

@ -10,7 +10,7 @@
# License for the specific language governing permissions and limitations
# under the License.
from keystoneclient.auth.identity import base as base_identity
from keystoneauth1.identity import base as base_identity
class _TokenData(object):

6
keystonemiddleware/opts.py
View File

@ -18,17 +18,15 @@ __all__ = (
import copy
from keystoneclient import auth
from keystoneauth1 import loading
import keystonemiddleware.auth_token
from keystonemiddleware.auth_token import _auth
from keystonemiddleware.auth_token import _base
auth_token_opts = [
(_base.AUTHTOKEN_GROUP,
keystonemiddleware.auth_token._OPTS +
_auth.AuthTokenPlugin.get_options() +
auth.get_common_conf_options())
loading.get_auth_common_conf_options())
]

20
keystonemiddleware/tests/unit/auth_token/test_auth.py
View File

@ -13,9 +13,9 @@
import logging
import uuid
from keystoneclient import auth
from keystoneclient import fixture
from keystoneclient import session
from keystoneauth1 import fixture
from keystoneauth1 import plugin as ksa_plugin
from keystoneauth1 import session
from requests_mock.contrib import fixture as rm_fixture
import six
@ -32,7 +32,7 @@ class DefaultAuthPluginTests(utils.BaseTestCase):
if not log:
log = self.logger
return _auth.AuthTokenPlugin.load_from_options(
return _auth.AuthTokenPlugin(
auth_host=auth_host,
auth_port=auth_port,
auth_protocol=auth_protocol,
@ -65,9 +65,9 @@ class DefaultAuthPluginTests(utils.BaseTestCase):
auth_port=auth_port,
auth_admin_prefix=auth_admin_prefix)
self.assertEqual(expected,
plugin.get_endpoint(self.session,
interface=auth.AUTH_INTERFACE))
endpoint = plugin.get_endpoint(self.session,
interface=ksa_plugin.AUTH_INTERFACE)
self.assertEqual(expected, endpoint)
def test_identity_uri_overrides_fragments(self):
identity_uri = 'http://testhost:8888/admin'
@ -76,9 +76,9 @@ class DefaultAuthPluginTests(utils.BaseTestCase):
auth_port=9999,
auth_protocol='ftp')
self.assertEqual(identity_uri,
plugin.get_endpoint(self.session,
interface=auth.AUTH_INTERFACE))
endpoint = plugin.get_endpoint(self.session,
interface=ksa_plugin.AUTH_INTERFACE)
self.assertEqual(identity_uri, endpoint)
def test_with_admin_token(self):
token = uuid.uuid4().hex

82
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
View File

@ -23,11 +23,12 @@ import time
import uuid
import fixtures
from keystoneclient import auth
from keystoneauth1 import exceptions as ksa_exceptions
from keystoneauth1 import fixture
from keystoneauth1 import loading
from keystoneauth1 import session
from keystoneclient.common import cms
from keystoneclient import exceptions as ksc_exceptions
from keystoneclient import fixture
from keystoneclient import session
import mock
from oslo_config import cfg
from oslo_serialization import jsonutils
@ -549,24 +550,29 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
headers={'X-Subject-Token': uuid.uuid4().hex},
json=fixture.V3Token())
conf = {'auth_uri': auth_url,
'auth_url': auth_url + '/v3',
'auth_plugin': 'v3password',
'username': 'user',
'password': 'pass'}
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
opts = loading.get_auth_plugin_conf_options('v3password')
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
self.cfg.config(auth_url=auth_url + '/v3',
auth_type='v3password',
username='user',
password='pass',
user_domain_id=uuid.uuid4().hex,
group=_base.AUTHTOKEN_GROUP)
self.assertEqual(0, east_mock.call_count)
self.assertEqual(0, west_mock.call_count)
east_app = self.create_simple_middleware(conf=dict(region_name='east',
**conf))
east_app = self.create_simple_middleware(conf=dict(region_name='east'))
self.call(east_app, headers={'X-Auth-Token': uuid.uuid4().hex})
self.assertEqual(1, east_mock.call_count)
self.assertEqual(0, west_mock.call_count)
west_app = self.create_simple_middleware(conf=dict(region_name='west',
**conf))
west_app = self.create_simple_middleware(conf=dict(region_name='west'))
self.call(west_app, headers={'X-Auth-Token': uuid.uuid4().hex})
@ -1412,7 +1418,7 @@ class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
def network_error_response(request, context):
raise ksc_exceptions.ConnectionRefused("Network connection refused.")
raise ksa_exceptions.ConnectFailure("Network connection refused.")
class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
@ -1682,7 +1688,7 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
if token_id == ERROR_TOKEN:
msg = "Network connection refused."
raise ksc_exceptions.ConnectionRefused(msg)
raise ksa_exceptions.ConnectFailure(msg)
try:
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
@ -2251,16 +2257,17 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
def test_loading_password_plugin(self):
# the password options aren't set on config until loading time, but we
# need them set so we can override the values for testing, so force it
opts = auth.get_plugin_options('password')
opts = loading.get_auth_plugin_conf_options('password')
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
project_id = uuid.uuid4().hex
# Register the authentication options
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
# configure the authentication options
self.cfg.config(auth_plugin='password',
self.cfg.config(auth_type='password',
username='testuser',
password='testpass',
auth_url=self.AUTH_URL,
@ -2279,27 +2286,30 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
return app._identity_server._adapter.auth
def test_invalid_plugin_fails_to_initialize(self):
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
self.cfg.config(auth_plugin=uuid.uuid4().hex,
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
self.cfg.config(auth_type=uuid.uuid4().hex,
group=_base.AUTHTOKEN_GROUP)
self.assertRaises(
ksc_exceptions.NoMatchingPlugin,
ksa_exceptions.NoMatchingPlugin,
self.create_simple_middleware)
def test_plugin_loading_mixed_opts(self):
# some options via override and some via conf
opts = auth.get_plugin_options('password')
opts = loading.get_auth_plugin_conf_options('password')
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
username = 'testuser'
password = 'testpass'
# Register the authentication options
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
# configure the authentication options
self.cfg.config(auth_plugin='password',
self.cfg.config(auth_type='password',
auth_url='http://keystone.test:5000',
password=password,
project_id=self.project_id,
user_domain_id='userdomainid',
@ -2326,22 +2336,24 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
username = 'testuser'
password = 'testpass'
auth.register_conf_options(self.cfg.conf, group=section)
opts = auth.get_plugin_options('password')
loading.register_auth_conf_options(self.cfg.conf, group=section)
opts = loading.get_auth_plugin_conf_options('password')
self.cfg.register_opts(opts, group=section)
# Register the authentication options
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
# configure the authentication options
self.cfg.config(auth_section=section, group=_base.AUTHTOKEN_GROUP)
self.cfg.config(auth_plugin='password',
self.cfg.config(auth_type='password',
auth_url=self.AUTH_URL,
password=password,
project_id=self.project_id,
user_domain_id='userdomainid',
group=section)
conf = {'username': username, 'auth_url': self.AUTH_URL}
conf = {'username': username}
body = uuid.uuid4().hex
app = self.create_simple_middleware(body=body, conf=conf)
@ -2368,16 +2380,17 @@ class TestAuthPluginUserAgentGeneration(BaseAuthTokenMiddlewareTest):
self.section = uuid.uuid4().hex
self.user_domain_id = uuid.uuid4().hex
auth.register_conf_options(self.cfg.conf, group=self.section)
opts = auth.get_plugin_options('password')
loading.register_auth_conf_options(self.cfg.conf, group=self.section)
opts = loading.get_auth_plugin_conf_options('password')
self.cfg.register_opts(opts, group=self.section)
# Register the authentication options
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
# configure the authentication options
self.cfg.config(auth_section=self.section, group=_base.AUTHTOKEN_GROUP)
self.cfg.config(auth_plugin='password',
self.cfg.config(auth_type='password',
password=self.password,
project_id=self.project_id,
user_domain_id=self.user_domain_id,
@ -2431,14 +2444,15 @@ class TestAuthPluginUserAgentGeneration(BaseAuthTokenMiddlewareTest):
class TestAuthPluginLocalOsloConfig(BaseAuthTokenMiddlewareTest):
def test_project_in_local_oslo_configuration(self):
options = {
'auth_plugin': 'password',
'auth_type': 'password',
'auth_uri': uuid.uuid4().hex,
'password': uuid.uuid4().hex,
}
content = ("[keystone_authtoken]\n"
"auth_plugin=%(auth_plugin)s\n"
"auth_type=%(auth_type)s\n"
"auth_uri=%(auth_uri)s\n"
"auth_url=%(auth_uri)s\n"
"password=%(password)s\n" % options)
conf_file_fixture = self.useFixture(
createfile.CreateFileWithContent("my_app", content))

2
keystonemiddleware/tests/unit/auth_token/test_base_middleware.py
View File

@ -13,7 +13,7 @@
import datetime
import uuid
from keystoneclient import fixture
from keystoneauth1 import fixture
import mock
import six
import testtools

18
keystonemiddleware/tests/unit/auth_token/test_request.py
View File

@ -13,8 +13,8 @@
import itertools
import uuid
from keystoneclient import access
from keystoneclient import fixture
from keystoneauth1 import access
from keystoneauth1 import fixture
from keystonemiddleware.auth_token import _request
from keystonemiddleware.tests.unit import utils
@ -139,7 +139,7 @@ class RequestObjectTests(utils.TestCase):
token.set_project_scope()
token_id = uuid.uuid4().hex
auth_ref = access.AccessInfo.factory(token_id=token_id, body=token)
auth_ref = access.create(auth_token=token_id, body=token)
self.request.set_user_headers(auth_ref)
self._test_v3_headers(token, '')
@ -149,7 +149,7 @@ class RequestObjectTests(utils.TestCase):
token.set_project_scope()
token_id = uuid.uuid4().hex
auth_ref = access.AccessInfo.factory(token_id=token_id, body=token)
auth_ref = access.create(auth_token=token_id, body=token)
self.request.set_service_headers(auth_ref)
self._test_v3_headers(token, '-Service')
@ -199,7 +199,7 @@ class RequestObjectTests(utils.TestCase):
def test_token_without_catalog(self):
token = fixture.V3Token()
auth_ref = access.AccessInfo.factory(body=token)
auth_ref = access.create(body=token)
self.request.set_service_catalog_headers(auth_ref)
self.assertNotIn('X-Service-Catalog', self.request.headers)
@ -222,8 +222,8 @@ class CatalogConversionTests(utils.TestCase):
internal=self.INTERNAL_URL,
region=self.REGION_ONE)
auth_ref = access.AccessInfo.factory(body=token)
catalog_data = auth_ref.service_catalog.get_data()
auth_ref = access.create(body=token)
catalog_data = auth_ref.service_catalog.catalog
catalog = _request._v3_to_v2_catalog(catalog_data)
self.assertEqual(1, len(catalog))
@ -246,8 +246,8 @@ class CatalogConversionTests(utils.TestCase):
s.add_endpoint('public', self.PUBLIC_URL, region=self.REGION_TWO)
s.add_endpoint('admin', self.ADMIN_URL, region=self.REGION_THREE)
auth_ref = access.AccessInfo.factory(body=token)
catalog_data = auth_ref.service_catalog.get_data()
auth_ref = access.create(body=token)
catalog_data = auth_ref.service_catalog.catalog
catalog = _request._v3_to_v2_catalog(catalog_data)
self.assertEqual(1, len(catalog))

17
keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py
View File

@ -12,8 +12,8 @@
import uuid
from keystoneclient import auth
from keystoneclient import fixture
from keystoneauth1 import fixture
from keystoneauth1 import loading
from keystonemiddleware.auth_token import _base
from keystonemiddleware.tests.unit.auth_token import base
@ -26,18 +26,19 @@ AUTH_URL = 'https://keystone.auth.com:1234'
class BaseUserPluginTests(object):
def configure_middleware(self,
auth_plugin,
auth_type,
**kwargs):
opts = auth.get_plugin_class(auth_plugin).get_options()
opts = loading.get_auth_plugin_conf_options(auth_type)
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
# Since these tests cfg.config() themselves rather than waiting for
# auth_token to do it on __init__ we need to register the base auth
# options (e.g., auth_plugin)
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
loading.register_auth_conf_options(self.cfg.conf,
group=_base.AUTHTOKEN_GROUP)
self.cfg.config(group=_base.AUTHTOKEN_GROUP,
auth_plugin=auth_plugin,
auth_type=auth_type,
**kwargs)
def assertTokenDataEqual(self, token_id, token, token_data):
@ -92,7 +93,7 @@ class V2UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
admin=BASE_URI,
internal=BASE_URI)
self.configure_middleware(auth_plugin='v2password',
self.configure_middleware(auth_type='v2password',
auth_url='%s/v2.0/' % AUTH_URL,
user_id=self.service_token.user_id,
password=uuid.uuid4().hex,
@ -155,7 +156,7 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
admin=BASE_URI,
internal=BASE_URI)
self.configure_middleware(auth_plugin='v3password',
self.configure_middleware(auth_type='v3password',
auth_url='%s/v3/' % AUTH_URL,
user_id=self.service_token.user_id,
password=uuid.uuid4().hex,

2
keystonemiddleware/tests/unit/client_fixtures.py
View File

@ -15,8 +15,8 @@
import os
import fixtures
from keystoneauth1 import fixture
from keystoneclient.common import cms
from keystoneclient import fixture
from keystoneclient import utils
from oslo_serialization import jsonutils
from oslo_utils import timeutils

2
keystonemiddleware/tests/unit/test_opts.py
View File

@ -64,7 +64,7 @@ class OptsTestCase(utils.TestCase):
'enforce_token_bind',
'check_revocations_for_cached',
'hash_algorithms',
'auth_plugin',
'auth_type',
'auth_section',
]
opt_names = [o.name for (g, l) in result for o in l]

1
requirements.txt
View File

@ -3,6 +3,7 @@
# process, which may cause wedges in the gate later.
Babel>=1.3
keystoneauth1>=1.0.0
oslo.config>=2.7.0 # Apache-2.0
oslo.context>=0.2.0 # Apache-2.0
oslo.i18n>=1.5.0 # Apache-2.0