diff --git a/doc/source/cli/authentication.rst b/doc/source/cli/authentication.rst index b153f54111..f8aaadf492 100644 --- a/doc/source/cli/authentication.rst +++ b/doc/source/cli/authentication.rst @@ -39,15 +39,6 @@ There are at least three authentication types that are always available: (described below as token/endpoint) in that a token and an authentication URL are supplied and the plugin retrieves a new token. [Required: ``--os-auth-url``, ``--os-token``] -* **Token/Endpoint**: This is the original token authentication (known as 'token - flow' in the early CLI documentation in the OpenStack wiki). It requires - a token and a direct endpoint that is used in the API call. The difference - from the new Token type is this token is used as-is, no call is made - to the Identity service from the client. This type is most often used to - bootstrap a Keystone server where the token is the ``admin_token`` configured - in ``keystone.conf``. It will also work with other services and a regular - scoped token such as one obtained from a ``token issue`` command. - [Required: ``--os-url``, ``--os-token``] * **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0 are under development and also supported. To use them, they must be selected by supplying the ``--os-auth-type`` option. diff --git a/doc/source/cli/backwards-incompatible.rst b/doc/source/cli/backwards-incompatible.rst index da956b232b..9d43754e01 100644 --- a/doc/source/cli/backwards-incompatible.rst +++ b/doc/source/cli/backwards-incompatible.rst @@ -96,6 +96,14 @@ Release 4.0 * Removed in: 4.0 * Commit: https://review.opendev.org/612751 +14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``). + This remained as a compatibility for the ``admin_token`` auth type to + support the ``--url`` global option. That option is also now removed, + use ``--endpoint`` instead. + + * Removed in: 4.0 + * Commit: https://review.opendev.org/ + Release 3.12 ------------ diff --git a/openstackclient/api/auth_plugin.py b/openstackclient/api/auth_plugin.py deleted file mode 100644 index a106b1ebc1..0000000000 --- a/openstackclient/api/auth_plugin.py +++ /dev/null @@ -1,61 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -"""Authentication Plugin Library""" - -from keystoneauth1 import loading -from keystoneauth1 import token_endpoint - -from openstackclient.i18n import _ - - -class TokenEndpoint(loading.BaseLoader): - """Auth plugin to handle traditional token/endpoint usage - - Keystoneauth contains a Token plugin class that now correctly - handles the token/endpoint auth compatible with OSC. However, - the AdminToken loader deprecates the 'url' argument, which breaks - OSC compatibility, so make one that works. - """ - - @property - def plugin_class(self): - return token_endpoint.Token - - def load_from_options(self, url, token, **kwargs): - """A plugin for static authentication with an existing token - - :param string url: Service endpoint - :param string token: Existing token - """ - - return super(TokenEndpoint, self).load_from_options( - endpoint=url, - token=token, - ) - - def get_options(self): - """Return the legacy options""" - - options = [ - loading.Opt( - 'url', - help=_('Specific service endpoint to use'), - ), - loading.Opt( - 'token', - secret=True, - help=_('Authentication token to use'), - ), - ] - return options diff --git a/openstackclient/shell.py b/openstackclient/shell.py index 22d8412cc7..91a15fd4dc 100644 --- a/openstackclient/shell.py +++ b/openstackclient/shell.py @@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell): def _final_defaults(self): super(OpenStackShell, self)._final_defaults() - # Set the default plugin to token_endpoint if url and token are given - if (self.options.url and self.options.token): - # Use service token authentication - self._auth_type = 'token_endpoint' + # Set the default plugin to admin_token if endpoint and token are given + if (self.options.endpoint and self.options.token): + # Use token authentication + self._auth_type = 'admin_token' else: self._auth_type = 'password' diff --git a/openstackclient/tests/functional/common/test_args.py b/openstackclient/tests/functional/common/test_args.py index dd1fd0fb2c..02cad6c16a 100644 --- a/openstackclient/tests/functional/common/test_args.py +++ b/openstackclient/tests/functional/common/test_args.py @@ -12,6 +12,8 @@ import json +from tempest.lib import exceptions as tempest_exc + from openstackclient.tests.functional import base @@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase): ) def test_auth_type_token_endpoint_opt(self): - cmd_output = json.loads(self.openstack( - 'configuration show -f json --os-auth-type token_endpoint', - cloud=None, - )) - self.assertIsNotNone(cmd_output) - self.assertIn( - 'auth_type', - cmd_output.keys(), - ) - self.assertEqual( - 'token_endpoint', - cmd_output['auth_type'], - ) + # Make sure token_endpoint is really gone + try: + self.openstack( + 'configuration show -f json --os-auth-type token_endpoint', + cloud=None, + ) + except tempest_exc.CommandFailed as e: + self.assertIn('--os-auth-type: invalid choice:', str(e)) + self.assertIn('token_endpoint', str(e)) + else: + self.fail('CommandFailed should be raised') def test_auth_type_password_opt(self): cmd_output = json.loads(self.openstack( diff --git a/openstackclient/tests/unit/common/test_clientmanager.py b/openstackclient/tests/unit/common/test_clientmanager.py index f15f9af1ff..a83b131800 100644 --- a/openstackclient/tests/unit/common/test_clientmanager.py +++ b/openstackclient/tests/unit/common/test_clientmanager.py @@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager): """Allow subclasses to override the ClientManager class""" return clientmanager.ClientManager - def test_client_manager_token_endpoint(self): + def test_client_manager_admin_token(self): token_auth = { - 'url': fakes.AUTH_URL, + 'endpoint': fakes.AUTH_URL, 'token': fakes.AUTH_TOKEN, } client_manager = self._make_clientmanager( auth_args=token_auth, - auth_plugin_name='token_endpoint', + auth_plugin_name='admin_token', ) self.assertEqual( fakes.AUTH_URL, - client_manager._cli_options.config['auth']['url'], + client_manager._cli_options.config['auth']['endpoint'], ) self.assertEqual( fakes.AUTH_TOKEN, diff --git a/openstackclient/tests/unit/test_shell.py b/openstackclient/tests/unit/test_shell.py index 5d413e7e3c..31675c47e6 100644 --- a/openstackclient/tests/unit/test_shell.py +++ b/openstackclient/tests/unit/test_shell.py @@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell): # released in osc-lib self.shell_class = importutils.import_class(self.shell_class_name) - def _assert_token_endpoint_auth(self, cmd_options, default_args): + def _assert_admin_token_auth(self, cmd_options, default_args): with mock.patch( self.shell_class_name + ".initialize_app", self.app, @@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell): "token", ) self.assertEqual( - default_args.get("url", ''), - _shell.options.url, - "url", + default_args.get("endpoint", ''), + _shell.options.endpoint, + "endpoint", ) def _assert_token_auth(self, cmd_options, default_args): @@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell): super(TestShellTokenEndpointAuthEnv, self).setUp() env = { "OS_TOKEN": DEFAULT_TOKEN, - "OS_URL": DEFAULT_SERVICE_URL, + "OS_ENDPOINT": DEFAULT_SERVICE_URL, } self.useFixture(osc_lib_test_utils.EnvFixture(env.copy())) @@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell): flag = "" kwargs = { "token": DEFAULT_TOKEN, - "url": DEFAULT_SERVICE_URL, + "endpoint": DEFAULT_SERVICE_URL, } - self._assert_token_endpoint_auth(flag, kwargs) + self._assert_admin_token_auth(flag, kwargs) def test_only_token(self): flag = "--os-token xyzpdq" kwargs = { "token": "xyzpdq", - "url": DEFAULT_SERVICE_URL, + "endpoint": DEFAULT_SERVICE_URL, } self._assert_token_auth(flag, kwargs) def test_only_url(self): - flag = "--os-url http://cloud.local:555" + flag = "--os-endpoint http://cloud.local:555" kwargs = { "token": DEFAULT_TOKEN, - "url": "http://cloud.local:555", + "endpoint": "http://cloud.local:555", } self._assert_token_auth(flag, kwargs) @@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell): flag = "" kwargs = { "token": '', - "url": '', + "endpoint": '', } self._assert_token_auth(flag, kwargs) diff --git a/setup.cfg b/setup.cfg index a9f7de2ce1..a10a3d7647 100644 --- a/setup.cfg +++ b/setup.cfg @@ -27,9 +27,6 @@ packages = console_scripts = openstack = openstackclient.shell:main -keystoneauth1.plugin = - token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint - openstack.cli = command_list = openstackclient.common.module:ListCommand module_list = openstackclient.common.module:ListModule