Merge "Remove token_endpoint auth type"
This commit is contained in:
commit
eed615e7d0
@ -39,15 +39,6 @@ There are at least three authentication types that are always available:
|
|||||||
(described below as token/endpoint) in that a token and an authentication
|
(described below as token/endpoint) in that a token and an authentication
|
||||||
URL are supplied and the plugin retrieves a new token.
|
URL are supplied and the plugin retrieves a new token.
|
||||||
[Required: ``--os-auth-url``, ``--os-token``]
|
[Required: ``--os-auth-url``, ``--os-token``]
|
||||||
* **Token/Endpoint**: This is the original token authentication (known as 'token
|
|
||||||
flow' in the early CLI documentation in the OpenStack wiki). It requires
|
|
||||||
a token and a direct endpoint that is used in the API call. The difference
|
|
||||||
from the new Token type is this token is used as-is, no call is made
|
|
||||||
to the Identity service from the client. This type is most often used to
|
|
||||||
bootstrap a Keystone server where the token is the ``admin_token`` configured
|
|
||||||
in ``keystone.conf``. It will also work with other services and a regular
|
|
||||||
scoped token such as one obtained from a ``token issue`` command.
|
|
||||||
[Required: ``--os-url``, ``--os-token``]
|
|
||||||
* **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
|
* **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
|
||||||
are under development and also supported. To use them, they must be selected
|
are under development and also supported. To use them, they must be selected
|
||||||
by supplying the ``--os-auth-type`` option.
|
by supplying the ``--os-auth-type`` option.
|
||||||
|
@ -96,6 +96,14 @@ Release 4.0
|
|||||||
* Removed in: 4.0
|
* Removed in: 4.0
|
||||||
* Commit: https://review.opendev.org/612751
|
* Commit: https://review.opendev.org/612751
|
||||||
|
|
||||||
|
14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``).
|
||||||
|
This remained as a compatibility for the ``admin_token`` auth type to
|
||||||
|
support the ``--url`` global option. That option is also now removed,
|
||||||
|
use ``--endpoint`` instead.
|
||||||
|
|
||||||
|
* Removed in: 4.0
|
||||||
|
* Commit: https://review.opendev.org/<tbd>
|
||||||
|
|
||||||
Release 3.12
|
Release 3.12
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
@ -1,61 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
|
|
||||||
"""Authentication Plugin Library"""
|
|
||||||
|
|
||||||
from keystoneauth1 import loading
|
|
||||||
from keystoneauth1 import token_endpoint
|
|
||||||
|
|
||||||
from openstackclient.i18n import _
|
|
||||||
|
|
||||||
|
|
||||||
class TokenEndpoint(loading.BaseLoader):
|
|
||||||
"""Auth plugin to handle traditional token/endpoint usage
|
|
||||||
|
|
||||||
Keystoneauth contains a Token plugin class that now correctly
|
|
||||||
handles the token/endpoint auth compatible with OSC. However,
|
|
||||||
the AdminToken loader deprecates the 'url' argument, which breaks
|
|
||||||
OSC compatibility, so make one that works.
|
|
||||||
"""
|
|
||||||
|
|
||||||
@property
|
|
||||||
def plugin_class(self):
|
|
||||||
return token_endpoint.Token
|
|
||||||
|
|
||||||
def load_from_options(self, url, token, **kwargs):
|
|
||||||
"""A plugin for static authentication with an existing token
|
|
||||||
|
|
||||||
:param string url: Service endpoint
|
|
||||||
:param string token: Existing token
|
|
||||||
"""
|
|
||||||
|
|
||||||
return super(TokenEndpoint, self).load_from_options(
|
|
||||||
endpoint=url,
|
|
||||||
token=token,
|
|
||||||
)
|
|
||||||
|
|
||||||
def get_options(self):
|
|
||||||
"""Return the legacy options"""
|
|
||||||
|
|
||||||
options = [
|
|
||||||
loading.Opt(
|
|
||||||
'url',
|
|
||||||
help=_('Specific service endpoint to use'),
|
|
||||||
),
|
|
||||||
loading.Opt(
|
|
||||||
'token',
|
|
||||||
secret=True,
|
|
||||||
help=_('Authentication token to use'),
|
|
||||||
),
|
|
||||||
]
|
|
||||||
return options
|
|
@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell):
|
|||||||
def _final_defaults(self):
|
def _final_defaults(self):
|
||||||
super(OpenStackShell, self)._final_defaults()
|
super(OpenStackShell, self)._final_defaults()
|
||||||
|
|
||||||
# Set the default plugin to token_endpoint if url and token are given
|
# Set the default plugin to admin_token if endpoint and token are given
|
||||||
if (self.options.url and self.options.token):
|
if (self.options.endpoint and self.options.token):
|
||||||
# Use service token authentication
|
# Use token authentication
|
||||||
self._auth_type = 'token_endpoint'
|
self._auth_type = 'admin_token'
|
||||||
else:
|
else:
|
||||||
self._auth_type = 'password'
|
self._auth_type = 'password'
|
||||||
|
|
||||||
|
@ -12,6 +12,8 @@
|
|||||||
|
|
||||||
import json
|
import json
|
||||||
|
|
||||||
|
from tempest.lib import exceptions as tempest_exc
|
||||||
|
|
||||||
from openstackclient.tests.functional import base
|
from openstackclient.tests.functional import base
|
||||||
|
|
||||||
|
|
||||||
@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def test_auth_type_token_endpoint_opt(self):
|
def test_auth_type_token_endpoint_opt(self):
|
||||||
cmd_output = json.loads(self.openstack(
|
# Make sure token_endpoint is really gone
|
||||||
'configuration show -f json --os-auth-type token_endpoint',
|
try:
|
||||||
cloud=None,
|
self.openstack(
|
||||||
))
|
'configuration show -f json --os-auth-type token_endpoint',
|
||||||
self.assertIsNotNone(cmd_output)
|
cloud=None,
|
||||||
self.assertIn(
|
)
|
||||||
'auth_type',
|
except tempest_exc.CommandFailed as e:
|
||||||
cmd_output.keys(),
|
self.assertIn('--os-auth-type: invalid choice:', str(e))
|
||||||
)
|
self.assertIn('token_endpoint', str(e))
|
||||||
self.assertEqual(
|
else:
|
||||||
'token_endpoint',
|
self.fail('CommandFailed should be raised')
|
||||||
cmd_output['auth_type'],
|
|
||||||
)
|
|
||||||
|
|
||||||
def test_auth_type_password_opt(self):
|
def test_auth_type_password_opt(self):
|
||||||
cmd_output = json.loads(self.openstack(
|
cmd_output = json.loads(self.openstack(
|
||||||
|
@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager):
|
|||||||
"""Allow subclasses to override the ClientManager class"""
|
"""Allow subclasses to override the ClientManager class"""
|
||||||
return clientmanager.ClientManager
|
return clientmanager.ClientManager
|
||||||
|
|
||||||
def test_client_manager_token_endpoint(self):
|
def test_client_manager_admin_token(self):
|
||||||
token_auth = {
|
token_auth = {
|
||||||
'url': fakes.AUTH_URL,
|
'endpoint': fakes.AUTH_URL,
|
||||||
'token': fakes.AUTH_TOKEN,
|
'token': fakes.AUTH_TOKEN,
|
||||||
}
|
}
|
||||||
client_manager = self._make_clientmanager(
|
client_manager = self._make_clientmanager(
|
||||||
auth_args=token_auth,
|
auth_args=token_auth,
|
||||||
auth_plugin_name='token_endpoint',
|
auth_plugin_name='admin_token',
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
fakes.AUTH_URL,
|
fakes.AUTH_URL,
|
||||||
client_manager._cli_options.config['auth']['url'],
|
client_manager._cli_options.config['auth']['endpoint'],
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
fakes.AUTH_TOKEN,
|
fakes.AUTH_TOKEN,
|
||||||
|
@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell):
|
|||||||
# released in osc-lib
|
# released in osc-lib
|
||||||
self.shell_class = importutils.import_class(self.shell_class_name)
|
self.shell_class = importutils.import_class(self.shell_class_name)
|
||||||
|
|
||||||
def _assert_token_endpoint_auth(self, cmd_options, default_args):
|
def _assert_admin_token_auth(self, cmd_options, default_args):
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
self.shell_class_name + ".initialize_app",
|
self.shell_class_name + ".initialize_app",
|
||||||
self.app,
|
self.app,
|
||||||
@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell):
|
|||||||
"token",
|
"token",
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
default_args.get("url", ''),
|
default_args.get("endpoint", ''),
|
||||||
_shell.options.url,
|
_shell.options.endpoint,
|
||||||
"url",
|
"endpoint",
|
||||||
)
|
)
|
||||||
|
|
||||||
def _assert_token_auth(self, cmd_options, default_args):
|
def _assert_token_auth(self, cmd_options, default_args):
|
||||||
@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
|
|||||||
super(TestShellTokenEndpointAuthEnv, self).setUp()
|
super(TestShellTokenEndpointAuthEnv, self).setUp()
|
||||||
env = {
|
env = {
|
||||||
"OS_TOKEN": DEFAULT_TOKEN,
|
"OS_TOKEN": DEFAULT_TOKEN,
|
||||||
"OS_URL": DEFAULT_SERVICE_URL,
|
"OS_ENDPOINT": DEFAULT_SERVICE_URL,
|
||||||
}
|
}
|
||||||
self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
|
self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
|
||||||
|
|
||||||
@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell):
|
|||||||
flag = ""
|
flag = ""
|
||||||
kwargs = {
|
kwargs = {
|
||||||
"token": DEFAULT_TOKEN,
|
"token": DEFAULT_TOKEN,
|
||||||
"url": DEFAULT_SERVICE_URL,
|
"endpoint": DEFAULT_SERVICE_URL,
|
||||||
}
|
}
|
||||||
self._assert_token_endpoint_auth(flag, kwargs)
|
self._assert_admin_token_auth(flag, kwargs)
|
||||||
|
|
||||||
def test_only_token(self):
|
def test_only_token(self):
|
||||||
flag = "--os-token xyzpdq"
|
flag = "--os-token xyzpdq"
|
||||||
kwargs = {
|
kwargs = {
|
||||||
"token": "xyzpdq",
|
"token": "xyzpdq",
|
||||||
"url": DEFAULT_SERVICE_URL,
|
"endpoint": DEFAULT_SERVICE_URL,
|
||||||
}
|
}
|
||||||
self._assert_token_auth(flag, kwargs)
|
self._assert_token_auth(flag, kwargs)
|
||||||
|
|
||||||
def test_only_url(self):
|
def test_only_url(self):
|
||||||
flag = "--os-url http://cloud.local:555"
|
flag = "--os-endpoint http://cloud.local:555"
|
||||||
kwargs = {
|
kwargs = {
|
||||||
"token": DEFAULT_TOKEN,
|
"token": DEFAULT_TOKEN,
|
||||||
"url": "http://cloud.local:555",
|
"endpoint": "http://cloud.local:555",
|
||||||
}
|
}
|
||||||
self._assert_token_auth(flag, kwargs)
|
self._assert_token_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
|
|||||||
flag = ""
|
flag = ""
|
||||||
kwargs = {
|
kwargs = {
|
||||||
"token": '',
|
"token": '',
|
||||||
"url": '',
|
"endpoint": '',
|
||||||
}
|
}
|
||||||
self._assert_token_auth(flag, kwargs)
|
self._assert_token_auth(flag, kwargs)
|
||||||
|
|
||||||
|
@ -27,9 +27,6 @@ packages =
|
|||||||
console_scripts =
|
console_scripts =
|
||||||
openstack = openstackclient.shell:main
|
openstack = openstackclient.shell:main
|
||||||
|
|
||||||
keystoneauth1.plugin =
|
|
||||||
token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint
|
|
||||||
|
|
||||||
openstack.cli =
|
openstack.cli =
|
||||||
command_list = openstackclient.common.module:ListCommand
|
command_list = openstackclient.common.module:ListCommand
|
||||||
module_list = openstackclient.common.module:ListModule
|
module_list = openstackclient.common.module:ListModule
|
||||||
|
Loading…
x
Reference in New Issue
Block a user