Merge "Remove token_endpoint auth type"

This commit is contained in:
Zuul 2019-08-29 00:02:31 +00:00 committed by Gerrit Code Review
commit eed615e7d0
8 changed files with 40 additions and 105 deletions

View File

@ -39,15 +39,6 @@ There are at least three authentication types that are always available:
(described below as token/endpoint) in that a token and an authentication (described below as token/endpoint) in that a token and an authentication
URL are supplied and the plugin retrieves a new token. URL are supplied and the plugin retrieves a new token.
[Required: ``--os-auth-url``, ``--os-token``] [Required: ``--os-auth-url``, ``--os-token``]
* **Token/Endpoint**: This is the original token authentication (known as 'token
flow' in the early CLI documentation in the OpenStack wiki). It requires
a token and a direct endpoint that is used in the API call. The difference
from the new Token type is this token is used as-is, no call is made
to the Identity service from the client. This type is most often used to
bootstrap a Keystone server where the token is the ``admin_token`` configured
in ``keystone.conf``. It will also work with other services and a regular
scoped token such as one obtained from a ``token issue`` command.
[Required: ``--os-url``, ``--os-token``]
* **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0 * **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
are under development and also supported. To use them, they must be selected are under development and also supported. To use them, they must be selected
by supplying the ``--os-auth-type`` option. by supplying the ``--os-auth-type`` option.

View File

@ -96,6 +96,14 @@ Release 4.0
* Removed in: 4.0 * Removed in: 4.0
* Commit: https://review.opendev.org/612751 * Commit: https://review.opendev.org/612751
14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``).
This remained as a compatibility for the ``admin_token`` auth type to
support the ``--url`` global option. That option is also now removed,
use ``--endpoint`` instead.
* Removed in: 4.0
* Commit: https://review.opendev.org/<tbd>
Release 3.12 Release 3.12
------------ ------------

View File

@ -1,61 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Authentication Plugin Library"""
from keystoneauth1 import loading
from keystoneauth1 import token_endpoint
from openstackclient.i18n import _
class TokenEndpoint(loading.BaseLoader):
"""Auth plugin to handle traditional token/endpoint usage
Keystoneauth contains a Token plugin class that now correctly
handles the token/endpoint auth compatible with OSC. However,
the AdminToken loader deprecates the 'url' argument, which breaks
OSC compatibility, so make one that works.
"""
@property
def plugin_class(self):
return token_endpoint.Token
def load_from_options(self, url, token, **kwargs):
"""A plugin for static authentication with an existing token
:param string url: Service endpoint
:param string token: Existing token
"""
return super(TokenEndpoint, self).load_from_options(
endpoint=url,
token=token,
)
def get_options(self):
"""Return the legacy options"""
options = [
loading.Opt(
'url',
help=_('Specific service endpoint to use'),
),
loading.Opt(
'token',
secret=True,
help=_('Authentication token to use'),
),
]
return options

View File

@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell):
def _final_defaults(self): def _final_defaults(self):
super(OpenStackShell, self)._final_defaults() super(OpenStackShell, self)._final_defaults()
# Set the default plugin to token_endpoint if url and token are given # Set the default plugin to admin_token if endpoint and token are given
if (self.options.url and self.options.token): if (self.options.endpoint and self.options.token):
# Use service token authentication # Use token authentication
self._auth_type = 'token_endpoint' self._auth_type = 'admin_token'
else: else:
self._auth_type = 'password' self._auth_type = 'password'

View File

@ -12,6 +12,8 @@
import json import json
from tempest.lib import exceptions as tempest_exc
from openstackclient.tests.functional import base from openstackclient.tests.functional import base
@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase):
) )
def test_auth_type_token_endpoint_opt(self): def test_auth_type_token_endpoint_opt(self):
cmd_output = json.loads(self.openstack( # Make sure token_endpoint is really gone
'configuration show -f json --os-auth-type token_endpoint', try:
cloud=None, self.openstack(
)) 'configuration show -f json --os-auth-type token_endpoint',
self.assertIsNotNone(cmd_output) cloud=None,
self.assertIn( )
'auth_type', except tempest_exc.CommandFailed as e:
cmd_output.keys(), self.assertIn('--os-auth-type: invalid choice:', str(e))
) self.assertIn('token_endpoint', str(e))
self.assertEqual( else:
'token_endpoint', self.fail('CommandFailed should be raised')
cmd_output['auth_type'],
)
def test_auth_type_password_opt(self): def test_auth_type_password_opt(self):
cmd_output = json.loads(self.openstack( cmd_output = json.loads(self.openstack(

View File

@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager):
"""Allow subclasses to override the ClientManager class""" """Allow subclasses to override the ClientManager class"""
return clientmanager.ClientManager return clientmanager.ClientManager
def test_client_manager_token_endpoint(self): def test_client_manager_admin_token(self):
token_auth = { token_auth = {
'url': fakes.AUTH_URL, 'endpoint': fakes.AUTH_URL,
'token': fakes.AUTH_TOKEN, 'token': fakes.AUTH_TOKEN,
} }
client_manager = self._make_clientmanager( client_manager = self._make_clientmanager(
auth_args=token_auth, auth_args=token_auth,
auth_plugin_name='token_endpoint', auth_plugin_name='admin_token',
) )
self.assertEqual( self.assertEqual(
fakes.AUTH_URL, fakes.AUTH_URL,
client_manager._cli_options.config['auth']['url'], client_manager._cli_options.config['auth']['endpoint'],
) )
self.assertEqual( self.assertEqual(
fakes.AUTH_TOKEN, fakes.AUTH_TOKEN,

View File

@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell):
# released in osc-lib # released in osc-lib
self.shell_class = importutils.import_class(self.shell_class_name) self.shell_class = importutils.import_class(self.shell_class_name)
def _assert_token_endpoint_auth(self, cmd_options, default_args): def _assert_admin_token_auth(self, cmd_options, default_args):
with mock.patch( with mock.patch(
self.shell_class_name + ".initialize_app", self.shell_class_name + ".initialize_app",
self.app, self.app,
@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell):
"token", "token",
) )
self.assertEqual( self.assertEqual(
default_args.get("url", ''), default_args.get("endpoint", ''),
_shell.options.url, _shell.options.endpoint,
"url", "endpoint",
) )
def _assert_token_auth(self, cmd_options, default_args): def _assert_token_auth(self, cmd_options, default_args):
@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
super(TestShellTokenEndpointAuthEnv, self).setUp() super(TestShellTokenEndpointAuthEnv, self).setUp()
env = { env = {
"OS_TOKEN": DEFAULT_TOKEN, "OS_TOKEN": DEFAULT_TOKEN,
"OS_URL": DEFAULT_SERVICE_URL, "OS_ENDPOINT": DEFAULT_SERVICE_URL,
} }
self.useFixture(osc_lib_test_utils.EnvFixture(env.copy())) self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell):
flag = "" flag = ""
kwargs = { kwargs = {
"token": DEFAULT_TOKEN, "token": DEFAULT_TOKEN,
"url": DEFAULT_SERVICE_URL, "endpoint": DEFAULT_SERVICE_URL,
} }
self._assert_token_endpoint_auth(flag, kwargs) self._assert_admin_token_auth(flag, kwargs)
def test_only_token(self): def test_only_token(self):
flag = "--os-token xyzpdq" flag = "--os-token xyzpdq"
kwargs = { kwargs = {
"token": "xyzpdq", "token": "xyzpdq",
"url": DEFAULT_SERVICE_URL, "endpoint": DEFAULT_SERVICE_URL,
} }
self._assert_token_auth(flag, kwargs) self._assert_token_auth(flag, kwargs)
def test_only_url(self): def test_only_url(self):
flag = "--os-url http://cloud.local:555" flag = "--os-endpoint http://cloud.local:555"
kwargs = { kwargs = {
"token": DEFAULT_TOKEN, "token": DEFAULT_TOKEN,
"url": "http://cloud.local:555", "endpoint": "http://cloud.local:555",
} }
self._assert_token_auth(flag, kwargs) self._assert_token_auth(flag, kwargs)
@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
flag = "" flag = ""
kwargs = { kwargs = {
"token": '', "token": '',
"url": '', "endpoint": '',
} }
self._assert_token_auth(flag, kwargs) self._assert_token_auth(flag, kwargs)

View File

@ -27,9 +27,6 @@ packages =
console_scripts = console_scripts =
openstack = openstackclient.shell:main openstack = openstackclient.shell:main
keystoneauth1.plugin =
token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint
openstack.cli = openstack.cli =
command_list = openstackclient.common.module:ListCommand command_list = openstackclient.common.module:ListCommand
module_list = openstackclient.common.module:ListModule module_list = openstackclient.common.module:ListModule