Merge "Remove token_endpoint auth type"
This commit is contained in:
commit
eed615e7d0
@ -39,15 +39,6 @@ There are at least three authentication types that are always available:
|
||||
(described below as token/endpoint) in that a token and an authentication
|
||||
URL are supplied and the plugin retrieves a new token.
|
||||
[Required: ``--os-auth-url``, ``--os-token``]
|
||||
* **Token/Endpoint**: This is the original token authentication (known as 'token
|
||||
flow' in the early CLI documentation in the OpenStack wiki). It requires
|
||||
a token and a direct endpoint that is used in the API call. The difference
|
||||
from the new Token type is this token is used as-is, no call is made
|
||||
to the Identity service from the client. This type is most often used to
|
||||
bootstrap a Keystone server where the token is the ``admin_token`` configured
|
||||
in ``keystone.conf``. It will also work with other services and a regular
|
||||
scoped token such as one obtained from a ``token issue`` command.
|
||||
[Required: ``--os-url``, ``--os-token``]
|
||||
* **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
|
||||
are under development and also supported. To use them, they must be selected
|
||||
by supplying the ``--os-auth-type`` option.
|
||||
|
@ -96,6 +96,14 @@ Release 4.0
|
||||
* Removed in: 4.0
|
||||
* Commit: https://review.opendev.org/612751
|
||||
|
||||
14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``).
|
||||
This remained as a compatibility for the ``admin_token`` auth type to
|
||||
support the ``--url`` global option. That option is also now removed,
|
||||
use ``--endpoint`` instead.
|
||||
|
||||
* Removed in: 4.0
|
||||
* Commit: https://review.opendev.org/<tbd>
|
||||
|
||||
Release 3.12
|
||||
------------
|
||||
|
||||
|
@ -1,61 +0,0 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
"""Authentication Plugin Library"""
|
||||
|
||||
from keystoneauth1 import loading
|
||||
from keystoneauth1 import token_endpoint
|
||||
|
||||
from openstackclient.i18n import _
|
||||
|
||||
|
||||
class TokenEndpoint(loading.BaseLoader):
|
||||
"""Auth plugin to handle traditional token/endpoint usage
|
||||
|
||||
Keystoneauth contains a Token plugin class that now correctly
|
||||
handles the token/endpoint auth compatible with OSC. However,
|
||||
the AdminToken loader deprecates the 'url' argument, which breaks
|
||||
OSC compatibility, so make one that works.
|
||||
"""
|
||||
|
||||
@property
|
||||
def plugin_class(self):
|
||||
return token_endpoint.Token
|
||||
|
||||
def load_from_options(self, url, token, **kwargs):
|
||||
"""A plugin for static authentication with an existing token
|
||||
|
||||
:param string url: Service endpoint
|
||||
:param string token: Existing token
|
||||
"""
|
||||
|
||||
return super(TokenEndpoint, self).load_from_options(
|
||||
endpoint=url,
|
||||
token=token,
|
||||
)
|
||||
|
||||
def get_options(self):
|
||||
"""Return the legacy options"""
|
||||
|
||||
options = [
|
||||
loading.Opt(
|
||||
'url',
|
||||
help=_('Specific service endpoint to use'),
|
||||
),
|
||||
loading.Opt(
|
||||
'token',
|
||||
secret=True,
|
||||
help=_('Authentication token to use'),
|
||||
),
|
||||
]
|
||||
return options
|
@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell):
|
||||
def _final_defaults(self):
|
||||
super(OpenStackShell, self)._final_defaults()
|
||||
|
||||
# Set the default plugin to token_endpoint if url and token are given
|
||||
if (self.options.url and self.options.token):
|
||||
# Use service token authentication
|
||||
self._auth_type = 'token_endpoint'
|
||||
# Set the default plugin to admin_token if endpoint and token are given
|
||||
if (self.options.endpoint and self.options.token):
|
||||
# Use token authentication
|
||||
self._auth_type = 'admin_token'
|
||||
else:
|
||||
self._auth_type = 'password'
|
||||
|
||||
|
@ -12,6 +12,8 @@
|
||||
|
||||
import json
|
||||
|
||||
from tempest.lib import exceptions as tempest_exc
|
||||
|
||||
from openstackclient.tests.functional import base
|
||||
|
||||
|
||||
@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase):
|
||||
)
|
||||
|
||||
def test_auth_type_token_endpoint_opt(self):
|
||||
cmd_output = json.loads(self.openstack(
|
||||
# Make sure token_endpoint is really gone
|
||||
try:
|
||||
self.openstack(
|
||||
'configuration show -f json --os-auth-type token_endpoint',
|
||||
cloud=None,
|
||||
))
|
||||
self.assertIsNotNone(cmd_output)
|
||||
self.assertIn(
|
||||
'auth_type',
|
||||
cmd_output.keys(),
|
||||
)
|
||||
self.assertEqual(
|
||||
'token_endpoint',
|
||||
cmd_output['auth_type'],
|
||||
)
|
||||
except tempest_exc.CommandFailed as e:
|
||||
self.assertIn('--os-auth-type: invalid choice:', str(e))
|
||||
self.assertIn('token_endpoint', str(e))
|
||||
else:
|
||||
self.fail('CommandFailed should be raised')
|
||||
|
||||
def test_auth_type_password_opt(self):
|
||||
cmd_output = json.loads(self.openstack(
|
||||
|
@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager):
|
||||
"""Allow subclasses to override the ClientManager class"""
|
||||
return clientmanager.ClientManager
|
||||
|
||||
def test_client_manager_token_endpoint(self):
|
||||
def test_client_manager_admin_token(self):
|
||||
token_auth = {
|
||||
'url': fakes.AUTH_URL,
|
||||
'endpoint': fakes.AUTH_URL,
|
||||
'token': fakes.AUTH_TOKEN,
|
||||
}
|
||||
client_manager = self._make_clientmanager(
|
||||
auth_args=token_auth,
|
||||
auth_plugin_name='token_endpoint',
|
||||
auth_plugin_name='admin_token',
|
||||
)
|
||||
|
||||
self.assertEqual(
|
||||
fakes.AUTH_URL,
|
||||
client_manager._cli_options.config['auth']['url'],
|
||||
client_manager._cli_options.config['auth']['endpoint'],
|
||||
)
|
||||
self.assertEqual(
|
||||
fakes.AUTH_TOKEN,
|
||||
|
@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell):
|
||||
# released in osc-lib
|
||||
self.shell_class = importutils.import_class(self.shell_class_name)
|
||||
|
||||
def _assert_token_endpoint_auth(self, cmd_options, default_args):
|
||||
def _assert_admin_token_auth(self, cmd_options, default_args):
|
||||
with mock.patch(
|
||||
self.shell_class_name + ".initialize_app",
|
||||
self.app,
|
||||
@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell):
|
||||
"token",
|
||||
)
|
||||
self.assertEqual(
|
||||
default_args.get("url", ''),
|
||||
_shell.options.url,
|
||||
"url",
|
||||
default_args.get("endpoint", ''),
|
||||
_shell.options.endpoint,
|
||||
"endpoint",
|
||||
)
|
||||
|
||||
def _assert_token_auth(self, cmd_options, default_args):
|
||||
@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
|
||||
super(TestShellTokenEndpointAuthEnv, self).setUp()
|
||||
env = {
|
||||
"OS_TOKEN": DEFAULT_TOKEN,
|
||||
"OS_URL": DEFAULT_SERVICE_URL,
|
||||
"OS_ENDPOINT": DEFAULT_SERVICE_URL,
|
||||
}
|
||||
self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
|
||||
|
||||
@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell):
|
||||
flag = ""
|
||||
kwargs = {
|
||||
"token": DEFAULT_TOKEN,
|
||||
"url": DEFAULT_SERVICE_URL,
|
||||
"endpoint": DEFAULT_SERVICE_URL,
|
||||
}
|
||||
self._assert_token_endpoint_auth(flag, kwargs)
|
||||
self._assert_admin_token_auth(flag, kwargs)
|
||||
|
||||
def test_only_token(self):
|
||||
flag = "--os-token xyzpdq"
|
||||
kwargs = {
|
||||
"token": "xyzpdq",
|
||||
"url": DEFAULT_SERVICE_URL,
|
||||
"endpoint": DEFAULT_SERVICE_URL,
|
||||
}
|
||||
self._assert_token_auth(flag, kwargs)
|
||||
|
||||
def test_only_url(self):
|
||||
flag = "--os-url http://cloud.local:555"
|
||||
flag = "--os-endpoint http://cloud.local:555"
|
||||
kwargs = {
|
||||
"token": DEFAULT_TOKEN,
|
||||
"url": "http://cloud.local:555",
|
||||
"endpoint": "http://cloud.local:555",
|
||||
}
|
||||
self._assert_token_auth(flag, kwargs)
|
||||
|
||||
@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
|
||||
flag = ""
|
||||
kwargs = {
|
||||
"token": '',
|
||||
"url": '',
|
||||
"endpoint": '',
|
||||
}
|
||||
self._assert_token_auth(flag, kwargs)
|
||||
|
||||
|
@ -27,9 +27,6 @@ packages =
|
||||
console_scripts =
|
||||
openstack = openstackclient.shell:main
|
||||
|
||||
keystoneauth1.plugin =
|
||||
token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint
|
||||
|
||||
openstack.cli =
|
||||
command_list = openstackclient.common.module:ListCommand
|
||||
module_list = openstackclient.common.module:ListModule
|
||||
|
Loading…
Reference in New Issue
Block a user