Merge "Remove token_endpoint auth type"

This commit is contained in:
Zuul 2019-08-29 00:02:31 +00:00 committed by Gerrit Code Review
commit eed615e7d0
8 changed files with 40 additions and 105 deletions

View File

@ -39,15 +39,6 @@ There are at least three authentication types that are always available:
(described below as token/endpoint) in that a token and an authentication
URL are supplied and the plugin retrieves a new token.
[Required: ``--os-auth-url``, ``--os-token``]
* **Token/Endpoint**: This is the original token authentication (known as 'token
flow' in the early CLI documentation in the OpenStack wiki). It requires
a token and a direct endpoint that is used in the API call. The difference
from the new Token type is this token is used as-is, no call is made
to the Identity service from the client. This type is most often used to
bootstrap a Keystone server where the token is the ``admin_token`` configured
in ``keystone.conf``. It will also work with other services and a regular
scoped token such as one obtained from a ``token issue`` command.
[Required: ``--os-url``, ``--os-token``]
* **Others**: Other authentication plugins such as SAML, Kerberos, and OAuth1.0
are under development and also supported. To use them, they must be selected
by supplying the ``--os-auth-type`` option.

View File

@ -96,6 +96,14 @@ Release 4.0
* Removed in: 4.0
* Commit: https://review.opendev.org/612751
14. Remove 'Token/Endpoint' auth plugin support (type ``token_endpoint``).
This remained as a compatibility for the ``admin_token`` auth type to
support the ``--url`` global option. That option is also now removed,
use ``--endpoint`` instead.
* Removed in: 4.0
* Commit: https://review.opendev.org/<tbd>
Release 3.12
------------

View File

@ -1,61 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Authentication Plugin Library"""
from keystoneauth1 import loading
from keystoneauth1 import token_endpoint
from openstackclient.i18n import _
class TokenEndpoint(loading.BaseLoader):
"""Auth plugin to handle traditional token/endpoint usage
Keystoneauth contains a Token plugin class that now correctly
handles the token/endpoint auth compatible with OSC. However,
the AdminToken loader deprecates the 'url' argument, which breaks
OSC compatibility, so make one that works.
"""
@property
def plugin_class(self):
return token_endpoint.Token
def load_from_options(self, url, token, **kwargs):
"""A plugin for static authentication with an existing token
:param string url: Service endpoint
:param string token: Existing token
"""
return super(TokenEndpoint, self).load_from_options(
endpoint=url,
token=token,
)
def get_options(self):
"""Return the legacy options"""
options = [
loading.Opt(
'url',
help=_('Specific service endpoint to use'),
),
loading.Opt(
'token',
secret=True,
help=_('Authentication token to use'),
),
]
return options

View File

@ -58,10 +58,10 @@ class OpenStackShell(shell.OpenStackShell):
def _final_defaults(self):
super(OpenStackShell, self)._final_defaults()
# Set the default plugin to token_endpoint if url and token are given
if (self.options.url and self.options.token):
# Use service token authentication
self._auth_type = 'token_endpoint'
# Set the default plugin to admin_token if endpoint and token are given
if (self.options.endpoint and self.options.token):
# Use token authentication
self._auth_type = 'admin_token'
else:
self._auth_type = 'password'

View File

@ -12,6 +12,8 @@
import json
from tempest.lib import exceptions as tempest_exc
from openstackclient.tests.functional import base
@ -49,19 +51,17 @@ class ArgumentTests(base.TestCase):
)
def test_auth_type_token_endpoint_opt(self):
cmd_output = json.loads(self.openstack(
# Make sure token_endpoint is really gone
try:
self.openstack(
'configuration show -f json --os-auth-type token_endpoint',
cloud=None,
))
self.assertIsNotNone(cmd_output)
self.assertIn(
'auth_type',
cmd_output.keys(),
)
self.assertEqual(
'token_endpoint',
cmd_output['auth_type'],
)
except tempest_exc.CommandFailed as e:
self.assertIn('--os-auth-type: invalid choice:', str(e))
self.assertIn('token_endpoint', str(e))
else:
self.fail('CommandFailed should be raised')
def test_auth_type_password_opt(self):
cmd_output = json.loads(self.openstack(

View File

@ -28,19 +28,19 @@ class TestClientManager(osc_lib_test_utils.TestClientManager):
"""Allow subclasses to override the ClientManager class"""
return clientmanager.ClientManager
def test_client_manager_token_endpoint(self):
def test_client_manager_admin_token(self):
token_auth = {
'url': fakes.AUTH_URL,
'endpoint': fakes.AUTH_URL,
'token': fakes.AUTH_TOKEN,
}
client_manager = self._make_clientmanager(
auth_args=token_auth,
auth_plugin_name='token_endpoint',
auth_plugin_name='admin_token',
)
self.assertEqual(
fakes.AUTH_URL,
client_manager._cli_options.config['auth']['url'],
client_manager._cli_options.config['auth']['endpoint'],
)
self.assertEqual(
fakes.AUTH_TOKEN,

View File

@ -153,7 +153,7 @@ class TestShell(osc_lib_test_utils.TestShell):
# released in osc-lib
self.shell_class = importutils.import_class(self.shell_class_name)
def _assert_token_endpoint_auth(self, cmd_options, default_args):
def _assert_admin_token_auth(self, cmd_options, default_args):
with mock.patch(
self.shell_class_name + ".initialize_app",
self.app,
@ -172,9 +172,9 @@ class TestShell(osc_lib_test_utils.TestShell):
"token",
)
self.assertEqual(
default_args.get("url", ''),
_shell.options.url,
"url",
default_args.get("endpoint", ''),
_shell.options.endpoint,
"endpoint",
)
def _assert_token_auth(self, cmd_options, default_args):
@ -338,7 +338,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
super(TestShellTokenEndpointAuthEnv, self).setUp()
env = {
"OS_TOKEN": DEFAULT_TOKEN,
"OS_URL": DEFAULT_SERVICE_URL,
"OS_ENDPOINT": DEFAULT_SERVICE_URL,
}
self.useFixture(osc_lib_test_utils.EnvFixture(env.copy()))
@ -346,23 +346,23 @@ class TestShellTokenEndpointAuthEnv(TestShell):
flag = ""
kwargs = {
"token": DEFAULT_TOKEN,
"url": DEFAULT_SERVICE_URL,
"endpoint": DEFAULT_SERVICE_URL,
}
self._assert_token_endpoint_auth(flag, kwargs)
self._assert_admin_token_auth(flag, kwargs)
def test_only_token(self):
flag = "--os-token xyzpdq"
kwargs = {
"token": "xyzpdq",
"url": DEFAULT_SERVICE_URL,
"endpoint": DEFAULT_SERVICE_URL,
}
self._assert_token_auth(flag, kwargs)
def test_only_url(self):
flag = "--os-url http://cloud.local:555"
flag = "--os-endpoint http://cloud.local:555"
kwargs = {
"token": DEFAULT_TOKEN,
"url": "http://cloud.local:555",
"endpoint": "http://cloud.local:555",
}
self._assert_token_auth(flag, kwargs)
@ -371,7 +371,7 @@ class TestShellTokenEndpointAuthEnv(TestShell):
flag = ""
kwargs = {
"token": '',
"url": '',
"endpoint": '',
}
self._assert_token_auth(flag, kwargs)

View File

@ -27,9 +27,6 @@ packages =
console_scripts =
openstack = openstackclient.shell:main
keystoneauth1.plugin =
token_endpoint = openstackclient.api.auth_plugin:TokenEndpoint
openstack.cli =
command_list = openstackclient.common.module:ListCommand
module_list = openstackclient.common.module:ListModule