diff options
| author | rabi <ramishra@redhat.com> | 2016-05-24 14:29:10 +0530 |
|---|---|---|
| committer | rabi <ramishra@redhat.com> | 2016-06-07 10:45:09 +0530 |
| commit | 34b372ddb549a36f739d74572680fb163c05afc5 (patch) | |
| tree | bae2e54f0ac61994f69df0abfd9fae28fedcdb39 | |
| parent | e1a6c072a1b216a115c7aa69412bcb06108086cc (diff) | |
| download | heat-34b372ddb549a36f739d74572680fb163c05afc5.tar.gz | |
Use generic auth plugins
This change removes use of version specific auth
plugins and instead uses generic plugins.
Change-Id: I19898d351c4a08f5f865f9debd60070d50aa5eff
Related-Bug: #1554533
| -rw-r--r-- | heat/common/context.py | 29 | ||||
| -rw-r--r-- | heat/engine/clients/os/keystone/heat_keystoneclient.py | 58 | ||||
| -rw-r--r-- | heat/tests/clients/test_heat_client.py | 161 | ||||
| -rw-r--r-- | heat/tests/test_auth_password.py | 34 | ||||
| -rw-r--r-- | heat/tests/test_common_context.py | 2 |
5 files changed, 144 insertions, 140 deletions
diff --git a/heat/common/context.py b/heat/common/context.py index 05bb543fa..9fcf2ea72 100644 --- a/heat/common/context.py +++ b/heat/common/context.py @@ -13,7 +13,7 @@ from keystoneauth1 import access from keystoneauth1.identity import access as access_plugin -from keystoneauth1.identity import v3 +from keystoneauth1.identity import generic from keystoneauth1 import loading as ks_loading from keystoneauth1 import token_endpoint from oslo_config import cfg @@ -40,12 +40,12 @@ LOG = logging.getLogger(__name__) # cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options # Note, only auth_type = v3password is expected to work, example config: # [trustee] -# auth_type = v3password +# auth_type = password # auth_url = http://192.168.1.2:35357 # username = heat # password = password # user_domain_id = default -V3_PASSWORD_PLUGIN = 'v3password' +PASSWORD_PLUGIN = 'password' TRUSTEE_CONF_GROUP = 'trustee' ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP) @@ -53,7 +53,7 @@ ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP) def list_opts(): trustee_opts = ks_loading.get_auth_common_conf_options() trustee_opts.extend(ks_loading.get_auth_plugin_conf_options( - V3_PASSWORD_PLUGIN)) + PASSWORD_PLUGIN)) yield TRUSTEE_CONF_GROUP, trustee_opts @@ -201,7 +201,7 @@ class RequestContext(context.RequestContext): if 'user_domain_id' in cfg.CONF.keystone_authtoken: trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id - self._trusts_auth_plugin = v3.Password( + self._trusts_auth_plugin = generic.Password( username=cfg.CONF.keystone_authtoken.admin_user, password=cfg.CONF.keystone_authtoken.admin_password, user_domain_id=trustee_user_domain, @@ -211,11 +211,10 @@ class RequestContext(context.RequestContext): def _create_auth_plugin(self): if self.auth_token_info: - auth_ref = access.AccessInfoV3(self.auth_token_info, - auth_token=self.auth_token) + access_info = access.create(body=self.auth_token_info, + auth_token=self.auth_token) return access_plugin.AccessInfoPlugin( - auth_url=self.keystone_v3_endpoint, - auth_ref=auth_ref) + auth_ref=access_info, auth_url=self.keystone_v3_endpoint) if self.auth_token: # FIXME(jamielennox): This is broken but consistent. If you @@ -226,13 +225,13 @@ class RequestContext(context.RequestContext): token=self.auth_token) if self.password: - return v3.Password(username=self.username, - password=self.password, - project_id=self.tenant_id, - user_domain_id=self.user_domain, - auth_url=self.keystone_v3_endpoint) + return generic.Password(username=self.username, + password=self.password, + project_id=self.tenant_id, + user_domain_id=self.user_domain, + auth_url=self.keystone_v3_endpoint) - LOG.error(_LE("Keystone v3 API connection failed, no password " + LOG.error(_LE("Keystone API connection failed, no password " "trust or auth_token!")) raise exception.AuthorizationFailure() diff --git a/heat/engine/clients/os/keystone/heat_keystoneclient.py b/heat/engine/clients/os/keystone/heat_keystoneclient.py index 311a7eb67..196d474a4 100644 --- a/heat/engine/clients/os/keystone/heat_keystoneclient.py +++ b/heat/engine/clients/os/keystone/heat_keystoneclient.py @@ -17,9 +17,9 @@ import collections import uuid import weakref -from keystoneauth1.identity import v3 as kc_auth_v3 +from keystoneauth1 import exceptions as ks_exception +from keystoneauth1.identity import generic as ks_auth from keystoneauth1 import session -import keystoneclient.exceptions as kc_exception from keystoneclient.v3 import client as kc_v3 from oslo_config import cfg from oslo_log import log as logging @@ -124,18 +124,18 @@ class KsClientWrapper(object): if not self._domain_admin_auth: # Note we must specify the domain when getting the token # as only a domain scoped token can create projects in the domain - auth = kc_auth_v3.Password(username=self.domain_admin_user, - password=self.domain_admin_password, - auth_url=self.v3_endpoint, - domain_id=self._stack_domain_id, - domain_name=self.stack_domain_name, - user_domain_id=self._stack_domain_id, - user_domain_name=self.stack_domain_name) + auth = ks_auth.Password(username=self.domain_admin_user, + password=self.domain_admin_password, + auth_url=self.v3_endpoint, + domain_id=self._stack_domain_id, + domain_name=self.stack_domain_name, + user_domain_id=self._stack_domain_id, + user_domain_name=self.stack_domain_name) # NOTE(jamielennox): just do something to ensure a valid token try: auth.get_token(self.session) - except kc_exception.Unauthorized: + except ks_exception.Unauthorized: LOG.error(_LE("Domain admin client authentication failed")) raise exception.AuthorizationFailure() @@ -161,7 +161,7 @@ class KsClientWrapper(object): # reauthenticating if it's present and valid. try: auth_ref = self.context.auth_plugin.get_access(self.session) - except kc_exception.Unauthorized: + except ks_exception.Unauthorized: LOG.error(_LE("Keystone client authentication failed")) raise exception.AuthorizationFailure() @@ -193,11 +193,10 @@ class KsClientWrapper(object): # We need the service admin user ID (not name), as the trustor user # can't lookup the ID in keystoneclient unless they're admin # workaround this by getting the user_id from admin_client - try: trustee_user_id = self.context.trusts_auth_plugin.get_user_id( self.session) - except kc_exception.Unauthorized: + except ks_exception.Unauthorized: LOG.error(_LE("Domain admin client authentication failed")) raise exception.AuthorizationFailure() @@ -215,7 +214,7 @@ class KsClientWrapper(object): project=trustor_proj_id, impersonation=True, role_names=roles) - except kc_exception.NotFound: + except ks_exception.NotFound: LOG.debug("Failed to find roles %s for user %s" % (roles, trustor_user_id)) raise exception.MissingCredentialError( @@ -232,7 +231,7 @@ class KsClientWrapper(object): """Delete the specified trust.""" try: self.client.trusts.delete(trust_id) - except kc_exception.NotFound: + except ks_exception.NotFound: pass def _get_username(self, username): @@ -287,15 +286,16 @@ class KsClientWrapper(object): 'configured, please fix your heat.conf') raise exception.Error(msg) - # Create a keystoneclient session, then request a token with no + # Create a keystone session, then request a token with no # catalog (the token is expected to be used inside an instance # where a specific endpoint will be specified, and user-data # space is limited..) - auth = kc_auth_v3.Password(auth_url=self.v3_endpoint, - user_id=user_id, - password=password, - project_id=project_id, - include_catalog=False) + # TODO(rabi): generic auth plugins don't support `include_catalog' + # flag yet. We'll add it once it's supported.. + auth = ks_auth.Password(auth_url=self.v3_endpoint, + user_id=user_id, + password=password, + project_id=project_id) return auth.get_token(self.session) @@ -345,7 +345,7 @@ class KsClientWrapper(object): if not self._stack_domain_id: try: access = self.domain_admin_auth.get_access(self.session) - except kc_exception.Unauthorized: + except ks_exception.Unauthorized: LOG.error(_LE("Keystone client authentication failed")) raise exception.AuthorizationFailure() @@ -371,13 +371,13 @@ class KsClientWrapper(object): try: self._check_stack_domain_user(user_id, project_id, 'delete') self.domain_admin_client.users.delete(user_id) - except kc_exception.NotFound: + except ks_exception.NotFound: pass def delete_stack_user(self, user_id): try: self.client.users.delete(user=user_id) - except kc_exception.NotFound: + except ks_exception.NotFound: pass def create_stack_domain_project(self, stack_id): @@ -409,9 +409,9 @@ class KsClientWrapper(object): # to get the project, so again we should do nothing try: project = self.domain_admin_client.projects.get(project=project_id) - except kc_exception.NotFound: + except ks_exception.NotFound: return - except kc_exception.Forbidden: + except ks_exception.Forbidden: LOG.warning(_LW('Unable to get details for project %s, ' 'not deleting'), project_id) return @@ -422,7 +422,7 @@ class KsClientWrapper(object): try: project.delete() - except kc_exception.NotFound: + except ks_exception.NotFound: pass def _find_ec2_keypair(self, access, user_id=None): @@ -443,7 +443,7 @@ class KsClientWrapper(object): if credential_id: try: self.client.credentials.delete(credential_id) - except kc_exception.NotFound: + except ks_exception.NotFound: pass elif access: cred = self._find_ec2_keypair(access=access, user_id=user_id) @@ -510,7 +510,7 @@ class KsClientWrapper(object): self._check_stack_domain_user(user_id, project_id, 'delete_keypair') try: self.domain_admin_client.credentials.delete(credential_id) - except kc_exception.NotFound: + except ks_exception.NotFound: pass def disable_stack_user(self, user_id): diff --git a/heat/tests/clients/test_heat_client.py b/heat/tests/clients/test_heat_client.py index 7a9b415cc..6c391e137 100644 --- a/heat/tests/clients/test_heat_client.py +++ b/heat/tests/clients/test_heat_client.py @@ -17,7 +17,7 @@ import uuid from keystoneauth1 import access as ks_access from keystoneauth1 import exceptions as kc_exception from keystoneauth1.identity import access as ks_auth_access -from keystoneauth1.identity import v3 as ks_auth_v3 +from keystoneauth1.identity import generic as ks_auth from keystoneauth1 import loading as ks_loading from keystoneauth1 import session as ks_session from keystoneauth1 import token_endpoint as ks_token_endpoint @@ -49,7 +49,7 @@ class KeystoneClientTest(common.HeatTestCase): self.mock_ks_v3_client_domain_mngr = self.m.CreateMock( kc_v3_domains.DomainManager) self.m.StubOutWithMock(kc_v3, "Client") - self.m.StubOutWithMock(ks_auth_v3, 'Password') + self.m.StubOutWithMock(ks_auth, 'Password') self.m.StubOutWithMock(ks_token_endpoint, 'Token') self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin') self.m.StubOutWithMock(ks_loading, 'load_auth_from_conf_options') @@ -85,13 +85,13 @@ class KeystoneClientTest(common.HeatTestCase): mock_ks_auth = self.m.CreateMockAnything() mock_ks_auth.get_token(mox.IsA(ks_session.Session)).AndReturn('tok') - m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3', - password='adminsecret', - domain_id='adomain123', - domain_name=None, - user_domain_id='adomain123', - user_domain_name=None, - username='adminuser123') + m = ks_auth.Password(auth_url='http://server.test:5000/v3', + password='adminsecret', + domain_id='adomain123', + domain_name=None, + user_domain_id='adomain123', + user_domain_name=None, + username='adminuser123') m.AndReturn(mock_ks_auth) n = kc_v3.Client(session=mox.IsA(ks_session.Session), @@ -100,26 +100,30 @@ class KeystoneClientTest(common.HeatTestCase): self.mock_admin_client.domains = self.mock_ks_v3_client_domain_mngr - def _stubs_v3(self, method='token', trust_scoped=True, - user_id=None, auth_ref=None, client=True, project_id=None, - stub_trust_context=False): + def _stubs_auth(self, method='token', trust_scoped=True, + user_id=None, auth_ref=None, client=True, project_id=None, + stub_trust_context=False, version=3): mock_auth_ref = self.m.CreateMockAnything() mock_ks_auth = self.m.CreateMockAnything() if method == 'token': p = ks_token_endpoint.Token(token='abcd1234', endpoint='http://server.test:5000/v3') - elif method == 'auth_ref': + elif method == 'auth_ref' and version == 3: p = ks_auth_access.AccessInfoPlugin( - auth_url='http://server.test:5000/v3', - auth_ref=mox.IsA(ks_access.AccessInfo)) + auth_ref=mox.IsA(ks_access.AccessInfoV3), + auth_url='http://server.test:5000/v3') + elif method == 'auth_ref' and version == 2: + p = ks_auth_access.AccessInfoPlugin( + auth_ref=mox.IsA(ks_access.AccessInfoV2), + auth_url='http://server.test:5000/v3') elif method == 'password': - p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3', - username='test_username', - password='password', - project_id=project_id or 'test_tenant_id', - user_domain_id='adomain123') + p = ks_auth.Password(auth_url='http://server.test:5000/v3', + username='test_username', + password='password', + project_id=project_id or 'test_tenant_id', + user_domain_id='adomain123') elif method == 'trust': p = ks_loading.load_auth_from_conf_options(cfg.CONF, @@ -153,7 +157,7 @@ class KeystoneClientTest(common.HeatTestCase): def test_username_length(self): """Test that user names >64 characters are properly truncated.""" - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -189,7 +193,7 @@ class KeystoneClientTest(common.HeatTestCase): def test_create_stack_user_error_norole(self): """Test error path when no role is found.""" - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -248,7 +252,7 @@ class KeystoneClientTest(common.HeatTestCase): ctx.trust_id = None # mock keystone client functions - self._stubs_v3() + self._stubs_auth() self.mock_ks_v3_client.users = self.m.CreateMockAnything() mock_user = self.m.CreateMockAnything() mock_user.id = 'auser123' @@ -323,7 +327,7 @@ class KeystoneClientTest(common.HeatTestCase): ctx.trust_id = None # mock keystone client functions - self._stubs_v3() + self._stubs_auth() self.mock_ks_v3_client.users = self.m.CreateMockAnything() self.mock_ks_v3_client.users.delete(user='user123').AndReturn(None) self.m.ReplayAll() @@ -380,7 +384,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test deleting a stack user.""" - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -401,7 +405,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test creating the client, token auth.""" - self._stubs_v3() + self._stubs_auth() self.m.ReplayAll() ctx = utils.dummy_context() @@ -418,7 +422,9 @@ class KeystoneClientTest(common.HeatTestCase): expected_auth_ref = {'token': {'id': 'ctx_token', 'expires': '123'}, 'version': 'v2.0'} - self._stubs_v3(method='auth_ref', auth_ref=expected_auth_ref) + self._stubs_auth(method='auth_ref', + auth_ref=expected_auth_ref, + version=2) self.m.ReplayAll() ctx = utils.dummy_context() @@ -440,7 +446,7 @@ class KeystoneClientTest(common.HeatTestCase): 'expires': '456', 'version': 'v3', 'methods': []} - self._stubs_v3(method='auth_ref', auth_ref=expected_auth_ref) + self._stubs_auth(method='auth_ref', auth_ref=expected_auth_ref) self.m.ReplayAll() ctx = utils.dummy_context() @@ -457,7 +463,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test creating the client, password auth.""" - self._stubs_v3(method='password') + self._stubs_auth(method='password') self.m.ReplayAll() ctx = utils.dummy_context() @@ -486,7 +492,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test create_trust_context with existing trust_id.""" - self._stubs_v3(method='trust') + self._stubs_auth(method='trust') cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) self.m.ReplayAll() @@ -514,9 +520,9 @@ class KeystoneClientTest(common.HeatTestCase): id = 'atrust123' self._stub_admin_auth() - mock_ks_auth, mock_auth_ref = self._stubs_v3(user_id='5678', - project_id='42', - stub_trust_context=True) + mock_ks_auth, mock_auth_ref = self._stubs_auth(user_id='5678', + project_id='42', + stub_trust_context=True) cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) @@ -555,9 +561,9 @@ class KeystoneClientTest(common.HeatTestCase): self._stub_admin_auth() - mock_auth, mock_auth_ref = self._stubs_v3(user_id='5678', - project_id='42', - stub_trust_context=True) + mock_auth, mock_auth_ref = self._stubs_auth(user_id='5678', + project_id='42', + stub_trust_context=True) cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) @@ -614,7 +620,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test consuming a trust when initializing.""" - self._stubs_v3(method='trust') + self._stubs_auth(method='trust') cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) self.m.ReplayAll() @@ -633,7 +639,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test consuming a trust when initializing, error scoping.""" - self._stubs_v3(method='trust', trust_scoped=False) + self._stubs_auth(method='trust', trust_scoped=False) cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) self.m.ReplayAll() @@ -651,7 +657,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test consuming a trust when initializing, impersonation error.""" - self._stubs_v3(method='trust', user_id='wrong_user_id') + self._stubs_auth(method='trust', user_id='wrong_user_id') cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) self.m.ReplayAll() @@ -669,7 +675,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test trust_id is takes precedence username/password specified.""" - self._stubs_v3(method='trust') + self._stubs_auth(method='trust') self.m.ReplayAll() ctx = utils.dummy_context() @@ -683,7 +689,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test trust_id takes precedence when token specified.""" - self._stubs_v3(method='trust') + self._stubs_auth(method='trust') self.m.ReplayAll() ctx = utils.dummy_context() @@ -698,7 +704,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test delete_trust when deleting trust.""" - self._stubs_v3() + self._stubs_auth() cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) self.mock_ks_v3_client.trusts = self.m.CreateMockAnything() @@ -713,7 +719,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test delete_trust when trust already deleted.""" - self._stubs_v3() + self._stubs_auth() cfg.CONF.set_override('deferred_auth_method', 'trusts', enforce_type=True) self.mock_ks_v3_client.trusts = self.m.CreateMockAnything() @@ -729,7 +735,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test disabling a stack user.""" - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -746,7 +752,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test enabling a stack user.""" - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -793,7 +799,7 @@ class KeystoneClientTest(common.HeatTestCase): ctx.trust_id = None # mock keystone client functions - self._stubs_v3() + self._stubs_auth() self.mock_ks_v3_client.users = self.m.CreateMockAnything() self.mock_ks_v3_client.users.update(user='user123', enabled=True ).AndReturn(None) @@ -858,7 +864,7 @@ class KeystoneClientTest(common.HeatTestCase): ctx.trust_id = None # mock keystone client functions - self._stubs_v3() + self._stubs_auth() self.mock_ks_v3_client.users = self.m.CreateMockAnything() self.mock_ks_v3_client.users.update(user='user123', enabled=False ).AndReturn(None) @@ -930,7 +936,7 @@ class KeystoneClientTest(common.HeatTestCase): ctx.trust_id = None # mock keystone client functions - self._stubs_v3() + self._stubs_auth() self.mock_ks_v3_client.credentials = self.m.CreateMockAnything() self.mock_ks_v3_client.credentials.delete( 'acredentialid').AndReturn(None) @@ -984,7 +990,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test creating ec2 credentials.""" - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -1056,7 +1062,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test creating ec2 credentials for domain user, fallback path.""" self._clear_domain_override() - self._stubs_v3() + self._stubs_auth() ctx = utils.dummy_context() ctx.trust_id = None @@ -1093,7 +1099,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test getting ec2 credential by id.""" user_id = 'atestuser' - self._stubs_v3(user_id=user_id) + self._stubs_auth(user_id=user_id) ctx = utils.dummy_context() ctx.trust_id = None @@ -1143,7 +1149,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test getting ec2 credential by access.""" user_id = 'atestuser' - self._stubs_v3(user_id=user_id) + self._stubs_auth(user_id=user_id) ctx = utils.dummy_context() ctx.trust_id = None @@ -1171,7 +1177,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test deleting ec2 credential by id.""" user_id = 'atestuser' - self._stubs_v3(user_id=user_id) + self._stubs_auth(user_id=user_id) ctx = utils.dummy_context() ctx.trust_id = None @@ -1198,7 +1204,7 @@ class KeystoneClientTest(common.HeatTestCase): """Test deleting ec2 credential by access.""" user_id = 'atestuser' - self._stubs_v3(user_id=user_id) + self._stubs_auth(user_id=user_id) ctx = utils.dummy_context() ctx.trust_id = None @@ -1335,11 +1341,11 @@ class KeystoneClientTest(common.HeatTestCase): heat_ks_client.delete_stack_domain_project(project_id='aprojectid') def _stub_domain_user_pw_auth(self): - ks_auth_v3.Password(auth_url='http://server.test:5000/v3', - user_id='duser', - password='apassw', - project_id='aproject', - user_domain_id='adomain123').AndReturn('dummyauth') + ks_auth.Password(auth_url='http://server.test:5000/v3', + user_id='duser', + password='apassw', + project_id='aproject', + user_domain_id='adomain123').AndReturn('dummyauth') def test_stack_domain_user_token(self): """Test stack_domain_user_token function.""" @@ -1347,11 +1353,10 @@ class KeystoneClientTest(common.HeatTestCase): mock_ks_auth = self.m.CreateMockAnything() mock_ks_auth.get_token(mox.IsA(ks_session.Session)).AndReturn(dum_tok) - m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3', - password='apassw', - project_id='aproject', - user_id='duser', - include_catalog=False) + m = ks_auth.Password(auth_url='http://server.test:5000/v3', + password='apassw', + project_id='aproject', + user_id='duser') m.AndReturn(mock_ks_auth) self.m.ReplayAll() @@ -1388,7 +1393,7 @@ class KeystoneClientTest(common.HeatTestCase): def _test_url_for(self, service_url, expected_kwargs, ctx=None, **kwargs): """Testing url_for depending on different ways to pass region name.""" - mock_ks_auth, mock_auth_ref = self._stubs_v3(client=False) + mock_ks_auth, mock_auth_ref = self._stubs_auth(client=False) mock_ks_auth.get_endpoint(mox.IsA(ks_session.Session), **expected_kwargs).AndReturn(service_url) @@ -1489,13 +1494,13 @@ class KeystoneClientTestDomainName(KeystoneClientTest): a.domain_id = domain_id mock_ks_auth.get_access(mox.IsA(ks_session.Session)).AndReturn(a) - m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3', - password='adminsecret', - domain_id=None, - domain_name='fake_domain_name', - user_domain_id=None, - user_domain_name='fake_domain_name', - username='adminuser123') + m = ks_auth.Password(auth_url='http://server.test:5000/v3', + password='adminsecret', + domain_id=None, + domain_name='fake_domain_name', + user_domain_id=None, + user_domain_name='fake_domain_name', + username='adminuser123') m.AndReturn(mock_ks_auth) @@ -1506,12 +1511,12 @@ class KeystoneClientTestDomainName(KeystoneClientTest): self.mock_admin_client.domains = self.mock_ks_v3_client_domain_mngr def _stub_domain_user_pw_auth(self): - ks_auth_v3.Password(auth_url='http://server.test:5000/v3', - user_id='duser', - password='apassw', - project_id='aproject', - user_domain_name='fake_domain_name' - ).AndReturn('dummyauth') + ks_auth.Password(auth_url='http://server.test:5000/v3', + user_id='duser', + password='apassw', + project_id='aproject', + user_domain_name='fake_domain_name' + ).AndReturn('dummyauth') def test_enable_stack_domain_user_error_project(self): p = super(KeystoneClientTestDomainName, self) diff --git a/heat/tests/test_auth_password.py b/heat/tests/test_auth_password.py index 02a57abbb..cacef649b 100644 --- a/heat/tests/test_auth_password.py +++ b/heat/tests/test_auth_password.py @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from keystoneauth1.identity import v3 as ks_v3_auth +from keystoneauth1.identity import generic as ks_auth from keystoneauth1 import session as ks_session from keystoneclient import exceptions as keystone_exc import mox @@ -120,10 +120,10 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): self.response_headers = dict(headers) def test_valid_v2_request(self): - mock_auth = self.m.CreateMock(ks_v3_auth.Password) - self.m.StubOutWithMock(ks_v3_auth, 'Password') + mock_auth = self.m.CreateMock(ks_auth.Password) + self.m.StubOutWithMock(ks_auth, 'Password') - ks_v3_auth.Password( + ks_auth.Password( auth_url=self.config['auth_uri'], password='goodpassword', project_id='tenant_id1', @@ -144,14 +144,14 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): self.m.VerifyAll() def test_valid_v3_request(self): - mock_auth = self.m.CreateMock(ks_v3_auth.Password) - self.m.StubOutWithMock(ks_v3_auth, 'Password') + mock_auth = self.m.CreateMock(ks_auth.Password) + self.m.StubOutWithMock(ks_auth, 'Password') - ks_v3_auth.Password(auth_url=self.config['auth_uri'], - password='goodpassword', - project_id='tenant_id1', - user_domain_id='domain1', - username='user_name1').AndReturn(mock_auth) + ks_auth.Password(auth_url=self.config['auth_uri'], + password='goodpassword', + project_id='tenant_id1', + user_domain_id='domain1', + username='user_name1').AndReturn(mock_auth) m = mock_auth.get_access(mox.IsA(ks_session.Session)) m.AndReturn(TOKEN_V3_RESPONSE) @@ -169,13 +169,13 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase): self.m.VerifyAll() def test_request_with_bad_credentials(self): - self.m.StubOutWithMock(ks_v3_auth, 'Password') + self.m.StubOutWithMock(ks_auth, 'Password') - m = ks_v3_auth.Password(auth_url=self.config['auth_uri'], - password='badpassword', - project_id='tenant_id1', - user_domain_id='domain1', - username='user_name1') + m = ks_auth.Password(auth_url=self.config['auth_uri'], + password='badpassword', + project_id='tenant_id1', + user_domain_id='domain1', + username='user_name1') m.AndRaise(keystone_exc.Unauthorized(401)) self.m.ReplayAll() diff --git a/heat/tests/test_common_context.py b/heat/tests/test_common_context.py index c69d60f70..38fd558f5 100644 --- a/heat/tests/test_common_context.py +++ b/heat/tests/test_common_context.py @@ -198,7 +198,7 @@ class TestRequestContext(common.HeatTestCase): ctx = context.RequestContext(auth_url=None, user_domain_id='non-default', username='test') - with mock.patch('keystoneauth1.identity.v3.Password') as ps: + with mock.patch('keystoneauth1.identity.generic.Password') as ps: ctx.trusts_auth_plugin ps.assert_called_once_with(username='heat', password='password', |