diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2015-03-11 13:41:41 +1100 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2015-03-17 09:54:17 +1100 |
commit | fc1f5a7963adb3c39f48131af5117bfafa3b07e7 (patch) | |
tree | ebfcc94d718eee38b84aa37735c4d8c27d55e532 | |
parent | d4a4acecbe2cb173e4dc3b355c8d9f90212c5e9c (diff) | |
download | python-keystoneclient-fc1f5a7963adb3c39f48131af5117bfafa3b07e7.tar.gz |
Extract BaseAuth out of Auth Plugin
The basic Auth plugin for v3 tokens makes the assumption that you need
to pass in some AuthMethod objects. This works well for most auth types
where you want the plugin to construct the auth request for you.
In the case of federation though we want to be able to have a rescoping
plugin that will return an auth_ref and not take any auth_methods as
arguments.
Extract the most basic part of the Auth plugin into BaseAuth class that
Auth and federation plugins can both inherit from.
Change-Id: Ia8c8c614b8eb51170346ff5b1e20a1e7ebbb47de
-rw-r--r-- | keystoneclient/auth/identity/v3/__init__.py | 1 | ||||
-rw-r--r-- | keystoneclient/auth/identity/v3/base.py | 76 |
2 files changed, 52 insertions, 25 deletions
diff --git a/keystoneclient/auth/identity/v3/__init__.py b/keystoneclient/auth/identity/v3/__init__.py index 61e38c3..6992c7f 100644 --- a/keystoneclient/auth/identity/v3/__init__.py +++ b/keystoneclient/auth/identity/v3/__init__.py @@ -18,6 +18,7 @@ from keystoneclient.auth.identity.v3.token import * # noqa __all__ = ['Auth', 'AuthConstructor', 'AuthMethod', + 'BaseAuth', 'Password', 'PasswordMethod', diff --git a/keystoneclient/auth/identity/v3/base.py b/keystoneclient/auth/identity/v3/base.py index d5bd51e..add571e 100644 --- a/keystoneclient/auth/identity/v3/base.py +++ b/keystoneclient/auth/identity/v3/base.py @@ -24,10 +24,11 @@ from keystoneclient import utils _logger = logging.getLogger(__name__) -__all__ = ['Auth', 'AuthMethod', 'AuthConstructor'] +__all__ = ['Auth', 'AuthMethod', 'AuthConstructor', 'BaseAuth'] -class Auth(base.BaseIdentityPlugin): +@six.add_metaclass(abc.ABCMeta) +class BaseAuth(base.BaseIdentityPlugin): """Identity V3 Authentication Plugin. :param string auth_url: Identity service endpoint for authentication. @@ -46,7 +47,7 @@ class Auth(base.BaseIdentityPlugin): """ @utils.positional() - def __init__(self, auth_url, auth_methods, + def __init__(self, auth_url, trust_id=None, domain_id=None, domain_name=None, @@ -56,10 +57,8 @@ class Auth(base.BaseIdentityPlugin): project_domain_name=None, reauthenticate=True, include_catalog=True): - super(Auth, self).__init__(auth_url=auth_url, - reauthenticate=reauthenticate) - - self.auth_methods = auth_methods + super(BaseAuth, self).__init__(auth_url=auth_url, + reauthenticate=reauthenticate) self.trust_id = trust_id self.domain_id = domain_id self.domain_name = domain_name @@ -74,6 +73,51 @@ class Auth(base.BaseIdentityPlugin): """The full URL where we will send authentication data.""" return '%s/auth/tokens' % self.auth_url.rstrip('/') + @abc.abstractmethod + def get_auth_ref(self, session, **kwargs): + return None + + @classmethod + def get_options(cls): + options = super(BaseAuth, cls).get_options() + + options.extend([ + cfg.StrOpt('domain-id', help='Domain ID to scope to'), + cfg.StrOpt('domain-name', help='Domain name to scope to'), + cfg.StrOpt('project-id', help='Project ID to scope to'), + cfg.StrOpt('project-name', help='Project name to scope to'), + cfg.StrOpt('project-domain-id', + help='Domain ID containing project'), + cfg.StrOpt('project-domain-name', + help='Domain name containing project'), + cfg.StrOpt('trust-id', help='Trust ID'), + ]) + + return options + + +class Auth(BaseAuth): + """Identity V3 Authentication Plugin. + + :param string auth_url: Identity service endpoint for authentication. + :param list auth_methods: A collection of methods to authenticate with. + :param string trust_id: Trust ID for trust scoping. + :param string domain_id: Domain ID for domain scoping. + :param string domain_name: Domain name for domain scoping. + :param string project_id: Project ID for project scoping. + :param string project_name: Project name for project scoping. + :param string project_domain_id: Project's domain ID for project. + :param string project_domain_name: Project's domain name for project. + :param bool reauthenticate: Allow fetching a new token if the current one + is going to expire. (optional) default True + :param bool include_catalog: Include the service catalog in the returned + token. (optional) default True. + """ + + def __init__(self, auth_url, auth_methods, **kwargs): + super(Auth, self).__init__(auth_url=auth_url, **kwargs) + self.auth_methods = auth_methods + def get_auth_ref(self, session, **kwargs): headers = {'Accept': 'application/json'} body = {'auth': {'identity': {}}} @@ -136,24 +180,6 @@ class Auth(base.BaseIdentityPlugin): return access.AccessInfoV3(resp.headers['X-Subject-Token'], **resp_data) - @classmethod - def get_options(cls): - options = super(Auth, cls).get_options() - - options.extend([ - cfg.StrOpt('domain-id', help='Domain ID to scope to'), - cfg.StrOpt('domain-name', help='Domain name to scope to'), - cfg.StrOpt('project-id', help='Project ID to scope to'), - cfg.StrOpt('project-name', help='Project name to scope to'), - cfg.StrOpt('project-domain-id', - help='Domain ID containing project'), - cfg.StrOpt('project-domain-name', - help='Domain name containing project'), - cfg.StrOpt('trust-id', help='Trust ID'), - ]) - - return options - @six.add_metaclass(abc.ABCMeta) class AuthMethod(object): |