From c5e04d23132abed34320cf2d6963acee8affb33f Mon Sep 17 00:00:00 2001 From: Jeremy Freudberg Date: Fri, 6 Jul 2018 11:26:14 -0400 Subject: Rework saharaclient authentication Just accept session objects. This will require a new major release of python-saharaclient (2.0). Change-Id: I9021a7ebeeecf94d48170e332b26ac6e80187501 Story: 1747838 Task: 6896 --- .../notes/rework-auth-c3e13a68a935671e.yaml | 6 ++ saharaclient/api/client.py | 84 +++------------------- saharaclient/osc/plugin.py | 2 - saharaclient/tests/unit/base.py | 6 +- saharaclient/tests/unit/osc/test_plugin.py | 4 -- 5 files changed, 18 insertions(+), 84 deletions(-) create mode 100644 releasenotes/notes/rework-auth-c3e13a68a935671e.yaml diff --git a/releasenotes/notes/rework-auth-c3e13a68a935671e.yaml b/releasenotes/notes/rework-auth-c3e13a68a935671e.yaml new file mode 100644 index 0000000..a85282e --- /dev/null +++ b/releasenotes/notes/rework-auth-c3e13a68a935671e.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The Sahara client library now only supports authentication with a Keystone + session object. Consequently the arguments which `saharaclient.api.Client` + accepts, and the order of those arguments, have changed. diff --git a/saharaclient/api/client.py b/saharaclient/api/client.py index adfaeed..697bc8d 100644 --- a/saharaclient/api/client.py +++ b/saharaclient/api/client.py @@ -13,13 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -import warnings - from keystoneauth1 import adapter -from keystoneauth1.identity import v2 -from keystoneauth1.identity import v3 -from keystoneauth1 import session as keystone_session -from keystoneauth1 import token_endpoint from saharaclient.api import cluster_templates from saharaclient.api import clusters @@ -52,59 +46,21 @@ class Client(object): _api_version = '1.1' """Client for the OpenStack Data Processing API. - - :param str username: Username for Keystone authentication. - :param str api_key: Password for Keystone authentication. - :param str project_id: Keystone Tenant id. - :param str project_name: Keystone Tenant name. - :param str auth_url: Keystone URL that will be used for authentication. - :param str sahara_url: Sahara REST API URL to communicate with. - :param str endpoint_type: Desired Sahara endpoint type. - :param str service_type: Sahara service name in Keystone catalog. - :param str input_auth_token: Keystone authorization token. - :param session: Keystone Session object. - :param auth: Keystone Authentication Plugin object. - :param boolean insecure: Allow insecure. - :param string cacert: Path to the Privacy Enhanced Mail (PEM) file - which contains certificates needed to establish - SSL connection with the identity service. + :param session: Keystone session object. Required. + :param string sahara_url: Endpoint override. + :param string endpoint_type: Desired Sahara endpoint type. + :param string service_type: Sahara service name in Keystone catalog. :param string region_name: Name of a region to select when choosing an endpoint from the service catalog. """ - def __init__(self, username=None, api_key=None, project_id=None, - project_name=None, auth_url=None, sahara_url=None, + def __init__(self, session=None, sahara_url=None, endpoint_type='publicURL', service_type='data-processing', - input_auth_token=None, session=None, auth=None, - insecure=False, cacert=None, region_name=None, **kwargs): + region_name=None, **kwargs): if not session: - warnings.simplefilter('once', category=DeprecationWarning) - warnings.warn('Passing authentication parameters to saharaclient ' - 'is deprecated. Please construct and pass an ' - 'authenticated session object directly.', - DeprecationWarning) - warnings.resetwarnings() - - if input_auth_token: - auth = token_endpoint.Token(sahara_url, input_auth_token) - - else: - auth = self._get_keystone_auth(auth_url=auth_url, - username=username, - api_key=api_key, - project_id=project_id, - project_name=project_name) - - verify = True - if insecure: - verify = False - elif cacert: - verify = cacert - - session = keystone_session.Session(verify=verify) - - if not auth: - auth = session.auth + raise RuntimeError("Must provide session") + + auth = session.auth kwargs['user_agent'] = USER_AGENT kwargs.setdefault('interface', endpoint_type) @@ -138,28 +94,6 @@ class Client(object): ) self.job_types = job_types.JobTypesManager(client) - def _get_keystone_auth(self, username=None, api_key=None, auth_url=None, - project_id=None, project_name=None): - if not auth_url: - raise RuntimeError("No auth url specified") - - if 'v2.0' in auth_url: - return v2.Password(auth_url=auth_url, - username=username, - password=api_key, - tenant_id=project_id, - tenant_name=project_name) - else: - # NOTE(jamielennox): Setting these to default is what - # keystoneclient does in the event they are not passed. - return v3.Password(auth_url=auth_url, - username=username, - password=api_key, - user_domain_id='default', - project_id=project_id, - project_name=project_name, - project_domain_id='default') - class ClientV2(Client): diff --git a/saharaclient/osc/plugin.py b/saharaclient/osc/plugin.py index c5b7024..52fb5cc 100644 --- a/saharaclient/osc/plugin.py +++ b/saharaclient/osc/plugin.py @@ -41,8 +41,6 @@ def make_client(instance): client = data_processing_client( session=instance.session, region_name=instance._region_name, - cacert=instance._cacert, - insecure=instance._insecure, sahara_url=instance._cli_options.data_processing_url, **kwargs ) diff --git a/saharaclient/tests/unit/base.py b/saharaclient/tests/unit/base.py index 6d95f6a..ff23616 100644 --- a/saharaclient/tests/unit/base.py +++ b/saharaclient/tests/unit/base.py @@ -17,19 +17,19 @@ import testtools from saharaclient.api import base from saharaclient.api import client +from keystoneauth1 import session from requests_mock.contrib import fixture class BaseTestCase(testtools.TestCase): URL = 'http://localhost:8386' - TOKEN = 'token' + SESSION = session.Session() def setUp(self): super(BaseTestCase, self).setUp() self.responses = self.useFixture(fixture.Fixture()) - self.client = client.Client(sahara_url=self.URL, - input_auth_token=self.TOKEN) + self.client = client.Client(session=self.SESSION, sahara_url=self.URL) def assertFields(self, body, obj): for key, value in body.items(): diff --git a/saharaclient/tests/unit/osc/test_plugin.py b/saharaclient/tests/unit/osc/test_plugin.py index 6e288b9..5006c5c 100644 --- a/saharaclient/tests/unit/osc/test_plugin.py +++ b/saharaclient/tests/unit/osc/test_plugin.py @@ -28,15 +28,11 @@ class TestDataProcessingPlugin(base.BaseTestCase): instance._api_version = {"data_processing": '1.1'} instance.session = 'session' instance._region_name = 'region_name' - instance._cacert = 'cacert' - instance._insecure = 'insecure' instance._cli_options.data_processing_url = 'url' instance._interface = 'public' plugin.make_client(instance) p_client.assert_called_with(session='session', region_name='region_name', - cacert='cacert', - insecure='insecure', sahara_url='url', endpoint_type='public') -- cgit v1.2.1