Merge "Rework saharaclient authentication"

2018-07-18 17:57:00 +00:00 · 2018-07-18 17:57:00 +00:00 · 373852038f
parent 408b103cda c5e04d2313
commit 373852038f
5 changed files with 17 additions and 83 deletions
--- a/releasenotes/notes/rework-auth-c3e13a68a935671e.yaml
+++ b/releasenotes/notes/rework-auth-c3e13a68a935671e.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The Sahara client library now only supports authentication with a Keystone
+    session object. Consequently the arguments which `saharaclient.api.Client`
+    accepts, and the order of those arguments, have changed.
--- a/saharaclient/api/client.py
+++ b/saharaclient/api/client.py
@ -13,13 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-import warnings
-
 from keystoneauth1 import adapter
-from keystoneauth1.identity import v2
-from keystoneauth1.identity import v3
-from keystoneauth1 import session as keystone_session
-from keystoneauth1 import token_endpoint

 from saharaclient.api import cluster_templates
 from saharaclient.api import clusters
@ -52,59 +46,21 @@ class Client(object):
    _api_version = '1.1'

    """Client for the OpenStack Data Processing API.
-
-        :param str username: Username for Keystone authentication.
-        :param str api_key: Password for Keystone authentication.
-        :param str project_id: Keystone Tenant id.
-        :param str project_name: Keystone Tenant name.
-        :param str auth_url: Keystone URL that will be used for authentication.
-        :param str sahara_url: Sahara REST API URL to communicate with.
-        :param str endpoint_type: Desired Sahara endpoint type.
-        :param str service_type: Sahara service name in Keystone catalog.
-        :param str input_auth_token: Keystone authorization token.
-        :param session: Keystone Session object.
-        :param auth: Keystone Authentication Plugin object.
-        :param boolean insecure: Allow insecure.
-        :param string cacert: Path to the Privacy Enhanced Mail (PEM) file
-                              which contains certificates needed to establish
-                              SSL connection with the identity service.
+        :param session: Keystone session object. Required.
+        :param string sahara_url: Endpoint override.
+        :param string endpoint_type: Desired Sahara endpoint type.
+        :param string service_type: Sahara service name in Keystone catalog.
        :param string region_name: Name of a region to select when choosing an
                                   endpoint from the service catalog.
    """
-    def __init__(self, username=None, api_key=None, project_id=None,
-                 project_name=None, auth_url=None, sahara_url=None,
+    def __init__(self, session=None, sahara_url=None,
                 endpoint_type='publicURL', service_type='data-processing',
-                 input_auth_token=None, session=None, auth=None,
-                 insecure=False, cacert=None, region_name=None, **kwargs):
+                 region_name=None, **kwargs):

        if not session:
-            warnings.simplefilter('once', category=DeprecationWarning)
-            warnings.warn('Passing authentication parameters to saharaclient '
-                          'is deprecated. Please construct and pass an '
-                          'authenticated session object directly.',
-                          DeprecationWarning)
-            warnings.resetwarnings()
+            raise RuntimeError("Must provide session")

-            if input_auth_token:
-                auth = token_endpoint.Token(sahara_url, input_auth_token)
-
-            else:
-                auth = self._get_keystone_auth(auth_url=auth_url,
-                                               username=username,
-                                               api_key=api_key,
-                                               project_id=project_id,
-                                               project_name=project_name)
-
-            verify = True
-            if insecure:
-                verify = False
-            elif cacert:
-                verify = cacert
-
-            session = keystone_session.Session(verify=verify)
-
-        if not auth:
-            auth = session.auth
+        auth = session.auth

        kwargs['user_agent'] = USER_AGENT
        kwargs.setdefault('interface', endpoint_type)
@ -138,28 +94,6 @@ class Client(object):
        )
        self.job_types = job_types.JobTypesManager(client)

-    def _get_keystone_auth(self, username=None, api_key=None, auth_url=None,
-                           project_id=None, project_name=None):
-        if not auth_url:
-            raise RuntimeError("No auth url specified")
-
-        if 'v2.0' in auth_url:
-            return v2.Password(auth_url=auth_url,
-                               username=username,
-                               password=api_key,
-                               tenant_id=project_id,
-                               tenant_name=project_name)
-        else:
-            # NOTE(jamielennox): Setting these to default is what
-            # keystoneclient does in the event they are not passed.
-            return v3.Password(auth_url=auth_url,
-                               username=username,
-                               password=api_key,
-                               user_domain_id='default',
-                               project_id=project_id,
-                               project_name=project_name,
-                               project_domain_id='default')
-

 class ClientV2(Client):

--- a/saharaclient/osc/plugin.py
+++ b/saharaclient/osc/plugin.py
@ -41,8 +41,6 @@ def make_client(instance):
    client = data_processing_client(
        session=instance.session,
        region_name=instance._region_name,
-        cacert=instance._cacert,
-        insecure=instance._insecure,
        sahara_url=instance._cli_options.data_processing_url,
        **kwargs
        )
--- a/saharaclient/tests/unit/base.py
+++ b/saharaclient/tests/unit/base.py
@ -17,19 +17,19 @@ import testtools
 from saharaclient.api import base
 from saharaclient.api import client

+from keystoneauth1 import session
 from requests_mock.contrib import fixture


 class BaseTestCase(testtools.TestCase):

    URL = 'http://localhost:8386'
-    TOKEN = 'token'
+    SESSION = session.Session()

    def setUp(self):
        super(BaseTestCase, self).setUp()
        self.responses = self.useFixture(fixture.Fixture())
-        self.client = client.Client(sahara_url=self.URL,
-                                    input_auth_token=self.TOKEN)
+        self.client = client.Client(session=self.SESSION, sahara_url=self.URL)

    def assertFields(self, body, obj):
        for key, value in body.items():
--- a/saharaclient/tests/unit/osc/test_plugin.py
+++ b/saharaclient/tests/unit/osc/test_plugin.py
@ -28,15 +28,11 @@ class TestDataProcessingPlugin(base.BaseTestCase):
        instance._api_version = {"data_processing": '1.1'}
        instance.session = 'session'
        instance._region_name = 'region_name'
-        instance._cacert = 'cacert'
-        instance._insecure = 'insecure'
        instance._cli_options.data_processing_url = 'url'
        instance._interface = 'public'

        plugin.make_client(instance)
        p_client.assert_called_with(session='session',
                                    region_name='region_name',
-                                    cacert='cacert',
-                                    insecure='insecure',
                                    sahara_url='url',
                                    endpoint_type='public')