Use keystoneauth1 instead of keystoneclient
The keystoneclient session has been deprecated in favour of
keystoneauth1. To make this cleaner a few unnecessary usages of
keystoneclient are cleaned up.
Change-Id: I8bfcff53165a18f94c600797dd8105d64d948e7a
Jamie Lennox
7 years ago
21 | 21 | from cryptography.hazmat import backends |
22 | 22 | from cryptography.hazmat.primitives import serialization |
23 | 23 | from cryptography import x509 as cryptography_x509 |
24 | from keystoneclient.auth import identity | |
25 | from keystoneclient import session | |
24 | from keystoneauth1 import identity | |
25 | from keystoneauth1 import loading | |
26 | from keystoneauth1 import session | |
26 | 27 | from oslo_config import cfg |
27 | 28 | from oslo_log import log as logging |
28 | 29 | from oslo_utils import excutils |
84 | 85 | self._base_url = None |
85 | 86 | self.conf = configuration |
86 | 87 | self.conf.register_opts(barbican_opts, group=BARBICAN_OPT_GROUP) |
87 | session.Session.register_conf_options(self.conf, BARBICAN_OPT_GROUP) | |
88 | loading.register_session_conf_options(self.conf, BARBICAN_OPT_GROUP) | |
88 | 89 | |
89 | 90 | def _get_barbican_client(self, context): |
90 | 91 | """Creates a client to connect to the Barbican service. |
129 | 130 | auth_url = self.conf.barbican.auth_endpoint |
130 | 131 | |
131 | 132 | if context.__class__.__name__ is 'KeystonePassword': |
132 | return identity.v3.Password( | |
133 | return identity.V3Password( | |
133 | 134 | auth_url=auth_url, |
134 | 135 | username=context.username, |
135 | 136 | password=context.password, |
145 | 146 | project_domain_name=context.project_domain_name, |
146 | 147 | reauthenticate=context.reauthenticate) |
147 | 148 | elif context.__class__.__name__ is 'KeystoneToken': |
148 | return identity.v3.Token( | |
149 | return identity.V3Token( | |
149 | 150 | auth_url=auth_url, |
150 | 151 | token=context.token, |
151 | 152 | trust_id=context.trust_id, |
159 | 160 | # this will be kept for oslo.context compatibility until |
160 | 161 | # projects begin to use utils.credential_factory |
161 | 162 | elif context.__class__.__name__ is 'RequestContext': |
162 | return identity.v3.Token( | |
163 | return identity.V3Token( | |
163 | 164 | auth_url=auth_url, |
164 | 165 | token=context.auth_token, |
165 | 166 | project_id=context.tenant) |
20 | 20 | import abc |
21 | 21 | import uuid |
22 | 22 | |
23 | from keystoneclient.auth.identity import v3 | |
24 | from keystoneclient import session | |
25 | from keystoneclient.v3 import client | |
23 | from keystoneauth1 import identity | |
24 | from keystoneauth1 import session | |
26 | 25 | from oslo_config import cfg |
27 | 26 | from oslo_context import context |
28 | 27 | from oslotest import base |
112 | 111 | user_domain_name = CONF.identity.user_domain_name |
113 | 112 | project_domain_name = CONF.identity.project_domain_name |
114 | 113 | |
115 | auth = v3.Password(auth_url=auth_url, | |
116 | username=username, | |
117 | password=password, | |
118 | project_name=project_name, | |
119 | user_domain_name=user_domain_name, | |
120 | project_domain_name=project_domain_name) | |
114 | auth = identity.V3Password(auth_url=auth_url, | |
115 | username=username, | |
116 | password=password, | |
117 | project_name=project_name, | |
118 | user_domain_name=user_domain_name, | |
119 | project_domain_name=project_domain_name) | |
121 | 120 | sess = session.Session(auth=auth) |
122 | keystone_client = client.Client(session=sess) | |
123 | 121 | |
124 | project_list = keystone_client.projects.list(name=project_name) | |
125 | ||
126 | ctxt = context.RequestContext( | |
127 | auth_token=auth.auth_ref.auth_token, | |
128 | tenant=project_list[0].id) | |
129 | ||
130 | return ctxt | |
122 | return context.RequestContext(auth_token=auth.get_token(sess), | |
123 | tenant=auth.get_project_id(sess)) | |
131 | 124 | |
132 | 125 | |
133 | 126 | class BarbicanKeyManagerKSPasswordTestCase(BarbicanKeyManagerTestCase, |
160 | 153 | user_domain_name = CONF.identity.user_domain_name |
161 | 154 | project_domain_name = CONF.identity.project_domain_name |
162 | 155 | |
163 | auth = v3.Password(auth_url=auth_url, | |
164 | username=username, | |
165 | password=password, | |
166 | project_name=project_name, | |
167 | user_domain_name=user_domain_name, | |
168 | project_domain_name=project_domain_name) | |
169 | sess = session.Session(auth=auth) | |
170 | keystone_client = client.Client(session=sess) | |
156 | auth = identity.V3Password(auth_url=auth_url, | |
157 | username=username, | |
158 | password=password, | |
159 | project_name=project_name, | |
160 | user_domain_name=user_domain_name, | |
161 | project_domain_name=project_domain_name) | |
162 | sess = session.Session() | |
171 | 163 | |
172 | project_list = keystone_client.projects.list(name=project_name) | |
173 | ||
174 | ctxt = keystone_token.KeystoneToken( | |
175 | token=auth.auth_ref.auth_token, | |
176 | project_id=project_list[0].id) | |
177 | ||
178 | return ctxt | |
164 | return keystone_token.KeystoneToken( | |
165 | token=auth.get_token(sess), | |
166 | project_id=auth.get_project_id(sess)) |
51 | 51 | .. note:: |
52 | 52 | |
53 | 53 | Keystone Token and Password authentication is achieved using |
54 | keystoneclient.auth.identity.v3 Token and Password auth plugins. | |
54 | keystoneauth1.identity Token and Password auth plugins. | |
55 | 55 | There are a variety of different variables which can be set for the |
56 | 56 | keystone credential options. |
57 | 57 | |
87 | 87 | |
88 | 88 | .. code:: python |
89 | 89 | |
90 | from keystoneclient.v3 import client | |
90 | from keystoneauth1 import identity | |
91 | from keystoneauth1 import session | |
91 | 92 | from oslo_context import context |
92 | 93 | |
93 | 94 | username = 'admin' |
94 | 95 | password = 'openstack' |
95 | 96 | project_name = 'admin' |
96 | auth_url = 'http://localhost:5000/v3' | |
97 | keystone_client = client.Client(username=username, | |
98 | password=password, | |
99 | project_name=project_name, | |
100 | auth_url=auth_url, | |
101 | project_domain_id='default') | |
102 | ||
103 | project_list = keystone_client.projects.list(name=project_name) | |
104 | ||
105 | ctxt = context.RequestContext(auth_token=keystone_client.auth_token, | |
106 | tenant=project_list[0].id) | |
97 | auth_url = 'http://localhost:5000/' | |
98 | auth = identity.Password(auth_url=auth_url, | |
99 | username=username, | |
100 | password=password, | |
101 | project_name=project_name, | |
102 | default_domain_id='default') | |
103 | sess = session.Session() | |
104 | ||
105 | ctxt = context.RequestContext(auth_token=auth.get_token(sess), | |
106 | tenant=auth.get_project_id(sess)) | |
107 | 107 | |
108 | 108 | ctxt can then be passed into any key_manager api call. |
109 | 109 |