Multiversion authentication part1

Moves authentication from rest_client to an external auth_provider,
assigned to the client by the client manager.

The auth provider can decorate a request based on credentials (coming
from the client manager) and filters (region, service, endpoint_type)
given by the client. The auth provider can also return the raw
auth_data, which in the Keystone implementation is a tuple (token,
auth_data). The auth provider allows mixing multiple credentials
when decorating a request, possibly using empty or invalid credentials,
to facilitate negative tests.

The auth provider caches auth data, so that all API requests for a
specific set of credentials only require a single call to obtain a
token, unless the token expires or is forcefully deleted from the
auth provder.

Two implementations of the auth provider are included: Keystonev2 and
Keystonev3.  The Manager object behaves as factory of auth_providers,
building the correct one based on the configured auth_version, and on
the interface type (JSON or XML).

Fixes endpoint selection for v3 auth. Drops unused basic_auth.
Extends TokenClients to provide both token and auth data,
and accept different combinations of credentials for v3.
Removes redundant server_client_v3_auth.

Adapts tempest unit tests to work with modified rest client.

Introduces a configuration parameter for authentication version to be
used. That is used when instantiating the client manager, and it
applies to all clients used by api tests.

Next steps (next patches):
- move to credentials as dict (as opposed to tuple)
- expose a get_client method from the client manager
  and create clients only when requested
- remove redundant CustomizedHeader object storage clients
- supports keystone v3 in tenant isolation
- use Auth Provider in scenario tests
- use Auth Provider in CLI tests
- implement parsing of catalog XML format (?)

Partially implements: bp multi-keystone-api-version-tests

Change-Id: Icfa921e9051c01f339f8d2471b12d6ec950cc456
diff --git a/tempest/api/identity/admin/test_users_negative.py b/tempest/api/identity/admin/test_users_negative.py
index ba7af09..e9e7818 100644
--- a/tempest/api/identity/admin/test_users_negative.py
+++ b/tempest/api/identity/admin/test_users_negative.py
@@ -75,7 +75,7 @@
         # Request to create a user without a valid token should fail
         self.data.setup_test_tenant()
         # Get the token of the current client
-        token = self.client.get_auth()
+        token = self.client.auth_provider.get_token()
         # Delete the token from database
         self.client.delete_token(token)
         self.assertRaises(exceptions.Unauthorized, self.client.create_user,
@@ -83,7 +83,7 @@
                           self.data.tenant['id'], self.alt_email)
 
         # Unset the token to allow further tests to generate a new token
-        self.client.clear_auth()
+        self.client.auth_provider.clear_auth()
 
     @attr(type=['negative', 'gate'])
     def test_create_user_with_enabled_non_bool(self):
@@ -108,14 +108,14 @@
         # Request to update a user without a valid token should fail
 
         # Get the token of the current client
-        token = self.client.get_auth()
+        token = self.client.auth_provider.get_token()
         # Delete the token from database
         self.client.delete_token(token)
         self.assertRaises(exceptions.Unauthorized, self.client.update_user,
                           self.alt_user)
 
         # Unset the token to allow further tests to generate a new token
-        self.client.clear_auth()
+        self.client.auth_provider.clear_auth()
 
     @attr(type=['negative', 'gate'])
     def test_update_user_by_unauthorized_user(self):
@@ -143,14 +143,14 @@
         # Request to delete a user without a valid token should fail
 
         # Get the token of the current client
-        token = self.client.get_auth()
+        token = self.client.auth_provider.get_token()
         # Delete the token from database
         self.client.delete_token(token)
         self.assertRaises(exceptions.Unauthorized, self.client.delete_user,
                           self.alt_user)
 
         # Unset the token to allow further tests to generate a new token
-        self.client.clear_auth()
+        self.client.auth_provider.clear_auth()
 
     @attr(type=['negative', 'gate'])
     def test_authentication_for_disabled_user(self):
@@ -207,10 +207,10 @@
     @attr(type=['negative', 'gate'])
     def test_get_users_request_without_token(self):
         # Request to get list of users without a valid token should fail
-        token = self.client.get_auth()
+        token = self.client.auth_provider.auth_data[0]
         self.client.delete_token(token)
         self.assertRaises(exceptions.Unauthorized, self.client.get_users)
-        self.client.clear_auth()
+        self.client.auth_provider.clear_auth()
 
     @attr(type=['negative', 'gate'])
     def test_list_users_with_invalid_tenant(self):