Multiversion authentication part1
Moves authentication from rest_client to an external auth_provider,
assigned to the client by the client manager.
The auth provider can decorate a request based on credentials (coming
from the client manager) and filters (region, service, endpoint_type)
given by the client. The auth provider can also return the raw
auth_data, which in the Keystone implementation is a tuple (token,
auth_data). The auth provider allows mixing multiple credentials
when decorating a request, possibly using empty or invalid credentials,
to facilitate negative tests.
The auth provider caches auth data, so that all API requests for a
specific set of credentials only require a single call to obtain a
token, unless the token expires or is forcefully deleted from the
auth provder.
Two implementations of the auth provider are included: Keystonev2 and
Keystonev3. The Manager object behaves as factory of auth_providers,
building the correct one based on the configured auth_version, and on
the interface type (JSON or XML).
Fixes endpoint selection for v3 auth. Drops unused basic_auth.
Extends TokenClients to provide both token and auth data,
and accept different combinations of credentials for v3.
Removes redundant server_client_v3_auth.
Adapts tempest unit tests to work with modified rest client.
Introduces a configuration parameter for authentication version to be
used. That is used when instantiating the client manager, and it
applies to all clients used by api tests.
Next steps (next patches):
- move to credentials as dict (as opposed to tuple)
- expose a get_client method from the client manager
and create clients only when requested
- remove redundant CustomizedHeader object storage clients
- supports keystone v3 in tenant isolation
- use Auth Provider in scenario tests
- use Auth Provider in CLI tests
- implement parsing of catalog XML format (?)
Partially implements: bp multi-keystone-api-version-tests
Change-Id: Icfa921e9051c01f339f8d2471b12d6ec950cc456
diff --git a/tempest/services/identity/v3/xml/policy_client.py b/tempest/services/identity/v3/xml/policy_client.py
index 54b4ad8..429c6a4 100644
--- a/tempest/services/identity/v3/xml/policy_client.py
+++ b/tempest/services/identity/v3/xml/policy_client.py
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-from urlparse import urlparse
-
from lxml import etree
from tempest.common import http
@@ -31,11 +29,11 @@
class PolicyClientXML(RestClientXML):
- def __init__(self, username, password, auth_url, tenant_name=None):
- super(PolicyClientXML, self).__init__(username, password,
- auth_url, tenant_name)
+ def __init__(self, auth_provider):
+ super(PolicyClientXML, self).__init__(auth_provider)
self.service = CONF.identity.catalog_type
self.endpoint_url = 'adminURL'
+ self.api_version = "v3"
def _parse_array(self, node):
array = []
@@ -54,9 +52,6 @@
dscv = CONF.identity.disable_ssl_certificate_validation
self.http_obj = http.ClosingHttp(
disable_ssl_certificate_validation=dscv)
- self._set_auth()
- self.base_url = self.base_url.replace(urlparse(self.base_url).path,
- "/v3")
return super(PolicyClientXML, self).request(method, url,
headers=headers,
body=body)