Authentication Plugin Support
Begin using Keystone client's auth plugins and clean up the authentication options
The first step is to switch to utilizing the ksc plugins: https:/
The auth options need to be cleaned up
The library client creation needs to be cleaned up, particularly where the client accepts a ksc Session now.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- Dean Troyer
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- m6
- Started by
- Dean Troyer
- Completed by
- Dean Troyer
Related branches
Related bugs
Sprints
Whiteboard
* Clarify token-flow vs v[23]Token plugin auth: The ksc Token plugin wants OS_AUTH_URL and OS_TOKEN where the traditional token-flow uses OS_URL and OS_TOKEN and does not set up any auth plugin instance. We should remove the special-case for token-flow and either use ksc's auth.token_
* Clean up option checks: most of those checks can/should now be done by the auth plugins directly. A few sanity checks may still be required and the token-flow vs Token plugin needs to be sorted.
https:/
* Convert all client make_client() functions to use Session if possible, otherwise get token/endpoint from auth plugin.
* Remove now-unnecessary old auth attributes from ClientManager
Final cleanup commit: https:/
Work Items
Work items:
Use ksc Session and plugins (https:/
Load auth plugins as requested/required (https:/
Clean up option checks in shell.py: DONE
Clarify usage of token-flow auth vs v[23]Token plugin auth: DONE
Use Session in make_client() functions if possible, otherwise get token/endpoint from auth plugin: DONE
Remove now-unnecessary old auth attributes from ClientManager: DONE