Follow ups to Authentication Plugins

Address the comments made in the original authentication plugins patch.

 * Add some additional logging to the standard username and password
   plugin.
 * Change the login error message to reflect additional authentication
   mechanisms.
 * Log a warning if no suitable authentication plugin is found. Given
   the way horizon relies solely upon DOA the only real way this should
   happen is a configuration error.

Change-Id: Ib827f26da793ef2e43b8f5a0f194293f442b3341

3 files changed, 11 insertions, 4 deletions

diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
index 437b09b..c3104b5 100644
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@@ -94,6 +94,9 @@ class KeystoneBackend(object):
             if unscoped_auth:
                 break
         else:
+            LOG.warn('No authentication backend could be determined to '
+                     'handle the provided credentials. This is likely a '
+                     'configuration error that should be addressed.')
             return None
 
         session = utils.get_session()
@@ -104,9 +107,8 @@ class KeystoneBackend(object):
         except (keystone_exceptions.Unauthorized,
                 keystone_exceptions.Forbidden,
                 keystone_exceptions.NotFound) as exc:
-            msg = _('Invalid user name or password.')
             LOG.debug(str(exc))
-            raise exceptions.KeystoneAuthException(msg)
+            raise exceptions.KeystoneAuthException(_('Invalid credentials.'))
         except (keystone_exceptions.ClientException,
                 keystone_exceptions.AuthorizationFailure) as exc:
             msg = _("An error occurred authenticating. "
diff --git a/openstack_auth/plugin/password.py b/openstack_auth/plugin/password.py
index 4a1e7c1..484adc2 100644
--- a/openstack_auth/plugin/password.py
+++ b/openstack_auth/plugin/password.py
@@ -10,12 +10,15 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import logging
+
 from keystoneclient.auth.identity import v2 as v2_auth
 from keystoneclient.auth.identity import v3 as v3_auth
 
 from openstack_auth.plugin import base
 from openstack_auth import utils
 
+LOG = logging.getLogger(__name__)
 
 __all__ = ['PasswordPlugin']
 
@@ -33,6 +36,8 @@ class PasswordPlugin(base.BasePlugin):
         if not all((auth_url, username, password)):
             return None
 
+        LOG.debug('Attempting to authenticate for %s', username)
+
         if utils.get_keystone_version() >= 3:
             return v3_auth.Password(auth_url=auth_url,
                                     username=username,
diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py
index 7baa896..dbfa345 100644
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@@ -280,7 +280,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
         # POST to the page to log in.
         response = self.client.post(url, form_data)
         self.assertTemplateUsed(response, 'auth/login.html')
-        self.assertContains(response, "Invalid user name or password.")
+        self.assertContains(response, "Invalid credentials.")
 
     def test_exception(self):
         user = self.data.user
@@ -628,7 +628,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
         # POST to the page to log in.
         response = self.client.post(url, form_data)
         self.assertTemplateUsed(response, 'auth/login.html')
-        self.assertContains(response, "Invalid user name or password.")
+        self.assertContains(response, "Invalid credentials.")
 
     def test_exception(self):
         user = self.data.user