From db8698f0ab78e5dad3d86b05d6f9b5a75c1f4e4b Mon Sep 17 00:00:00 2001
From: lin-hua-cheng <os.lcheng@gmail.com>
Date: Sun, 29 Mar 2015 20:44:01 -0700
Subject: Add token auth plugin

Change-Id: Icdbd11b3b138749b055153cb1176edc89ef5eea6
---
 openstack_auth/backend.py         |  3 ++-
 openstack_auth/plugin/__init__.py |  4 +++-
 openstack_auth/plugin/token.py    | 41 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 openstack_auth/plugin/token.py

diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
index 8fb0d40..03db3d9 100644
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@@ -42,7 +42,8 @@ class KeystoneBackend(object):
             plugins = getattr(
                 settings,
                 'AUTHENTICATION_PLUGINS',
-                ['openstack_auth.plugin.password.PasswordPlugin'])
+                ['openstack_auth.plugin.password.PasswordPlugin',
+                 'openstack_auth.plugin.token.TokenPlugin'])
 
             self._auth_plugins = [utils.import_string(p)() for p in plugins]
 
diff --git a/openstack_auth/plugin/__init__.py b/openstack_auth/plugin/__init__.py
index 26c2b49..64caeac 100644
--- a/openstack_auth/plugin/__init__.py
+++ b/openstack_auth/plugin/__init__.py
@@ -12,7 +12,9 @@
 
 from openstack_auth.plugin.base import *  # noqa
 from openstack_auth.plugin.password import *  # noqa
+from openstack_auth.plugin.token import *  # noqa
 
 
 __all__ = ['BasePlugin',
-           'PasswordPlugin']
+           'PasswordPlugin',
+           'TokenPlugin']
diff --git a/openstack_auth/plugin/token.py b/openstack_auth/plugin/token.py
new file mode 100644
index 0000000..cea10a3
--- /dev/null
+++ b/openstack_auth/plugin/token.py
@@ -0,0 +1,41 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient.auth.identity import v2 as v2_auth
+from keystoneclient.auth.identity import v3 as v3_auth
+
+from openstack_auth.plugin import base
+from openstack_auth import utils
+
+
+__all__ = ['TokenPlugin']
+
+
+class TokenPlugin(base.BasePlugin):
+    """Authenticate against keystone with an existing token."""
+
+    def get_plugin(self, auth_url=None, token=None, project_id=None,
+                   **kwargs):
+        if not all((auth_url, token)):
+            return None
+
+        if utils.get_keystone_version() >= 3:
+            return v3_auth.Token(auth_url=auth_url,
+                                 token=token,
+                                 project_id=project_id,
+                                 reauthenticate=False)
+
+        else:
+            return v2_auth.Token(auth_url=auth_url,
+                                 token=token,
+                                 tenant_id=project_id,
+                                 reauthenticate=False)
-- 
cgit v1.2.1