1 files changed, 113 insertions, 45 deletions

diff --git a/ceilometerclient/client.py b/ceilometerclient/client.py
index b66e547..283e24e 100644
--- a/ceilometerclient/client.py
+++ b/ceilometerclient/client.py
@@ -14,10 +14,11 @@ from keystoneclient.auth.identity import v2 as v2_auth
 from keystoneclient.auth.identity import v3 as v3_auth
 from keystoneclient import discover
 from keystoneclient import session
-import six
 
 from ceilometerclient.common import utils
 from ceilometerclient import exc
+from ceilometerclient.openstack.common.apiclient import auth
+from ceilometerclient.openstack.common.apiclient import exceptions
 
 
 def _get_keystone_session(**kwargs):
@@ -139,12 +140,94 @@ def _get_endpoint(ks_session, **kwargs):
     return endpoint
 
 
-def get_client(api_version, **kwargs):
+class AuthPlugin(auth.BaseAuthPlugin):
+    opt_names = ['tenant_id', 'region_name', 'auth_token',
+                 'service_type', 'endpoint_type', 'cacert',
+                 'auth_url', 'insecure', 'cert_file', 'key_file',
+                 'cert', 'key', 'tenant_name', 'project_name',
+                 'project_id', 'user_domain_id', 'user_domain_name',
+                 'password', 'username']
+
+    def __init__(self, auth_system=None, **kwargs):
+        self.opt_names.extend(self.common_opt_names)
+        super(AuthPlugin, self).__init__(auth_system, **kwargs)
+
+    def _do_authenticate(self, http_client):
+        if self.opts.get('token') and self.opts.get('endpoint'):
+            token = self.opts.get('token')
+            endpoint = self.opts.get('endpoint')
+        else:
+            project_id = self.opts.get('project_id') \
+                or self.opts.get('tenant_id')
+            project_name = (self.opts.get('project_name') or
+                            self.opts.get('tenant_name'))
+            ks_kwargs = {
+                'username': self.opts.get('username'),
+                'password': self.opts.get('password'),
+                'user_id': self.opts.get('user_id'),
+                'user_domain_id': self.opts.get('user_domain_id'),
+                'user_domain_name': self.opts.get('user_domain_name'),
+                'project_id': project_id,
+                'project_name': project_name,
+                'project_domain_name': self.opts.get('project_domain_name'),
+                'project_domain_id': self.opts.get('project_domain_id'),
+                'auth_url': self.opts.get('auth_url'),
+                'cacert': self.opts.get('cacert'),
+                'cert': self.opts.get('cert'),
+                'key': self.opts.get('key'),
+                'insecure': self.opts.get('insecure')
+            }
+
+            # retrieve session
+            ks_session = _get_keystone_session(**ks_kwargs)
+            token = lambda: ks_session.get_token()
+            endpoint = self.opts.get('endpoint') or \
+                _get_endpoint(ks_session, **ks_kwargs)
+        self.opts['token'] = token()
+        self.opts['endpoint'] = endpoint
+
+    def token_and_endpoint(self, endpoint_type, service_type):
+        token = self.opts.get('token')
+        if callable(token):
+            token = token()
+        return token, self.opts.get('endpoint')
+
+    def sufficient_options(self):
+        """Check if all required options are present.
+
+        :raises: AuthPluginOptionsMissing
+        """
+        missing = not ((self.opts.get('token') and
+                        self.opts.get('endpoint')) or
+                       (self.opts.get('username')
+                        and self.opts.get('password')
+                        and self.opts.get('auth_url') and
+                        (self.opts.get('tenant_id')
+                        or self.opts.get('tenant_name'))))
+
+        if missing:
+            missing_opts = []
+            opts = ['token', 'endpoint', 'username', 'password', 'auth_url',
+                    'tenant_id', 'tenant_name']
+            for opt in opts:
+                if not self.opts.get(opt):
+                    missing_opts.append(opt)
+            raise exceptions.AuthPluginOptionsMissing(missing_opts)
+
+
+def Client(version, *args, **kwargs):
+    module = utils.import_versioned_module(version, 'client')
+    client_class = getattr(module, 'Client')
+    return client_class(*args, **kwargs)
+
+
+def get_client(version, **kwargs):
     """Get an authtenticated client, based on the credentials
-       in the keyword args.
+        in the keyword args.
 
     :param api_version: the API version to use ('1' or '2')
     :param kwargs: keyword args containing credentials, either:
+
             * os_auth_token: pre-existing token to re-use
             * ceilometer_url: ceilometer API endpoint
             or:
@@ -164,53 +247,38 @@ def get_client(api_version, **kwargs):
             * os_key: SSL private key
             * insecure: allow insecure SSL (no cert verification)
     """
-    token = kwargs.get('os_auth_token')
-    if token and not six.callable(token):
-        token = lambda: kwargs.get('os_auth_token')
-
-    if token and kwargs.get('ceilometer_url'):
-        endpoint = kwargs.get('ceilometer_url')
-    else:
-        project_id = kwargs.get('os_project_id') or kwargs.get('os_tenant_id')
-        project_name = (kwargs.get('os_project_name') or
-                        kwargs.get('os_tenant_name'))
-        ks_kwargs = {
-            'username': kwargs.get('os_username'),
-            'password': kwargs.get('os_password'),
-            'user_id': kwargs.get('os_user_id'),
-            'user_domain_id': kwargs.get('os_user_domain_id'),
-            'user_domain_name': kwargs.get('os_user_domain_name'),
-            'project_id': project_id,
-            'project_name': project_name,
-            'project_domain_name': kwargs.get('os_project_domain_name'),
-            'project_domain_id': kwargs.get('os_project_domain_id'),
-            'auth_url': kwargs.get('os_auth_url'),
-            'cacert': kwargs.get('os_cacert'),
-            'cert': kwargs.get('os_cert'),
-            'key': kwargs.get('os_key'),
-            'insecure': kwargs.get('insecure')
-        }
-
-        # retrieve session
-        ks_session = _get_keystone_session(**ks_kwargs)
-        token = token or (lambda: ks_session.get_token())
-
-        endpoint = kwargs.get('ceilometer_url') or \
-            _get_endpoint(ks_session, **ks_kwargs)
+    endpoint = kwargs.get('ceilometer_url')
 
     cli_kwargs = {
-        'token': token,
-        'insecure': kwargs.get('insecure'),
-        'timeout': kwargs.get('timeout'),
+        'username': kwargs.get('os_username'),
+        'password': kwargs.get('os_password'),
+        'tenant_id': kwargs.get('os_tenant_id'),
+        'tenant_name': kwargs.get('os_tenant_name'),
+        'auth_url': kwargs.get('os_auth_url'),
+        'region_name': kwargs.get('os_region_name'),
+        'service_type': kwargs.get('os_service_type'),
+        'endpoint_type': kwargs.get('os_endpoint_type'),
         'cacert': kwargs.get('os_cacert'),
         'cert_file': kwargs.get('os_cert'),
-        'key_file': kwargs.get('os_key')
+        'key_file': kwargs.get('os_key'),
+        'token': kwargs.get('os_auth_token'),
     }
 
-    return Client(api_version, endpoint, **cli_kwargs)
+    cli_kwargs.update(kwargs)
+    return Client(version, endpoint, **cli_kwargs)
 
 
-def Client(version, *args, **kwargs):
-    module = utils.import_versioned_module(version, 'client')
-    client_class = getattr(module, 'Client')
-    return client_class(*args, **kwargs)
+def get_auth_plugin(endpoint, **kwargs):
+    auth_plugin = AuthPlugin(
+        auth_url=kwargs.get('auth_url'),
+        service_type=kwargs.get('service_type'),
+        token=kwargs.get('token'),
+        endpoint_type=kwargs.get('endpoint_type'),
+        cacert=kwargs.get('ca_file'),
+        tenant_id=kwargs.get('project_id') or kwargs.get('tenant_id'),
+        endpoint=endpoint,
+        username=kwargs.get('username'),
+        password=kwargs.get('password'),
+        tenant_name=kwargs.get('tenant_name'),
+    )
+    return auth_plugin