Return keystoneauth plugins based on auth args

We know all of the things that we need to know to return an appropriate
auth plugin from keystoneauth based on the auth parameters. This also
introduces a hard-depend on keystoneauth, which should be fine since
keystoneauth itself has a very low dependency count.

We'll also use ksa to help validate auth parameters when we're doing
the config processing.

Change-Id: Ia1a1a4adb4dcefed5d7607082e026ca7361f394d

os_client_config/cloud_config.py

@@ -14,6 +14,8 @@
 
 import warnings
 
+from keystoneauth1 import loading
+
 
 class CloudConfig(object):
     def __init__(self, name, region, config, prefer_ipv6=False):
@@ -106,3 +108,17 @@ class CloudConfig(object):
     @property
     def prefer_ipv6(self):
         return self._prefer_ipv6
+
+    def get_auth(self):
+        """Return a keystoneauth plugin from the auth credentials."""
+        # Re-use the admin_token plugin for the "None" plugin
+        # since it does not look up endpoints or tokens but rather
+        # does a passthrough. This is useful for things like Ironic
+        # that have a keystoneless operational mode, but means we're
+        # still dealing with a keystoneauth Session object, so all the
+        # _other_ things (SSL arg handling, timeout) all work consistently
+        if self.config['auth_type'] in (None, "None", ''):
+            self.config['auth_type'] = 'admin_token'
+            self.config['auth']['token'] = None
+        loader = loading.get_plugin_loader(self.config['auth_type'])
+        return loader.load_from_options(**self.config['auth'])

requirements.txt

@@ -3,3 +3,4 @@
 # process, which may cause wedges in the gate later.
 PyYAML>=3.1.0
 appdirs>=1.3.0
+keystoneauth1>=1.0.0