From 42592898c3b95f0f0b264809d485cb127c078fce Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Fri, 5 Jul 2013 10:10:20 +1200
Subject: [PATCH] Only set X-Auth-User, X-Auth-Key on stack create/update.

All heat operations can be performed with only a token.

User credentials are required for stack create/update as they are
stored for later stack operations.

This change prevents credentials unnecessarily being sent over the wire.

Change-Id: I5ad18067c5db8ada9994d131e98f27af70a7ca06
---
 heatclient/common/http.py      | 10 ++++++----
 heatclient/shell.py            |  9 +++------
 heatclient/tests/test_shell.py | 16 ++++++++++++----
 heatclient/v1/stacks.py        |  7 +++++--
 4 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/heatclient/common/http.py b/heatclient/common/http.py
index b91fe9a..f6aabd6 100644
--- a/heatclient/common/http.py
+++ b/heatclient/common/http.py
@@ -133,10 +133,6 @@ class HTTPClient(object):
             kwargs['headers'].setdefault('X-Auth-Token', self.auth_token)
         if self.auth_url:
             kwargs['headers'].setdefault('X-Auth-Url', self.auth_url)
-        if self.username:
-            kwargs['headers'].setdefault('X-Auth-User', self.username)
-        if self.password:
-            kwargs['headers'].setdefault('X-Auth-Key', self.password)
 
         self.log_curl_request(method, url, kwargs)
         conn = self.get_connection()
@@ -178,6 +174,12 @@ class HTTPClient(object):
 
         return resp, body_str
 
+    def credentials_headers(self):
+        return {
+            'X-Auth-User': self.username,
+            'X-Auth-Key': self.password
+        }
+
     def json_request(self, method, url, **kwargs):
         kwargs.setdefault('headers', {})
         kwargs['headers'].setdefault('Content-Type', 'application/json')
diff --git a/heatclient/shell.py b/heatclient/shell.py
index 8311df4..27e6a74 100644
--- a/heatclient/shell.py
+++ b/heatclient/shell.py
@@ -169,8 +169,7 @@ class HeatShell(object):
         parser.add_argument('-t', '--token-only',
                             default=bool(False),
                             action='store_true',
-                            help='Only send a token for auth, do not send'
-                            ' username and password as well.')
+                            help='DEPRECATED! Has no effect')
 
         return parser
 
@@ -303,15 +302,13 @@ class HeatShell(object):
                 'ca_file': args.ca_file,
                 'cert_file': args.cert_file,
                 'key_file': args.key_file,
-                'username': args.os_username
+                'username': args.os_username,
+                'password': args.os_password
             }
 
             if not endpoint:
                 endpoint = self._get_endpoint(_ksclient, **kwargs)
 
-        if not args.token_only:
-            kwargs['password'] = args.os_password
-
         client = heatclient.Client(api_version, endpoint, **kwargs)
 
         try:
diff --git a/heatclient/tests/test_shell.py b/heatclient/tests/test_shell.py
index 4b891ad..d63379e 100644
--- a/heatclient/tests/test_shell.py
+++ b/heatclient/tests/test_shell.py
@@ -265,7 +265,9 @@ class ShellTest(TestCase):
             {'location': 'http://no.where/v1/tenant_id/stacks/teststack2/2'},
             None)
         v1client.Client.json_request(
-            'POST', '/stacks', body=mox.IgnoreArg()).AndReturn((resp, None))
+            'POST', '/stacks', body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
+        ).AndReturn((resp, None))
         fakes.script_heat_list()
 
         self.m.ReplayAll()
@@ -297,7 +299,9 @@ class ShellTest(TestCase):
             {'location': 'http://no.where/v1/tenant_id/stacks/teststack2/2'},
             None)
         v1client.Client.json_request(
-            'POST', '/stacks', body=mox.IgnoreArg()).AndReturn((resp, None))
+            'POST', '/stacks', body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
+        ).AndReturn((resp, None))
         fakes.script_heat_list()
 
         self.m.ReplayAll()
@@ -334,7 +338,9 @@ class ShellTest(TestCase):
             {'location': 'http://no.where/v1/tenant_id/stacks/teststack2/2'},
             None)
         v1client.Client.json_request(
-            'POST', '/stacks', body=mox.IgnoreArg()).AndReturn((resp, None))
+            'POST', '/stacks', body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
+        ).AndReturn((resp, None))
 
         fakes.script_heat_list()
 
@@ -365,7 +371,9 @@ class ShellTest(TestCase):
             'The request is accepted for processing.')
         v1client.Client.json_request(
             'PUT', '/stacks/teststack2/2',
-            body=mox.IgnoreArg()).AndReturn((resp, None))
+            body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
+        ).AndReturn((resp, None))
         fakes.script_heat_list()
 
         self.m.ReplayAll()
diff --git a/heatclient/v1/stacks.py b/heatclient/v1/stacks.py
index 996cd6b..d943c24 100644
--- a/heatclient/v1/stacks.py
+++ b/heatclient/v1/stacks.py
@@ -82,13 +82,16 @@ class StackManager(base.Manager):
 
     def create(self, **kwargs):
         """Create a stack."""
-        resp, body = self.api.json_request('POST', '/stacks', body=kwargs)
+        headers = self.api.credentials_headers()
+        resp, body = self.api.json_request('POST', '/stacks',
+                                           body=kwargs, headers=headers)
 
     def update(self, **kwargs):
         """Update a stack."""
         stack_id = kwargs.pop('stack_id')
+        headers = self.api.credentials_headers()
         resp, body = self.api.json_request('PUT', '/stacks/%s' % stack_id,
-                                           body=kwargs)
+                                           body=kwargs, headers=headers)
 
     def delete(self, stack_id):
         """Delete a stack."""