Merge "Fetch discovery documents with auth when needed"

2019-10-21 19:25:50 +00:00 · 2019-10-21 19:25:50 +00:00 · de53f90bf9
commit de53f90bf9
parent ed9309480f 26ad02db0f
3 changed files with 48 additions and 1 deletions
--- a/keystoneauth1/discover.py
+++ b/keystoneauth1/discover.py
@ -98,13 +98,23 @@ def get_version_data(session, url, authenticated=None):
    """
    headers = {'Accept': 'application/json'}

-    resp = session.get(url, headers=headers, authenticated=authenticated)
+    try:
+        resp = session.get(url, headers=headers, authenticated=authenticated)
+    except exceptions.Unauthorized:
+        resp = session.get(url, headers=headers, authenticated=True)

    try:
        body_resp = resp.json()
    except ValueError:
        pass
    else:
+        # Swift returns the list of containers for an account on an
+        # authenticated GET from /, not a version document. To our knowledge
+        # it's the only thing returning a [] here - and that's ok.
+        if isinstance(body_resp, list):
+            raise exceptions.DiscoveryFailure(
+                'Invalid Response - List returned instead of dict')
+
        # In the event of querying a root URL we will get back a list of
        # available versions.
        try:
--- a/keystoneauth1/tests/unit/test_discovery.py
+++ b/keystoneauth1/tests/unit/test_discovery.py
@ -1241,6 +1241,29 @@ class EndpointDataTests(utils.TestCase):
            [mock.call('sess', url, cache='cache', authenticated=False)
             for url in ('url1', 'url2', 'url3')])

+    def test_run_discovery_auth(self):
+        url = 'https://example.com'
+        headers = {'Accept': 'application/json'}
+
+        session = mock.Mock()
+        session.get.side_effect = [
+            exceptions.Unauthorized('unauthorized'),
+            # Throw a different exception the second time so that we can
+            # catch it in the test and verify the retry.
+            exceptions.BadRequest('bad request'),
+        ]
+
+        try:
+            discover.get_version_data(session, url)
+        except exceptions.BadRequest:
+            pass
+        # Only one call with 'url'
+        self.assertEqual(2, session.get.call_count)
+        session.get.assert_has_calls([
+            mock.call(url, headers=headers, authenticated=None),
+            mock.call(url, headers=headers, authenticated=True),
+        ])
+
    def test_endpoint_data_str(self):
        """Validate EndpointData.__str__."""
        # Populate a few fields to make sure they come through.
--- a/releasenotes/notes/retry-authenticated-discovery-19c4354ff983f507.yaml
+++ b/releasenotes/notes/retry-authenticated-discovery-19c4354ff983f507.yaml
@ -0,0 +1,14 @@
+---
+fixes:
+  - |
+    Retry version discovery with auth token when the initial request
+    throws 401 Unauthorized. There are some services that are erroneously
+    defaulting to authenticated discovery, and this allows discovery
+    to work properly on them.
+upgrade:
+  - |
+    If keystoneauth and openstacksdk are both in use and keystoneauth
+    is upgraded to this release **before** upgrading openstacksdk to
+    ``0.36.1`` or later, creation of ServerGroup objects with policies
+    and use of Ansible Inventory could be adversely affected. See
+    https://review.opendev.org/#/c/685999/ for more details.