Merge "Only token or creds are required."

2016-01-13 20:40:55 +00:00
parent 25517d0226 f0124b71d6
commit 8677de9ec7
2 changed files with 31 additions and 10 deletions
--- a/ceilometerclient/client.py
+++ b/ceilometerclient/client.py
@@ -71,6 +71,7 @@ def _get_keystone_session(**kwargs):
    auth_url = kwargs.pop('auth_url', None)
    project_id = kwargs.pop('project_id', None)
    project_name = kwargs.pop('project_name', None)
+    token = kwargs['token']
    timeout = kwargs.get('timeout')

    if insecure:
@@ -100,7 +101,21 @@ def _get_keystone_session(**kwargs):
    use_v3 = v3_auth_url and (use_domain or (not v2_auth_url))
    use_v2 = v2_auth_url and not use_domain

-    if use_v3:
+    if use_v3 and token:
+        auth = v3_auth.Token(
+            v3_auth_url,
+            token=token,
+            project_name=project_name,
+            project_id=project_id,
+            project_domain_name=project_domain_name,
+            project_domain_id=project_domain_id)
+    elif use_v2 and token:
+        auth = v2_auth.Token(
+            v2_auth_url,
+            token=token,
+            tenant_id=project_id,
+            tenant_name=project_name)
+    elif use_v3:
        # the auth_url as v3 specified
        # e.g. http://no.where:5000/v3
        # Keystone will return only v3 as viable option
@@ -125,6 +140,7 @@ def _get_keystone_session(**kwargs):
            kwargs.pop('password', None),
            tenant_id=project_id,
            tenant_name=project_name)
+
    else:
        raise exc.CommandError('Unable to determine the Keystone version '
                               'to authenticate with using the given '
@@ -160,16 +176,20 @@ class AuthPlugin(auth.BaseAuthPlugin):
    def __init__(self, auth_system=None, **kwargs):
        self.opt_names.extend(self.common_opt_names)
        super(AuthPlugin, self).__init__(auth_system, **kwargs)
+        # NOTE(sileht): backward compat
+        if self.opts.get('auth_token') and not self.opts.get('token'):
+            self.opts['token'] = self.opts.get('auth_token')

    def _do_authenticate(self, http_client):
-        token = self.opts.get('token') or self.opts.get('auth_token')
+        token = self.opts.get('token')
        endpoint = self.opts.get('endpoint')
-        if not (token and endpoint):
+        if not (endpoint and token):
            ks_kwargs = self._get_ks_kwargs(http_timeout=http_client.timeout)
            ks_session = _get_keystone_session(**ks_kwargs)
-            token = lambda: ks_session.get_token()
-            endpoint = (self.opts.get('endpoint') or
-                        _get_endpoint(ks_session, **ks_kwargs))
+            if not token:
+                token = lambda: ks_session.get_token()
+            if not endpoint:
+                endpoint = _get_endpoint(ks_session, **ks_kwargs)
        self.opts['token'] = token
        self.opts['endpoint'] = endpoint

@@ -178,6 +198,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
                      self.opts.get('tenant_id'))
        project_name = (self.opts.get('project_name') or
                        self.opts.get('tenant_name'))
+        token = self.opts.get('token')
        ks_kwargs = {
            'username': self.opts.get('username'),
            'password': self.opts.get('password'),
@@ -198,6 +219,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
            'service_type': self.opts.get('service_type'),
            'region_name': self.opts.get('region_name'),
            'timeout': http_timeout,
+            'token': token() if callable(token) else token,
        }
        return ks_kwargs

@@ -212,8 +234,7 @@ class AuthPlugin(auth.BaseAuthPlugin):

        :raises: AuthPluginOptionsMissing
        """
-        has_token = self.opts.get('token') or self.opts.get('auth_token')
-        no_auth = has_token and self.opts.get('endpoint')
+        has_token = self.opts.get('token')
        has_project_domain_or_tenant = (self.opts.get('project_id') or
                                        (self.opts.get('project_name') and
                                        (self.opts.get('user_domain_name') or
@@ -224,7 +245,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
                          and has_project_domain_or_tenant
                          and self.opts.get('password')
                          and self.opts.get('auth_url'))
-        missing = not (no_auth or has_credential)
+        missing = not (has_token or has_credential)
        if missing:
            missing_opts = []
            opts = ['token', 'endpoint', 'username', 'password', 'auth_url',
--- a/ceilometerclient/tests/unit/test_client.py
+++ b/ceilometerclient/tests/unit/test_client.py
@@ -399,6 +399,6 @@ class ClientAuthTest(utils.BaseTestCase):
        session_instance_mock = mock.MagicMock()
        session.return_value = session_instance_mock
        client = self.create_client(env)
-        client.auth_plugin.opts.pop('endpoint', None)
+        client.auth_plugin.opts.pop('token', None)
        self.assertRaises(exceptions.AuthPluginOptionsMissing,
                          client.auth_plugin.sufficient_options)