Add switch to disable token authentication.

This patch allows you to disable token authentication with keystone so that the client can be used with other backends in heat. Change-Id: I4b35df82a782ddbc8532e85a7b9d532b327d010a Signed-off-by: Ian Main <imain@redhat.com>
2013-01-31 15:42:24 -08:00 · 2013-01-31 15:42:24 -08:00 · bcaf6c4d93
commit bcaf6c4d93
parent 8f268e44cd
2 changed files with 26 additions and 12 deletions
--- a/heatclient/common/http.py
+++ b/heatclient/common/http.py
@ -50,6 +50,7 @@ class HTTPClient(object):

    def __init__(self, endpoint, **kwargs):
        self.endpoint = endpoint
+        self.auth_url = kwargs.get('auth_url')
        self.auth_token = kwargs.get('token')
        self.username = kwargs.get('username')
        self.password = kwargs.get('password')
@ -131,6 +132,8 @@ class HTTPClient(object):
        kwargs['headers'].setdefault('User-Agent', USER_AGENT)
        if self.auth_token:
            kwargs['headers'].setdefault('X-Auth-Token', self.auth_token)
+        if self.auth_url:
+            kwargs['headers'].setdefault('X-Auth-Url', self.auth_url)
        if self.username:
            kwargs['headers'].setdefault('X-Auth-User', self.username)
        if self.password:
--- a/heatclient/shell.py
+++ b/heatclient/shell.py
@ -129,6 +129,12 @@ class HeatShell(object):
        parser.add_argument('--os_auth_token',
            help=argparse.SUPPRESS)

+        parser.add_argument('--os-no-client-auth',
+            default=utils.env('OS_NO_CLIENT_AUTH'),
+            action='store_true',
+            help="Do not contact keystone for a token.\
+                  Defaults to env[OS_NO_CLIENT_AUTH]")
+
        parser.add_argument('--heat-url',
            default=utils.env('HEAT_URL'),
            help='Defaults to env[HEAT_URL]')
@ -281,20 +287,25 @@ class HeatShell(object):
            'endpoint_type': args.os_endpoint_type,
            'insecure': args.insecure
        }
-        _ksclient = self._get_ksclient(**kwargs)
-        token = args.os_auth_token or _ksclient.auth_token

-        endpoint = args.heat_url or \
-                self._get_endpoint(_ksclient, **kwargs)
+        endpoint = args.heat_url
+
+        if not args.os_no_client_auth:
+            _ksclient = self._get_ksclient(**kwargs)
+            token = args.os_auth_token or _ksclient.auth_token
+
+            kwargs = {
+                'token': token,
+                'insecure': args.insecure,
+                'timeout': args.timeout,
+                'ca_file': args.ca_file,
+                'cert_file': args.cert_file,
+                'key_file': args.key_file,
+            }
+
+            if not endpoint:
+                endpoint = self._get_endpoint(_ksclient, **kwargs)

-        kwargs = {
-            'token': token,
-            'insecure': args.insecure,
-            'timeout': args.timeout,
-            'ca_file': args.ca_file,
-            'cert_file': args.cert_file,
-            'key_file': args.key_file,
-        }
        if not args.token_only:
            kwargs['username'] = args.os_username
            kwargs['password'] = args.os_password