From e259163d5632188065b2ad4bbb2065d4fd5fc91d Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Mon, 2 Dec 2013 22:50:15 +0000
Subject: [PATCH] Revert "Don't call credentials_headers() twice"

When we create or update a stack, when deferred_auth_method=password
(which is the default in heat.conf), the client must pass the username
and password, even if they don't need to for authentication (ie
they're passing a token). Otherwise there's no username and password
in the context to store, and the engine validation in
heat/engine/service.py::_validate_deferred_auth_context fails.

No such issue exists when deferred_auth_method=trusts, which is why
this problem was missed during testing of the patch being reverted.

Note some fixup in addition to the revert was required to make the
tests pass, as ShellTestToken and ShellTestStandaloneToken now require
username/password set in the fake env.

This reverts commit a7ba3c323b16227e0ba2527f21bc89625f125234
Change-Id: I0e7bc3f748022c2bf5ef7ef6dfe4d97953e3fcab
---
 heatclient/tests/test_shell.py | 24 ++++++++++++++++++++----
 heatclient/v1/stacks.py        |  6 ++++--
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/heatclient/tests/test_shell.py b/heatclient/tests/test_shell.py
index 6ad49347..838d2455 100644
--- a/heatclient/tests/test_shell.py
+++ b/heatclient/tests/test_shell.py
@@ -538,7 +538,8 @@ class ShellTestUserPass(ShellBase):
             {'location': 'http://no.where/v1/tenant_id/stacks/teststack2/2'},
             None)
         v1client.Client.json_request(
-            'POST', '/stacks', body=mox.IgnoreArg()
+            'POST', '/stacks', body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
         ).AndReturn((resp, None))
         fakes.script_heat_list()
 
@@ -571,7 +572,8 @@ class ShellTestUserPass(ShellBase):
             {'location': 'http://no.where/v1/tenant_id/stacks/teststack2/2'},
             None)
         v1client.Client.json_request(
-            'POST', '/stacks', body=mox.IgnoreArg()
+            'POST', '/stacks', body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
         ).AndReturn((resp, None))
         fakes.script_heat_list()
 
@@ -609,7 +611,8 @@ class ShellTestUserPass(ShellBase):
             {'location': 'http://no.where/v1/tenant_id/stacks/teststack2/2'},
             None)
         v1client.Client.json_request(
-            'POST', '/stacks', body=mox.IgnoreArg()
+            'POST', '/stacks', body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
         ).AndReturn((resp, None))
 
         fakes.script_heat_list()
@@ -641,7 +644,8 @@ class ShellTestUserPass(ShellBase):
             'The request is accepted for processing.')
         v1client.Client.json_request(
             'PUT', '/stacks/teststack2/2',
-            body=mox.IgnoreArg()
+            body=mox.IgnoreArg(),
+            headers={'X-Auth-Key': 'password', 'X-Auth-User': 'username'}
         ).AndReturn((resp, None))
         fakes.script_heat_list()
 
@@ -702,6 +706,12 @@ class ShellTestToken(ShellTestUserPass):
             'OS_AUTH_TOKEN': self.token,
             'OS_TENANT_ID': 'tenant_id',
             'OS_AUTH_URL': 'http://no.where',
+            # Note we also set username/password, because create/update
+            # pass them even if we have a token to support storing credentials
+            # Hopefully at some point we can remove this and move to only
+            # storing trust id's in heat-engine instead..
+            'OS_USERNAME': 'username',
+            'OS_PASSWORD': 'password'
         }
         self.set_fake_env(fake_env)
 
@@ -722,6 +732,12 @@ class ShellTestStandaloneToken(ShellTestUserPass):
             'OS_AUTH_TOKEN': self.token,
             'OS_NO_CLIENT_AUTH': 'True',
             'HEAT_URL': 'http://no.where',
+            # Note we also set username/password, because create/update
+            # pass them even if we have a token to support storing credentials
+            # Hopefully at some point we can remove this and move to only
+            # storing trust id's in heat-engine instead..
+            'OS_USERNAME': 'username',
+            'OS_PASSWORD': 'password'
         }
         self.set_fake_env(fake_env)
 
diff --git a/heatclient/v1/stacks.py b/heatclient/v1/stacks.py
index 5227117a..90a78de0 100644
--- a/heatclient/v1/stacks.py
+++ b/heatclient/v1/stacks.py
@@ -109,14 +109,16 @@ class StackManager(base.Manager):
 
     def create(self, **kwargs):
         """Create a stack."""
+        headers = self.api.credentials_headers()
         resp, body = self.api.json_request('POST', '/stacks',
-                                           body=kwargs)
+                                           body=kwargs, headers=headers)
         return body
 
     def update(self, stack_id, **kwargs):
         """Update a stack."""
+        headers = self.api.credentials_headers()
         resp, body = self.api.json_request('PUT', '/stacks/%s' % stack_id,
-                                           body=kwargs)
+                                           body=kwargs, headers=headers)
 
     def delete(self, stack_id):
         """Delete a stack."""