Handle invalidate in identity plugins correctly

Returning a True from the invalidate() call means that something has changed within the plugin and the session should reissue the request and expect the plugin to authenticate itself. This means we should only return True if something actually changed, because re-issuing the request if there was no auth_ref will not change the outcome. Change-Id: I012dacc93b1fcaee31d31a49e95db5a38044f211
2014-08-07 10:26:31 +10:00
parent 4b10d11c1a
commit 0fa062ea98
2 changed files with 17 additions and 2 deletions
--- a/keystoneclient/auth/identity/base.py
+++ b/keystoneclient/auth/identity/base.py
@@ -133,8 +133,11 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
                       invalidate. This means that it makes sense to try again.
                       If nothing happens returns False to indicate give up.
        """
-        self.auth_ref = None
-        return True
+        if self.auth_ref:
+            self.auth_ref = None
+            return True
+
+        return False

    def get_endpoint(self, session, service_type=None, interface=None,
                     region_name=None, service_name=None, version=None,
--- a/keystoneclient/tests/auth/test_identity_common.py
+++ b/keystoneclient/tests/auth/test_identity_common.py
@@ -209,6 +209,18 @@ class CommonIdentityTests(object):
        s = session.Session(auth=a)
        self.assertIs(expired_auth_ref, a.get_access(s))

+    def test_invalidate(self):
+        a = self.create_auth_plugin()
+        s = session.Session(auth=a)
+
+        # trigger token fetching
+        s.get_token()
+
+        self.assertTrue(a.auth_ref)
+        self.assertTrue(a.invalidate())
+        self.assertIsNone(a.auth_ref)
+        self.assertFalse(a.invalidate())
+

 class V3(CommonIdentityTests, utils.TestCase):