Use TokenManager to get token
Instead of implementing token retrieval twice, let's use the code provided by the TokenManger to get a token in raw format from Keystone. Change-Id: I769be118ee137580cabd5cabcf7843e7afe1e456 Signed-off-by: Julien Danjou <julien@danjou.info>
This commit is contained in:
Julien Danjou
committed by
Gerrit Code Review
Gerrit Code Review
parent
fc54b30e58
commit
22228f526d
@@ -84,8 +84,9 @@ class Manager(object):
|
||||
resp, body = self.api.head(url)
|
||||
return resp.status_code == 204
|
||||
|
||||
def _create(self, url, body, response_key, return_raw=False):
|
||||
resp, body = self.api.post(url, body=body)
|
||||
def _create(self, url, body, response_key, return_raw=False,
|
||||
management=True):
|
||||
resp, body = self.api.post(url, body=body, management=management)
|
||||
if return_raw:
|
||||
return body[response_key]
|
||||
return self.resource_class(self, body[response_key])
|
||||
|
||||
@@ -144,7 +144,7 @@ class HTTPClient(object):
|
||||
del self.auth_token_from_user
|
||||
|
||||
def authenticate(self, username=None, password=None, tenant_name=None,
|
||||
tenant_id=None, auth_url=None, token=None):
|
||||
tenant_id=None, token=None):
|
||||
""" Authenticate user.
|
||||
|
||||
Uses the data provided at instantiation to authenticate against
|
||||
@@ -177,7 +177,6 @@ class HTTPClient(object):
|
||||
* if force_new_token is true
|
||||
|
||||
"""
|
||||
auth_url = auth_url or self.auth_url
|
||||
username = username or self.username
|
||||
password = password or self.password
|
||||
tenant_name = tenant_name or self.tenant_name
|
||||
@@ -189,7 +188,7 @@ class HTTPClient(object):
|
||||
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
||||
token = self.auth_ref.auth_token
|
||||
|
||||
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url,
|
||||
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(self.auth_url,
|
||||
username,
|
||||
tenant_name,
|
||||
tenant_id,
|
||||
@@ -197,8 +196,7 @@ class HTTPClient(object):
|
||||
new_token_needed = False
|
||||
if auth_ref is None or self.force_new_token:
|
||||
new_token_needed = True
|
||||
raw_token = self.get_raw_token_from_identity_service(auth_url,
|
||||
username,
|
||||
raw_token = self.get_raw_token_from_identity_service(username,
|
||||
password,
|
||||
tenant_name,
|
||||
tenant_id,
|
||||
@@ -402,8 +400,11 @@ class HTTPClient(object):
|
||||
url_to_use = self.management_url
|
||||
|
||||
kwargs.setdefault('headers', {})
|
||||
if self.auth_token:
|
||||
kwargs['headers']['X-Auth-Token'] = self.auth_token
|
||||
if (self.auth_ref
|
||||
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
||||
kwargs['headers']['X-Auth-Token'] = self.auth_ref.auth_token
|
||||
elif self.auth_token_from_user:
|
||||
kwargs['headers']['X-Auth-Token'] = self.auth_token_from_user
|
||||
|
||||
resp, body = self.request(url_to_use + url, method,
|
||||
**kwargs)
|
||||
|
||||
@@ -154,7 +154,7 @@ class Client(client.HTTPClient):
|
||||
self.user_id = self.auth_ref.user_id
|
||||
self._extract_service_catalog(self.auth_url, self.auth_ref)
|
||||
|
||||
def get_raw_token_from_identity_service(self, auth_url, username=None,
|
||||
def get_raw_token_from_identity_service(self, username=None,
|
||||
password=None, tenant_name=None,
|
||||
tenant_id=None, token=None):
|
||||
""" Authenticate against the Keystone API.
|
||||
@@ -166,12 +166,12 @@ class Client(client.HTTPClient):
|
||||
|
||||
"""
|
||||
try:
|
||||
return self._base_authN(auth_url,
|
||||
username=username,
|
||||
tenant_id=tenant_id,
|
||||
tenant_name=tenant_name,
|
||||
password=password,
|
||||
token=token)
|
||||
return self.tokens.authenticate(username=username,
|
||||
tenant_id=tenant_id,
|
||||
tenant_name=tenant_name,
|
||||
password=password,
|
||||
token=token,
|
||||
return_raw=True)
|
||||
except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
|
||||
_logger.debug("Authorization Failed.")
|
||||
raise
|
||||
@@ -179,29 +179,6 @@ class Client(client.HTTPClient):
|
||||
raise exceptions.AuthorizationFailure("Authorization Failed: "
|
||||
"%s" % e)
|
||||
|
||||
def _base_authN(self, auth_url, username=None, password=None,
|
||||
tenant_name=None, tenant_id=None, token=None):
|
||||
""" Takes a username, password, and optionally a tenant_id or
|
||||
tenant_name to get an authentication token from keystone.
|
||||
May also take a token and a tenant_id to re-scope a token
|
||||
to a tenant."""
|
||||
headers = {}
|
||||
url = auth_url + "/tokens"
|
||||
if token:
|
||||
headers['X-Auth-Token'] = token
|
||||
params = {"auth": {"token": {"id": token}}}
|
||||
elif username and password:
|
||||
params = {"auth": {"passwordCredentials": {"username": username,
|
||||
"password": password}}}
|
||||
else:
|
||||
raise ValueError('A username and password or token is required.')
|
||||
if tenant_id:
|
||||
params['auth']['tenantId'] = tenant_id
|
||||
elif tenant_name:
|
||||
params['auth']['tenantName'] = tenant_name
|
||||
resp, body = self.request(url, 'POST', body=params, headers=headers)
|
||||
return body['access']
|
||||
|
||||
# TODO(heckj): remove entirely in favor of access.AccessInfo and
|
||||
# associated methods
|
||||
def _extract_service_catalog(self, url, body):
|
||||
|
||||
@@ -34,15 +34,8 @@ class TokenManager(base.ManagerWithFind):
|
||||
params['auth']['tenantId'] = tenant_id
|
||||
elif tenant_name:
|
||||
params['auth']['tenantName'] = tenant_name
|
||||
reset = 0
|
||||
if self.api.management_url is None:
|
||||
reset = 1
|
||||
self.api.management_url = self.api.auth_url
|
||||
token_ref = self._create('/tokens', params, "access",
|
||||
return_raw=return_raw)
|
||||
if reset:
|
||||
self.api.management_url = None
|
||||
return token_ref
|
||||
return self._create('/tokens', params, "access",
|
||||
return_raw=return_raw, management=False)
|
||||
|
||||
def delete(self, token):
|
||||
return self._delete("/tokens/%s" % base.getid(token))
|
||||
|
||||
Reference in New Issue
Block a user