openstack/python-keystoneclient
Code Issues Proposed changes

Use TokenManager to get token

Browse Source 
Instead of implementing token retrieval twice, let's use the code provided
by the TokenManger to get a token in raw format from Keystone.

Change-Id: I769be118ee137580cabd5cabcf7843e7afe1e456
Signed-off-by: Julien Danjou <julien@danjou.info>
This commit is contained in:
Julien Danjou
2013-01-22 15:25:33 +01:00
committed by Gerrit Code Review
parent fc54b30e58
commit 22228f526d
4 changed files with 20 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
keystoneclient/base.py
View File

@@ -84,8 +84,9 @@ class Manager(object):
resp, body = self.api.head(url) resp, body = self.api.head(url)
return resp.status_code == 204 return resp.status_code == 204
def _create(self, url, body, response_key, return_raw=False): def _create(self, url, body, response_key, return_raw=False,
resp, body = self.api.post(url, body=body) management=True):
resp, body = self.api.post(url, body=body, management=management)
if return_raw: if return_raw:
return body[response_key] return body[response_key]
return self.resource_class(self, body[response_key]) return self.resource_class(self, body[response_key])

15
keystoneclient/client.py
View File

@@ -144,7 +144,7 @@ class HTTPClient(object):
del self.auth_token_from_user del self.auth_token_from_user
def authenticate(self, username=None, password=None, tenant_name=None, def authenticate(self, username=None, password=None, tenant_name=None,
tenant_id=None, auth_url=None, token=None): tenant_id=None, token=None):
""" Authenticate user. """ Authenticate user.
Uses the data provided at instantiation to authenticate against Uses the data provided at instantiation to authenticate against
@@ -177,7 +177,6 @@ class HTTPClient(object):
* if force_new_token is true * if force_new_token is true
""" """
auth_url = auth_url or self.auth_url
username = username or self.username username = username or self.username
password = password or self.password password = password or self.password
tenant_name = tenant_name or self.tenant_name tenant_name = tenant_name or self.tenant_name
@@ -189,7 +188,7 @@ class HTTPClient(object):
and not self.auth_ref.will_expire_soon(self.stale_duration)): and not self.auth_ref.will_expire_soon(self.stale_duration)):
token = self.auth_ref.auth_token token = self.auth_ref.auth_token
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url, (keyring_key, auth_ref) = self.get_auth_ref_from_keyring(self.auth_url,
username, username,
tenant_name, tenant_name,
tenant_id, tenant_id,
@@ -197,8 +196,7 @@ class HTTPClient(object):
new_token_needed = False new_token_needed = False
if auth_ref is None or self.force_new_token: if auth_ref is None or self.force_new_token:
new_token_needed = True new_token_needed = True
raw_token = self.get_raw_token_from_identity_service(auth_url, raw_token = self.get_raw_token_from_identity_service(username,
username,
password, password,
tenant_name, tenant_name,
tenant_id, tenant_id,
@@ -402,8 +400,11 @@ class HTTPClient(object):
url_to_use = self.management_url url_to_use = self.management_url
kwargs.setdefault('headers', {}) kwargs.setdefault('headers', {})
if self.auth_token: if (self.auth_ref
kwargs['headers']['X-Auth-Token'] = self.auth_token and not self.auth_ref.will_expire_soon(self.stale_duration)):
kwargs['headers']['X-Auth-Token'] = self.auth_ref.auth_token
elif self.auth_token_from_user:
kwargs['headers']['X-Auth-Token'] = self.auth_token_from_user
resp, body = self.request(url_to_use + url, method, resp, body = self.request(url_to_use + url, method,
**kwargs) **kwargs)

37
keystoneclient/v2_0/client.py
View File

@@ -154,7 +154,7 @@ class Client(client.HTTPClient):
self.user_id = self.auth_ref.user_id self.user_id = self.auth_ref.user_id
self._extract_service_catalog(self.auth_url, self.auth_ref) self._extract_service_catalog(self.auth_url, self.auth_ref)
def get_raw_token_from_identity_service(self, auth_url, username=None, def get_raw_token_from_identity_service(self, username=None,
password=None, tenant_name=None, password=None, tenant_name=None,
tenant_id=None, token=None): tenant_id=None, token=None):
""" Authenticate against the Keystone API. """ Authenticate against the Keystone API.
@@ -166,12 +166,12 @@ class Client(client.HTTPClient):
""" """
try: try:
return self._base_authN(auth_url, return self.tokens.authenticate(username=username,
username=username, tenant_id=tenant_id,
tenant_id=tenant_id, tenant_name=tenant_name,
tenant_name=tenant_name, password=password,
password=password, token=token,
token=token) return_raw=True)
except (exceptions.AuthorizationFailure, exceptions.Unauthorized): except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
_logger.debug("Authorization Failed.") _logger.debug("Authorization Failed.")
raise raise
@@ -179,29 +179,6 @@ class Client(client.HTTPClient):
raise exceptions.AuthorizationFailure("Authorization Failed: " raise exceptions.AuthorizationFailure("Authorization Failed: "
"%s" % e) "%s" % e)
def _base_authN(self, auth_url, username=None, password=None,
tenant_name=None, tenant_id=None, token=None):
""" Takes a username, password, and optionally a tenant_id or
tenant_name to get an authentication token from keystone.
May also take a token and a tenant_id to re-scope a token
to a tenant."""
headers = {}
url = auth_url + "/tokens"
if token:
headers['X-Auth-Token'] = token
params = {"auth": {"token": {"id": token}}}
elif username and password:
params = {"auth": {"passwordCredentials": {"username": username,
"password": password}}}
else:
raise ValueError('A username and password or token is required.')
if tenant_id:
params['auth']['tenantId'] = tenant_id
elif tenant_name:
params['auth']['tenantName'] = tenant_name
resp, body = self.request(url, 'POST', body=params, headers=headers)
return body['access']
# TODO(heckj): remove entirely in favor of access.AccessInfo and # TODO(heckj): remove entirely in favor of access.AccessInfo and
# associated methods # associated methods
def _extract_service_catalog(self, url, body): def _extract_service_catalog(self, url, body):

11
keystoneclient/v2_0/tokens.py
View File

@@ -34,15 +34,8 @@ class TokenManager(base.ManagerWithFind):
params['auth']['tenantId'] = tenant_id params['auth']['tenantId'] = tenant_id
elif tenant_name: elif tenant_name:
params['auth']['tenantName'] = tenant_name params['auth']['tenantName'] = tenant_name
reset = 0 return self._create('/tokens', params, "access",
if self.api.management_url is None: return_raw=return_raw, management=False)
reset = 1
self.api.management_url = self.api.auth_url
token_ref = self._create('/tokens', params, "access",
return_raw=return_raw)
if reset:
self.api.management_url = None
return token_ref
def delete(self, token): def delete(self, token):
return self._delete("/tokens/%s" % base.getid(token)) return self._delete("/tokens/%s" % base.getid(token))