From 28dc9b38a735a7c7d1c59ff82e39ec8e67965e1d Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Tue, 30 Apr 2013 17:34:14 +0000 Subject: [PATCH] Revert "Use TokenManager to get token" This reverts commit 22228f526d6ea08b7006be1287afe959b93c23db which appears to be breaking the keystone gating --- keystoneclient/base.py | 5 ++--- keystoneclient/client.py | 15 +++++++------- keystoneclient/v2_0/client.py | 37 ++++++++++++++++++++++++++++------- keystoneclient/v2_0/tokens.py | 11 +++++++++-- 4 files changed, 48 insertions(+), 20 deletions(-) diff --git a/keystoneclient/base.py b/keystoneclient/base.py index d90dd82ed..712fbdccf 100644 --- a/keystoneclient/base.py +++ b/keystoneclient/base.py @@ -84,9 +84,8 @@ class Manager(object): resp, body = self.api.head(url) return resp.status_code == 204 - def _create(self, url, body, response_key, return_raw=False, - management=True): - resp, body = self.api.post(url, body=body, management=management) + def _create(self, url, body, response_key, return_raw=False): + resp, body = self.api.post(url, body=body) if return_raw: return body[response_key] return self.resource_class(self, body[response_key]) diff --git a/keystoneclient/client.py b/keystoneclient/client.py index 46ec25d99..e3c2ed55b 100644 --- a/keystoneclient/client.py +++ b/keystoneclient/client.py @@ -144,7 +144,7 @@ class HTTPClient(object): del self.auth_token_from_user def authenticate(self, username=None, password=None, tenant_name=None, - tenant_id=None, token=None): + tenant_id=None, auth_url=None, token=None): """ Authenticate user. Uses the data provided at instantiation to authenticate against @@ -177,6 +177,7 @@ class HTTPClient(object): * if force_new_token is true """ + auth_url = auth_url or self.auth_url username = username or self.username password = password or self.password tenant_name = tenant_name or self.tenant_name @@ -188,7 +189,7 @@ class HTTPClient(object): and not self.auth_ref.will_expire_soon(self.stale_duration)): token = self.auth_ref.auth_token - (keyring_key, auth_ref) = self.get_auth_ref_from_keyring(self.auth_url, + (keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url, username, tenant_name, tenant_id, @@ -196,7 +197,8 @@ class HTTPClient(object): new_token_needed = False if auth_ref is None or self.force_new_token: new_token_needed = True - raw_token = self.get_raw_token_from_identity_service(username, + raw_token = self.get_raw_token_from_identity_service(auth_url, + username, password, tenant_name, tenant_id, @@ -400,11 +402,8 @@ class HTTPClient(object): url_to_use = self.management_url kwargs.setdefault('headers', {}) - if (self.auth_ref - and not self.auth_ref.will_expire_soon(self.stale_duration)): - kwargs['headers']['X-Auth-Token'] = self.auth_ref.auth_token - elif self.auth_token_from_user: - kwargs['headers']['X-Auth-Token'] = self.auth_token_from_user + if self.auth_token: + kwargs['headers']['X-Auth-Token'] = self.auth_token resp, body = self.request(url_to_use + url, method, **kwargs) diff --git a/keystoneclient/v2_0/client.py b/keystoneclient/v2_0/client.py index 1d21f5474..03cb8f2e5 100644 --- a/keystoneclient/v2_0/client.py +++ b/keystoneclient/v2_0/client.py @@ -154,7 +154,7 @@ class Client(client.HTTPClient): self.user_id = self.auth_ref.user_id self._extract_service_catalog(self.auth_url, self.auth_ref) - def get_raw_token_from_identity_service(self, username=None, + def get_raw_token_from_identity_service(self, auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None): """ Authenticate against the Keystone API. @@ -166,12 +166,12 @@ class Client(client.HTTPClient): """ try: - return self.tokens.authenticate(username=username, - tenant_id=tenant_id, - tenant_name=tenant_name, - password=password, - token=token, - return_raw=True) + return self._base_authN(auth_url, + username=username, + tenant_id=tenant_id, + tenant_name=tenant_name, + password=password, + token=token) except (exceptions.AuthorizationFailure, exceptions.Unauthorized): _logger.debug("Authorization Failed.") raise @@ -179,6 +179,29 @@ class Client(client.HTTPClient): raise exceptions.AuthorizationFailure("Authorization Failed: " "%s" % e) + def _base_authN(self, auth_url, username=None, password=None, + tenant_name=None, tenant_id=None, token=None): + """ Takes a username, password, and optionally a tenant_id or + tenant_name to get an authentication token from keystone. + May also take a token and a tenant_id to re-scope a token + to a tenant.""" + headers = {} + url = auth_url + "/tokens" + if token: + headers['X-Auth-Token'] = token + params = {"auth": {"token": {"id": token}}} + elif username and password: + params = {"auth": {"passwordCredentials": {"username": username, + "password": password}}} + else: + raise ValueError('A username and password or token is required.') + if tenant_id: + params['auth']['tenantId'] = tenant_id + elif tenant_name: + params['auth']['tenantName'] = tenant_name + resp, body = self.request(url, 'POST', body=params, headers=headers) + return body['access'] + # TODO(heckj): remove entirely in favor of access.AccessInfo and # associated methods def _extract_service_catalog(self, url, body): diff --git a/keystoneclient/v2_0/tokens.py b/keystoneclient/v2_0/tokens.py index 1eb0f5d21..c129db771 100644 --- a/keystoneclient/v2_0/tokens.py +++ b/keystoneclient/v2_0/tokens.py @@ -34,8 +34,15 @@ class TokenManager(base.ManagerWithFind): params['auth']['tenantId'] = tenant_id elif tenant_name: params['auth']['tenantName'] = tenant_name - return self._create('/tokens', params, "access", - return_raw=return_raw, management=False) + reset = 0 + if self.api.management_url is None: + reset = 1 + self.api.management_url = self.api.auth_url + token_ref = self._create('/tokens', params, "access", + return_raw=return_raw) + if reset: + self.api.management_url = None + return token_ref def delete(self, token): return self._delete("/tokens/%s" % base.getid(token))