Revert "Use TokenManager to get token"
This reverts commit 22228f526d which appears to be breaking the keystone gating
This commit is contained in:
Dolph Mathews
committed by
Gerrit Code Review
Gerrit Code Review
parent
22228f526d
commit
28dc9b38a7
@@ -84,9 +84,8 @@ class Manager(object):
|
|||||||
resp, body = self.api.head(url)
|
resp, body = self.api.head(url)
|
||||||
return resp.status_code == 204
|
return resp.status_code == 204
|
||||||
|
|
||||||
def _create(self, url, body, response_key, return_raw=False,
|
def _create(self, url, body, response_key, return_raw=False):
|
||||||
management=True):
|
resp, body = self.api.post(url, body=body)
|
||||||
resp, body = self.api.post(url, body=body, management=management)
|
|
||||||
if return_raw:
|
if return_raw:
|
||||||
return body[response_key]
|
return body[response_key]
|
||||||
return self.resource_class(self, body[response_key])
|
return self.resource_class(self, body[response_key])
|
||||||
|
|||||||
@@ -144,7 +144,7 @@ class HTTPClient(object):
|
|||||||
del self.auth_token_from_user
|
del self.auth_token_from_user
|
||||||
|
|
||||||
def authenticate(self, username=None, password=None, tenant_name=None,
|
def authenticate(self, username=None, password=None, tenant_name=None,
|
||||||
tenant_id=None, token=None):
|
tenant_id=None, auth_url=None, token=None):
|
||||||
""" Authenticate user.
|
""" Authenticate user.
|
||||||
|
|
||||||
Uses the data provided at instantiation to authenticate against
|
Uses the data provided at instantiation to authenticate against
|
||||||
@@ -177,6 +177,7 @@ class HTTPClient(object):
|
|||||||
* if force_new_token is true
|
* if force_new_token is true
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
auth_url = auth_url or self.auth_url
|
||||||
username = username or self.username
|
username = username or self.username
|
||||||
password = password or self.password
|
password = password or self.password
|
||||||
tenant_name = tenant_name or self.tenant_name
|
tenant_name = tenant_name or self.tenant_name
|
||||||
@@ -188,7 +189,7 @@ class HTTPClient(object):
|
|||||||
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
||||||
token = self.auth_ref.auth_token
|
token = self.auth_ref.auth_token
|
||||||
|
|
||||||
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(self.auth_url,
|
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url,
|
||||||
username,
|
username,
|
||||||
tenant_name,
|
tenant_name,
|
||||||
tenant_id,
|
tenant_id,
|
||||||
@@ -196,7 +197,8 @@ class HTTPClient(object):
|
|||||||
new_token_needed = False
|
new_token_needed = False
|
||||||
if auth_ref is None or self.force_new_token:
|
if auth_ref is None or self.force_new_token:
|
||||||
new_token_needed = True
|
new_token_needed = True
|
||||||
raw_token = self.get_raw_token_from_identity_service(username,
|
raw_token = self.get_raw_token_from_identity_service(auth_url,
|
||||||
|
username,
|
||||||
password,
|
password,
|
||||||
tenant_name,
|
tenant_name,
|
||||||
tenant_id,
|
tenant_id,
|
||||||
@@ -400,11 +402,8 @@ class HTTPClient(object):
|
|||||||
url_to_use = self.management_url
|
url_to_use = self.management_url
|
||||||
|
|
||||||
kwargs.setdefault('headers', {})
|
kwargs.setdefault('headers', {})
|
||||||
if (self.auth_ref
|
if self.auth_token:
|
||||||
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
kwargs['headers']['X-Auth-Token'] = self.auth_token
|
||||||
kwargs['headers']['X-Auth-Token'] = self.auth_ref.auth_token
|
|
||||||
elif self.auth_token_from_user:
|
|
||||||
kwargs['headers']['X-Auth-Token'] = self.auth_token_from_user
|
|
||||||
|
|
||||||
resp, body = self.request(url_to_use + url, method,
|
resp, body = self.request(url_to_use + url, method,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|||||||
@@ -154,7 +154,7 @@ class Client(client.HTTPClient):
|
|||||||
self.user_id = self.auth_ref.user_id
|
self.user_id = self.auth_ref.user_id
|
||||||
self._extract_service_catalog(self.auth_url, self.auth_ref)
|
self._extract_service_catalog(self.auth_url, self.auth_ref)
|
||||||
|
|
||||||
def get_raw_token_from_identity_service(self, username=None,
|
def get_raw_token_from_identity_service(self, auth_url, username=None,
|
||||||
password=None, tenant_name=None,
|
password=None, tenant_name=None,
|
||||||
tenant_id=None, token=None):
|
tenant_id=None, token=None):
|
||||||
""" Authenticate against the Keystone API.
|
""" Authenticate against the Keystone API.
|
||||||
@@ -166,12 +166,12 @@ class Client(client.HTTPClient):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
return self.tokens.authenticate(username=username,
|
return self._base_authN(auth_url,
|
||||||
tenant_id=tenant_id,
|
username=username,
|
||||||
tenant_name=tenant_name,
|
tenant_id=tenant_id,
|
||||||
password=password,
|
tenant_name=tenant_name,
|
||||||
token=token,
|
password=password,
|
||||||
return_raw=True)
|
token=token)
|
||||||
except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
|
except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
|
||||||
_logger.debug("Authorization Failed.")
|
_logger.debug("Authorization Failed.")
|
||||||
raise
|
raise
|
||||||
@@ -179,6 +179,29 @@ class Client(client.HTTPClient):
|
|||||||
raise exceptions.AuthorizationFailure("Authorization Failed: "
|
raise exceptions.AuthorizationFailure("Authorization Failed: "
|
||||||
"%s" % e)
|
"%s" % e)
|
||||||
|
|
||||||
|
def _base_authN(self, auth_url, username=None, password=None,
|
||||||
|
tenant_name=None, tenant_id=None, token=None):
|
||||||
|
""" Takes a username, password, and optionally a tenant_id or
|
||||||
|
tenant_name to get an authentication token from keystone.
|
||||||
|
May also take a token and a tenant_id to re-scope a token
|
||||||
|
to a tenant."""
|
||||||
|
headers = {}
|
||||||
|
url = auth_url + "/tokens"
|
||||||
|
if token:
|
||||||
|
headers['X-Auth-Token'] = token
|
||||||
|
params = {"auth": {"token": {"id": token}}}
|
||||||
|
elif username and password:
|
||||||
|
params = {"auth": {"passwordCredentials": {"username": username,
|
||||||
|
"password": password}}}
|
||||||
|
else:
|
||||||
|
raise ValueError('A username and password or token is required.')
|
||||||
|
if tenant_id:
|
||||||
|
params['auth']['tenantId'] = tenant_id
|
||||||
|
elif tenant_name:
|
||||||
|
params['auth']['tenantName'] = tenant_name
|
||||||
|
resp, body = self.request(url, 'POST', body=params, headers=headers)
|
||||||
|
return body['access']
|
||||||
|
|
||||||
# TODO(heckj): remove entirely in favor of access.AccessInfo and
|
# TODO(heckj): remove entirely in favor of access.AccessInfo and
|
||||||
# associated methods
|
# associated methods
|
||||||
def _extract_service_catalog(self, url, body):
|
def _extract_service_catalog(self, url, body):
|
||||||
|
|||||||
@@ -34,8 +34,15 @@ class TokenManager(base.ManagerWithFind):
|
|||||||
params['auth']['tenantId'] = tenant_id
|
params['auth']['tenantId'] = tenant_id
|
||||||
elif tenant_name:
|
elif tenant_name:
|
||||||
params['auth']['tenantName'] = tenant_name
|
params['auth']['tenantName'] = tenant_name
|
||||||
return self._create('/tokens', params, "access",
|
reset = 0
|
||||||
return_raw=return_raw, management=False)
|
if self.api.management_url is None:
|
||||||
|
reset = 1
|
||||||
|
self.api.management_url = self.api.auth_url
|
||||||
|
token_ref = self._create('/tokens', params, "access",
|
||||||
|
return_raw=return_raw)
|
||||||
|
if reset:
|
||||||
|
self.api.management_url = None
|
||||||
|
return token_ref
|
||||||
|
|
||||||
def delete(self, token):
|
def delete(self, token):
|
||||||
return self._delete("/tokens/%s" % base.getid(token))
|
return self._delete("/tokens/%s" % base.getid(token))
|
||||||
|
|||||||
Reference in New Issue
Block a user