Revert "Use TokenManager to get token"
This reverts commit 22228f526d which appears to be breaking the keystone gating
This commit is contained in:
Dolph Mathews
committed by
Gerrit Code Review
Gerrit Code Review
parent
22228f526d
commit
28dc9b38a7
@@ -84,9 +84,8 @@ class Manager(object):
|
||||
resp, body = self.api.head(url)
|
||||
return resp.status_code == 204
|
||||
|
||||
def _create(self, url, body, response_key, return_raw=False,
|
||||
management=True):
|
||||
resp, body = self.api.post(url, body=body, management=management)
|
||||
def _create(self, url, body, response_key, return_raw=False):
|
||||
resp, body = self.api.post(url, body=body)
|
||||
if return_raw:
|
||||
return body[response_key]
|
||||
return self.resource_class(self, body[response_key])
|
||||
|
||||
@@ -144,7 +144,7 @@ class HTTPClient(object):
|
||||
del self.auth_token_from_user
|
||||
|
||||
def authenticate(self, username=None, password=None, tenant_name=None,
|
||||
tenant_id=None, token=None):
|
||||
tenant_id=None, auth_url=None, token=None):
|
||||
""" Authenticate user.
|
||||
|
||||
Uses the data provided at instantiation to authenticate against
|
||||
@@ -177,6 +177,7 @@ class HTTPClient(object):
|
||||
* if force_new_token is true
|
||||
|
||||
"""
|
||||
auth_url = auth_url or self.auth_url
|
||||
username = username or self.username
|
||||
password = password or self.password
|
||||
tenant_name = tenant_name or self.tenant_name
|
||||
@@ -188,7 +189,7 @@ class HTTPClient(object):
|
||||
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
||||
token = self.auth_ref.auth_token
|
||||
|
||||
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(self.auth_url,
|
||||
(keyring_key, auth_ref) = self.get_auth_ref_from_keyring(auth_url,
|
||||
username,
|
||||
tenant_name,
|
||||
tenant_id,
|
||||
@@ -196,7 +197,8 @@ class HTTPClient(object):
|
||||
new_token_needed = False
|
||||
if auth_ref is None or self.force_new_token:
|
||||
new_token_needed = True
|
||||
raw_token = self.get_raw_token_from_identity_service(username,
|
||||
raw_token = self.get_raw_token_from_identity_service(auth_url,
|
||||
username,
|
||||
password,
|
||||
tenant_name,
|
||||
tenant_id,
|
||||
@@ -400,11 +402,8 @@ class HTTPClient(object):
|
||||
url_to_use = self.management_url
|
||||
|
||||
kwargs.setdefault('headers', {})
|
||||
if (self.auth_ref
|
||||
and not self.auth_ref.will_expire_soon(self.stale_duration)):
|
||||
kwargs['headers']['X-Auth-Token'] = self.auth_ref.auth_token
|
||||
elif self.auth_token_from_user:
|
||||
kwargs['headers']['X-Auth-Token'] = self.auth_token_from_user
|
||||
if self.auth_token:
|
||||
kwargs['headers']['X-Auth-Token'] = self.auth_token
|
||||
|
||||
resp, body = self.request(url_to_use + url, method,
|
||||
**kwargs)
|
||||
|
||||
@@ -154,7 +154,7 @@ class Client(client.HTTPClient):
|
||||
self.user_id = self.auth_ref.user_id
|
||||
self._extract_service_catalog(self.auth_url, self.auth_ref)
|
||||
|
||||
def get_raw_token_from_identity_service(self, username=None,
|
||||
def get_raw_token_from_identity_service(self, auth_url, username=None,
|
||||
password=None, tenant_name=None,
|
||||
tenant_id=None, token=None):
|
||||
""" Authenticate against the Keystone API.
|
||||
@@ -166,12 +166,12 @@ class Client(client.HTTPClient):
|
||||
|
||||
"""
|
||||
try:
|
||||
return self.tokens.authenticate(username=username,
|
||||
tenant_id=tenant_id,
|
||||
tenant_name=tenant_name,
|
||||
password=password,
|
||||
token=token,
|
||||
return_raw=True)
|
||||
return self._base_authN(auth_url,
|
||||
username=username,
|
||||
tenant_id=tenant_id,
|
||||
tenant_name=tenant_name,
|
||||
password=password,
|
||||
token=token)
|
||||
except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
|
||||
_logger.debug("Authorization Failed.")
|
||||
raise
|
||||
@@ -179,6 +179,29 @@ class Client(client.HTTPClient):
|
||||
raise exceptions.AuthorizationFailure("Authorization Failed: "
|
||||
"%s" % e)
|
||||
|
||||
def _base_authN(self, auth_url, username=None, password=None,
|
||||
tenant_name=None, tenant_id=None, token=None):
|
||||
""" Takes a username, password, and optionally a tenant_id or
|
||||
tenant_name to get an authentication token from keystone.
|
||||
May also take a token and a tenant_id to re-scope a token
|
||||
to a tenant."""
|
||||
headers = {}
|
||||
url = auth_url + "/tokens"
|
||||
if token:
|
||||
headers['X-Auth-Token'] = token
|
||||
params = {"auth": {"token": {"id": token}}}
|
||||
elif username and password:
|
||||
params = {"auth": {"passwordCredentials": {"username": username,
|
||||
"password": password}}}
|
||||
else:
|
||||
raise ValueError('A username and password or token is required.')
|
||||
if tenant_id:
|
||||
params['auth']['tenantId'] = tenant_id
|
||||
elif tenant_name:
|
||||
params['auth']['tenantName'] = tenant_name
|
||||
resp, body = self.request(url, 'POST', body=params, headers=headers)
|
||||
return body['access']
|
||||
|
||||
# TODO(heckj): remove entirely in favor of access.AccessInfo and
|
||||
# associated methods
|
||||
def _extract_service_catalog(self, url, body):
|
||||
|
||||
@@ -34,8 +34,15 @@ class TokenManager(base.ManagerWithFind):
|
||||
params['auth']['tenantId'] = tenant_id
|
||||
elif tenant_name:
|
||||
params['auth']['tenantName'] = tenant_name
|
||||
return self._create('/tokens', params, "access",
|
||||
return_raw=return_raw, management=False)
|
||||
reset = 0
|
||||
if self.api.management_url is None:
|
||||
reset = 1
|
||||
self.api.management_url = self.api.auth_url
|
||||
token_ref = self._create('/tokens', params, "access",
|
||||
return_raw=return_raw)
|
||||
if reset:
|
||||
self.api.management_url = None
|
||||
return token_ref
|
||||
|
||||
def delete(self, token):
|
||||
return self._delete("/tokens/%s" % base.getid(token))
|
||||
|
||||
Reference in New Issue
Block a user