diff --git a/keystoneclient/client.py b/keystoneclient/client.py index 88b3870ff..9bf595d8f 100644 --- a/keystoneclient/client.py +++ b/keystoneclient/client.py @@ -139,7 +139,7 @@ class HTTPClient(httplib2.Http): self.authenticate() kwargs.setdefault('headers', {}) - if self.auth_token and self.auth_token != self.password: + if self.auth_token: kwargs['headers']['X-Auth-Token'] = self.auth_token # Perform the request once. If we get a 401 back then it diff --git a/keystoneclient/shell.py b/keystoneclient/shell.py index 476ed3419..e688bcb80 100644 --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -56,6 +56,14 @@ class OpenStackIdentityShell(object): action='store_true', help=argparse.SUPPRESS) + parser.add_argument('--token', + default=env('SERVICE_TOKEN'), + help='Defaults to env[SERVICE_TOKEN].') + + parser.add_argument('--endpoint', + default=env('SERVICE_ENDPOINT'), + help='Defaults to env[SERVICE_ENDPOINT].') + parser.add_argument('--username', default=env('OS_USERNAME'), help='Defaults to env[OS_USERNAME].') @@ -154,39 +162,44 @@ class OpenStackIdentityShell(object): # for username or apikey but for compatibility it is not. if not utils.isunauthenticated(args.func): - if not args.username: - raise exc.CommandError("You must provide a username " - "via either --username or env[OS_USERNAME]") + if not (args.token and args.endpoint): + if not args.username: + raise exc.CommandError("You must provide a username " + "via either --username or env[OS_USERNAME]") - if not args.password: - raise exc.CommandError("You must provide a password " - "via either --password or env[OS_PASSWORD]") + if not args.password: + raise exc.CommandError("You must provide a password " + "via either --password or env[OS_PASSWORD]") - if not args.auth_url: - raise exc.CommandError("You must provide an auth url " - "via either --auth_url or via env[OS_AUTH_URL]") + if not args.auth_url: + raise exc.CommandError("You must provide an auth url " + "via either --auth_url or via env[OS_AUTH_URL]") if utils.isunauthenticated(args.func): self.cs = shell_generic.CLIENT_CLASS(endpoint=args.auth_url) else: + token = None + endpoint = None + if args.token and args.endpoint: + token = args.token + endpoint = args.endpoint self.cs = self.get_api_class(options.version)( username=args.username, tenant_name=args.tenant_name, tenant_id=args.tenant_id, + token=token, + endpoint=endpoint, password=args.password, auth_url=args.auth_url, region_name=args.region_name) try: - if not utils.isunauthenticated(args.func): - self.cs.authenticate() + args.func(self.cs, args) except exc.Unauthorized: raise exc.CommandError("Invalid OpenStack Keystone credentials.") except exc.AuthorizationFailure: raise exc.CommandError("Unable to authorize user") - args.func(self.cs, args) - def get_api_class(self, version): try: return { diff --git a/keystoneclient/v2_0/tokens.py b/keystoneclient/v2_0/tokens.py index 22e5ea612..2505446bc 100644 --- a/keystoneclient/v2_0/tokens.py +++ b/keystoneclient/v2_0/tokens.py @@ -23,7 +23,7 @@ class TokenManager(base.ManagerWithFind): def authenticate(self, username=None, tenant_id=None, tenant_name=None, password=None, token=None, return_raw=False): - if token and token != password: + if token: params = {"auth": {"token": {"id": token}}} elif username and password: params = {"auth": {"passwordCredentials": {"username": username,