Merge "Pass allow_expired to token validate"

2016-11-29 23:02:41 +00:00
parent 660e02f259 9f5493747a
commit 70934194e1
3 changed files with 36 additions and 4 deletions
--- a/keystoneclient/tests/unit/v3/test_tokens.py
+++ b/keystoneclient/tests/unit/v3/test_tokens.py
@@ -145,6 +145,19 @@ class TokenTests(utils.ClientTestCase, testresources.ResourcedTestCase):
        self.assertQueryStringIs('nocatalog')
        self.assertFalse(access_info.has_service_catalog())

+    def test_validate_token_allow_expired(self):
+        token_id = uuid.uuid4().hex
+        token_ref = self.examples.TOKEN_RESPONSES[
+            self.examples.v3_UUID_TOKEN_UNSCOPED]
+        self.stub_url('GET', ['auth', 'tokens'],
+                      headers={'X-Subject-Token': token_id, }, json=token_ref)
+
+        self.client.tokens.validate(token_id)
+        self.assertQueryStringIs()
+
+        self.client.tokens.validate(token_id, allow_expired=True)
+        self.assertQueryStringIs('allow_expired=1')
+

 def load_tests(loader, tests, pattern):
    return testresources.OptimisingTestSuite(tests)
--- a/keystoneclient/v3/tokens.py
+++ b/keystoneclient/v3/tokens.py
@@ -61,37 +61,51 @@ class TokenManager(object):
        return body

    @positional.method(1)
-    def get_token_data(self, token, include_catalog=True):
+    def get_token_data(self, token, include_catalog=True, allow_expired=False):
        """Fetch the data about a token from the identity server.

        :param str token: The ID of the token to be fetched.
        :param bool include_catalog: Whether the service catalog should be
                                     included in the response.
+        :param allow_expired: If True the token will be validated and returned
+                              if it has already expired.

        :rtype: dict

        """
        headers = {'X-Subject-Token': token}
+        flags = []

        url = '/auth/tokens'
+
        if not include_catalog:
-            url += '?nocatalog'
+            flags.append('nocatalog')
+        if allow_expired:
+            flags.append('allow_expired=1')
+
+        if flags:
+            url = '%s?%s' % (url, '&'.join(flags))

        resp, body = self._client.get(url, headers=headers)
        return body

    @positional.method(1)
-    def validate(self, token, include_catalog=True):
+    def validate(self, token, include_catalog=True, allow_expired=False):
        """Validate a token.

        :param token: The token to be validated.
        :type token: str or :class:`keystoneclient.access.AccessInfo`
        :param include_catalog: If False, the response is requested to not
                                include the catalog.
+        :param allow_expired: If True the token will be validated and returned
+                              if it has already expired.
+        :type allow_expired: bool

        :rtype: :class:`keystoneclient.access.AccessInfoV3`

        """
        token_id = _calc_id(token)
-        body = self.get_token_data(token_id, include_catalog=include_catalog)
+        body = self.get_token_data(token_id,
+                                   include_catalog=include_catalog,
+                                   allow_expired=allow_expired)
        return access.AccessInfo.factory(auth_token=token_id, body=body)
--- a/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml
+++ b/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Added a ``allow_expired`` argument to ``validate`` and ``get_token_data``
+    in  `keystoneclient.v3.tokens`. Setting this to ``True``, allos for a token
+    validation query to fetch expired tokens.