Change unscoped token fallback to be session aware

The existing way of sending requests to the auth_url was to override the management_url for the duration of a single call. Aside from being ugly, this won't work with session objects where the management_url is ignored. The tests for this behaviour have been previously merged to ensure that the before and after behaviour remains unchanged. Change-Id: I879adcb25dd373ab4a7b77b6539974e22220aad4
2014-07-14 10:00:55 +10:00
parent 5785698d48
commit 7825e99e36
2 changed files with 27 additions and 17 deletions
--- a/keystoneclient/v2_0/tenants.py
+++ b/keystoneclient/v2_0/tenants.py
@@ -17,7 +17,9 @@
 import six
 from six.moves import urllib

+from keystoneclient import auth
 from keystoneclient import base
+from keystoneclient import exceptions


 class Tenant(base.Resource):
@@ -114,15 +116,16 @@ class TenantManager(base.ManagerWithFind):
        if params:
            query = "?" + urllib.parse.urlencode(params)

-        reset = 0
-        if self.api.management_url is None:
-            # special casing to allow tenant lists on the auth_url
-            # for unscoped tokens
-            reset = 1
-            self.api.management_url = self.api.auth_url
-        tenant_list = self._list("/tenants%s" % query, "tenants")
-        if reset:
-            self.api.management_url = None
+        # NOTE(jamielennox): try doing a regular admin query first. If there is
+        # no endpoint that can satisfy the request (eg an unscoped token) then
+        # issue it against the auth_url.
+        try:
+            tenant_list = self._list('/tenants%s' % query, 'tenants')
+        except exceptions.EndpointNotFound:
+            endpoint_filter = {'interface': auth.AUTH_INTERFACE}
+            tenant_list = self._list('/tenants%s' % query, 'tenants',
+                                     endpoint_filter=endpoint_filter)
+
        return tenant_list

    def update(self, tenant_id, tenant_name=None, description=None,
--- a/keystoneclient/v2_0/tokens.py
+++ b/keystoneclient/v2_0/tokens.py
@@ -10,7 +10,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from keystoneclient import auth
 from keystoneclient import base
+from keystoneclient import exceptions
 from keystoneclient import utils


@@ -48,14 +50,19 @@ class TokenManager(base.Manager):
            params['auth']['tenantId'] = tenant_id
        elif tenant_name:
            params['auth']['tenantName'] = tenant_name
-        reset = 0
-        if self.api.management_url is None:
-            reset = 1
-            self.api.management_url = self.api.auth_url
-        token_ref = self._create('/tokens', params, "access",
-                                 return_raw=return_raw, log=False)
-        if reset:
-            self.api.management_url = None
+
+        args = ['/tokens', params, 'access']
+        kwargs = {'return_raw': return_raw, 'log': False}
+
+        # NOTE(jamielennox): try doing a regular admin query first. If there is
+        # no endpoint that can satisfy the request (eg an unscoped token) then
+        # issue it against the auth_url.
+        try:
+            token_ref = self._create(*args, **kwargs)
+        except exceptions.EndpointNotFound:
+            kwargs['endpoint_filter'] = {'interface': auth.AUTH_INTERFACE}
+            token_ref = self._create(*args, **kwargs)
+
        return token_ref

    def delete(self, token):