Change unscoped token fallback to be session aware

The existing way of sending requests to the auth_url was to override the
management_url for the duration of a single call. Aside from being ugly,
this won't work with session objects where the management_url is
ignored.

The tests for this behaviour have been previously merged to ensure that
the before and after behaviour remains unchanged.

Change-Id: I879adcb25dd373ab4a7b77b6539974e22220aad4

keystoneclient/v2_0/tenants.py

@@ -17,7 +17,9 @@
 import six
 from six.moves import urllib
 
+from keystoneclient import auth
 from keystoneclient import base
+from keystoneclient import exceptions
 
 
 class Tenant(base.Resource):
@@ -114,15 +116,16 @@ class TenantManager(base.ManagerWithFind):
         if params:
             query = "?" + urllib.parse.urlencode(params)
 
-        reset = 0
+        # NOTE(jamielennox): try doing a regular admin query first. If there is
-        if self.api.management_url is None:
+        # no endpoint that can satisfy the request (eg an unscoped token) then
-            # special casing to allow tenant lists on the auth_url
+        # issue it against the auth_url.
-            # for unscoped tokens
+        try:
-            reset = 1
+            tenant_list = self._list('/tenants%s' % query, 'tenants')
-            self.api.management_url = self.api.auth_url
+        except exceptions.EndpointNotFound:
-        tenant_list = self._list("/tenants%s" % query, "tenants")
+            endpoint_filter = {'interface': auth.AUTH_INTERFACE}
-        if reset:
+            tenant_list = self._list('/tenants%s' % query, 'tenants',
-            self.api.management_url = None
+                                     endpoint_filter=endpoint_filter)
+
         return tenant_list
 
     def update(self, tenant_id, tenant_name=None, description=None,

keystoneclient/v2_0/tokens.py

@@ -10,7 +10,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from keystoneclient import auth
 from keystoneclient import base
+from keystoneclient import exceptions
 from keystoneclient import utils
 
 
@@ -48,14 +50,19 @@ class TokenManager(base.Manager):
             params['auth']['tenantId'] = tenant_id
         elif tenant_name:
             params['auth']['tenantName'] = tenant_name
-        reset = 0
+
-        if self.api.management_url is None:
+        args = ['/tokens', params, 'access']
-            reset = 1
+        kwargs = {'return_raw': return_raw, 'log': False}
-            self.api.management_url = self.api.auth_url
+
-        token_ref = self._create('/tokens', params, "access",
+        # NOTE(jamielennox): try doing a regular admin query first. If there is
-                                 return_raw=return_raw, log=False)
+        # no endpoint that can satisfy the request (eg an unscoped token) then
-        if reset:
+        # issue it against the auth_url.
-            self.api.management_url = None
+        try:
+            token_ref = self._create(*args, **kwargs)
+        except exceptions.EndpointNotFound:
+            kwargs['endpoint_filter'] = {'interface': auth.AUTH_INTERFACE}
+            token_ref = self._create(*args, **kwargs)
+
         return token_ref
 
     def delete(self, token):