diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 6dc7c931d..769b61b64 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -153,6 +153,7 @@ import tempfile import time import urllib +import netaddr import six from keystoneclient.common import cms @@ -375,11 +376,16 @@ class AuthProtocol(object): 'Configuring auth_uri to point to the public identity ' 'endpoint is required; clients may not be able to ' 'authenticate against an admin endpoint') - + host = self.auth_host + if netaddr.valid_ipv6(host): + # Note(dzyu) it is an IPv6 address, so it needs to be wrapped + # with '[]' to generate a valid IPv6 URL, based on + # http://www.ietf.org/rfc/rfc2732.txt + host = '[%s]' % host # FIXME(dolph): drop support for this fallback behavior as # documented in bug 1207517 self.auth_uri = '%s://%s:%s' % (self.auth_protocol, - self.auth_host, + host, self.auth_port) # SSL diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py index 126a4065b..85037d576 100644 --- a/tests/test_auth_token_middleware.py +++ b/tests/test_auth_token_middleware.py @@ -397,6 +397,16 @@ class CommonAuthTokenMiddlewareTest(object): self.set_middleware(conf=conf) self.assertLastPath(None) + def test_init_by_ipv6Addr_auth_host(self): + conf = { + 'auth_host': '2001:2013:1:f101::1', + 'auth_port': 1234, + 'auth_protocol': 'http', + } + self.set_middleware(conf=conf) + expected_auth_uri = 'http://[2001:2013:1:f101::1]:1234' + self.assertEqual(expected_auth_uri, self.middleware.auth_uri) + def assert_valid_request_200(self, token, with_catalog=True): req = webob.Request.blank('/') req.headers['X-Auth-Token'] = token