openstack/python-keystoneclient
Code Issues Proposed changes

Remove hardcoded endpoint filter for update password

Browse Source 
User password update hardcoded the endpoint_filter to always use the public
endpoint. This will break deployments where services behind the firewall have
no access to the public endpoint. Endpoint selection should be allowed
by the end user (i.e. openstack --os-interface internal user password set).

Closes-Bug: 1503459

Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
This commit is contained in:
Haneef Ali
2015-10-06 15:51:12 -07:00
committed by Steve Martinelli
parent 8a65f5f49c
commit 8380f3f2a8
2 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
keystoneclient/tests/unit/v3/test_users.py
View File

@@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import mock
import uuid import uuid
from keystoneclient import exceptions from keystoneclient import exceptions
@@ -254,6 +255,27 @@ class UserTests(utils.TestCase, utils.CrudTests):
self.assertNotIn(old_password, self.logger.output) self.assertNotIn(old_password, self.logger.output)
self.assertNotIn(new_password, self.logger.output) self.assertNotIn(new_password, self.logger.output)
def test_update_password_with_no_hardcoded_endpoint_filter(self):
# test to ensure the 'endpoint_filter' parameter is not being
# passed from the manager. Endpoint filtering should be done at
# the Session, not the individual managers.
old_password = uuid.uuid4().hex
new_password = uuid.uuid4().hex
expected_params = {'user': {'password': new_password,
'original_password': old_password}}
user_password_update_path = '/users/%s/password' % self.TEST_USER_ID
self.client.user_id = self.TEST_USER_ID
# NOTE(gyee): user manager subclass keystoneclient.base.Manager
# and utilize the _update() method in the base class to interface
# with the client session to perform the update. In the case, we
# just need to make sure the 'endpoint_filter' parameter is not
# there.
with mock.patch('keystoneclient.base.Manager._update') as m:
self.manager.update_password(old_password, new_password)
m.assert_called_with(user_password_update_path, expected_params,
method='POST', log=False)
def test_update_password_with_bad_inputs(self): def test_update_password_with_bad_inputs(self):
old_password = uuid.uuid4().hex old_password = uuid.uuid4().hex
new_password = uuid.uuid4().hex new_password = uuid.uuid4().hex

3
keystoneclient/v3/users.py
View File

@@ -160,8 +160,7 @@ class UserManager(base.CrudManager):
base_url = '/users/%s/password' % self.client.user_id base_url = '/users/%s/password' % self.client.user_id
return self._update(base_url, params, method='POST', log=False, return self._update(base_url, params, method='POST', log=False)
endpoint_filter={'interface': 'public'})
def add_to_group(self, user, group): def add_to_group(self, user, group):
self._require_user_and_group(user, group) self._require_user_and_group(user, group)