Remove hardcoded endpoint filter for update password

User password update hardcoded the endpoint_filter to always use the public endpoint. This will break deployments where services behind the firewall have no access to the public endpoint. Endpoint selection should be allowed by the end user (i.e. openstack --os-interface internal user password set). Closes-Bug: 1503459 Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
2015-10-06 15:51:12 -07:00
parent 8a65f5f49c
commit 8380f3f2a8
2 changed files with 23 additions and 2 deletions
--- a/keystoneclient/tests/unit/v3/test_users.py
+++ b/keystoneclient/tests/unit/v3/test_users.py
@@ -12,6 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+import mock
 import uuid

 from keystoneclient import exceptions
@@ -254,6 +255,27 @@ class UserTests(utils.TestCase, utils.CrudTests):
        self.assertNotIn(old_password, self.logger.output)
        self.assertNotIn(new_password, self.logger.output)

+    def test_update_password_with_no_hardcoded_endpoint_filter(self):
+        # test to ensure the 'endpoint_filter' parameter is not being
+        # passed from the manager. Endpoint filtering should be done at
+        # the Session, not the individual managers.
+        old_password = uuid.uuid4().hex
+        new_password = uuid.uuid4().hex
+        expected_params = {'user': {'password': new_password,
+                                    'original_password': old_password}}
+        user_password_update_path = '/users/%s/password' % self.TEST_USER_ID
+
+        self.client.user_id = self.TEST_USER_ID
+        # NOTE(gyee): user manager subclass keystoneclient.base.Manager
+        # and utilize the _update() method in the base class to interface
+        # with the client session to perform the update. In the case, we
+        # just need to make sure the 'endpoint_filter' parameter is not
+        # there.
+        with mock.patch('keystoneclient.base.Manager._update') as m:
+            self.manager.update_password(old_password, new_password)
+            m.assert_called_with(user_password_update_path, expected_params,
+                                 method='POST', log=False)
+
    def test_update_password_with_bad_inputs(self):
        old_password = uuid.uuid4().hex
        new_password = uuid.uuid4().hex
--- a/keystoneclient/v3/users.py
+++ b/keystoneclient/v3/users.py
@@ -160,8 +160,7 @@ class UserManager(base.CrudManager):

        base_url = '/users/%s/password' % self.client.user_id

-        return self._update(base_url, params, method='POST', log=False,
-                            endpoint_filter={'interface': 'public'})
+        return self._update(base_url, params, method='POST', log=False)

    def add_to_group(self, user, group):
        self._require_user_and_group(user, group)