Add the 'auth' interface type

There are certain requests that will always want to be sent to the
auth_url.

Add a new interface type to the get_endpoint command of the base
identity plugin such that if you ask for the 'auth' interface it will
give you the auth_url.

Implements: blueprint session-auth-endpoint
Change-Id: If653970354b919fdd6e80c061611c3aad129c574

keystoneclient/auth/__init__.py

@@ -18,6 +18,7 @@ from keystoneclient.auth.conf import *  # noqa
 
 __all__ = [
     # auth.base
+    'AUTH_INTERFACE',
     'BaseAuthPlugin',
     'get_plugin_class',
     'PLUGIN_NAMESPACE',

keystoneclient/auth/base.py

@@ -17,6 +17,11 @@ import stevedore
 
 from keystoneclient import exceptions
 
+# NOTE(jamielennox): The AUTH_INTERFACE is a special value that can be
+# requested from get_endpoint. If a plugin receives this as the value of
+# 'interface' it should return the initial URL that was passed to the plugin.
+AUTH_INTERFACE = object()
+
 PLUGIN_NAMESPACE = 'keystoneclient.auth.plugin'
 
 

keystoneclient/auth/identity/base.py

@@ -125,8 +125,10 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
                                     for. This plugin will return None (failure)
                                     if service_type is not provided.
         :param string interface: The exposure of the endpoint. Should be
-                                 `public`, `internal` or `admin`.
+                                 `public`, `internal`, `admin`, or `auth`.
-                                 Defaults to `public`.
+                                 `auth` is special here to use the `auth_url`
+                                 rather than a URL extracted from the service
+                                 catalog. Defaults to `public`.
         :param string region_name: The region the endpoint should exist in.
                                    (optional)
         :param string service_name: The name of the service in the catalog.
@@ -138,6 +140,13 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
 
         :return string or None: A valid endpoint URL or None if not available.
         """
+        # NOTE(jamielennox): if you specifically ask for requests to be sent to
+        # the auth url then we can ignore the rest of the checks. Typically if
+        # you are asking for the auth endpoint it means that there is no
+        # catalog to query anyway.
+        if interface is base.AUTH_INTERFACE:
+            return self.auth_url
+
         if not service_type:
             LOG.warn('Plugin cannot return an endpoint without knowing the '
                      'service type that is required. Add service_type to '

keystoneclient/httpclient.py

@@ -268,7 +268,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
             return self.auth_token_from_user
 
     def get_endpoint(self, session, interface=None, **kwargs):
-        if interface == 'public':
+        if interface == 'public' or interface is base.AUTH_INTERFACE:
             return self.auth_url
         else:
             return self.management_url

keystoneclient/tests/auth/test_identity_common.py

@@ -16,6 +16,7 @@ import uuid
 import httpretty
 import six
 
+from keystoneclient.auth import base
 from keystoneclient.auth.identity import v2
 from keystoneclient.auth.identity import v3
 from keystoneclient.openstack.common import jsonutils
@@ -208,6 +209,15 @@ class CommonIdentityTests(object):
         self.assertEqual(200, resp.status_code)
         self.assertEqual(body, resp.text)
 
+    def test_asking_for_auth_endpoint_ignores_checks(self):
+        a = self.create_auth_plugin()
+        s = session.Session(auth=a)
+
+        auth_url = s.get_endpoint(service_type='compute',
+                                  interface=base.AUTH_INTERFACE)
+
+        self.assertEqual(self.TEST_URL, auth_url)
+
 
 class V3(CommonIdentityTests, utils.TestCase):