Update the management url for every fetched token

management_url was originally set once and never changed so that when
specifying an endpoint it wasn't later overridden by the service
catalog. This behaviour would prevent the management_url from being
updated when the client was reauthenticated.

Change-Id: I2fa41e2ae1b853bbb254698cf94b9314eb0f0903
Closes-bug: 1252927

keystoneclient/httpclient.py

@@ -225,7 +225,8 @@ class HTTPClient(object):
         self.project_domain_name = None
 
         self.auth_url = None
-        self.management_url = None
+        self._endpoint = None
+        self._management_url = None
         self.timeout = float(timeout) if timeout is not None else None
 
         self.trust_id = None
@@ -244,7 +245,7 @@ class HTTPClient(object):
             self.project_name = self.auth_ref.project_name
             self.project_domain_id = self.auth_ref.project_domain_id
             self.auth_url = self.auth_ref.auth_url[0]
-            self.management_url = self.auth_ref.management_url[0]
+            self._management_url = self.auth_ref.management_url[0]
             self.auth_token = self.auth_ref.auth_token
             self.trust_id = self.auth_ref.trust_id
         else:
@@ -302,7 +303,7 @@ class HTTPClient(object):
         else:
             self.auth_token_from_user = None
         if endpoint:
-            self.management_url = endpoint.rstrip('/')
+            self._endpoint = endpoint.rstrip('/')
         self.region_name = region_name
 
         self.original_ip = original_ip
@@ -536,8 +537,8 @@ class HTTPClient(object):
             if not self.auth_ref.tenant_id:
                 raise exceptions.AuthorizationFailure(
                     "Token didn't provide tenant_id")
-            if self.management_url is None and self.auth_ref.management_url:
-                self.management_url = self.auth_ref.management_url[0]
+            if self.auth_ref.management_url:
+                self._management_url = self.auth_ref.management_url[0]
             self.project_name = self.auth_ref.tenant_name
             self.project_id = self.auth_ref.tenant_id
 
@@ -551,6 +552,17 @@ class HTTPClient(object):
         self.auth_tenant_id = self.auth_ref.tenant_id
         self.auth_user_id = self.auth_ref.user_id
 
+    @property
+    def management_url(self):
+        return self._endpoint or self._management_url
+
+    @management_url.setter
+    def management_url(self, value):
+        # NOTE(jamielennox): it's debatable here whether we should set
+        # _endpoint or _management_url. As historically management_url was set
+        # permanently setting _endpoint would better match that behaviour.
+        self._endpoint = value
+
     def get_raw_token_from_identity_service(self, auth_url, username=None,
                                             password=None, tenant_name=None,
                                             tenant_id=None, token=None,

keystoneclient/tests/v2_0/test_client.py

@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import copy
 import json
 
 import httpretty
@@ -104,3 +105,28 @@ class KeystoneClientTest(utils.TestCase):
                           client.Client,
                           username='exampleuser',
                           password='password')
+
+    @httpretty.activate
+    def test_management_url_is_updated(self):
+        second = copy.deepcopy(client_fixtures.PROJECT_SCOPED_TOKEN)
+        first_url = 'http://admin:35357/v2.0'
+        second_url = "http://secondurl:%d/v2.0'"
+
+        for entry in second['access']['serviceCatalog']:
+            if entry['type'] == 'identity':
+                entry['endpoints'] = [{'adminURL': second_url % 35357,
+                                       'internalURL': second_url % 5000,
+                                       'publicURL': second_url % 6000,
+                                       'region': 'RegionOne'}]
+
+        self.stub_auth(json=client_fixtures.PROJECT_SCOPED_TOKEN)
+        cl = client.Client(username='exampleuser',
+                           password='password',
+                           tenant_name='exampleproject',
+                           auth_url=self.TEST_URL)
+
+        self.assertEqual(cl.management_url, first_url)
+
+        self.stub_auth(json=second)
+        cl.authenticate()
+        self.assertEqual(cl.management_url, second_url % 35357)

keystoneclient/tests/v3/test_client.py

@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import copy
 import json
 
 import httpretty
@@ -134,3 +135,37 @@ class KeystoneClientTest(utils.TestCase):
                           client.Client,
                           username='exampleuser',
                           password='password')
+
+    @httpretty.activate
+    def test_management_url_is_updated(self):
+        second = copy.deepcopy(client_fixtures.PROJECT_SCOPED_TOKEN)
+        first_url = 'http://admin:35357/v3'
+        second_url = "http://secondurl:%d/v3'"
+
+        for entry in second['token']['catalog']:
+            if entry['type'] == 'identity':
+                entry['endpoints'] = [{
+                    'url': second_url % 5000,
+                    'region': 'RegionOne',
+                    'interface': 'public'
+                }, {
+                    'url': second_url % 5000,
+                    'region': 'RegionOne',
+                    'interface': 'internal'
+                }, {
+                    'url': second_url % 35357,
+                    'region': 'RegionOne',
+                    'interface': 'admin'
+                }]
+
+        self.stub_auth(json=client_fixtures.PROJECT_SCOPED_TOKEN)
+        cl = client.Client(username='exampleuser',
+                           password='password',
+                           tenant_name='exampleproject',
+                           auth_url=self.TEST_URL)
+
+        self.assertEqual(cl.management_url, first_url)
+
+        self.stub_auth(json=second)
+        cl.authenticate()
+        self.assertEqual(cl.management_url, second_url % 35357)