Allow v3 plugins to opt out of service catalog

The identity server supports adding ?nocatalog to auth requests and there are situations where we need to be able to exploit that from the client. Allow passing include_catalog=False to v3 plugins to fetch a plugin without a catalog. Change-Id: I4b2afbfffb71490faed4b7ef0de4d00ee208733a Closes-Bug: #1228317
2014-12-19 16:06:38 +10:00
parent 10860db5f1
commit ed2858add1
2 changed files with 30 additions and 3 deletions
--- a/keystoneclient/auth/identity/v3.py
+++ b/keystoneclient/auth/identity/v3.py
@@ -39,6 +39,8 @@ class Auth(base.BaseIdentityPlugin):
    :param string project_domain_name: Project's domain name for project.
    :param bool reauthenticate: Allow fetching a new token if the current one
                                is going to expire. (optional) default True
+    :param bool include_catalog: Include the service catalog in the returned
+                                 token. (optional) default True.
    """

    @utils.positional()
@@ -50,7 +52,8 @@ class Auth(base.BaseIdentityPlugin):
                 project_name=None,
                 project_domain_id=None,
                 project_domain_name=None,
-                 reauthenticate=True):
+                 reauthenticate=True,
+                 include_catalog=True):
        super(Auth, self).__init__(auth_url=auth_url,
                                   reauthenticate=reauthenticate)

@@ -62,6 +65,7 @@ class Auth(base.BaseIdentityPlugin):
        self.project_name = project_name
        self.project_domain_id = project_domain_id
        self.project_domain_name = project_domain_name
+        self.include_catalog = include_catalog

    @property
    def token_url(self):
@@ -112,8 +116,14 @@ class Auth(base.BaseIdentityPlugin):
        elif self.trust_id:
            body['auth']['scope'] = {'OS-TRUST:trust': {'id': self.trust_id}}

-        _logger.debug('Making authentication request to %s', self.token_url)
-        resp = session.post(self.token_url, json=body, headers=headers,
+        # NOTE(jamielennox): we add nocatalog here rather than in token_url
+        # directly as some federation plugins require the base token_url
+        token_url = self.token_url
+        if not self.include_catalog:
+            token_url += '?nocatalog'
+
+        _logger.debug('Making authentication request to %s', token_url)
+        resp = session.post(token_url, json=body, headers=headers,
                            authenticated=False, log=False, **rkwargs)

        try:
--- a/keystoneclient/tests/auth/test_identity_v3.py
+++ b/keystoneclient/tests/auth/test_identity_v3.py
@@ -452,3 +452,20 @@ class V3IdentityPlugin(utils.TestCase):
        self.assertEqual(self.TEST_TOKEN, s.get_token())

        self.assertNotIn(password, self.logger.output)
+
+    def test_sends_nocatalog(self):
+        del self.TEST_RESPONSE_DICT['token']['catalog']
+        self.stub_auth(json=self.TEST_RESPONSE_DICT)
+
+        a = v3.Password(self.TEST_URL,
+                        username=self.TEST_USER,
+                        password=self.TEST_PASS,
+                        include_catalog=False)
+        s = session.Session(auth=a)
+
+        s.get_token()
+
+        auth_url = self.TEST_URL + '/auth/tokens'
+        self.assertEqual(auth_url, a.token_url)
+        self.assertEqual(auth_url + '?nocatalog',
+                         self.requests.last_request.url)