From a175689418208e1c72d8db03d6b59893c73b2445 Mon Sep 17 00:00:00 2001
From: Pratik Mallya <pratik.mallya@gmail.com>
Date: Sun, 12 Apr 2015 22:33:57 -0500
Subject: [PATCH] Accept token and tenant_id for authenticating against KS

Allow swiftclient to authenticate against keystone using tenant
name/id and token only. Without this patch, the password is
required, which may not always be available. Authentication
against keystone is required to get the service catalog,
which includes the endpoints for swift.

Change-Id: I4477af445474c5fa97ff864c4942f1330b59e5d6
Closes-Bug: #1476002
---
 swiftclient/client.py          | 1 +
 tests/unit/test_swiftclient.py | 7 ++++++-
 tests/unit/utils.py            | 8 ++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/swiftclient/client.py b/swiftclient/client.py
index 4819c124..fdd66850 100644
--- a/swiftclient/client.py
+++ b/swiftclient/client.py
@@ -366,6 +366,7 @@ def get_auth_keystone(auth_url, user, key, os_options, **kwargs):
         _ksclient = ksclient.Client(
             username=user,
             password=key,
+            token=os_options.get('auth_token'),
             tenant_name=os_options.get('tenant_name'),
             tenant_id=os_options.get('tenant_id'),
             user_id=os_options.get('user_id'),
diff --git a/tests/unit/test_swiftclient.py b/tests/unit/test_swiftclient.py
index 97ae467a..6d772cb8 100644
--- a/tests/unit/test_swiftclient.py
+++ b/tests/unit/test_swiftclient.py
@@ -1534,9 +1534,10 @@ class TestConnection(MockHttpTest):
 
         # v2 auth
         timeouts = []
+        os_options = {'tenant_name': 'tenant', 'auth_token': 'meta-token'}
         conn = c.Connection(
             'http://auth.example.com', 'user', 'password', timeout=33.0,
-            os_options=dict(tenant_name='tenant'), auth_version=2.0)
+            os_options=os_options, auth_version=2.0)
         fake_ks = FakeKeystone(endpoint='http://some_url', token='secret')
         with mock.patch('swiftclient.client._import_keystone_client',
                         _make_fake_import_keystone_client(fake_ks)):
@@ -1552,6 +1553,10 @@ class TestConnection(MockHttpTest):
         # check timeout passed to HEAD for account
         self.assertEqual(timeouts, [33.0])
 
+        # check token passed to keystone client
+        self.assertIn('token', fake_ks.calls[0])
+        self.assertEqual('meta-token', fake_ks.calls[0].get('token'))
+
     def test_reset_stream(self):
 
         class LocalContents(object):
diff --git a/tests/unit/utils.py b/tests/unit/utils.py
index ac9aefdb..6fc68e6b 100644
--- a/tests/unit/utils.py
+++ b/tests/unit/utils.py
@@ -504,8 +504,8 @@ class FakeKeystone(object):
         self.token = token
 
     class _Client(object):
-        def __init__(self, endpoint, token, **kwargs):
-            self.auth_token = token
+        def __init__(self, endpoint, auth_token, **kwargs):
+            self.auth_token = auth_token
             self.endpoint = endpoint
             self.service_catalog = self.ServiceCatalog(endpoint)
 
@@ -520,8 +520,8 @@ class FakeKeystone(object):
 
     def Client(self, **kwargs):
         self.calls.append(kwargs)
-        self.client = self._Client(endpoint=self.endpoint, token=self.token,
-                                   **kwargs)
+        self.client = self._Client(
+            endpoint=self.endpoint, auth_token=self.token, **kwargs)
         return self.client
 
     class Unauthorized(Exception):