From f0124b71d6bbf83737e0659a174d586d80bc377c Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk <sileht@redhat.com>
Date: Wed, 13 Jan 2016 15:37:47 +0100
Subject: Only token or creds are required.

When token is provided and not the endpoint,
the client works, because keystoneauth/keystoneclient will
use the service_type to discover the endpoint.

Closes-bug: #1533712
Change-Id: I0cf1ba52f656a450d358b2356df67d004f9aba7d
---
 ceilometerclient/client.py                 | 39 +++++++++++++++++++++++-------
 ceilometerclient/tests/unit/test_client.py |  2 +-
 2 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/ceilometerclient/client.py b/ceilometerclient/client.py
index cc65f8d..b6bc479 100644
--- a/ceilometerclient/client.py
+++ b/ceilometerclient/client.py
@@ -71,6 +71,7 @@ def _get_keystone_session(**kwargs):
     auth_url = kwargs.pop('auth_url', None)
     project_id = kwargs.pop('project_id', None)
     project_name = kwargs.pop('project_name', None)
+    token = kwargs['token']
     timeout = kwargs.get('timeout')
 
     if insecure:
@@ -100,7 +101,21 @@ def _get_keystone_session(**kwargs):
     use_v3 = v3_auth_url and (use_domain or (not v2_auth_url))
     use_v2 = v2_auth_url and not use_domain
 
-    if use_v3:
+    if use_v3 and token:
+        auth = v3_auth.Token(
+            v3_auth_url,
+            token=token,
+            project_name=project_name,
+            project_id=project_id,
+            project_domain_name=project_domain_name,
+            project_domain_id=project_domain_id)
+    elif use_v2 and token:
+        auth = v2_auth.Token(
+            v2_auth_url,
+            token=token,
+            tenant_id=project_id,
+            tenant_name=project_name)
+    elif use_v3:
         # the auth_url as v3 specified
         # e.g. http://no.where:5000/v3
         # Keystone will return only v3 as viable option
@@ -125,6 +140,7 @@ def _get_keystone_session(**kwargs):
             kwargs.pop('password', None),
             tenant_id=project_id,
             tenant_name=project_name)
+
     else:
         raise exc.CommandError('Unable to determine the Keystone version '
                                'to authenticate with using the given '
@@ -160,16 +176,20 @@ class AuthPlugin(auth.BaseAuthPlugin):
     def __init__(self, auth_system=None, **kwargs):
         self.opt_names.extend(self.common_opt_names)
         super(AuthPlugin, self).__init__(auth_system, **kwargs)
+        # NOTE(sileht): backward compat
+        if self.opts.get('auth_token') and not self.opts.get('token'):
+            self.opts['token'] = self.opts.get('auth_token')
 
     def _do_authenticate(self, http_client):
-        token = self.opts.get('token') or self.opts.get('auth_token')
+        token = self.opts.get('token')
         endpoint = self.opts.get('endpoint')
-        if not (token and endpoint):
+        if not (endpoint and token):
             ks_kwargs = self._get_ks_kwargs(http_timeout=http_client.timeout)
             ks_session = _get_keystone_session(**ks_kwargs)
-            token = lambda: ks_session.get_token()
-            endpoint = (self.opts.get('endpoint') or
-                        _get_endpoint(ks_session, **ks_kwargs))
+            if not token:
+                token = lambda: ks_session.get_token()
+            if not endpoint:
+                endpoint = _get_endpoint(ks_session, **ks_kwargs)
         self.opts['token'] = token
         self.opts['endpoint'] = endpoint
 
@@ -178,6 +198,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
                       self.opts.get('tenant_id'))
         project_name = (self.opts.get('project_name') or
                         self.opts.get('tenant_name'))
+        token = self.opts.get('token')
         ks_kwargs = {
             'username': self.opts.get('username'),
             'password': self.opts.get('password'),
@@ -198,6 +219,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
             'service_type': self.opts.get('service_type'),
             'region_name': self.opts.get('region_name'),
             'timeout': http_timeout,
+            'token': token() if callable(token) else token,
         }
         return ks_kwargs
 
@@ -212,8 +234,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
 
         :raises: AuthPluginOptionsMissing
         """
-        has_token = self.opts.get('token') or self.opts.get('auth_token')
-        no_auth = has_token and self.opts.get('endpoint')
+        has_token = self.opts.get('token')
         has_project_domain_or_tenant = (self.opts.get('project_id') or
                                         (self.opts.get('project_name') and
                                         (self.opts.get('user_domain_name') or
@@ -224,7 +245,7 @@ class AuthPlugin(auth.BaseAuthPlugin):
                           and has_project_domain_or_tenant
                           and self.opts.get('password')
                           and self.opts.get('auth_url'))
-        missing = not (no_auth or has_credential)
+        missing = not (has_token or has_credential)
         if missing:
             missing_opts = []
             opts = ['token', 'endpoint', 'username', 'password', 'auth_url',
diff --git a/ceilometerclient/tests/unit/test_client.py b/ceilometerclient/tests/unit/test_client.py
index 18335ba..000f0e8 100644
--- a/ceilometerclient/tests/unit/test_client.py
+++ b/ceilometerclient/tests/unit/test_client.py
@@ -399,6 +399,6 @@ class ClientAuthTest(utils.BaseTestCase):
         session_instance_mock = mock.MagicMock()
         session.return_value = session_instance_mock
         client = self.create_client(env)
-        client.auth_plugin.opts.pop('endpoint', None)
+        client.auth_plugin.opts.pop('token', None)
         self.assertRaises(exceptions.AuthPluginOptionsMissing,
                           client.auth_plugin.sufficient_options)
-- 
cgit v1.2.1