diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2014-12-19 16:06:38 +1000 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2014-12-19 16:15:32 +1000 |
commit | ed2858add157b9536f157ca08f443a11dd5b1559 (patch) | |
tree | 24791bf229d6a845b452dbf781c1e0a5515cc871 | |
parent | 10860db5f155052ca0d353ce9058e1c16eec8437 (diff) | |
download | python-keystoneclient-ed2858add157b9536f157ca08f443a11dd5b1559.tar.gz |
Allow v3 plugins to opt out of service catalog
The identity server supports adding ?nocatalog to auth requests and
there are situations where we need to be able to exploit that from the
client. Allow passing include_catalog=False to v3 plugins to fetch a
plugin without a catalog.
Change-Id: I4b2afbfffb71490faed4b7ef0de4d00ee208733a
Closes-Bug: #1228317
-rw-r--r-- | keystoneclient/auth/identity/v3.py | 16 | ||||
-rw-r--r-- | keystoneclient/tests/auth/test_identity_v3.py | 17 |
2 files changed, 30 insertions, 3 deletions
diff --git a/keystoneclient/auth/identity/v3.py b/keystoneclient/auth/identity/v3.py index 8f723ff..b090225 100644 --- a/keystoneclient/auth/identity/v3.py +++ b/keystoneclient/auth/identity/v3.py @@ -39,6 +39,8 @@ class Auth(base.BaseIdentityPlugin): :param string project_domain_name: Project's domain name for project. :param bool reauthenticate: Allow fetching a new token if the current one is going to expire. (optional) default True + :param bool include_catalog: Include the service catalog in the returned + token. (optional) default True. """ @utils.positional() @@ -50,7 +52,8 @@ class Auth(base.BaseIdentityPlugin): project_name=None, project_domain_id=None, project_domain_name=None, - reauthenticate=True): + reauthenticate=True, + include_catalog=True): super(Auth, self).__init__(auth_url=auth_url, reauthenticate=reauthenticate) @@ -62,6 +65,7 @@ class Auth(base.BaseIdentityPlugin): self.project_name = project_name self.project_domain_id = project_domain_id self.project_domain_name = project_domain_name + self.include_catalog = include_catalog @property def token_url(self): @@ -112,8 +116,14 @@ class Auth(base.BaseIdentityPlugin): elif self.trust_id: body['auth']['scope'] = {'OS-TRUST:trust': {'id': self.trust_id}} - _logger.debug('Making authentication request to %s', self.token_url) - resp = session.post(self.token_url, json=body, headers=headers, + # NOTE(jamielennox): we add nocatalog here rather than in token_url + # directly as some federation plugins require the base token_url + token_url = self.token_url + if not self.include_catalog: + token_url += '?nocatalog' + + _logger.debug('Making authentication request to %s', token_url) + resp = session.post(token_url, json=body, headers=headers, authenticated=False, log=False, **rkwargs) try: diff --git a/keystoneclient/tests/auth/test_identity_v3.py b/keystoneclient/tests/auth/test_identity_v3.py index bce4fa7..c63d047 100644 --- a/keystoneclient/tests/auth/test_identity_v3.py +++ b/keystoneclient/tests/auth/test_identity_v3.py @@ -452,3 +452,20 @@ class V3IdentityPlugin(utils.TestCase): self.assertEqual(self.TEST_TOKEN, s.get_token()) self.assertNotIn(password, self.logger.output) + + def test_sends_nocatalog(self): + del self.TEST_RESPONSE_DICT['token']['catalog'] + self.stub_auth(json=self.TEST_RESPONSE_DICT) + + a = v3.Password(self.TEST_URL, + username=self.TEST_USER, + password=self.TEST_PASS, + include_catalog=False) + s = session.Session(auth=a) + + s.get_token() + + auth_url = self.TEST_URL + '/auth/tokens' + self.assertEqual(auth_url, a.token_url) + self.assertEqual(auth_url + '?nocatalog', + self.requests.last_request.url) |