diff options
| author | Haneef Ali <haneef.ali@hp.com> | 2015-10-06 15:51:12 -0700 |
|---|---|---|
| committer | Stuart McLaren <stuart.mclaren@hp.com> | 2015-11-30 18:45:45 +0000 |
| commit | 6125040fca54e7fb6483114bbbe3e60f69ebb057 (patch) | |
| tree | 9902fa7eab3afe7a21e6f9e39e2d3efa0e0c19e6 | |
| parent | 116195a8f81395cbd546dec7392f1441dce0cdde (diff) | |
| download | python-keystoneclient-6125040fca54e7fb6483114bbbe3e60f69ebb057.tar.gz | |
Remove hardcoded endpoint filter for update password
User password update hardcoded the endpoint_filter to always use the public
endpoint. This will break deployments where services behind the firewall have
no access to the public endpoint. Endpoint selection should be allowed
by the end user (i.e. openstack --os-interface internal user password set).
Closes-Bug: 1503459
Change-Id: Ib11d60cd8e81b99aedb27f1cbbf6b79218045cf0
(cherry picked from commit d47da3b59c581dd3bb6bd4d75de819d0fd734fa5)
| -rw-r--r-- | keystoneclient/tests/unit/v3/test_users.py | 22 | ||||
| -rw-r--r-- | keystoneclient/v3/users.py | 3 |
2 files changed, 23 insertions, 2 deletions
diff --git a/keystoneclient/tests/unit/v3/test_users.py b/keystoneclient/tests/unit/v3/test_users.py index ddc0aec..ccb3b00 100644 --- a/keystoneclient/tests/unit/v3/test_users.py +++ b/keystoneclient/tests/unit/v3/test_users.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +import mock import uuid from keystoneclient import exceptions @@ -254,6 +255,27 @@ class UserTests(utils.TestCase, utils.CrudTests): self.assertNotIn(old_password, self.logger.output) self.assertNotIn(new_password, self.logger.output) + def test_update_password_with_no_hardcoded_endpoint_filter(self): + # test to ensure the 'endpoint_filter' parameter is not being + # passed from the manager. Endpoint filtering should be done at + # the Session, not the individual managers. + old_password = uuid.uuid4().hex + new_password = uuid.uuid4().hex + expected_params = {'user': {'password': new_password, + 'original_password': old_password}} + user_password_update_path = '/users/%s/password' % self.TEST_USER_ID + + self.client.user_id = self.TEST_USER_ID + # NOTE(gyee): user manager subclass keystoneclient.base.Manager + # and utilize the _update() method in the base class to interface + # with the client session to perform the update. In the case, we + # just need to make sure the 'endpoint_filter' parameter is not + # there. + with mock.patch('keystoneclient.base.Manager._update') as m: + self.manager.update_password(old_password, new_password) + m.assert_called_with(user_password_update_path, expected_params, + method='POST', log=False) + def test_update_password_with_bad_inputs(self): old_password = uuid.uuid4().hex new_password = uuid.uuid4().hex diff --git a/keystoneclient/v3/users.py b/keystoneclient/v3/users.py index 6eeddb5..708b5f6 100644 --- a/keystoneclient/v3/users.py +++ b/keystoneclient/v3/users.py @@ -160,8 +160,7 @@ class UserManager(base.CrudManager): base_url = '/users/%s/password' % self.client.user_id - return self._update(base_url, params, method='POST', log=False, - endpoint_filter={'interface': 'public'}) + return self._update(base_url, params, method='POST', log=False) def add_to_group(self, user, group): self._require_user_and_group(user, group) |