Handle federated tokens

Federated tokens don't include domains in the user object. Keystoneclient should be able to estimate whether the token is a federated one and, if so, don't expect user domain information. In case of the federated token keystoneclient returns None in response to user_domain_name and user_domain_id calls. Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com> Closes-Bug: #1346820 Change-Id: I3453275fa1b0a41b1c015b0c3a92895a77d69a41
author: Marek Denis <marek.denis@cern.ch> 2014-09-12 17:24:59 +0200
committer: Steve Martinelli <stevemar@ca.ibm.com> 2014-09-17 15:46:49 -0400
commit: 7006f9b0088eb1828f4da24b62e306b37eef79d2 (patch)
tree: 789acbf1a5da4fd4e6ee0a546e8032b5e165d98a /keystoneclient/access.py
parent: 3305c7be4b726de4dcc889006d0be30eb46d3ad9 (diff)
download: python-keystoneclient-7006f9b0088eb1828f4da24b62e306b37eef79d2.tar.gz
1 files changed, 28 insertions, 2 deletions
diff --git a/keystoneclient/access.py b/keystoneclient/access.py
index 3c89cc1..1f2affa 100644
--- a/keystoneclient/access.py
+++ b/keystoneclient/access.py
@@ -388,6 +388,14 @@ class AccessInfo(dict):
         """
         raise NotImplementedError()
 
+    @property
+    def is_federated(self):
+        """Returns true if federation was used to get the token.
+
+        :returns: boolean
+        """
+        raise NotImplementedError()
+
 
 class AccessInfoV2(AccessInfo):
     """An object for encapsulating a raw v2 auth token from identity
@@ -576,6 +584,10 @@ class AccessInfoV2(AccessInfo):
     def oauth_consumer_id(self):
         return None
 
+    @property
+    def is_federated(self):
+        return False
+
 
 class AccessInfoV3(AccessInfo):
     """An object for encapsulating a raw v3 auth token from identity
@@ -605,6 +617,10 @@ class AccessInfoV3(AccessInfo):
         return 'catalog' in self
 
     @property
+    def is_federated(self):
+        return 'OS-FEDERATION' in self['user']
+
+    @property
     def expires(self):
         return timeutils.parse_isotime(self['expires_at'])
 
@@ -618,11 +634,21 @@ class AccessInfoV3(AccessInfo):
 
     @property
     def user_domain_id(self):
-        return self['user']['domain']['id']
+        try:
+            return self['user']['domain']['id']
+        except KeyError:
+            if self.is_federated:
+                return None
+            raise
 
     @property
     def user_domain_name(self):
-        return self['user']['domain']['name']
+        try:
+            return self['user']['domain']['name']
+        except KeyError:
+            if self.is_federated:
+                return None
+            raise
 
     @property
     def role_ids(self):
author	Marek Denis <marek.denis@cern.ch>	2014-09-12 17:24:59 +0200
committer	Steve Martinelli <stevemar@ca.ibm.com>	2014-09-17 15:46:49 -0400
commit	7006f9b0088eb1828f4da24b62e306b37eef79d2 (patch)
tree	789acbf1a5da4fd4e6ee0a546e8032b5e165d98a /keystoneclient/access.py
parent	3305c7be4b726de4dcc889006d0be30eb46d3ad9 (diff)
download	python-keystoneclient-7006f9b0088eb1828f4da24b62e306b37eef79d2.tar.gz