diff options
author | Marek Denis <marek.denis@cern.ch> | 2014-09-12 17:24:59 +0200 |
---|---|---|
committer | Steve Martinelli <stevemar@ca.ibm.com> | 2014-09-17 15:46:49 -0400 |
commit | 7006f9b0088eb1828f4da24b62e306b37eef79d2 (patch) | |
tree | 789acbf1a5da4fd4e6ee0a546e8032b5e165d98a /keystoneclient/access.py | |
parent | 3305c7be4b726de4dcc889006d0be30eb46d3ad9 (diff) | |
download | python-keystoneclient-7006f9b0088eb1828f4da24b62e306b37eef79d2.tar.gz |
Handle federated tokens
Federated tokens don't include domains in the user object.
Keystoneclient should be able to estimate whether the token is a
federated one and, if so, don't expect user domain information.
In case of the federated token keystoneclient returns None in response
to user_domain_name and user_domain_id calls.
Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Closes-Bug: #1346820
Change-Id: I3453275fa1b0a41b1c015b0c3a92895a77d69a41
Diffstat (limited to 'keystoneclient/access.py')
-rw-r--r-- | keystoneclient/access.py | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/keystoneclient/access.py b/keystoneclient/access.py index 3c89cc1..1f2affa 100644 --- a/keystoneclient/access.py +++ b/keystoneclient/access.py @@ -388,6 +388,14 @@ class AccessInfo(dict): """ raise NotImplementedError() + @property + def is_federated(self): + """Returns true if federation was used to get the token. + + :returns: boolean + """ + raise NotImplementedError() + class AccessInfoV2(AccessInfo): """An object for encapsulating a raw v2 auth token from identity @@ -576,6 +584,10 @@ class AccessInfoV2(AccessInfo): def oauth_consumer_id(self): return None + @property + def is_federated(self): + return False + class AccessInfoV3(AccessInfo): """An object for encapsulating a raw v3 auth token from identity @@ -605,6 +617,10 @@ class AccessInfoV3(AccessInfo): return 'catalog' in self @property + def is_federated(self): + return 'OS-FEDERATION' in self['user'] + + @property def expires(self): return timeutils.parse_isotime(self['expires_at']) @@ -618,11 +634,21 @@ class AccessInfoV3(AccessInfo): @property def user_domain_id(self): - return self['user']['domain']['id'] + try: + return self['user']['domain']['id'] + except KeyError: + if self.is_federated: + return None + raise @property def user_domain_name(self): - return self['user']['domain']['name'] + try: + return self['user']['domain']['name'] + except KeyError: + if self.is_federated: + return None + raise @property def role_ids(self): |