diff options
author | Joe Heck <heckj@mac.com> | 2012-10-13 00:15:39 +0000 |
---|---|---|
committer | Joe Heck <heckj@mac.com> | 2012-11-09 00:02:41 +0000 |
commit | f1cc3cfc42db902589785320547204388aa170a3 (patch) | |
tree | 8474d5aa884043b3dbd139a883fbb55aa1fe0e43 /keystoneclient/client.py | |
parent | d471f65231427d54c329697982533e6868b7cdb1 (diff) | |
download | python-keystoneclient-f1cc3cfc42db902589785320547204388aa170a3.tar.gz |
removing repeat attempt at authorization in client
blueprint solidify-python-api
* extended and updated documentation strings
* updated README.rst with latest options
* made debug a pass-through value, optionally set on client (instead of
just being pulled from environment variable)
* adding AccessInfo object and associated tests
(access.AccessInfo meant to be a cacheable object external to client
and ultimately to replace service_catalog and it's existing functionality)
* extending authtoken to support lists of endpoints
* maintaining a single entity for client.management_url with first from
list of possible endpoints
* create project_name and project_id synonyms to match tenant_name and
tenant_id
* replacing authenticate call to a pure method, not overloading the
resource/manager path that confuses base URL concepts.
* throw AuthorizationFailure if client attempts to access keystone
resources before it has a management url
* special case listing tenant using auth_url for unscoped tokens authorized
through client
* special case listing tokens.authenticate for Dashboard to allow unscoped
tokens to hand back parity information to dashboard
Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
Diffstat (limited to 'keystoneclient/client.py')
-rw-r--r-- | keystoneclient/client.py | 59 |
1 files changed, 31 insertions, 28 deletions
diff --git a/keystoneclient/client.py b/keystoneclient/client.py index d5b5ac3..9ab3cfb 100644 --- a/keystoneclient/client.py +++ b/keystoneclient/client.py @@ -10,7 +10,6 @@ OpenStack Client interface. Handles the REST calls and responses. import copy import logging -import os import urlparse import httplib2 @@ -26,6 +25,7 @@ if not hasattr(urlparse, 'parse_qsl'): urlparse.parse_qsl = cgi.parse_qsl +from keystoneclient import access from keystoneclient import exceptions @@ -39,31 +39,42 @@ class HTTPClient(httplib2.Http): def __init__(self, username=None, tenant_id=None, tenant_name=None, password=None, auth_url=None, region_name=None, timeout=None, endpoint=None, token=None, cacert=None, key=None, - cert=None, insecure=False, original_ip=None): + cert=None, insecure=False, original_ip=None, debug=False, + auth_ref=None): super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert) if cert: if key: self.add_certificate(key=key, cert=cert, domain='') else: self.add_certificate(key=cert, cert=cert, domain='') + self.version = 'v2.0' + self.auth_ref = access.AccessInfo(**auth_ref) if auth_ref else None + if self.auth_ref: + self.username = self.auth_ref.username + self.tenant_id = self.auth_ref.tenant_id + self.tenant_name = self.auth_ref.tenant_name + self.auth_url = self.auth_ref.auth_url + self.management_url = self.auth_ref.management_url + self.auth_token = self.auth_ref.auth_token + #NOTE(heckj): allow override of the auth_ref defaults from explicit + # values provided to the client self.username = username self.tenant_id = tenant_id self.tenant_name = tenant_name self.password = password self.auth_url = auth_url.rstrip('/') if auth_url else None - self.version = 'v2.0' - self.region_name = region_name self.auth_token = token self.original_ip = original_ip - self.management_url = endpoint + self.management_url = endpoint.rstrip('/') if endpoint else None + self.region_name = region_name # httplib2 overrides self.force_exception_to_status_code = True self.disable_ssl_certificate_validation = insecure # logging setup - self.debug_log = os.environ.get('KEYSTONECLIENT_DEBUG', False) + self.debug_log = debug if self.debug_log: ch = logging.StreamHandler() _logger.setLevel(logging.DEBUG) @@ -74,6 +85,10 @@ class HTTPClient(httplib2.Http): Not implemented here because auth protocols should be API version-specific. + + Expected to authenticate or validate an existing authentication + reference already associated with the client. Invoking this call + *always* makes a call to the Keystone. """ raise NotImplementedError @@ -135,7 +150,7 @@ class HTTPClient(httplib2.Http): self.http_log_resp(resp, body) if resp.status in (400, 401, 403, 404, 408, 409, 413, 500, 501): - _logger.debug("Request returned failure status.") + _logger.debug("Request returned failure status: %s", resp.status) raise exceptions.from_response(resp, body) elif resp.status in (301, 302, 305): # Redirected. Reissue the request to the new location. @@ -153,32 +168,20 @@ class HTTPClient(httplib2.Http): return resp, body def _cs_request(self, url, method, **kwargs): - if not self.management_url: - self.authenticate() + """ Makes an authenticated request to keystone endpoint by + concatenating self.management_url and url and passing in method and + any associated kwargs. """ + if self.management_url is None: + raise exceptions.AuthorizationFailure( + 'Current authorization does not have a known management url') kwargs.setdefault('headers', {}) if self.auth_token: kwargs['headers']['X-Auth-Token'] = self.auth_token - # Perform the request once. If we get a 401 back then it - # might be because the auth token expired, so try to - # re-authenticate and try again. If it still fails, bail. - try: - resp, body = self.request(self.management_url + url, method, - **kwargs) - return resp, body - except exceptions.Unauthorized: - try: - if getattr(self, '_failures', 0) < 1: - self._failures = getattr(self, '_failures', 0) + 1 - self.authenticate() - resp, body = self.request(self.management_url + url, - method, **kwargs) - return resp, body - else: - raise - except exceptions.Unauthorized: - raise + resp, body = self.request(self.management_url + url, method, + **kwargs) + return resp, body def get(self, url, **kwargs): return self._cs_request(url, 'GET', **kwargs) |