diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2014-07-14 10:00:55 +1000 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2014-08-12 19:20:58 +0000 |
commit | 7825e99e36212e3738794879a2fa8c4eec77c468 (patch) | |
tree | cb0687952c7390a0dcef8fb72edc6de6a19fd92f /keystoneclient/v2_0 | |
parent | 5785698d48c77d8c27189fb7e548fa72e3a1719b (diff) | |
download | python-keystoneclient-7825e99e36212e3738794879a2fa8c4eec77c468.tar.gz |
Change unscoped token fallback to be session aware
The existing way of sending requests to the auth_url was to override the
management_url for the duration of a single call. Aside from being ugly,
this won't work with session objects where the management_url is
ignored.
The tests for this behaviour have been previously merged to ensure that
the before and after behaviour remains unchanged.
Change-Id: I879adcb25dd373ab4a7b77b6539974e22220aad4
Diffstat (limited to 'keystoneclient/v2_0')
-rw-r--r-- | keystoneclient/v2_0/tenants.py | 21 | ||||
-rw-r--r-- | keystoneclient/v2_0/tokens.py | 23 |
2 files changed, 27 insertions, 17 deletions
diff --git a/keystoneclient/v2_0/tenants.py b/keystoneclient/v2_0/tenants.py index 93d6890..79d98d5 100644 --- a/keystoneclient/v2_0/tenants.py +++ b/keystoneclient/v2_0/tenants.py @@ -17,7 +17,9 @@ import six from six.moves import urllib +from keystoneclient import auth from keystoneclient import base +from keystoneclient import exceptions class Tenant(base.Resource): @@ -114,15 +116,16 @@ class TenantManager(base.ManagerWithFind): if params: query = "?" + urllib.parse.urlencode(params) - reset = 0 - if self.api.management_url is None: - # special casing to allow tenant lists on the auth_url - # for unscoped tokens - reset = 1 - self.api.management_url = self.api.auth_url - tenant_list = self._list("/tenants%s" % query, "tenants") - if reset: - self.api.management_url = None + # NOTE(jamielennox): try doing a regular admin query first. If there is + # no endpoint that can satisfy the request (eg an unscoped token) then + # issue it against the auth_url. + try: + tenant_list = self._list('/tenants%s' % query, 'tenants') + except exceptions.EndpointNotFound: + endpoint_filter = {'interface': auth.AUTH_INTERFACE} + tenant_list = self._list('/tenants%s' % query, 'tenants', + endpoint_filter=endpoint_filter) + return tenant_list def update(self, tenant_id, tenant_name=None, description=None, diff --git a/keystoneclient/v2_0/tokens.py b/keystoneclient/v2_0/tokens.py index dc1b0a2..e5a21d4 100644 --- a/keystoneclient/v2_0/tokens.py +++ b/keystoneclient/v2_0/tokens.py @@ -10,7 +10,9 @@ # License for the specific language governing permissions and limitations # under the License. +from keystoneclient import auth from keystoneclient import base +from keystoneclient import exceptions from keystoneclient import utils @@ -48,14 +50,19 @@ class TokenManager(base.Manager): params['auth']['tenantId'] = tenant_id elif tenant_name: params['auth']['tenantName'] = tenant_name - reset = 0 - if self.api.management_url is None: - reset = 1 - self.api.management_url = self.api.auth_url - token_ref = self._create('/tokens', params, "access", - return_raw=return_raw, log=False) - if reset: - self.api.management_url = None + + args = ['/tokens', params, 'access'] + kwargs = {'return_raw': return_raw, 'log': False} + + # NOTE(jamielennox): try doing a regular admin query first. If there is + # no endpoint that can satisfy the request (eg an unscoped token) then + # issue it against the auth_url. + try: + token_ref = self._create(*args, **kwargs) + except exceptions.EndpointNotFound: + kwargs['endpoint_filter'] = {'interface': auth.AUTH_INTERFACE} + token_ref = self._create(*args, **kwargs) + return token_ref def delete(self, token): |