Moving authentication from keystoneclient to keystoneauth

Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.

All dependant test have been updated.

Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects.  The user_role_list tests failed when they
picked up an auth_ref that was a fixture.  This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.

Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369

1 files changed, 15 insertions, 4 deletions

diff --git a/openstackclient/identity/v2_0/token.py b/openstackclient/identity/v2_0/token.py
index f435d7ce..d708749d 100644
--- a/openstackclient/identity/v2_0/token.py
+++ b/openstackclient/identity/v2_0/token.py
@@ -18,6 +18,7 @@
 import six
 
 from openstackclient.common import command
+from openstackclient.common import exceptions
 from openstackclient.i18n import _
 
 
@@ -32,11 +33,21 @@ class IssueToken(command.ShowOne):
         return parser
 
     def take_action(self, parsed_args):
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
+            raise exceptions.AuthorizationFailure(
+                "Only an authorized user may issue a new token.")
 
-        token = self.app.client_manager.auth_ref.service_catalog.get_token()
-        if 'tenant_id' in token:
-            token['project_id'] = token.pop('tenant_id')
-        return zip(*sorted(six.iteritems(token)))
+        data = {}
+        if auth_ref.auth_token:
+            data['id'] = auth_ref.auth_token
+        if auth_ref.expires:
+            data['expires'] = auth_ref.expires
+        if auth_ref.project_id:
+            data['project_id'] = auth_ref.project_id
+        if auth_ref.user_id:
+            data['user_id'] = auth_ref.user_id
+        return zip(*sorted(six.iteritems(data)))
 
 
 class RevokeToken(command.Command):