Merge "Application credential support follow-up"

3 files changed, 24 insertions, 17 deletions

diff --git a/swiftclient/client.py b/swiftclient/client.py
index 67440dd..0aba629 100644
--- a/swiftclient/client.py
+++ b/swiftclient/client.py
@@ -62,7 +62,7 @@ except ImportError:
         def createLock(self):
             self.lock = None
 
-ksexceptions = ksclient_v2 = ksclient_v3 = None
+ksexceptions = ksclient_v2 = ksclient_v3 = ksa_v3 = None
 try:
     from keystoneclient import exceptions as ksexceptions
     # prevent keystoneclient warning us that it has no log handlers
@@ -72,8 +72,8 @@ except ImportError:
     pass
 try:
     from keystoneclient.v3 import client as ksclient_v3
-    from keystoneauth1.identity import v3
-    from keystoneauth1 import session
+    from keystoneauth1.identity import v3 as ksa_v3
+    from keystoneauth1 import session as ksa_session
     from keystoneauth1 import exceptions as ksauthexceptions
 except ImportError:
     pass
@@ -627,22 +627,27 @@ variables to be set or overridden with -A, -U, or -K.''')
         filter_kwargs['attr'] = 'region'
         filter_kwargs['filter_value'] = os_options['region_name']
 
-    if os_options.get('auth_type') == 'v3applicationcredential':
-        try:
-            v3
-        except NameError:
+    if os_options.get('auth_type') and os_options['auth_type'] not in (
+            'password', 'v2password', 'v3password',
+            'v3applicationcredential'):
+        raise ClientException(
+            'Swiftclient currently only supports v3applicationcredential '
+            'for auth_type')
+    elif os_options.get('auth_type') == 'v3applicationcredential':
+        if ksa_v3 is None:
             raise ClientException('Auth v3applicationcredential requires '
-                                  'python-keystoneclient>=2.0.0')
+                                  'keystoneauth1 package; consider upgrading '
+                                  'to python-keystoneclient>=2.0.0')
 
         try:
-            auth = v3.ApplicationCredential(
+            auth = ksa_v3.ApplicationCredential(
                 auth_url=auth_url,
                 application_credential_secret=os_options.get(
                     'application_credential_secret'),
                 application_credential_id=os_options.get(
                     'application_credential_id'))
-            sses = session.Session(auth=auth)
-            token = sses.get_token()
+            sess = ksa_session.Session(auth=auth)
+            token = sess.get_token()
         except ksauthexceptions.Unauthorized:
             msg = 'Unauthorized. Check application credential id and secret.'
             raise ClientException(msg)
@@ -650,7 +655,7 @@ variables to be set or overridden with -A, -U, or -K.''')
             raise ClientException('Authorization Failure. %s' % err)
 
         try:
-            endpoint = sses.get_endpoint_data(service_type=service_type,
+            endpoint = sess.get_endpoint_data(service_type=service_type,
                                               endpoint_type=endpoint_type,
                                               **filter_kwargs)
 
diff --git a/swiftclient/shell.py b/swiftclient/shell.py
index 0fef755..b129d63 100755
--- a/swiftclient/shell.py
+++ b/swiftclient/shell.py
@@ -1651,7 +1651,12 @@ def parse_args(parser, args, enforce_requires=True):
         return options, args
 
     if enforce_requires:
-        if options['os_auth_type'] == 'v3applicationcredential':
+        if options['os_auth_type'] and options['os_auth_type'] not in (
+                'password', 'v1password', 'v2password', 'v3password',
+                'v3applicationcredential'):
+            exit('Only "v3applicationcredential" is supported for '
+                 '--os-auth-type')
+        elif options['os_auth_type'] == 'v3applicationcredential':
             if not (options['os_application_credential_id'] and
                     options['os_application_credential_secret']):
                 exit('Auth version 3 (application credential) requires '
@@ -1659,9 +1664,6 @@ def parse_args(parser, args, enforce_requires=True):
                      'OS_APPLICATION_CREDENTIAL_SECRET to be set or '
                      'overridden with --os-application-credential-id and '
                      '--os-application-credential-secret respectively.')
-        elif options['os_auth_type']:
-            exit('Only "v3applicationcredential" is supported for '
-                 '--os-auth-type')
         elif options['auth_version'] == '3':
             if not options['auth']:
                 exit('Auth version 3 requires OS_AUTH_URL to be set or '
diff --git a/test/unit/test_shell.py b/test/unit/test_shell.py
index 3c08218..f94e5e2 100644
--- a/test/unit/test_shell.py
+++ b/test/unit/test_shell.py
@@ -2721,7 +2721,7 @@ class TestParsing(TestBase):
                       str(cm.exception))
 
         os_opts = {
-            "auth_type": "v3password",
+            "auth_type": "v3oidcpassword",
             "application_credential_id": "proejct_id",
             "application_credential_secret": "secret",
             "auth_url": "http://example.com:5000/v3"}