1 files changed, 35 insertions, 24 deletions

diff --git a/keystoneclient/v2_0/client.py b/keystoneclient/v2_0/client.py
index 9f7553f..504945a 100644
--- a/keystoneclient/v2_0/client.py
+++ b/keystoneclient/v2_0/client.py
@@ -48,16 +48,21 @@ class Client(client.HTTPClient):
     :param string original_ip: The original IP of the requesting user
                                which will be sent to Keystone in a
                                'Forwarded' header. (optional)
-    :param string cert: If provided, used as a local certificate to communicate
-                        with the keystone endpoint. If provided, requires the
-                        additional parameter key. (optional)
-    :param string key: The key associated with the certificate for secure
-                       keystone communication. (optional)
-    :param string cacert: the ca-certs to verify the secure communications
-                          with keystone. (optional)
-    :param boolean insecure: If using an SSL endpoint, allows for the certicate
-                             to be unsigned - does not verify the certificate
-                             chain. default: False (optional)
+    :param string cert: Path to the Privacy Enhanced Mail (PEM) file which
+                        contains the corresponding X.509 client certificate
+                        needed to established two-way SSL connection with
+                        the identity service. (optional)
+    :param string key: Path to the Privacy Enhanced Mail (PEM) file which
+                       contains the unencrypted client private key needed
+                       to established two-way SSL connection with the
+                      identity service. (optional)
+    :param string cacert: Path to the Privacy Enhanced Mail (PEM) file which
+                          contains the trusted authority X.509 certificates
+                          needed to established SSL connection with the
+                          identity service. (optional)
+    :param boolean insecure: Does not perform X.509 certificate validation
+                             when establishing SSL connection with identity
+                             service. default: False (optional)
     :param dict auth_ref: To allow for consumers of the client to manage their
                           own caching strategy, you may initialize a client
                           with a previously captured auth_reference (token)
@@ -119,6 +124,7 @@ class Client(client.HTTPClient):
     def __init__(self, **kwargs):
         """ Initialize a new client for the Keystone v2.0 API. """
         super(Client, self).__init__(**kwargs)
+        self.version = 'v2.0'
         self.endpoints = endpoints.EndpointManager(self)
         self.roles = roles.RoleManager(self)
         self.services = services.ServiceManager(self)
@@ -140,28 +146,33 @@ class Client(client.HTTPClient):
         # if we got a response without a service catalog, set the local
         # list of tenants for introspection, and leave to client user
         # to determine what to do. Otherwise, load up the service catalog
-        if self.auth_ref.scoped:
+        if self.auth_ref.project_scoped:
             if not self.auth_ref.tenant_id:
                 raise exceptions.AuthorizationFailure(
                     "Token didn't provide tenant_id")
-            if not self.auth_ref.user_id:
-                raise exceptions.AuthorizationFailure(
-                    "Token didn't provide user_id")
             if self.management_url is None and self.auth_ref.management_url:
                 self.management_url = self.auth_ref.management_url[0]
-            self.tenant_name = self.auth_ref.tenant_name
-            self.tenant_id = self.auth_ref.tenant_id
-            self.user_id = self.auth_ref.user_id
+            self.project_name = self.auth_ref.tenant_name
+            self.project_id = self.auth_ref.tenant_id
 
-        self.auth_user_id = self.auth_ref.user_id
+        if not self.auth_ref.user_id:
+            raise exceptions.AuthorizationFailure(
+                "Token didn't provide user_id")
+
+        self.user_id = self.auth_ref.user_id
+
+        self.auth_domain_id = self.auth_ref.domain_id
         self.auth_tenant_id = self.auth_ref.tenant_id
+        self.auth_user_id = self.auth_ref.user_id
 
     def get_raw_token_from_identity_service(self, auth_url, username=None,
                                             password=None, tenant_name=None,
-                                            tenant_id=None, token=None):
-        """ Authenticate against the Keystone API.
+                                            tenant_id=None, token=None,
+                                            project_name=None, project_id=None,
+                                            **kwargs):
+        """ Authenticate against the v2 Identity API.
 
-        :returns: ``raw token`` if authentication was successful.
+        :returns: (``resp``, ``body``) if authentication was successful.
         :raises: AuthorizationFailure if unable to authenticate or validate
                  the existing authorization token
         :raises: ValueError if insufficient parameters are used.
@@ -170,8 +181,8 @@ class Client(client.HTTPClient):
         try:
             return self._base_authN(auth_url,
                                     username=username,
-                                    tenant_id=tenant_id,
-                                    tenant_name=tenant_name,
+                                    tenant_id=project_id or tenant_id,
+                                    tenant_name=project_name or tenant_name,
                                     password=password,
                                     token=token)
         except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
@@ -202,4 +213,4 @@ class Client(client.HTTPClient):
         elif tenant_name:
             params['auth']['tenantName'] = tenant_name
         resp, body = self.request(url, 'POST', body=params, headers=headers)
-        return body['access']
+        return resp, body