diff options
| author | Dean Troyer <dtroyer@gmail.com> | 2014-10-09 15:16:07 -0500 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2014-10-12 16:48:43 -0500 |
| commit | c3c6edbe8a083aef0fb6aea3cb461ff8e715fc59 (patch) | |
| tree | 250d81e1b649d39bbabb2d84cae3ba1c27f575a0 /openstackclient/common | |
| parent | 0c77a9fe8baa4df9ea2d0055db9c700af3cae310 (diff) | |
| download | python-openstackclient-c3c6edbe8a083aef0fb6aea3cb461ff8e715fc59.tar.gz | |
Add plugin to support token-endpoint auth
The ksc auth plugins do not have support for the original
token-endpoint (aka token flow) auth where the user supplies
a token (possibly the Keystone admin_token) and an API endpoint.
This is used for bootstrapping Keystone but also has other uses
when a scoped user token is provided.
The api.auth:TokenEndpoint class is required to provide the
same interface methods so all of the special-case code branches
to support token-endpoint can be removed.
Some additional cleanups related to ClientManager and creating
the Compute client also were done to streamline using sessions.
Change-Id: I1a6059afa845a591eff92567ca346c09010a93af
Diffstat (limited to 'openstackclient/common')
| -rw-r--r-- | openstackclient/common/clientmanager.py | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/openstackclient/common/clientmanager.py b/openstackclient/common/clientmanager.py index 0542b473..bcb81990 100644 --- a/openstackclient/common/clientmanager.py +++ b/openstackclient/common/clientmanager.py @@ -54,9 +54,10 @@ class ClientManager(object): return self._auth_params[name[1:]] def __init__(self, auth_options, api_version=None, verify=True): - + # If no plugin is named by the user, select one based on + # the supplied options if not auth_options.os_auth_plugin: - auth._guess_authentication_method(auth_options) + auth_options.os_auth_plugin = auth.select_auth_plugin(auth_options) self._auth_plugin = auth_options.os_auth_plugin self._url = auth_options.os_url @@ -66,7 +67,7 @@ class ClientManager(object): self._service_catalog = None self.timing = auth_options.timing - # For compatability until all clients can be updated + # For compatibility until all clients can be updated if 'project_name' in self._auth_params: self._project_name = self._auth_params['project_name'] elif 'tenant_name' in self._auth_params: @@ -86,27 +87,25 @@ class ClientManager(object): root_logger = logging.getLogger('') LOG.setLevel(root_logger.getEffectiveLevel()) - self.session = None - if not self._url: - LOG.debug('Using auth plugin: %s' % self._auth_plugin) - auth_plugin = base.get_plugin_class(self._auth_plugin) - self.auth = auth_plugin.load_from_options(**self._auth_params) - # needed by SAML authentication - request_session = requests.session() - self.session = session.Session( - auth=self.auth, - session=request_session, - verify=verify, - ) + LOG.debug('Using auth plugin: %s' % self._auth_plugin) + auth_plugin = base.get_plugin_class(self._auth_plugin) + self.auth = auth_plugin.load_from_options(**self._auth_params) + # needed by SAML authentication + request_session = requests.session() + self.session = session.Session( + auth=self.auth, + session=request_session, + verify=verify, + ) self.auth_ref = None - if not self._auth_plugin.endswith("token") and not self._url: - LOG.debug("Populate other password flow attributes") - self.auth_ref = self.session.auth.get_auth_ref(self.session) - self._token = self.session.auth.get_token(self.session) + if 'token' not in self._auth_params: + LOG.debug("Get service catalog") + self.auth_ref = self.auth.get_auth_ref(self.session) self._service_catalog = self.auth_ref.service_catalog - else: - self._token = self._auth_params.get('token') + + # This begone when clients no longer need it... + self._token = self.auth.get_token(self.session) return |