From fe0c8e955be0331aef9cc6847c9bddc43ce66d92 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Wed, 15 Jun 2016 16:26:35 +0000 Subject: Do not prompt for scope options with default scoped tokens This changes the scope validation to occur after a token has already been created. Previous flow: 1. Validate authentication options. 2. Validate authorization options if the command requires a scope. 3. Create a token (using authentication + authorization options) 4. Run command. This means that scope was being checked, even if a default scope was applied in step 3 by Keystone. New flow: 1. Validate authentication options. 2. Create token (using authentication + authorization options) 3 Validate authorization options if the command requires a scope and the token is not scoped. 4. Run command. Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981 Closes-Bug: 1592062 --- openstackclient/shell.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'openstackclient/shell.py') diff --git a/openstackclient/shell.py b/openstackclient/shell.py index 12a63af2..49a06040 100644 --- a/openstackclient/shell.py +++ b/openstackclient/shell.py @@ -443,12 +443,12 @@ class OpenStackShell(app.App): cmd.__class__.__name__, ) if cmd.auth_required: - if hasattr(cmd, 'required_scope'): + self.client_manager.setup_auth() + if hasattr(cmd, 'required_scope') and cmd.required_scope: # let the command decide whether we need a scoped token - self.client_manager.setup_auth(cmd.required_scope) + self.client_manager.validate_scope() # Trigger the Identity client to initialize self.client_manager.auth_ref - return def clean_up(self, cmd, result, err): self.log.debug('clean_up %s: %s', cmd.__class__.__name__, err or '') -- cgit v1.2.1