Merge remote-tracking branch 'origin/master' into merge-branchfeature/keystoneauth_integration

Conflicts:
	keystoneclient/exceptions.py
	keystoneclient/fixture/discovery.py
	keystoneclient/fixture/v2.py
	keystoneclient/fixture/v3.py
	keystoneclient/middleware/auth_token.py
	keystoneclient/middleware/s3_token.py
	keystoneclient/tests/unit/test_auth_token_middleware.py
	keystoneclient/tests/unit/test_memcache_crypt.py
	keystoneclient/tests/unit/test_s3_token_middleware.py
	requirements.txt
	test-requirements.txt

Change-Id: Ib51acebaac7966bf37c1562fa15b9061df6a7aa5

7 files changed, 117 insertions, 20 deletions

diff --git a/keystoneclient/v3/auth.py b/keystoneclient/v3/auth.py
new file mode 100644
index 0000000..8f26d3a
--- /dev/null
+++ b/keystoneclient/v3/auth.py
@@ -0,0 +1,81 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient import auth
+from keystoneclient import base
+from keystoneclient import exceptions
+
+
+class Project(base.Resource):
+    """Represents an Identity project.
+
+    Attributes:
+        * id: a uuid that identifies the project
+        * name: project name
+        * description: project description
+        * enabled: boolean to indicate if project is enabled
+        * parent_id: a uuid representing this project's parent in hierarchy
+        * parents: a list or a structured dict containing the parents of this
+                   project in the hierarchy
+        * subtree: a list or a structured dict containing the subtree of this
+                   project in the hierarchy
+
+    """
+
+
+class Domain(base.Resource):
+    """Represents an Identity domain.
+
+    Attributes:
+        * id: a uuid that identifies the domain
+
+    """
+    pass
+
+
+class AuthManager(base.Manager):
+    """Retrieve auth context specific information.
+
+    The information returned by the /auth routes are entirely dependant on the
+    authentication information provided by the user.
+    """
+
+    _PROJECTS_URL = '/auth/projects'
+    _DOMAINS_URL = '/auth/domains'
+
+    def projects(self):
+        """List projects that this token can be rescoped to.
+        """
+        try:
+            return self._list(self._PROJECTS_URL,
+                              'projects',
+                              obj_class=Project)
+        except exceptions.EndpointNotFound:
+            endpoint_filter = {'interface': auth.AUTH_INTERFACE}
+            return self._list(self._PROJECTS_URL,
+                              'projects',
+                              obj_class=Project,
+                              endpoint_filter=endpoint_filter)
+
+    def domains(self):
+        """List Domains that this token can be rescoped to.
+        """
+        try:
+            return self._list(self._DOMAINS_URL,
+                              'domains',
+                              obj_class=Domain)
+        except exceptions.EndpointNotFound:
+            endpoint_filter = {'interface': auth.AUTH_INTERFACE}
+            return self._list(self._DOMAINS_URL,
+                              'domains',
+                              obj_class=Domain,
+                              endpoint_filter=endpoint_filter)
diff --git a/keystoneclient/v3/client.py b/keystoneclient/v3/client.py
index 34bdfad..3d37e3c 100644
--- a/keystoneclient/v3/client.py
+++ b/keystoneclient/v3/client.py
@@ -21,6 +21,7 @@ from keystoneclient.auth.identity import v3 as v3_auth
 from keystoneclient import exceptions
 from keystoneclient import httpclient
 from keystoneclient.i18n import _
+from keystoneclient.v3 import auth
 from keystoneclient.v3.contrib import endpoint_filter
 from keystoneclient.v3.contrib import endpoint_policy
 from keystoneclient.v3.contrib import federation
@@ -65,11 +66,13 @@ class Client(httpclient.HTTPClient):
     :param string project_domain_name: Project's domain name for project
                                        scoping. (optional)
     :param string tenant_name: Tenant name. (optional)
-                               The tenant_name keyword argument is deprecated,
-                               use project_name instead.
+                               The tenant_name keyword argument is deprecated
+                               as of the 1.7.0 release in favor of project_name
+                               and may be removed in the 2.0.0 release.
     :param string tenant_id: Tenant id. (optional)
-                             The tenant_id keyword argument is deprecated,
-                             use project_id instead.
+                             The tenant_id keyword argument is deprecated as of
+                             the 1.7.0 release in favor of project_id and may
+                             be removed in the 2.0.0 release.
     :param string auth_url: Identity service endpoint for authorization.
     :param string region_name: Name of a region to select when choosing an
                                endpoint from the service catalog.
@@ -179,6 +182,7 @@ EndpointPolicyManager`
         """Initialize a new client for the Keystone v3 API."""
         super(Client, self).__init__(**kwargs)
 
+        self.auth = auth.AuthManager(self._adapter)
         self.credentials = credentials.CredentialManager(self._adapter)
         self.ec2 = ec2.EC2Manager(self._adapter)
         self.endpoint_filter = endpoint_filter.EndpointFilterManager(
diff --git a/keystoneclient/v3/contrib/oauth1/access_tokens.py b/keystoneclient/v3/contrib/oauth1/access_tokens.py
index 12b0c6b..d45bf3f 100644
--- a/keystoneclient/v3/contrib/oauth1/access_tokens.py
+++ b/keystoneclient/v3/contrib/oauth1/access_tokens.py
@@ -40,7 +40,8 @@ class AccessTokenManager(base.CrudManager):
                                      resource_owner_secret=request_secret,
                                      signature_method=oauth1.SIGNATURE_HMAC,
                                      verifier=verifier)
-        url = self.api.get_endpoint(interface=auth.AUTH_INTERFACE).rstrip('/')
+        url = self.client.get_endpoint(interface=auth.AUTH_INTERFACE).rstrip(
+            '/')
         url, headers, body = oauth_client.sign(url + endpoint,
                                                http_method='POST')
         resp, body = self.client.post(endpoint, headers=headers)
diff --git a/keystoneclient/v3/contrib/oauth1/request_tokens.py b/keystoneclient/v3/contrib/oauth1/request_tokens.py
index 33ecc3a..27f79c1 100644
--- a/keystoneclient/v3/contrib/oauth1/request_tokens.py
+++ b/keystoneclient/v3/contrib/oauth1/request_tokens.py
@@ -63,7 +63,8 @@ class RequestTokenManager(base.CrudManager):
                                      client_secret=consumer_secret,
                                      signature_method=oauth1.SIGNATURE_HMAC,
                                      callback_uri="oob")
-        url = self.api.get_endpoint(interface=auth.AUTH_INTERFACE).rstrip("/")
+        url = self.client.get_endpoint(interface=auth.AUTH_INTERFACE).rstrip(
+            "/")
         url, headers, body = oauth_client.sign(url + endpoint,
                                                http_method='POST',
                                                headers=headers)
diff --git a/keystoneclient/v3/contrib/trusts.py b/keystoneclient/v3/contrib/trusts.py
index 5fe88f8..1b3033c 100644
--- a/keystoneclient/v3/contrib/trusts.py
+++ b/keystoneclient/v3/contrib/trusts.py
@@ -10,11 +10,10 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from oslo_utils import timeutils
-
 from keystoneclient import base
 from keystoneclient import exceptions
 from keystoneclient.i18n import _
+from keystoneclient import utils
 
 
 class Trust(base.Resource):
@@ -61,7 +60,7 @@ class TrustManager(base.CrudManager):
 
         # Convert datetime.datetime expires_at to iso format string
         if expires_at:
-            expires_str = timeutils.isotime(at=expires_at, subsecond=True)
+            expires_str = utils.isotime(at=expires_at, subsecond=True)
         else:
             expires_str = None
 
diff --git a/keystoneclient/v3/tokens.py b/keystoneclient/v3/tokens.py
index 77edbc0..38f4e9f 100644
--- a/keystoneclient/v3/tokens.py
+++ b/keystoneclient/v3/tokens.py
@@ -52,6 +52,25 @@ class TokenManager(object):
         return body
 
     @utils.positional.method(1)
+    def get_token_data(self, token, include_catalog=True):
+        """Fetch the data about a token from the identity server.
+
+        :param str token: The token id.
+        :param bool include_catalog: If False, the response is requested to not
+                                     include the catalog.
+
+        :rtype: dict
+        """
+        headers = {'X-Subject-Token': token}
+
+        url = '/auth/tokens'
+        if not include_catalog:
+            url += '?nocatalog'
+
+        resp, body = self._client.get(url, headers=headers)
+        return body
+
+    @utils.positional.method(1)
     def validate(self, token, include_catalog=True):
         """Validate a token.
 
@@ -66,13 +85,5 @@ class TokenManager(object):
         """
 
         token_id = _calc_id(token)
-        headers = {'X-Subject-Token': token_id}
-
-        url = '/auth/tokens'
-        if not include_catalog:
-            url += '?nocatalog'
-
-        resp, body = self._client.get(url, headers=headers)
-
-        access_info = access.AccessInfo.factory(resp=resp, body=body)
-        return access_info
+        body = self.get_token_data(token_id, include_catalog=include_catalog)
+        return access.AccessInfo.factory(auth_token=token_id, body=body)
diff --git a/keystoneclient/v3/users.py b/keystoneclient/v3/users.py
index 2e20ede..35c42cc 100644
--- a/keystoneclient/v3/users.py
+++ b/keystoneclient/v3/users.py
@@ -156,7 +156,7 @@ class UserManager(base.CrudManager):
         params = {'user': {'password': new_password,
                            'original_password': old_password}}
 
-        base_url = '/users/%s/password' % self.api.user_id
+        base_url = '/users/%s/password' % self.client.user_id
 
         return self._update(base_url, params, method='POST', log=False,
                             endpoint_filter={'interface': 'public'})