diff options
| author | Jamie Lennox <jamielennox@redhat.com> | 2014-07-17 16:07:04 +1000 |
|---|---|---|
| committer | Jamie Lennox <jamielennox@redhat.com> | 2014-08-21 09:26:24 +1000 |
| commit | 9cc2f7c73e92ae6c6b4fbf19272bb2f9209f45e7 (patch) | |
| tree | 07301de2c2620732dda6c513ef41580f399d9e34 /keystoneclient/auth | |
| parent | 4cc17635580e189d5d90300ecf5af1536cb666be (diff) | |
| download | python-keystoneclient-9cc2f7c73e92ae6c6b4fbf19272bb2f9209f45e7.tar.gz | |
Allow unauthenticated discovery
The default state for session requests is that if there is an auth
plugin available then it should include a token in any requests. This is
a problem for cases where it is the authentication plugin itself trying
to do discovery (like in the case of version independent plugins)
because you end up in an infinite loop.
Allow controlling the authenticated parameter on discovery requests.
Closes-Bug: #1359457
Change-Id: Ib5ab0a3a30fe79139b7b5dcaae698438281b6d36
Diffstat (limited to 'keystoneclient/auth')
| -rw-r--r-- | keystoneclient/auth/identity/base.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/keystoneclient/auth/identity/base.py b/keystoneclient/auth/identity/base.py index 6ee7774..4b02f94 100644 --- a/keystoneclient/auth/identity/base.py +++ b/keystoneclient/auth/identity/base.py @@ -19,6 +19,7 @@ import six from keystoneclient import _discover from keystoneclient.auth import base from keystoneclient import exceptions +from keystoneclient import utils LOG = logging.getLogger(__name__) @@ -192,7 +193,7 @@ class BaseIdentityPlugin(base.BaseAuthPlugin): return url try: - disc = self.get_discovery(session, url) + disc = self.get_discovery(session, url, authenticated=False) except (exceptions.DiscoveryFailure, exceptions.HTTPError, exceptions.ConnectionError): @@ -206,7 +207,8 @@ class BaseIdentityPlugin(base.BaseAuthPlugin): return url - def get_discovery(self, session, url): + @utils.positional() + def get_discovery(self, session, url, authenticated=None): """Return the discovery object for a URL. Check the session and the plugin cache to see if we have already @@ -218,6 +220,9 @@ class BaseIdentityPlugin(base.BaseAuthPlugin): :param Session session: A session object to discover with. :param str url: The url to lookup. + :param bool authenticated: Include a token in the discovery call. + (optional) Defaults to None (use a token + if a plugin is installed). :raises: DiscoveryFailure if for some reason the lookup fails. :raises: HttpError An error from an invalid HTTP response. @@ -241,7 +246,8 @@ class BaseIdentityPlugin(base.BaseAuthPlugin): if disc: break else: - disc = _discover.Discover(session, url) + disc = _discover.Discover(session, url, + authenticated=authenticated) self._endpoint_cache[url] = disc session_endpoint_cache[url] = disc |