Allow v2 client authentication with trust_id

It should be possible to authenticate against the v2 tokens API with a trust_id, because it suports rescoping an existing token to a trust, this patch adds client support for this. Note with the current keystone code it's necessary to pass the trustor tenant ID when rescoping with a trust where impersonation==True, e.g: c = client_v2.Client(username=TRUSTEE_USERNAME, password=TRUSTEE_USERNAME, tenant_name=TRUSTEE_TENANT_NAME, auth_url=OS_AUTH_URL_V2) c.authenticate(trust_id=trust_i.id, tenant_id=TRUSTOR_TENANT_ID) Change-Id: I177c41af298b7437e2c6fb437aa9ce9a09773b9d Closes-Bug: #1231483
author: Steven Hardy <shardy@redhat.com> 2013-09-26 15:33:00 +0100
committer: Steven Hardy <shardy@redhat.com> 2013-09-26 15:33:00 +0100
commit: 5b7a460bc3eb108e1d9df79fb5d3f97d3b06bf4b (patch)
tree: d7c19b82abbf491d10e440bdc00b8d0fcb83a02f /keystoneclient/v2_0/client.py
parent: 5588abdf8a8242fbce6a8f41e0a59c1ad0f6f925 (diff)
download: python-keystoneclient-5b7a460bc3eb108e1d9df79fb5d3f97d3b06bf4b.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/keystoneclient/v2_0/client.py b/keystoneclient/v2_0/client.py
index 22c6199..217c098 100644
--- a/keystoneclient/v2_0/client.py
+++ b/keystoneclient/v2_0/client.py
@@ -142,6 +142,7 @@ class Client(httpclient.HTTPClient):
                                             password=None, tenant_name=None,
                                             tenant_id=None, token=None,
                                             project_name=None, project_id=None,
+                                            trust_id=None,
                                             **kwargs):
         """Authenticate against the v2 Identity API.
 
@@ -157,6 +158,7 @@ class Client(httpclient.HTTPClient):
                                     tenant_id=project_id or tenant_id,
                                     tenant_name=project_name or tenant_name,
                                     password=password,
+                                    trust_id=trust_id,
                                     token=token)
         except (exceptions.AuthorizationFailure, exceptions.Unauthorized):
             _logger.debug("Authorization Failed.")
@@ -166,11 +168,13 @@ class Client(httpclient.HTTPClient):
                                                   "%s" % e)
 
     def _base_authN(self, auth_url, username=None, password=None,
-                    tenant_name=None, tenant_id=None, token=None):
+                    tenant_name=None, tenant_id=None, trust_id=None,
+                    token=None):
         """Takes a username, password, and optionally a tenant_id or
         tenant_name to get an authentication token from keystone.
         May also take a token and a tenant_id to re-scope a token
-        to a tenant.
+        to a tenant, or a token, tenant_id and trust_id and re-scope
+        the token to the trust
         """
         headers = {}
         if auth_url is None:
@@ -188,5 +192,7 @@ class Client(httpclient.HTTPClient):
             params['auth']['tenantId'] = tenant_id
         elif tenant_name:
             params['auth']['tenantName'] = tenant_name
+        if trust_id:
+            params['auth']['trust_id'] = trust_id
         resp, body = self.request(url, 'POST', body=params, headers=headers)
         return resp, body
author	Steven Hardy <shardy@redhat.com>	2013-09-26 15:33:00 +0100
committer	Steven Hardy <shardy@redhat.com>	2013-09-26 15:33:00 +0100
commit	5b7a460bc3eb108e1d9df79fb5d3f97d3b06bf4b (patch)
tree	d7c19b82abbf491d10e440bdc00b8d0fcb83a02f /keystoneclient/v2_0/client.py
parent	5588abdf8a8242fbce6a8f41e0a59c1ad0f6f925 (diff)
download	python-keystoneclient-5b7a460bc3eb108e1d9df79fb5d3f97d3b06bf4b.tar.gz