Merge "Fix client UnauthorizedError"

2015-11-22 21:07:53 +00:00 · 2015-11-22 21:07:53 +00:00 · cbcfb60a79
commit cbcfb60a79
parent f6aa855ddc 0bc9791787
8 changed files with 52 additions and 24 deletions
--- a/tests/unit/auth/test_keystone.py
+++ b/tests/unit/auth/test_keystone.py
@ -27,7 +27,7 @@ from zaqarclient.transport import request


 class _FakeKeystoneClient(object):
-    auth_token = 'test-token'
+    auth_token = 'fake-token'

    def __init__(self, *args, **kwargs):
        pass
@ -41,8 +41,7 @@ class TestKeystoneAuth(base.TestBase):
        if not ksclient:
            self.skipTest('Keystone client is not installed')

-        self.auth = auth.get_backend(backend='keystone',
-                                     options=self.conf)
+        self.auth = auth.get_backend(options=self.conf)

    def test_no_token(self):
        test_endpoint = 'http://example.org:8888'
@ -56,9 +55,10 @@ class TestKeystoneAuth(base.TestBase):
                req = self.auth.authenticate(1, request.Request())
                self.assertEqual(test_endpoint, req.endpoint)
                self.assertIn('X-Auth-Token', req.headers)
+                self.assertIn(req.headers['X-Auth-Token'], 'fake-token')

    def test_with_token(self):
-        self.config(os_auth_token='test-token')
+        self.auth.conf.update({"auth_token": "test-token"})
        req = request.Request(endpoint='http://example.org:8888')
        req = self.auth.authenticate(1, req)
        self.assertIn('X-Auth-Token', req.headers)
--- a/tests/unit/queues/v1/test_client.py
+++ b/tests/unit/queues/v1/test_client.py
@ -31,13 +31,13 @@ class TestClient(base.TestBase):
    @ddt.data(*VERSIONS)
    def test_transport(self, version):
        cli = client.Client('http://example.com',
-                            version, {})
+                            version, {"auth_opts": {'backend': 'noauth'}})
        self.assertIsNotNone(cli.transport())

    @ddt.data(*VERSIONS)
    def test_health_ok(self, version):
        cli = client.Client('http://example.com',
-                            version, {})
+                            version, {"auth_opts": {'backend': 'noauth'}})
        with mock.patch.object(core, 'health', autospec=True) as core_health:
            core_health.return_value = None
            self.assertTrue(cli.health())
@ -45,7 +45,7 @@ class TestClient(base.TestBase):
    @ddt.data(*VERSIONS)
    def test_health_bad(self, version):
        cli = client.Client('http://example.com',
-                            version, {})
+                            version, {"auth_opts": {'backend': 'noauth'}})

        def raise_error(*args, **kwargs):
            raise errors.ServiceUnavailableError()
--- a/tests/unit/queues/v2/test_client.py
+++ b/tests/unit/queues/v2/test_client.py
@ -31,13 +31,13 @@ class TestClient(base.TestBase):
    @ddt.data(*VERSIONS)
    def test_transport(self, version):
        cli = client.Client('http://example.com',
-                            version, {})
+                            version, {"auth_opts": {'backend': 'noauth'}})
        self.assertIsNotNone(cli.transport())

    @ddt.data(*VERSIONS)
    def test_health_ok(self, version):
        cli = client.Client('http://example.com',
-                            version, {})
+                            version, {"auth_opts": {'backend': 'noauth'}})
        with mock.patch.object(core, 'health', autospec=True) as core_health:
            core_health.return_value = None
            self.assertTrue(cli.health())
@ -45,7 +45,7 @@ class TestClient(base.TestBase):
    @ddt.data(*VERSIONS)
    def test_health_bad(self, version):
        cli = client.Client('http://example.com',
-                            version, {})
+                            version, {"auth_opts": {'backend': 'noauth'}})

        def raise_error(*args, **kwargs):
            raise errors.ServiceUnavailableError()
--- a/tests/unit/transport/test_request.py
+++ b/tests/unit/transport/test_request.py
@ -28,6 +28,7 @@ class TestRequest(base.TestBase):
                'os_project_id': 'my-project'
            }
        }
+        auth_opts.update({'backend': 'noauth'})
        req = request.prepare_request(auth_opts)
        self.assertEqual('my-project', req.headers['X-Project-Id'])

--- a/zaqarclient/auth/init.py
+++ b/zaqarclient/auth/init.py
@ -23,11 +23,11 @@ _BACKENDS = {
 }


-def get_backend(backend='noauth', options=None):
+def get_backend(backend='keystone', options=None):
    """Loads backend `auth_backend`

    :params backend: The backend name to load.
-        Default: `noauth`
+        Default: `keystone`
    :type backend: `six.string_types`
    :param options: Options to pass to the Auth
        backend. Refer to the backend for more info.
--- a/zaqarclient/auth/keystone.py
+++ b/zaqarclient/auth/keystone.py
@ -47,6 +47,9 @@ class KeystoneAuth(base.AuthBackend):
                * auth_url: endpoint to authenticate against
                * insecure: allow insecure SSL (no cert verification)
                * project_{name|id}: name or ID of project
+                * region_name: Name of a region
+                * cacert:CA certificate
+
        """
        return ksclient.Client(**kwargs)

@ -62,23 +65,25 @@ class KeystoneAuth(base.AuthBackend):
            the auth information.
        """

-        token = self.conf.get('os_auth_token')
+        token = self.conf.get('auth_token')
        if not token or not request.endpoint:
            # NOTE(flaper87): Lets assume all the
            # required information was provided
            # either through env variables or CLI
            # params. Let keystoneclient fail otherwise.
-            ks_kwargs = {
-                'username': self.conf.get('os_username'),
-                'password': self.conf.get('os_password'),
-                'tenant_id': self.conf.get('os_project_id'),
-                'tenant_name': self.conf.get('os_project_name'),
-                'auth_url': self.conf.get('os_auth_url'),
-                'insecure': self.conf.get('insecure'),
-            }
+
+            def get_options(k):
+                k = k if k in self.conf else "os_"+k
+                return self.conf.get(k, None)
+
+            ks_kwargs = {}
+            keys = ("username", "password", "project_id",
+                    "project_name", "auth_url", "insecure",
+                    "cacert", "region_name")
+            for k in keys:
+                ks_kwargs.update({k: get_options(k)})

            _ksclient = self._get_ksclient(**ks_kwargs)
-
            if not token:
                token = _ksclient.auth_token

--- a/zaqarclient/queues/cli.py
+++ b/zaqarclient/queues/cli.py
@ -38,9 +38,30 @@ def make_client(instance):
        API_VERSIONS)

    if not instance._url:
-        instance._url = instance.get_endpoint_for_service_type(API_NAME)
+        instance._url = instance.get_endpoint_for_service_type(
+            API_NAME,
+            region_name=instance._region_name,
+            interface=instance._interface
+        )

-    return queues_client(url=instance._url, version=version)
+    auth_params = instance._auth_params
+    auth_params.update({
+        "auth_token": instance.auth.get_token(instance.session),
+        "insecure": instance._insecure,
+        "cacert": instance._cacert,
+        "region_name": instance._region_name
+    })
+
+    conf = {
+        "auth_opts": {'options': auth_params}
+    }
+
+    LOG.debug('Instantiating queues service client: %s', queues_client)
+    return queues_client(
+        instance._url,
+        version,
+        conf
+    )


 def build_option_parser(parser):
--- a/zaqarclient/tests/base.py
+++ b/zaqarclient/tests/base.py
@ -33,6 +33,7 @@ class TestBase(testtools.TestCase):

        self.conf = {
            'auth_opts': {
+                'backend': 'noauth',
                'options': {
                    'os_project_id': 'my-project'
                }