libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From to...@apache.org
Subject git commit: Allow user to use perform authentication against Keystone API v3 without specifying a scope.
Date Fri, 15 Aug 2014 13:16:38 GMT
Repository: libcloud
Updated Branches:
  refs/heads/trunk 9b6110e35 -> 3f8fc51e9


Allow user to use perform authentication against Keystone API v3 without
specifying a scope.

Note: Depending on the OpenStack policies configuratiion, unscoped tokens
are usually of a limited use.


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/3f8fc51e
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/3f8fc51e
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/3f8fc51e

Branch: refs/heads/trunk
Commit: 3f8fc51e99a88e9d96895cfb68d92e2a97c152e3
Parents: 9b6110e
Author: Tomaz Muraus <tomaz@apache.org>
Authored: Fri Aug 15 15:05:47 2014 +0200
Committer: Tomaz Muraus <tomaz@apache.org>
Committed: Fri Aug 15 15:05:47 2014 +0200

----------------------------------------------------------------------
 libcloud/common/openstack_identity.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/3f8fc51e/libcloud/common/openstack_identity.py
----------------------------------------------------------------------
diff --git a/libcloud/common/openstack_identity.py b/libcloud/common/openstack_identity.py
index d13975e..a3492f1 100644
--- a/libcloud/common/openstack_identity.py
+++ b/libcloud/common/openstack_identity.py
@@ -89,6 +89,7 @@ class OpenStackIdentityTokenScope(object):
     """
     PROJECT = 'project'
     DOMAIN = 'domain'
+    UNSCOPED = 'unscoped'
 
 
 class OpenStackIdentityVersion(object):
@@ -889,7 +890,8 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection):
 
     VALID_TOKEN_SCOPES = [
         OpenStackIdentityTokenScope.PROJECT,
-        OpenStackIdentityTokenScope.DOMAIN
+        OpenStackIdentityTokenScope.DOMAIN,
+        OpenStackIdentityTokenScope.UNSCOPED
     ]
 
     def __init__(self, auth_url, user_id, key, tenant_name=None,
@@ -976,6 +978,8 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection):
                     'name': self.domain_name
                 }
             }
+        elif self.token_scope == OpenStackIdentityTokenScope.UNSCOPED:
+            pass
         else:
             raise ValueError('Token needs to be scoped either to project or '
                              'a domain')
@@ -1008,7 +1012,8 @@ class OpenStackIdentity_3_0_Connection(OpenStackIdentityConnection):
 
                 self.auth_token = headers['x-subject-token']
                 self.auth_token_expires = parse_date(expires)
-                self.urls = body['token']['catalog']
+                # Note: catalog is not returned for unscoped tokens
+                self.urls = body['token'].get('catalog', None)
                 self.auth_user_info = None
                 self.auth_user_roles = roles
             except KeyError:


Mime
View raw message