Support keystone v3 scoped token auth.

orivej · orivej · commit 5b259d72cdf0 · 2016-04-15T15:53:23.000Z
diff --git a/openstack/client_test.go b/openstack/client_test.go
@@ -9,7 +9,15 @@ import (
 	th "github.com/rackspace/gophercloud/testhelper"
 )
 
-func TestAuthenticatedClientV3(t *testing.T) {
+func TestPasswordAuthenticatedClientV3(t *testing.T) {
+	testAuthenticatedClientV3(t, false)
+}
+
+func TestTokenAuthenticatedClientV3(t *testing.T) {
+	testAuthenticatedClientV3(t, true)
+}
+
+func testAuthenticatedClientV3(t *testing.T, tokenAuth bool) {
 	th.SetupHTTP()
 	defer th.TeardownHTTP()
 
@@ -48,10 +56,14 @@ func TestAuthenticatedClientV3(t *testing.T) {
 	})
 
 	options := gophercloud.AuthOptions{
-		UserID:           "me",
-		Password:         "secret",
 		IdentityEndpoint: th.Endpoint(),
 	}
+	if tokenAuth {
+		options.TokenID = ID
+	} else {
+		options.UserID = "me"
+		options.Password = "secret"
+	}
 	client, err := AuthenticatedClient(options)
 	th.AssertNoErr(t, err)
 	th.CheckEquals(t, ID, client.TokenID)
diff --git a/openstack/identity/v3/tokens/requests.go b/openstack/identity/v3/tokens/requests.go
@@ -84,6 +84,9 @@ func Create(c *gophercloud.ServiceClient, options gophercloud.AuthOptions, scope
 	}
 
 	if options.Password == "" {
+		if options.TokenID != "" {
+			c.TokenID = options.TokenID
+		}
 		if c.TokenID != "" {
 			// Because we aren't using password authentication, it's an error to also provide any of the user-based authentication
 			// parameters.
@@ -93,12 +96,6 @@ func Create(c *gophercloud.ServiceClient, options gophercloud.AuthOptions, scope
 			if options.UserID != "" {
 				return createErr(ErrUserIDWithToken)
 			}
-			if options.DomainID != "" {
-				return createErr(ErrDomainIDWithToken)
-			}
-			if options.DomainName != "" {
-				return createErr(ErrDomainNameWithToken)
-			}
 
 			// Configure the request for Token authentication.
 			req.Auth.Identity.Methods = []string{"token"}
diff --git a/openstack/identity/v3/tokens/requests_test.go b/openstack/identity/v3/tokens/requests_test.go
@@ -296,12 +296,54 @@ func TestCreateFailureTokenIDUserID(t *testing.T) {
 	authTokenPostErr(t, gophercloud.AuthOptions{UserID: "something"}, nil, true, ErrUserIDWithToken)
 }
 
-func TestCreateFailureTokenIDDomainID(t *testing.T) {
-	authTokenPostErr(t, gophercloud.AuthOptions{DomainID: "something"}, nil, true, ErrDomainIDWithToken)
+func TestCreateTokenIDDomainID(t *testing.T) {
+	scope := &Scope{ProjectName: "world-domination", DomainID: "1000"}
+	authTokenPost(t, gophercloud.AuthOptions{DomainID: "something"}, scope, `
+		{
+			"auth": {
+				"identity": {
+					"methods": [
+						"token"
+					],
+					"token": {
+						"id": "12345abcdef"
+					}
+				},
+				"scope": {
+					"project": {
+						"domain": {
+							"id": "1000"
+						},
+						"name": "world-domination"
+					}
+				}
+			}
+		}`)
 }
 
-func TestCreateFailureTokenIDDomainName(t *testing.T) {
-	authTokenPostErr(t, gophercloud.AuthOptions{DomainName: "something"}, nil, true, ErrDomainNameWithToken)
+func TestCreateTokenIDDomainName(t *testing.T) {
+	scope := &Scope{ProjectName: "world-domination", DomainName: "evil-plans"}
+	authTokenPost(t, gophercloud.AuthOptions{DomainName: "something"}, scope, `
+		{
+			"auth": {
+				"identity": {
+					"methods": [
+						"token"
+					],
+					"token": {
+						"id": "12345abcdef"
+					}
+				},
+				"scope": {
+					"project": {
+						"domain": {
+							"name": "evil-plans"
+						},
+						"name": "world-domination"
+					}
+				}
+			}
+		}`)
 }
 
 func TestCreateFailureMissingUser(t *testing.T) {
