Get Service Catalog from token

fixed up .conf back to normal

- Changed `pymox` to `mox` in pip-requires

Change-Id: Ied52b5c561a6f07d499044dabe9dcb455bf1e7eb

5 files changed, 100 insertions, 0 deletions

diff --git a/keystone/controllers/auth.py b/keystone/controllers/auth.py
index b8d3a8bb..fb8efbda 100644
--- a/keystone/controllers/auth.py
+++ b/keystone/controllers/auth.py
@@ -45,3 +45,10 @@ class AuthController(wsgi.Controller):
     def delete_token(self, req, token_id):
         return utils.send_result(204, req,
             config.SERVICE.revoke_token(utils.get_auth_token(req), token_id))
+
+    @utils.wrap_error
+    def endpoints(self, req, token_id):
+        x = utils.send_result(200, req,
+            config.SERVICE.get_endpoints_for_token(utils.get_auth_token(req),
+                                                   token_id))
+        return x
diff --git a/keystone/logic/service.py b/keystone/logic/service.py
index 0fc60846..0ac54311 100755
--- a/keystone/logic/service.py
+++ b/keystone/logic/service.py
@@ -143,6 +143,21 @@ class IdentityService(object):
 
         api.TOKEN.delete(token_id)
 
+    def get_endpoints_for_token(self, admin_token, token_id):
+        self.__validate_admin_token(admin_token)
+
+        dtoken = api.TOKEN.get(token_id)
+        if not dtoken:
+            raise fault.ItemNotFoundFault("Token not found")
+
+        endpoints = api.TENANT.get_all_endpoints(dtoken.tenant_id)
+
+        # For now it's easier to resend the token data as well.
+        # Who knows, might be useful and the client can reuse their
+        # auth parsing code.
+        token = auth.Token(dtoken.expires, dtoken.id, dtoken.tenant_id)
+        return auth.AuthData(token, endpoints)
+
     #
     #   Tenant Operations
     #
diff --git a/keystone/routers/admin.py b/keystone/routers/admin.py
index d63304f9..23075217 100755
--- a/keystone/routers/admin.py
+++ b/keystone/routers/admin.py
@@ -52,6 +52,10 @@ class AdminApi(wsgi.Router):
         mapper.connect("/tokens/{token_id}", controller=auth_controller,
                         action="delete_token",
                         conditions=dict(method=["DELETE"]))
+        mapper.connect("/tokens/{token_id}/endpoints",
+                        controller=auth_controller,
+                        action="endpoints",
+                        conditions=dict(method=["GET"]))
 
         # Tenant Operations
         tenant_controller = TenantController(options)
diff --git a/keystone/test/functional/test_token.py b/keystone/test/functional/test_token.py
index a96bd111..dd8365be 100755
--- a/keystone/test/functional/test_token.py
+++ b/keystone/test/functional/test_token.py
@@ -114,5 +114,78 @@ class CheckToken(common.FunctionalTestCase):
         self.check_token(common.unique_str(), assert_status=401)
 
 
+class TokenEndpointTest(unittest.TestCase):
+    def _noop_validate_admin_token(self, admin_token):
+        pass
+
+    class FakeDtoken(object):
+        expires = 'now'
+        tenant_id = 1
+        id = 2
+
+        def _fake_token_get(self, token_id):
+            return self.FakeDtoken()
+
+        def _fake_missing_token_get(self, token_id):
+            return None
+
+    class FakeEndpoint(object):
+        service = 'foo'
+
+        def _fake_tenant_get_all_endpoints(self, tenant_id):
+            return [self.FakeEndpoint()]
+
+        def _fake_exploding_tenant_get_all_endpoints(self, tenant_id):
+            raise Exception("boom")
+
+        def setUp(self):
+            self.stubout = stubout.StubOutForTesting()
+
+            self.identity = service.IdentityService()
+            # The downside of python "private" methods ... you
+            # have to do stuff like this to stub them out.
+            self.stubout.SmartSet(self.identity,
+                                  "_IdentityService__validate_admin_token",
+                                  self._noop_validate_admin_token)
+
+        def tearDown(self):
+            self.stubout.SmartUnsetAll()
+            self.stubout.UnsetAll()
+
+        def test_endpoints_from_good_token(self):
+            """Happy Day scenario."""
+            self.stubout.SmartSet(keystone.backends.api.TOKEN,
+                                  'get', self._fake_token_get)
+
+            self.stubout.SmartSet(keystone.backends.api.BaseTenantAPI,
+                                  'get_all_endpoints',
+                                  self._fake_tenant_get_all_endpoints)
+
+            auth_data = self.identity.get_endpoints_for_token("admin token",
+                                                              "token id")
+            self.assertEquals(auth_data.base_urls[0].service, 'foo')
+            self.assertEquals(len(auth_data.base_urls), 1)
+
+        def test_endpoints_from_bad_token(self):
+            self.stubout.SmartSet(keystone.backends.api.TOKEN,
+                                  'get', self._fake_missing_token_get)
+
+            self.assertRaises(fault.ItemNotFoundFault,
+                              self.identity.get_endpoints_for_token,
+                              "admin token", "token id")
+
+        def test_bad_endpoints(self):
+            self.stubout.SmartSet(keystone.backends.api.TOKEN,
+                                  'get', self._fake_token_get)
+
+            self.stubout.SmartSet(keystone.backends.api.TENANT,
+                'get_all_endpoints',
+                self._fake_exploding_tenant_get_all_endpoints)
+
+            endpoints = self.identity.get_endpoints_for_token("admin token",
+                                                              "token id")
+            self.assertEquals(endpoints.base_urls, [])
+
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/tools/pip-requires b/tools/pip-requires
index b72d79f3..69241669 100644
--- a/tools/pip-requires
+++ b/tools/pip-requires
@@ -29,3 +29,4 @@ webtest
 unittest2
 pylint
 pep8
+mox