Do not prompt for scope options with default scoped tokens

This changes the scope validation to occur after a token has already been created. Previous flow: 1. Validate authentication options. 2. Validate authorization options if the command requires a scope. 3. Create a token (using authentication + authorization options) 4. Run command. This means that scope was being checked, even if a default scope was applied in step 3 by Keystone. New flow: 1. Validate authentication options. 2. Create token (using authentication + authorization options) 3 Validate authorization options if the command requires a scope and the token is not scoped. 4. Run command. Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981 Closes-Bug: 1592062
2016-06-15 16:26:35 +00:00
parent 1464c8a237
commit fe0c8e955b
5 changed files with 47 additions and 31 deletions
--- a/openstackclient/shell.py
+++ b/openstackclient/shell.py
@ -443,12 +443,12 @@ class OpenStackShell(app.App):
            cmd.__class__.__name__,
        )
        if cmd.auth_required:
-            if hasattr(cmd, 'required_scope'):
+            self.client_manager.setup_auth()
+            if hasattr(cmd, 'required_scope') and cmd.required_scope:
                # let the command decide whether we need a scoped token
-                self.client_manager.setup_auth(cmd.required_scope)
+                self.client_manager.validate_scope()
            # Trigger the Identity client to initialize
            self.client_manager.auth_ref
-        return

    def clean_up(self, cmd, result, err):
        self.log.debug('clean_up %s: %s', cmd.__class__.__name__, err or '')