From 2bba1827510803d8dc7795c905c511fa9045e813 Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@redhat.com>
Date: Tue, 25 Aug 2015 15:30:40 +1000
Subject: [PATCH] Allow specifying a region name to auth_token

The keystone that is used to validate tokens is determined from the
service catalog. If you have multiple identity entries in your service
catalog then you need to specify the region to use.

Add a region_name option.

Change-Id: I512dbcdc7031f476d691b7ce09b7c6411900ea9e
Closes-Bug: #1405717
---
 keystonemiddleware/auth_token/__init__.py     |  3 +
 .../auth_token/test_auth_token_middleware.py  | 58 +++++++++++++++++++
 keystonemiddleware/tests/unit/test_opts.py    |  1 +
 3 files changed, 62 insertions(+)

diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 942567c7..d723532d 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -270,6 +270,8 @@ _OPTS = [
                help='A PEM encoded Certificate Authority to use when '
                     'verifying HTTPs connections. Defaults to system CAs.'),
     cfg.BoolOpt('insecure', default=False, help='Verify HTTPS connections.'),
+    cfg.StrOpt('region_name', default=None,
+               help='The region in which the identity server can be found.'),
     cfg.StrOpt('signing_dir',
                help='Directory used to cache files related to PKI tokens.'),
     cfg.ListOpt('memcached_servers',
@@ -1031,6 +1033,7 @@ class AuthProtocol(_BaseAuthProtocol):
             auth=auth_plugin,
             service_type='identity',
             interface='admin',
+            region_name=self._conf_get('region_name'),
             connect_retries=self._conf_get('http_request_max_retries'))
 
         auth_version = self._conf_get('auth_version')
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index d78dd852..16304305 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -643,6 +643,64 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         self.assertRaises(exc.ConfigurationError,
                           auth_token.AuthProtocol, self.fake_app, conf)
 
+    def test_auth_region_name(self):
+        token = fixture.V3Token()
+
+        auth_url = 'http://keystone-auth.example.com:5000'
+        east_url = 'http://keystone-east.example.com:5000'
+        west_url = 'http://keystone-west.example.com:5000'
+
+        auth_versions = fixture.DiscoveryList(href=auth_url)
+        east_versions = fixture.DiscoveryList(href=east_url)
+        west_versions = fixture.DiscoveryList(href=west_url)
+
+        s = token.add_service('identity')
+        s.add_endpoint(interface='admin', url=east_url, region='east')
+        s.add_endpoint(interface='admin', url=west_url, region='west')
+
+        self.requests_mock.get(auth_url, json=auth_versions)
+        self.requests_mock.get(east_url, json=east_versions)
+        self.requests_mock.get(west_url, json=west_versions)
+
+        self.requests_mock.post(
+            '%s/v3/auth/tokens' % auth_url,
+            headers={'X-Subject-Token': uuid.uuid4().hex},
+            json=token)
+
+        east_mock = self.requests_mock.get(
+            '%s/v3/auth/tokens' % east_url,
+            headers={'X-Subject-Token': uuid.uuid4().hex},
+            json=fixture.V3Token())
+
+        west_mock = self.requests_mock.get(
+            '%s/v3/auth/tokens' % west_url,
+            headers={'X-Subject-Token': uuid.uuid4().hex},
+            json=fixture.V3Token())
+
+        conf = {'auth_uri': auth_url,
+                'auth_url': auth_url + '/v3',
+                'auth_plugin': 'v3password',
+                'username': 'user',
+                'password': 'pass'}
+
+        self.assertEqual(0, east_mock.call_count)
+        self.assertEqual(0, west_mock.call_count)
+
+        east_app = self.create_simple_middleware(conf=dict(region_name='east',
+                                                           **conf))
+        self.call(east_app, headers={'X-Auth-Token': uuid.uuid4().hex})
+
+        self.assertEqual(1, east_mock.call_count)
+        self.assertEqual(0, west_mock.call_count)
+
+        west_app = self.create_simple_middleware(conf=dict(region_name='west',
+                                                           **conf))
+
+        self.call(west_app, headers={'X-Auth-Token': uuid.uuid4().hex})
+
+        self.assertEqual(1, east_mock.call_count)
+        self.assertEqual(1, west_mock.call_count)
+
 
 class CommonAuthTokenMiddlewareTest(object):
     """These tests are run once using v2 tokens and again using v3 tokens."""
diff --git a/keystonemiddleware/tests/unit/test_opts.py b/keystonemiddleware/tests/unit/test_opts.py
index 8cb5f5d7..9ddb8005 100644
--- a/keystonemiddleware/tests/unit/test_opts.py
+++ b/keystonemiddleware/tests/unit/test_opts.py
@@ -46,6 +46,7 @@ class OptsTestCase(utils.TestCase):
             'certfile',
             'keyfile',
             'cafile',
+            'region_name',
             'insecure',
             'signing_dir',
             'memcached_servers',