From e0f2fb7ac4f07826d1daaa19a366a4f62304617e Mon Sep 17 00:00:00 2001
From: Nikolay Mahotkin <nikolay.makhotkin@gmail.com>
Date: Thu, 27 Jul 2017 12:19:20 +0300
Subject: [PATCH] Fix cron-triggers and openstack actions

 * Fixed deleting cron-trigger-trust
   (only trustor can delete trust)
 * Fixed retrieving keystone service catalog
   (otherwise we always get UnauthorizedException
   from utils/openstack/keystone.py:210, need
   just request service catalog)

Change-Id: Ibb044788a6fb6727a48af0371096972561ef9e8d
---
 mistral/services/security.py                    | 10 +---------
 mistral/tests/unit/utils/test_keystone_utils.py |  7 ++++++-
 mistral/utils/openstack/keystone.py             |  3 ++-
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/mistral/services/security.py b/mistral/services/security.py
index 048747b65..497e638bb 100644
--- a/mistral/services/security.py
+++ b/mistral/services/security.py
@@ -85,15 +85,7 @@ def delete_trust(trust_id):
     if not trust_id:
         return
 
-    ctx = auth_ctx.ctx()
-
-    # If this trust is already in the context then it means that
-    # context already has trust scoped token from exactly this trust_id.
-    # So we don't need request the token from the trust one more time.
-    if ctx.is_trust_scoped and ctx.trust_id == trust_id:
-        keystone_client = keystone.client()
-    else:
-        keystone_client = keystone.client_for_trusts(trust_id)
+    keystone_client = keystone.client_for_trusts(trust_id)
 
     try:
         keystone_client.trusts.delete(trust_id)
diff --git a/mistral/tests/unit/utils/test_keystone_utils.py b/mistral/tests/unit/utils/test_keystone_utils.py
index 502c7be92..6393ffa8c 100644
--- a/mistral/tests/unit/utils/test_keystone_utils.py
+++ b/mistral/tests/unit/utils/test_keystone_utils.py
@@ -12,6 +12,8 @@
 #    See the License for the specific language governing permissions and
 #    limitations under the License.
 
+import mock
+
 from mistral import context as auth_context
 from mistral import exceptions
 from mistral.tests.unit import base
@@ -44,7 +46,10 @@ class KeystoneUtilsTest(base.BaseTest):
             keystone.format_url(url_template, self.values)
         )
 
-    def test_get_endpoint_for_project_noauth(self):
+    @mock.patch.object(keystone, 'client')
+    def test_get_endpoint_for_project_noauth(self, client):
+        client().tokens.get_token_data.return_value = {'token': None}
+
         # service_catalog is not set by default.
         auth_context.set_ctx(base.get_context())
         self.addCleanup(auth_context.set_ctx, None)
diff --git a/mistral/utils/openstack/keystone.py b/mistral/utils/openstack/keystone.py
index cdb3a5cae..b14dc17b3 100644
--- a/mistral/utils/openstack/keystone.py
+++ b/mistral/utils/openstack/keystone.py
@@ -200,7 +200,8 @@ def obtain_service_catalog(ctx):
         response = ctx.service_catalog
 
         # Target service catalog may not be passed via API.
-        if not response and ctx.is_target:
+        # If we don't have the catalog yet, it should be requested.
+        if not response:
             response = client().tokens.get_token_data(
                 token,
                 include_catalog=True