From 359eb839da009a694dcd17465204e13b728fdfe7 Mon Sep 17 00:00:00 2001
From: zengchen1024 <chenzeng2@huawei.com>
Date: Fri, 18 Jan 2019 15:08:03 +0800
Subject: [PATCH] support authorized by token + agency

---
 openstack/client.go | 45 ++++++++++++++++++++++++++-------------------
 1 file changed, 26 insertions(+), 19 deletions(-)

diff --git a/openstack/client.go b/openstack/client.go
index 83c65ee6d..9f1302afe 100644
--- a/openstack/client.go
+++ b/openstack/client.go
@@ -122,6 +122,9 @@ func Authenticate(client *golangsdk.ProviderClient, options golangsdk.AuthOption
 		case v2:
 			return v2auth(client, endpoint, authOptions, golangsdk.EndpointOpts{})
 		case v3:
+			if authOptions.AgencyDomainName != "" && authOptions.AgencyName != "" {
+				return v3authWithAgency(client, endpoint, &authOptions, golangsdk.EndpointOpts{})
+			}
 			return v3auth(client, endpoint, &authOptions, golangsdk.EndpointOpts{})
 		default:
 			// The switch statement must be out of date from the versions list.
@@ -133,13 +136,11 @@ func Authenticate(client *golangsdk.ProviderClient, options golangsdk.AuthOption
 		if isAkSkOptions {
 			if akskAuthOptions.AgencyDomainName != "" && akskAuthOptions.AgencyName != "" {
 				return authWithAgencyByAKSK(client, endpoint, akskAuthOptions, golangsdk.EndpointOpts{})
-			} else {
-				return v3AKSKAuth(client, endpoint, akskAuthOptions, golangsdk.EndpointOpts{})
 			}
+			return v3AKSKAuth(client, endpoint, akskAuthOptions, golangsdk.EndpointOpts{})
 
-		} else {
-			return fmt.Errorf("Unrecognized auth options provider: %s", reflect.TypeOf(options))
 		}
+		return fmt.Errorf("Unrecognized auth options provider: %s", reflect.TypeOf(options))
 	}
 
 }
@@ -219,21 +220,6 @@ func v3auth(client *golangsdk.ProviderClient, endpoint string, opts tokens3.Auth
 		return err
 	}
 
-	opts1, ok := opts.(*golangsdk.AuthOptions)
-	if ok && opts1.AgencyDomainName != "" && opts1.AgencyName != "" {
-		opts2 := golangsdk.AgencyAuthOptions{
-			TokenID:          token.ID,
-			AgencyName:       opts1.AgencyName,
-			AgencyDomainName: opts1.AgencyDomainName,
-			DelegatedProject: opts1.DelegatedProject,
-		}
-		result = tokens3.Create(v3Client, &opts2)
-		token, err = result.ExtractToken()
-		if err != nil {
-			return err
-		}
-	}
-
 	project, err := result.ExtractProject()
 	if err != nil {
 		return err
@@ -262,6 +248,27 @@ func v3auth(client *golangsdk.ProviderClient, endpoint string, opts tokens3.Auth
 	return nil
 }
 
+func v3authWithAgency(client *golangsdk.ProviderClient, endpoint string, opts *golangsdk.AuthOptions, eo golangsdk.EndpointOpts) error {
+	token := opts.TokenID
+	if token == "" {
+		err := v3auth(client, endpoint, opts, eo)
+		if err != nil {
+			return err
+		}
+		token = client.TokenID
+		client.TokenID = ""
+	}
+
+	opts1 := golangsdk.AgencyAuthOptions{
+		TokenID:          token,
+		AgencyName:       opts.AgencyName,
+		AgencyDomainName: opts.AgencyDomainName,
+		DelegatedProject: opts.DelegatedProject,
+	}
+
+	return v3auth(client, endpoint, &opts1, eo)
+}
+
 func getEntryByServiceId(entries []tokens3.CatalogEntry, serviceId string) *tokens3.CatalogEntry {
 	if entries == nil {
 		return nil