Not sure if I got you right. My question was about the username/password being written to the HTTP headers (X-Auth-User/Key).
My impression is that this never happens since Keystone returns a token and that is what is passed to the API, so that actually there will never we X-Auth-User/Key headers.
But: If that assumption is wrong, then I would expect that in addition to X-Auth-User/Key, also the domain has to be passed in the HTTP header as part of the credentials_headers() implementation. See also Heat's "http.py" variant of credentials_headers () here: https://github.com/openstack/python-heatclient/blob/master/heatclient/common/http.py.
I will submit a pull-request with my changes today.
Not sure if I got you right. My question was about the username/password being written to the HTTP headers (X-Auth-User/Key).
My impression is that this never happens since Keystone returns a token and that is what is passed to the API, so that actually there will never we X-Auth-User/Key headers.
But: If that assumption is wrong, then I would expect that in addition to X-Auth-User/Key, also the domain has to be passed in the HTTP header as part of the credentials_ headers( ) implementation. See also Heat's "http.py" variant of credentials_headers () here: https:/ /github. com/openstack/ python- heatclient/ blob/master/ heatclient/ common/ http.py.
I will submit a pull-request with my changes today.