From f04d5dcf60cc2f5f0aa1f38323f52c7ed874d687 Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Wed, 20 Mar 2019 10:18:46 -0700
Subject: [PATCH 01/10] Small step at a time

---
 otter/auth.py           |  6 +++---
 otter/test/test_auth.py | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index 720b9a8d3..63ad2ab6b 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -261,11 +261,11 @@ def authenticate_tenant(self, tenant_id, log=None):
         see :meth:`IAuthenticator.authenticate_tenant`
         """
         auth = partial(self._auth_me, log=log)
-
-        d = user_for_tenant(self._admin_url,
+        d = auth()
+        d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
                             self._identity_admin_user,
                             self._identity_admin_password,
-                            tenant_id, log=log)
+                            tenant_id, log=log))
 
         def impersonate(user):
             iud = impersonate_user(self._admin_url,
diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py
index e80dbfe5c..a6d2ee5f4 100644
--- a/otter/test/test_auth.py
+++ b/otter/test/test_auth.py
@@ -548,12 +548,12 @@ def test_authenticate_tenant_retries_impersonates_first_user(self):
             succeed({'access': {'token': {'id': 'impersonation_token'}}})]
         self.successResultOf(self.ia.authenticate_tenant(111111, self.log))
         self.impersonate_user.assert_has_calls(
-            [mock.call(self.admin_url, None, 'test_user', log=self.log),
+            [mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log),
              mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log)])
-        self.authenticate_user.assert_called_once_with(self.url, self.user,
+        self.authenticate_user.assert_called_with(self.url, self.user,
                                                        self.password,
                                                        log=self.log)
-        self.log.msg.assert_called_once_with('Getting new identity admin token')
+        self.log.msg.assert_called_with('Getting new identity admin token')
 
     def test_authenticate_tenant_gets_endpoints_for_the_impersonation_token(self):
         """
@@ -575,12 +575,12 @@ def test_authenticate_tenant_retries_getting_endpoints_for_the_impersonation_tok
             succeed({'endpoints': [{'name': 'anEndpoint', 'type': 'anType'}]})]
         self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log))
         self.endpoints_for_token.assert_has_calls(
-            [mock.call(self.admin_url, None, 'impersonation_token', log=self.log),
+            [mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log),
              mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log)])
-        self.authenticate_user.assert_called_once_with(self.url, self.user,
+        self.authenticate_user.assert_called_with(self.url, self.user,
                                                        self.password,
                                                        log=self.log)
-        self.log.msg.assert_called_once_with('Getting new identity admin token')
+        self.log.msg.assert_called_with('Getting new identity admin token')
 
     def test_authenticate_tenant_returns_impersonation_token_and_endpoint_list(self):
         """

From 2ea897db258b6bbee527342df57b1030b2cdb9f7 Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Thu, 28 Mar 2019 08:31:40 -0700
Subject: [PATCH 02/10] checking if getting tokens

---
 otter/auth.py           |  6 +++---
 otter/test/test_auth.py | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index 63ad2ab6b..47de3904d 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -264,7 +264,7 @@ def authenticate_tenant(self, tenant_id, log=None):
         d = auth()
         d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
                             self._identity_admin_user,
-                            self._identity_admin_password,
+                            self._identity_admin_password, self._token,
                             tenant_id, log=log))
 
         def impersonate(user):
@@ -371,7 +371,7 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token,
     return d
 
 
-def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None):
+def user_for_tenant(auth_endpoint, username, password, token, tenant_id, log=None):
     """
     Use a super secret API to get the special actual username for a tenant id.
 
@@ -384,7 +384,7 @@ def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None):
     """
     d = treq.get(
         append_segments(auth_endpoint.replace('v2.0', 'v1.1'), 'mosso', str(tenant_id)),
-        auth=(username, password),
+        headers=headers(token),
         allow_redirects=False,
         log=log)
     d.addCallback(check_success, [301])
diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py
index a6d2ee5f4..45d0badba 100644
--- a/otter/test/test_auth.py
+++ b/otter/test/test_auth.py
@@ -36,7 +36,7 @@
 )
 from otter.effect_dispatcher import get_simple_dispatcher
 from otter.test.utils import SameJSON, iMock, mock_log, patch
-from otter.util.http import APIError, UpstreamError
+from otter.util.http import APIError, UpstreamError, headers
 
 
 expected_headers = {'accept': ['application/json'],
@@ -303,14 +303,14 @@ def test_user_for_tenant(self):
         self.treq.json_content.return_value = succeed(response_body)
         self.treq.get.return_value = succeed(response)
 
-        d = user_for_tenant('http://identity/v2.0', 'username', 'password',
+        d = user_for_tenant('http://identity/v2.0', 'username', 'password', 'auth-token',
                             111111, log=self.log)
 
         self.assertEqual(self.successResultOf(d), 'ausername')
 
         self.treq.get.assert_called_once_with(
             'http://identity/v1.1/mosso/111111',
-            auth=('username', 'password'),
+            headers=headers('auth-token'),
             allow_redirects=False, log=self.log)
 
     def test_user_for_tenant_propagates_errors(self):
@@ -321,7 +321,7 @@ def test_user_for_tenant_propagates_errors(self):
         self.treq.content.return_value = succeed('error_body')
         self.treq.get.return_value = succeed(response)
 
-        d = user_for_tenant('http://identity/v2.0', 'username', 'password',
+        d = user_for_tenant('http://identity/v2.0', 'username', 'password', 'auth-token',
                             111111)
         failure = self.failureResultOf(d)
 
@@ -509,7 +509,7 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
         """
         self.successResultOf(self.ia.authenticate_tenant(111111))
         self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
-                                                     self.password, 111111,
+                                                     self.password, 'auth-token', 111111,
                                                      log=None)
 
         self.user_for_tenant.reset_mock()
@@ -517,7 +517,7 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
         self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log))
 
         self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
-                                                     self.password, 111111,
+                                                     self.password, 'auth-token', 111111,
                                                      log=self.log)
 
     def test_authenticate_tenant_impersonates_first_user(self):

From ab0e4e3242988b711624f278c02f3e18859d7fe6 Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Thu, 28 Mar 2019 09:03:21 -0700
Subject: [PATCH 03/10] Update wrt test3 and major fix

---
 otter/auth.py           | 17 ++++++++---------
 otter/test/test_auth.py | 17 ++++++++---------
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index 47de3904d..f20e1c1c3 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -262,10 +262,9 @@ def authenticate_tenant(self, tenant_id, log=None):
         """
         auth = partial(self._auth_me, log=log)
         d = auth()
-        d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
-                            self._identity_admin_user,
-                            self._identity_admin_password, self._token,
-                            tenant_id, log=log))
+        d.addCallback(lambda ignore: user_for_tenant(self._admin_url, self._identity_admin_user,
+                            self._token,
+                            log=log))
 
         def impersonate(user):
             iud = impersonate_user(self._admin_url,
@@ -371,7 +370,7 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token,
     return d
 
 
-def user_for_tenant(auth_endpoint, username, password, token, tenant_id, log=None):
+def user_for_tenant(auth_endpoint, username, token, log=None):
     """
     Use a super secret API to get the special actual username for a tenant id.
 
@@ -383,14 +382,14 @@ def user_for_tenant(auth_endpoint, username, password, token, tenant_id, log=Non
     :return: Username of the magical identity:user-admin user for the tenantid.
     """
     d = treq.get(
-        append_segments(auth_endpoint.replace('v2.0', 'v1.1'), 'mosso', str(tenant_id)),
+        append_segments(auth_endpoint, 'users')+'?name='+str(username),
         headers=headers(token),
         allow_redirects=False,
         log=log)
-    d.addCallback(check_success, [301])
-    d.addErrback(wrap_upstream_error, 'identity', 'mosso', auth_endpoint)
+    d.addCallback(check_success, [200, 203])
+    d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint)
     d.addCallback(treq.json_content)
-    d.addCallback(lambda user: user['user']['id'])
+    d.addCallback(lambda user: user['user']['username'])
     return d
 
 
diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py
index 45d0badba..fcac11e7b 100644
--- a/otter/test/test_auth.py
+++ b/otter/test/test_auth.py
@@ -299,17 +299,17 @@ def test_user_for_tenant(self):
         the list of users for a given tenant.
         """
         response = mock.Mock(code=200)
-        response_body = {'user': {'id': 'ausername'}}
+        response_body = {'user': {'username': 'username'}}
         self.treq.json_content.return_value = succeed(response_body)
         self.treq.get.return_value = succeed(response)
 
-        d = user_for_tenant('http://identity/v2.0', 'username', 'password', 'auth-token',
-                            111111, log=self.log)
+        d = user_for_tenant('http://identity/v2.0', 'username', 'auth-token',
+                            log=self.log)
 
-        self.assertEqual(self.successResultOf(d), 'ausername')
+        self.assertEqual(self.successResultOf(d), 'username')
 
         self.treq.get.assert_called_once_with(
-            'http://identity/v1.1/mosso/111111',
+            'http://identity/v2.0/users?name=username',
             headers=headers('auth-token'),
             allow_redirects=False, log=self.log)
 
@@ -321,8 +321,7 @@ def test_user_for_tenant_propagates_errors(self):
         self.treq.content.return_value = succeed('error_body')
         self.treq.get.return_value = succeed(response)
 
-        d = user_for_tenant('http://identity/v2.0', 'username', 'password', 'auth-token',
-                            111111)
+        d = user_for_tenant('http://identity/v2.0', 'username', 'auth-token')
         failure = self.failureResultOf(d)
 
         self.assertTrue(failure.check(UpstreamError))
@@ -509,7 +508,7 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
         """
         self.successResultOf(self.ia.authenticate_tenant(111111))
         self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
-                                                     self.password, 'auth-token', 111111,
+                                                     'auth-token',
                                                      log=None)
 
         self.user_for_tenant.reset_mock()
@@ -517,7 +516,7 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
         self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log))
 
         self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
-                                                     self.password, 'auth-token', 111111,
+                                                     'auth-token',
                                                      log=self.log)
 
     def test_authenticate_tenant_impersonates_first_user(self):

From 509815371f7bbe80e7fa71807abc2abf2d434cff Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Fri, 29 Mar 2019 03:54:01 -0700
Subject: [PATCH 04/10] Chnages wrt to changed mimic repo

---
 otter/auth.py           | 12 +++++-------
 otter/test/test_auth.py | 10 +++++-----
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index f20e1c1c3..1f269a758 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -262,7 +262,7 @@ def authenticate_tenant(self, tenant_id, log=None):
         """
         auth = partial(self._auth_me, log=log)
         d = auth()
-        d.addCallback(lambda ignore: user_for_tenant(self._admin_url, self._identity_admin_user,
+        d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
                             self._token,
                             log=log))
 
@@ -370,26 +370,24 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token,
     return d
 
 
-def user_for_tenant(auth_endpoint, username, token, log=None):
+def user_for_tenant(auth_endpoint, token, log=None):
     """
     Use a super secret API to get the special actual username for a tenant id.
 
     :param str auth_endpoint: Identity Admin API endpoint.
-    :param str username: A service username.
-    :param str password: A service password.
-    :param tenant_id: The tenant ID we wish to find the user for.
+    :param str token: A service token.
 
     :return: Username of the magical identity:user-admin user for the tenantid.
     """
     d = treq.get(
-        append_segments(auth_endpoint, 'users')+'?name='+str(username),
+        append_segments(auth_endpoint, 'users'),
         headers=headers(token),
         allow_redirects=False,
         log=log)
     d.addCallback(check_success, [200, 203])
     d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint)
     d.addCallback(treq.json_content)
-    d.addCallback(lambda user: user['user']['username'])
+    d.addCallback(lambda user: user['users'][0]['username'])
     return d
 
 
diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py
index fcac11e7b..4b47a05f1 100644
--- a/otter/test/test_auth.py
+++ b/otter/test/test_auth.py
@@ -299,17 +299,17 @@ def test_user_for_tenant(self):
         the list of users for a given tenant.
         """
         response = mock.Mock(code=200)
-        response_body = {'user': {'username': 'username'}}
+        response_body = {'users': [{'username': 'username'}]}
         self.treq.json_content.return_value = succeed(response_body)
         self.treq.get.return_value = succeed(response)
 
-        d = user_for_tenant('http://identity/v2.0', 'username', 'auth-token',
+        d = user_for_tenant('http://identity/v2.0', 'auth-token',
                             log=self.log)
 
         self.assertEqual(self.successResultOf(d), 'username')
 
         self.treq.get.assert_called_once_with(
-            'http://identity/v2.0/users?name=username',
+            'http://identity/v2.0/users',
             headers=headers('auth-token'),
             allow_redirects=False, log=self.log)
 
@@ -507,7 +507,7 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
         endpoint.
         """
         self.successResultOf(self.ia.authenticate_tenant(111111))
-        self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
+        self.user_for_tenant.assert_called_once_with(self.admin_url,
                                                      'auth-token',
                                                      log=None)
 
@@ -515,7 +515,7 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
 
         self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log))
 
-        self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
+        self.user_for_tenant.assert_called_once_with(self.admin_url,
                                                      'auth-token',
                                                      log=self.log)
 

From 0acf5266ac314e6943431bd84d52842e5774ca1d Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Fri, 29 Mar 2019 12:25:37 -0700
Subject: [PATCH 05/10] Updating mimic endpoint with updated mimic

---
 requirements/mimic.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements/mimic.txt b/requirements/mimic.txt
index 0910a53c0..c34c23b83 100644
--- a/requirements/mimic.txt
+++ b/requirements/mimic.txt
@@ -1 +1,2 @@
-git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e
+#git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e
+git+ssh://github.com/rackerlabs/autoscale-mimic.git@autoscale-546

From 6b5515d80a9947891b1adaf26e49ed9908b33af1 Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Fri, 29 Mar 2019 12:42:39 -0700
Subject: [PATCH 06/10] Update on mimic endpoint

---
 requirements/mimic.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/mimic.txt b/requirements/mimic.txt
index c34c23b83..c99f55005 100644
--- a/requirements/mimic.txt
+++ b/requirements/mimic.txt
@@ -1,2 +1,2 @@
 #git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e
-git+ssh://github.com/rackerlabs/autoscale-mimic.git@autoscale-546
+git+ssh://github.com/rahulb-rackspace/autoscale-mimic.git@autoscale-546

From ec84505c94c53e0c541b5a64922a2dd9eb65871f Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Fri, 29 Mar 2019 12:52:20 -0700
Subject: [PATCH 07/10] Rackerlab update on mimic endpoint

---
 requirements/mimic.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/mimic.txt b/requirements/mimic.txt
index c99f55005..c34c23b83 100644
--- a/requirements/mimic.txt
+++ b/requirements/mimic.txt
@@ -1,2 +1,2 @@
 #git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e
-git+ssh://github.com/rahulb-rackspace/autoscale-mimic.git@autoscale-546
+git+ssh://github.com/rackerlabs/autoscale-mimic.git@autoscale-546

From 9dabf94bee6d9d110e9a2bc7af8f5a8d6847d1ed Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Thu, 11 Apr 2019 11:14:30 -0700
Subject: [PATCH 08/10] Adding logs for production

---
 otter/auth.py           | 13 +++++++++++--
 otter/test/test_auth.py |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index 1f269a758..756804ac7 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -262,10 +262,13 @@ def authenticate_tenant(self, tenant_id, log=None):
         """
         auth = partial(self._auth_me, log=log)
         d = auth()
+        if log:
+            log.msg("RAHU3180-1: self._token: %(token)s"%{'token': self._token})
         d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
                             self._token,
                             log=log))
-
+        if log:
+            log.msg("RAHU3180-2: self._token: %(token)s"%{'token': self._token})
         def impersonate(user):
             iud = impersonate_user(self._admin_url,
                                    self._token,
@@ -274,7 +277,8 @@ def impersonate(user):
             return iud
 
         d.addCallback(lambda user: retry_on_unauth(partial(impersonate, user), auth))
-
+        if log:
+            log.msg("RAHU3180-3: self._token: %(token)s"%{'token': self._token})
         def endpoints(token):
             scd = endpoints_for_token(self._admin_url, self._token,
                                       token, log=log)
@@ -384,9 +388,14 @@ def user_for_tenant(auth_endpoint, token, log=None):
         headers=headers(token),
         allow_redirects=False,
         log=log)
+    def user_val(user, log):
+        if log:
+            log.msg("RAHU3180: Response: (resp)s"%{'resp': user})
+        return user
     d.addCallback(check_success, [200, 203])
     d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint)
     d.addCallback(treq.json_content)
+    d.addCallback(lambda users: user_val(users, log=log))
     d.addCallback(lambda user: user['users'][0]['username'])
     return d
 
diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py
index 4b47a05f1..0186c83c3 100644
--- a/otter/test/test_auth.py
+++ b/otter/test/test_auth.py
@@ -552,7 +552,7 @@ def test_authenticate_tenant_retries_impersonates_first_user(self):
         self.authenticate_user.assert_called_with(self.url, self.user,
                                                        self.password,
                                                        log=self.log)
-        self.log.msg.assert_called_with('Getting new identity admin token')
+        self.log.msg.assert_called_with('RAHU3180-3: self._token: %(token)s'%{'token':'auth-token'})
 
     def test_authenticate_tenant_gets_endpoints_for_the_impersonation_token(self):
         """

From 69705269a957100f16ec1792cb0a904e677c0299 Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Thu, 11 Apr 2019 13:08:41 -0700
Subject: [PATCH 09/10] New approach to get user

---
 otter/auth.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index 756804ac7..166b401c8 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -264,9 +264,14 @@ def authenticate_tenant(self, tenant_id, log=None):
         d = auth()
         if log:
             log.msg("RAHU3180-1: self._token: %(token)s"%{'token': self._token})
+        def log_user(user):
+            if log:
+                log.msg("RAHU-USER: (user)%s"%{'user': user})
+            return user
         d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
                             self._token,
                             log=log))
+        d.addCallback(log_user)
         if log:
             log.msg("RAHU3180-2: self._token: %(token)s"%{'token': self._token})
         def impersonate(user):
@@ -388,14 +393,9 @@ def user_for_tenant(auth_endpoint, token, log=None):
         headers=headers(token),
         allow_redirects=False,
         log=log)
-    def user_val(user, log):
-        if log:
-            log.msg("RAHU3180: Response: (resp)s"%{'resp': user})
-        return user
     d.addCallback(check_success, [200, 203])
     d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint)
     d.addCallback(treq.json_content)
-    d.addCallback(lambda users: user_val(users, log=log))
     d.addCallback(lambda user: user['users'][0]['username'])
     return d
 

From ef96c83d154810716d41fb5d7bb9f2e3192662c2 Mon Sep 17 00:00:00 2001
From: rahu3180 <rahul.bardia@rackspace.com>
Date: Fri, 12 Apr 2019 07:37:13 -0700
Subject: [PATCH 10/10] Adding logs

---
 otter/auth.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/otter/auth.py b/otter/auth.py
index 166b401c8..8c942dfcd 100644
--- a/otter/auth.py
+++ b/otter/auth.py
@@ -266,7 +266,7 @@ def authenticate_tenant(self, tenant_id, log=None):
             log.msg("RAHU3180-1: self._token: %(token)s"%{'token': self._token})
         def log_user(user):
             if log:
-                log.msg("RAHU-USER: (user)%s"%{'user': user})
+                log.msg("RAHU-USER: (user)%s Type: %(type)s)"%{'user': user, 'type': type(user)})
             return user
         d.addCallback(lambda ignore: user_for_tenant(self._admin_url,
                             self._token,
@@ -396,7 +396,7 @@ def user_for_tenant(auth_endpoint, token, log=None):
     d.addCallback(check_success, [200, 203])
     d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint)
     d.addCallback(treq.json_content)
-    d.addCallback(lambda user: user['users'][0]['username'])
+    d.addCallback(lambda user: str(user['users'][0]['username']))
     return d
 
 
@@ -458,6 +458,14 @@ def impersonate_user(auth_endpoint, identity_admin_token, username,
 
     :return: Decoded JSON as dict.
     """
+    dic = {
+            "RAX-AUTH:impersonation": {
+                "user": {"username": username},
+                "expire-in-seconds": expire_in
+            }
+        }
+    if log:
+        log.msg("RAHU-Impersonate post_data: %(dict)s admin_token: %(token)s"%{"dict": dic, "token": identity_admin_token})
     d = treq.post(
         append_segments(auth_endpoint, 'RAX-AUTH', 'impersonation-tokens'),
         json.dumps({