delta/openstack/python-openstackclient.git/openstackclient/common, branch 3.2.1 opendev.org: openstack/python-openstackclient Defer auth prompting until it is actually needed 2016-12-09T18:07:52+00:00 Dean Troyer dtroyer@gmail.com 2016-09-01T15:54:29+00:00 9484cd3850594ef6cb62d3c57dc5ec402305975c Auth option prompting happens waaaay to early in the default os-client-config flow, we need to defer it until adter the commands have been parsed. This is why ClientManager.setup_auth() exists, as it is not called until the first attempt to connect to a server occurs. Commands that do not require authentication never hit this. Also, required options were not being enforced. By doing this we handle when no authentication info is present, we fail on missing auth-url rather than attempt to prompt for a password (default auth is password). Closes-Bug: 1619274 Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726 (cherry picked from commit 14dbfe44741b65c9e0514a34669f52de8629b1c0) 
Auth option prompting happens waaaay to early in the default
os-client-config flow, we need to defer it until adter the commands
have been parsed.  This is why ClientManager.setup_auth() exists,
as it is not called until the first attempt to connect to a server
occurs.  Commands that do not require authentication never hit this.

Also, required options were not being enforced.  By doing this we handle
when no authentication info is present, we fail on missing auth-url rather
than attempt to prompt for a password (default auth is password).

Closes-Bug: 1619274
Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
(cherry picked from commit 14dbfe44741b65c9e0514a34669f52de8629b1c0)
Merge "Use project_domain_id only in password auth" into stable/newton 2016-12-09T17:59:00+00:00 Jenkins jenkins@review.openstack.org 2016-12-09T17:59:00+00:00 23f6681de615973b7cf54036b607d9a80da6d929 






Use project_domain_id only in password auth
2016-12-09T02:36:18+00:00

Boris Bobrov
bbobrov@mirantis.com

2016-11-17T10:46:21+00:00

fc370104156810cb4f65a3235d6bf6ab65f028bd

The method being changed constructs domain-related parameters that will
further be passed to the auth plugin. If project domain is not
passed, the method sets it to the default domain.

token_endpoint does not expect any information about domain,
because it uses only a token and URL. Passing it to auth plugin causes
an exception.

Construct domain-related parameters only for specific plugins, such
as password or totp.

Change-Id: I13db3bbe31a0ed843e9f4528d37c768546e2bee9
Closes-Bug: 1642301
(cherry picked from commit e51a8d63747932f2ee4ffab02dfb0cd43e4a103d)





The method being changed constructs domain-related parameters that will
further be passed to the auth plugin. If project domain is not
passed, the method sets it to the default domain.

token_endpoint does not expect any information about domain,
because it uses only a token and URL. Passing it to auth plugin causes
an exception.

Construct domain-related parameters only for specific plugins, such
as password or totp.

Change-Id: I13db3bbe31a0ed843e9f4528d37c768546e2bee9
Closes-Bug: 1642301
(cherry picked from commit e51a8d63747932f2ee4ffab02dfb0cd43e4a103d)







Mask passwords in debug logs for auth_config_hook
2016-10-06T20:08:59+00:00

Matt Riedemann
mriedem@us.ibm.com

2016-10-06T01:11:16+00:00

a37addb7b034105ce03ee35a0a1610d191c4b269

The auth config hook can have credentials in it so
we have to mask the config before logging it. To
avoid doing the work of masking the password if we
aren't going to log it, there is a conditional put
around the actual debug statement.

Conflicts:
        openstackclient/common/client_config.py

NOTE(mriedem): The conflict was due to imports.

Change-Id: I8e626672ec94fc837610216bccb4354dbdedca17
Closes-Bug: #1630822
(cherry picked from commit cd1a412408f068aeef97c1ee368400307fce7733)





The auth config hook can have credentials in it so
we have to mask the config before logging it. To
avoid doing the work of masking the password if we
aren't going to log it, there is a conditional put
around the actual debug statement.

Conflicts:
        openstackclient/common/client_config.py

NOTE(mriedem): The conflict was due to imports.

Change-Id: I8e626672ec94fc837610216bccb4354dbdedca17
Closes-Bug: #1630822
(cherry picked from commit cd1a412408f068aeef97c1ee368400307fce7733)







Provide fallback prompt function for current osc-lib
2016-08-30T00:22:06+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-29T23:14:26+00:00

84c83fc3aeebf8201a301f1864c3b8a1572111f1

Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956





Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956







Merge "Fix auth prompt brokenness"
2016-08-29T21:09:58+00:00

Jenkins
jenkins@review.openstack.org

2016-08-29T21:09:58+00:00

c5f8f761de01e7dee7d65ccba40e8ee4cf116500












Fix auth prompt brokenness
2016-08-29T16:58:49+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-29T16:07:49+00:00

bec206fa0a0214d856259661c5e32086f33d2f62

We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442





We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442







Clean imports in code
2016-08-25T06:50:38+00:00

Cao Xuan Hoang
hoangcx@vn.fujitsu.com

2016-08-25T06:50:38+00:00

f854b7d6ea1c67cf7f313e039691c4cb40ff1236

In some part in the code we import objects.
In the Openstack style guidelines they recommend to import only modules.

http://docs.openstack.org/developer/hacking/#imports

Change-Id: I2eb35dc53f0fdb61c31022bb70293d1df8aaf482





In some part in the code we import objects.
In the Openstack style guidelines they recommend to import only modules.

http://docs.openstack.org/developer/hacking/#imports

Change-Id: I2eb35dc53f0fdb61c31022bb70293d1df8aaf482







Work around a version clash issue with os-client-config
2016-08-22T13:29:35+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-22T13:29:29+00:00

684412ca4cc0abad2c2a800d8247d12992b994e5

Need to add the fixed_arguments arg to _validate_auth() so
os-client-config 1.19.1 and 1.20.0 can call our version properly.

Change-Id: I328e47ba2f8115e6b18bf1482fd4aa35056907a4





Need to add the fixed_arguments arg to _validate_auth() so
os-client-config 1.19.1 and 1.20.0 can call our version properly.

Change-Id: I328e47ba2f8115e6b18bf1482fd4aa35056907a4







Gate-unbreaking combo review
2016-08-18T12:21:15+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-16T14:41:31+00:00

2a1a1740862c419e08284e50103d52e029f0e61e

Fix argument precedence hack
  Working around issues in os-client-config <= 1.18.0

  This is ugly because the issues in o-c-c 1.19.1 run even deeper
  than in 1.18.0, so we're going to use 1.19.0 get_one_cloud() that
  is known to work for OSC and fix o-c-c with an axe.

Remove return values for set commands
  'identity provider set' and 'service provider set' were still
  returning their show-like data, this is a fail for set commands
  now, don't know how this ever passed before...

Constraints are ready to be used for tox.ini
  Per email[1] from Andreas, we don't need to hack at install_command
  any longer.

  [1] http://openstack.markmail.org/thread/a4l7tokbotwqvuoh

Co-authorioed-by: Steve Martinelli <s.martinelli@gmail.com>
Depends-On: I49313dc7d4f44ec897de7a375f25b7ed864226f1
Change-Id: I426548376fc7d3cdb36501310dafd8c44d22ae30





Fix argument precedence hack
  Working around issues in os-client-config <= 1.18.0

  This is ugly because the issues in o-c-c 1.19.1 run even deeper
  than in 1.18.0, so we're going to use 1.19.0 get_one_cloud() that
  is known to work for OSC and fix o-c-c with an axe.

Remove return values for set commands
  'identity provider set' and 'service provider set' were still
  returning their show-like data, this is a fail for set commands
  now, don't know how this ever passed before...

Constraints are ready to be used for tox.ini
  Per email[1] from Andreas, we don't need to hack at install_command
  any longer.

  [1] http://openstack.markmail.org/thread/a4l7tokbotwqvuoh

Co-authorioed-by: Steve Martinelli <s.martinelli@gmail.com>
Depends-On: I49313dc7d4f44ec897de7a375f25b7ed864226f1
Change-Id: I426548376fc7d3cdb36501310dafd8c44d22ae30