diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2016-06-15 16:26:35 +0000 |
|---|---|---|
| committer | Steve Martinelli <s.martinelli@gmail.com> | 2016-06-17 12:37:15 -0400 |
| commit | fe0c8e955be0331aef9cc6847c9bddc43ce66d92 (patch) | |
| tree | bb9597a1f0a1417ec5cd19f984c99eeb32f693d8 /openstackclient/api | |
| parent | 1464c8a23755f70bb60ed37abe1edf5c7e0b7203 (diff) | |
| download | python-openstackclient-fe0c8e955be0331aef9cc6847c9bddc43ce66d92.tar.gz | |
Do not prompt for scope options with default scoped tokens
This changes the scope validation to occur after a token has already
been created.
Previous flow:
1. Validate authentication options.
2. Validate authorization options if the command requires a scope.
3. Create a token (using authentication + authorization options)
4. Run command.
This means that scope was being checked, even if a default scope was
applied in step 3 by Keystone.
New flow:
1. Validate authentication options.
2. Create token (using authentication + authorization options)
3 Validate authorization options if the command requires a scope and
the token is not scoped.
4. Run command.
Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981
Closes-Bug: 1592062
Diffstat (limited to 'openstackclient/api')
| -rw-r--r-- | openstackclient/api/auth.py | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/openstackclient/api/auth.py b/openstackclient/api/auth.py index b56035e4..0018e76e 100644 --- a/openstackclient/api/auth.py +++ b/openstackclient/api/auth.py @@ -128,12 +128,24 @@ def build_auth_params(auth_plugin_name, cmd_options): return (auth_plugin_loader, auth_params) -def check_valid_auth_options(options, auth_plugin_name, required_scope=True): - """Perform basic option checking, provide helpful error messages. - - :param required_scope: indicate whether a scoped token is required - - """ +def check_valid_authorization_options(options, auth_plugin_name): + """Validate authorization options, and provide helpful error messages.""" + if (options.auth.get('project_id') and not + options.auth.get('domain_id') and not + options.auth.get('domain_name') and not + options.auth.get('project_name') and not + options.auth.get('tenant_id') and not + options.auth.get('tenant_name')): + raise exc.CommandError(_( + 'Missing parameter(s): ' + 'Set either a project or a domain scope, but not both. Set a ' + 'project scope with --os-project-name, OS_PROJECT_NAME, or ' + 'auth.project_name. Alternatively, set a domain scope with ' + '--os-domain-name, OS_DOMAIN_NAME or auth.domain_name.')) + + +def check_valid_authentication_options(options, auth_plugin_name): + """Validate authentication options, and provide helpful error messages.""" msgs = [] if auth_plugin_name.endswith('password'): @@ -143,18 +155,6 @@ def check_valid_auth_options(options, auth_plugin_name, required_scope=True): if not options.auth.get('auth_url'): msgs.append(_('Set an authentication URL, with --os-auth-url,' ' OS_AUTH_URL or auth.auth_url')) - if (required_scope and not - options.auth.get('project_id') and not - options.auth.get('domain_id') and not - options.auth.get('domain_name') and not - options.auth.get('project_name') and not - options.auth.get('tenant_id') and not - options.auth.get('tenant_name')): - msgs.append(_('Set a scope, such as a project or domain, set a ' - 'project scope with --os-project-name, ' - 'OS_PROJECT_NAME or auth.project_name, set a domain ' - 'scope with --os-domain-name, OS_DOMAIN_NAME or ' - 'auth.domain_name')) elif auth_plugin_name.endswith('token'): if not options.auth.get('token'): msgs.append(_('Set a token with --os-token, OS_TOKEN or ' |