diff options
| author | Dean Troyer <dtroyer@gmail.com> | 2014-10-20 18:53:10 -0500 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2014-10-21 23:16:16 -0500 |
| commit | e063246b97a7f31a47aca0a5eb36d571f5df7236 (patch) | |
| tree | 1272ad2fe096430e7b4311cddac0242212fad7fe /openstackclient/common/clientmanager.py | |
| parent | f600c0eafbf9aff23b6efa1c7b94797a25873b99 (diff) | |
| download | python-openstackclient-e063246b97a7f31a47aca0a5eb36d571f5df7236.tar.gz | |
Clean up shell authentication
* Remove the auth option checks as the auth plugins will validate
their own options
* Move the initialization of client_manager to the end of
initialize_app() so it is always called. Note that no attempts
to actually authenticate occur until the first use of one of the
client attributes in client_manager. This leaves
initialize_clientmanager() (formerly uathenticate_user()) empty
so remove it.
* Remove interact() as the client_manager has already been created
And there is nothing left.
* prepare_to_run_command() is reduced to trigger an authentication
attempt for the best_effort auth commands, currently the only
one is 'complete'.
* Add prompt_for_password() to ask the user to enter a password
when necessary. Passed to ClientManager in a new kward pw_func.
Bug: 1355838
Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2
Diffstat (limited to 'openstackclient/common/clientmanager.py')
| -rw-r--r-- | openstackclient/common/clientmanager.py | 46 |
1 files changed, 39 insertions, 7 deletions
diff --git a/openstackclient/common/clientmanager.py b/openstackclient/common/clientmanager.py index febcedf4..ae38f160 100644 --- a/openstackclient/common/clientmanager.py +++ b/openstackclient/common/clientmanager.py @@ -55,17 +55,46 @@ class ClientManager(object): for o in auth.OPTIONS_LIST]: return self._auth_params[name[1:]] - def __init__(self, auth_options, api_version=None, verify=True): + def __init__( + self, + auth_options, + api_version=None, + verify=True, + pw_func=None, + ): + """Set up a ClientManager + + :param auth_options: + Options collected from the command-line, environment, or wherever + :param api_version: + Dict of API versions: key is API name, value is the version + :param verify: + TLS certificate verification; may be a boolean to enable or disable + server certificate verification, or a filename of a CA certificate + bundle to be used in verification (implies True) + :param pw_func: + Callback function for asking the user for a password. The function + takes an optional string for the prompt ('Password: ' on None) and + returns a string containig the password + """ + # If no plugin is named by the user, select one based on # the supplied options if not auth_options.os_auth_plugin: auth_options.os_auth_plugin = auth.select_auth_plugin(auth_options) - self._auth_plugin = auth_options.os_auth_plugin + + # Horrible hack alert...must handle prompt for null password if + # password auth is requested. + if (self._auth_plugin.endswith('password') and + not auth_options.os_password): + auth_options.os_password = pw_func() + self._url = auth_options.os_url self._auth_params = auth.build_auth_params(auth_options) self._region_name = auth_options.os_region_name self._api_version = api_version + self._auth_ref = None self.timing = auth_options.timing # For compatibility until all clients can be updated @@ -99,13 +128,16 @@ class ClientManager(object): verify=verify, ) - self.auth_ref = None - if 'token' not in self._auth_params: - LOG.debug("Get service catalog") - self.auth_ref = self.auth.get_auth_ref(self.session) - return + @property + def auth_ref(self): + """Dereference will trigger an auth if it hasn't already""" + if not self._auth_ref: + LOG.debug("Get auth_ref") + self._auth_ref = self.auth.get_auth_ref(self.session) + return self._auth_ref + def get_endpoint_for_service_type(self, service_type, region_name=None): """Return the endpoint URL for the service type.""" # See if we are using password flow auth, i.e. we have a |