Merge "Moving authentication from keystoneclient to keystoneauth"

author: Jenkins <jenkins@review.openstack.org> 2016-06-13 15:39:36 +0000
committer: Gerrit Code Review <review@openstack.org> 2016-06-13 15:39:36 +0000
commit: 17627c55956bca21ddb601fb2604579d0fbb9c9b (patch)
tree: 8b52c88dc4529fd5714fc2b783cb3e83b9d38711 /openstackclient/identity
parent: a84a90592bb680a63ecfc0b0957e6066b161f375 (diff)
parent: 6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e (diff)
download: python-openstackclient-17627c55956bca21ddb601fb2604579d0fbb9c9b.tar.gz
5 files changed, 73 insertions, 45 deletions
diff --git a/openstackclient/identity/v2_0/catalog.py b/openstackclient/identity/v2_0/catalog.py
index c8f48cb6..33692a0d 100644
--- a/openstackclient/identity/v2_0/catalog.py
+++ b/openstackclient/identity/v2_0/catalog.py
@@ -16,6 +16,7 @@
 import six
 
 from openstackclient.common import command
+from openstackclient.common import exceptions
 from openstackclient.common import utils
 from openstackclient.i18n import _
 
@@ -41,13 +42,14 @@ class ListCatalog(command.Lister):
 
     def take_action(self, parsed_args):
 
-        # This is ugly because if auth hasn't happened yet we need
-        # to trigger it here.
-        sc = self.app.client_manager.session.auth.get_auth_ref(
-            self.app.client_manager.session,
-        ).service_catalog
+        # Trigger auth if it has not happened yet
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
+            raise exceptions.AuthorizationFailure(
+                "Only an authorized user may issue a new token."
+            )
 
-        data = sc.get_data()
+        data = auth_ref.service_catalog.catalog
         columns = ('Name', 'Type', 'Endpoints')
         return (columns,
                 (utils.get_dict_properties(
@@ -72,14 +74,15 @@ class ShowCatalog(command.ShowOne):
 
     def take_action(self, parsed_args):
 
-        # This is ugly because if auth hasn't happened yet we need
-        # to trigger it here.
-        sc = self.app.client_manager.session.auth.get_auth_ref(
-            self.app.client_manager.session,
-        ).service_catalog
+        # Trigger auth if it has not happened yet
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
+            raise exceptions.AuthorizationFailure(
+                "Only an authorized user may issue a new token."
+            )
 
         data = None
-        for service in sc.get_data():
+        for service in auth_ref.service_catalog.catalog:
             if (service.get('name') == parsed_args.service or
                     service.get('type') == parsed_args.service):
                 data = service
@@ -91,6 +94,6 @@ class ShowCatalog(command.ShowOne):
         if not data:
             self.app.log.error(_('service %s not found\n') %
                                parsed_args.service)
-            return ([], [])
+            return ((), ())
 
         return zip(*sorted(six.iteritems(data)))
diff --git a/openstackclient/identity/v2_0/role.py b/openstackclient/identity/v2_0/role.py
index 6b014d86..0f8da992 100644
--- a/openstackclient/identity/v2_0/role.py
+++ b/openstackclient/identity/v2_0/role.py
@@ -231,18 +231,19 @@ class ListUserRole(command.Lister):
         # Project and user are required, if not included in command args
         # default to the values used for authentication.  For token-flow
         # authentication they must be included on the command line.
+        if (not parsed_args.project and
+                self.app.client_manager.auth_ref.project_id):
+            parsed_args.project = auth_ref.project_id
         if not parsed_args.project:
-            if self.app.client_manager.auth_ref:
-                parsed_args.project = auth_ref.project_id
-            else:
-                msg = _("Project must be specified")
-                raise exceptions.CommandError(msg)
+            msg = _("Project must be specified")
+            raise exceptions.CommandError(msg)
+
+        if (not parsed_args.user and
+                self.app.client_manager.auth_ref.user_id):
+            parsed_args.user = auth_ref.user_id
         if not parsed_args.user:
-            if self.app.client_manager.auth_ref:
-                parsed_args.user = auth_ref.user_id
-            else:
-                msg = _("User must be specified")
-                raise exceptions.CommandError(msg)
+            msg = _("User must be specified")
+            raise exceptions.CommandError(msg)
 
         project = utils.find_resource(
             identity_client.tenants,
diff --git a/openstackclient/identity/v2_0/token.py b/openstackclient/identity/v2_0/token.py
index f435d7ce..d708749d 100644
--- a/openstackclient/identity/v2_0/token.py
+++ b/openstackclient/identity/v2_0/token.py
@@ -18,6 +18,7 @@
 import six
 
 from openstackclient.common import command
+from openstackclient.common import exceptions
 from openstackclient.i18n import _
 
 
@@ -32,11 +33,21 @@ class IssueToken(command.ShowOne):
         return parser
 
     def take_action(self, parsed_args):
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
+            raise exceptions.AuthorizationFailure(
+                "Only an authorized user may issue a new token.")
 
-        token = self.app.client_manager.auth_ref.service_catalog.get_token()
-        if 'tenant_id' in token:
-            token['project_id'] = token.pop('tenant_id')
-        return zip(*sorted(six.iteritems(token)))
+        data = {}
+        if auth_ref.auth_token:
+            data['id'] = auth_ref.auth_token
+        if auth_ref.expires:
+            data['expires'] = auth_ref.expires
+        if auth_ref.project_id:
+            data['project_id'] = auth_ref.project_id
+        if auth_ref.user_id:
+            data['user_id'] = auth_ref.user_id
+        return zip(*sorted(six.iteritems(data)))
 
 
 class RevokeToken(command.Command):
diff --git a/openstackclient/identity/v3/catalog.py b/openstackclient/identity/v3/catalog.py
index 4c794692..c2b4359d 100644
--- a/openstackclient/identity/v3/catalog.py
+++ b/openstackclient/identity/v3/catalog.py
@@ -16,6 +16,7 @@
 import six
 
 from openstackclient.common import command
+from openstackclient.common import exceptions
 from openstackclient.common import utils
 from openstackclient.i18n import _
 
@@ -36,13 +37,14 @@ class ListCatalog(command.Lister):
 
     def take_action(self, parsed_args):
 
-        # This is ugly because if auth hasn't happened yet we need
-        # to trigger it here.
-        sc = self.app.client_manager.session.auth.get_auth_ref(
-            self.app.client_manager.session,
-        ).service_catalog
+        # Trigger auth if it has not happened yet
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
+            raise exceptions.AuthorizationFailure(
+                "Only an authorized user may issue a new token."
+            )
 
-        data = sc.get_data()
+        data = auth_ref.service_catalog.catalog
         columns = ('Name', 'Type', 'Endpoints')
         return (columns,
                 (utils.get_dict_properties(
@@ -67,14 +69,15 @@ class ShowCatalog(command.ShowOne):
 
     def take_action(self, parsed_args):
 
-        # This is ugly because if auth hasn't happened yet we need
-        # to trigger it here.
-        sc = self.app.client_manager.session.auth.get_auth_ref(
-            self.app.client_manager.session,
-        ).service_catalog
+        # Trigger auth if it has not happened yet
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
+            raise exceptions.AuthorizationFailure(
+                "Only an authorized user may issue a new token."
+            )
 
         data = None
-        for service in sc.get_data():
+        for service in auth_ref.service_catalog.catalog:
             if (service.get('name') == parsed_args.service or
                     service.get('type') == parsed_args.service):
                 data = dict(service)
@@ -86,6 +89,6 @@ class ShowCatalog(command.ShowOne):
         if not data:
             self.app.log.error(_('service %s not found\n') %
                                parsed_args.service)
-            return ([], [])
+            return ((), ())
 
         return zip(*sorted(six.iteritems(data)))
diff --git a/openstackclient/identity/v3/token.py b/openstackclient/identity/v3/token.py
index 56a7497c..cc399363 100644
--- a/openstackclient/identity/v3/token.py
+++ b/openstackclient/identity/v3/token.py
@@ -174,13 +174,23 @@ class IssueToken(command.ShowOne):
         return parser
 
     def take_action(self, parsed_args):
-        if not self.app.client_manager.auth_ref:
+        auth_ref = self.app.client_manager.auth_ref
+        if not auth_ref:
             raise exceptions.AuthorizationFailure(
                 _("Only an authorized user may issue a new token."))
-        token = self.app.client_manager.auth_ref.service_catalog.get_token()
-        if 'tenant_id' in token:
-            token['project_id'] = token.pop('tenant_id')
-        return zip(*sorted(six.iteritems(token)))
+
+        data = {}
+        if auth_ref.auth_token:
+            data['id'] = auth_ref.auth_token
+        if auth_ref.expires:
+            data['expires'] = auth_ref.expires
+        if auth_ref.project_id:
+            data['project_id'] = auth_ref.project_id
+        if auth_ref.user_id:
+            data['user_id'] = auth_ref.user_id
+        if auth_ref.domain_id:
+            data['domain_id'] = auth_ref.domain_id
+        return zip(*sorted(six.iteritems(data)))
 
 
 class RevokeToken(command.Command):
author	Jenkins <jenkins@review.openstack.org>	2016-06-13 15:39:36 +0000
committer	Gerrit Code Review <review@openstack.org>	2016-06-13 15:39:36 +0000
commit	17627c55956bca21ddb601fb2604579d0fbb9c9b (patch)
tree	8b52c88dc4529fd5714fc2b783cb3e83b9d38711 /openstackclient/identity
parent	a84a90592bb680a63ecfc0b0957e6066b161f375 (diff)
parent	6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e (diff)
download	python-openstackclient-17627c55956bca21ddb601fb2604579d0fbb9c9b.tar.gz