| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the network endpoint enablement checking from the 'server create'
command to the common client manager. This allows future network
commands to use either nova or neutron networking based on the cloud
environment.
This patch set also includes related unit test enhancements to the
common client manager to trigger authentication on the tests.
Change-Id: Ia37e81d4fb05a1e2fceb3e5d367bda769ab8e64b
Related-Bug: #1519511
Related-to: blueprint neutron-client
|
| |
|
|
|
| |
Change-Id: I0eb11a648c3be21749690f079229c8e63a678e6c
Closes-Bug: #1501598
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
External plugins need to know which plugin interface is being
used by the host OSC. Releases <1.6 (?) will not have a
version defined.
Plugins can add the following to their make_client() to discover
the interface version:
_plugin_interface_version = getattr(
instance,
"PLUGIN_INTERFACE_VERSION",
None,
)
Change-Id: Ifc0f40fec5bc27f6425139984936b7f6e032a580
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Create a `configuration show` command that displays the current
configuration of the CLI. Different configurations can be
displayed using options such as --os-cloud. Passwords and
tokens are redacted by default unless the --unmask
option is specified.
Closes-Bug: #1476729
Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I4e21d09bc747e8210f4f79a1d6c4c7ccf2f25d1c
Closes-Bug: #1454392
|
| |/
|
|
|
| |
Change-Id: Ie0e7a9cd6016b5c646a111a76e8372e10602a25c
Closes-Bug: #1473862
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
User should be able to specify the endpoint type through
a CLI optional argument/ENV variable setting. We will name this new
optional argument: --os-endpoint-type (Env: OS_ENDPOINT_TYPE) and
based on the value given, the service API will use that specific
endpoint type. Possible values: public, admin, internal.
DocImpact
Closes-Bug: #1454392
Change-Id: Ife3d4e46b44c0ddcd712b1130e27e362545a9a29
|
| |/
|
|
|
|
|
| |
This is already fine for user_domain_id, and needs to be replicated
for project_domain_id. Also added more logging.
Change-Id: I3fa8f29edb3fc430d453bd0fc835312c0c8401f4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because of the way OSC registers all plugins together we end up
with os-tenant-X parameters being saved to the project-X attribute after
parsing. If you are using the v2 plugins directly then they and os-client-config
expect the tenant_X values and will assuming no scoping information if
they are not present.
Validating options for scope will also fail in this situation, not just
because the resultant auth dictionary is missing the tenant-X
attributes, but because OSC validates that either project or domain
scope information is present.
Fix this by just always setting the v2 parameters if the v3 parameters
are present. This will have no effect on the generic or v3 case but fix
the v2 case.
Expand validation to include the tenant options so it knows that v2
plugins are scoped.
Change-Id: I8cab3e423663f801cbf2d83106c671bddc58d7e6
Closes-Bug: #1460369
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we execute an Openstack CLI command, keystone should log in
Keystone access log that the user-agent that made the request was
'python-openstackclient' instead of the default 'python-keystoneclient'.
Therefore, when we create the authentication session we
need to send the explicit user-agent.
Closes-Bug: #1453995
Change-Id: I75087fd4bb1ff1e6f2a911bc70bf8008268276bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new option --os-cloud that allows the configuration values
for multiple clouds to be stored in a local file and selected with
a single option.
Internal option names have had 'os_' removed to be comptible with
the options returned from OpenStackConfig().get_one_cloud().
The config file is ~/.config/openstack/clouds.yaml:
Sample
------
clouds:
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I4939acf8067e44ffe06a2e26fc28f1adf8985b7d
Depends-On: I45e2550af58aee616ca168d20a557077beeab007
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Subclass keystoneclient.session.Session to add the timing hooks to
record the elapsed time returned by requests.Response objects, including
the redirection history. Redirects are included individually and not
rolled into the total time for the original request.
This works for all clients that use OSC's session.
Closes-Bug: #1402577
Change-Id: I9360c90c151579b89a37edb8c11c17feb15b3cb9
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The plugin detection at the top of openstackclient.api.auth did not
detect the plugins at the bottom of that file because, surprise,
they had not been declared yet so the entry points were ignored.
Move both plugin subclasses into openstackclient.api.auth_plugin.
Fix a problem with the password callback that was otherwise made
worse with this change.
Closes-Bug: 1428912
Change-Id: Idc3b72534071e0013c8922884a8bc14137509a0f
|
| |/
|
|
|
|
|
|
|
| |
Not returning a value is the same as returning None. In the event that
someone asks ClientManager for an attribute that doesn't exist it should
raise AttributeError in the same way as other python objects rather
than return an empty value.
Change-Id: Id0ee825e6527c831c38e3a671958ded362fb96e1
|
| |
|
|
|
|
|
|
|
|
| |
When we got picky with the auth arguments we broke using help without
any auth config supplied. This rearranges things a bit to do the argument
checking when the deferred auth request to Identity occurs so commands
that do not need auth have a chance to live short but useful lives.
Closes-Bug: #1399588
Change-Id: I8ceac491cf65e25eddb62ab2713f471fe686756d
|
| |
|
|
|
|
|
| |
password auth
Change-Id: I31943739cc1b535cbd402c5e9245b2f7a19cfa32
Closes-Bug: #1418810
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Setting up auth options can be complicated, and we currently don't
do any checking before we build all our auth parameters to send off
to keystoneclient. We should do some basic checking to guide new
users.
Change-Id: I9c88f1c9637b3870c151952ecc797aaf65be271a
Closes-Bug: #1400531
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
If either of OS_USER_DOMAIN_ID or OS_USER_DOMAIN_NAME are present
then we don't tinker with anything. Otherwise, we should set
the USER_DOMAIN_ID to 'OS_DEFAULT_DOMAIN', as this provides a better UX,
since the end user doesn't have to specify these arguments.
Same logic applies for OS_PROJECT_DOMAIN_ID.
Closes-Bug: #1385338
Change-Id: I8a4034c16a1dd50d269f809abab8e960d5de20f7
|
| |
|
|
|
|
|
| |
* Promote select messages to INFO so lower logging levels can be useful
* Help more modules not say so much all the time
Change-Id: I814023c1489595998ae74efe40ef439b3522ee74
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
User's don't know what a plugin is.
* Internally, os_auth_type and/or auth_type represents what the
user supplied.
* auth_plugin_name is the name of the selected plugin
* auth_plugin is the actual plugin object
Plugin selection process:
* if --os-auth-type is supplied:
* if it matches against an available plugin, done
* (if it can map to an availble plugin type, done; TODO in a followup)
* if --os-auth-type is not supplied:
* if --os-url and --os-token are supplied, select 'token_endpoint'
* if --os-username supplied, select identity_api_version + 'password'
* if --os-token supplied, select identity_api_version + 'token'
Change-Id: Ice4535214e311ebf924087cf77f6d84d76f5f3ee
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove the auth option checks as the auth plugins will validate
their own options
* Move the initialization of client_manager to the end of
initialize_app() so it is always called. Note that no attempts
to actually authenticate occur until the first use of one of the
client attributes in client_manager. This leaves
initialize_clientmanager() (formerly uathenticate_user()) empty
so remove it.
* Remove interact() as the client_manager has already been created
And there is nothing left.
* prepare_to_run_command() is reduced to trigger an authentication
attempt for the best_effort auth commands, currently the only
one is 'complete'.
* Add prompt_for_password() to ask the user to enter a password
when necessary. Passed to ClientManager in a new kward pw_func.
Bug: 1355838
Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2
|
| |
|
|
|
|
|
|
|
|
| |
Anything that needs a service catalog can get it directly from
auth_ref.service_catalog, no need to carry the extra attribute.
ClientManager.get_endpoint_for_service_type() reamins the proper
method to get an endpoint for clients that still need one directly.
Change-Id: I809091c9c71d08f29606d7fd8b500898ff2cb8ae
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clients that can use ksc Session don't need the old junk to
fake auth anymore:
* compute
* volume
Clients that still need to be fed credentials can pick directly
from the auth object in clientmanager. The _token attribute is
removed, the token can be retrieved from the auth object:
openstackclient/tests/common/test_clientmanager.py
This change will break any plugin that relies on getting a token
from instance._token. They should be updated to use the above, or
preferable, to use keystoneclient.session.Session to create its
HTTP interface object.
Change-Id: I877a29de97a42f85f12a14c274fc003e6fba5135
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ksc auth plugins do not have support for the original
token-endpoint (aka token flow) auth where the user supplies
a token (possibly the Keystone admin_token) and an API endpoint.
This is used for bootstrapping Keystone but also has other uses
when a scoped user token is provided.
The api.auth:TokenEndpoint class is required to provide the
same interface methods so all of the special-case code branches
to support token-endpoint can be removed.
Some additional cleanups related to ClientManager and creating
the Compute client also were done to streamline using sessions.
Change-Id: I1a6059afa845a591eff92567ca346c09010a93af
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The OSC plugins work by adding an object as an attribute to a
ClientManager instance. The initialization and management of
thos plugins belongs in clientmanager.py.
At this point the only part not moved is the API version dict
initialization bcause the timing and connection to the
CommandManager initialization. It gets refactored anyway when
API discovery becomes operational.
Change-Id: If9cb9a0c45a3a577082a5cdbb793769211f20ebb
|
| |/
|
|
|
|
|
|
|
| |
In a cloud with AZs, you can get multiple entries back from the service
catalog - one for each AZ and then one that is AZ agnostic that's tied
to the region. If the region_name is plumbed all the way through, this
works as intended.
Change-Id: I3b365ea306e8111fc80830672ae8080a5d1dc8e0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
|
| |
|
|
|
|
|
|
|
|
|
| |
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for --timing options. Use cliff via a pseudo-command
'Timing' to support multiple outputformats.
If an output format other than the default 'table' is selected
use CSV since the timing data is in list form.
Will pick up timing data for any client object that has a method
similar to novaclient's get_timings().
TODO:
* Stop instantiating all of the clientmanager client objects just
to check for timing data. Descriptor magic required?
Change-Id: I7f1076b7a250fba6a8b24b2ae9353a7f51b792b2
|
| |
|
|
|
|
|
|
|
| |
This patch enables authenticating by using a trust. The trust ID
must be set with the parameter --os-trust-id or the env variable
OS_TRUST_ID. Trusts are available for the identity v3 API.
Co-Authored-By: Florent Flament <florent.flament@cloudwatt.com>
Change-Id: Iacc389b203bbadda53ca31a7f5a9b8b6e1a1f522
|
| |
|
|
|
|
|
|
| |
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to pass user_domain_id / user_domain_name, domain_id
/ domain_name, and project_domain_id / project_domain_name to keystone.
These parameters are the first step needed to getting multi-domain
support working via the CLI.
Closes-Bug: #1198171
Change-Id: I81a8534913978ff1cce01ec02741ae477e8c5fa4
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Signed-off-by: Bo Tang <btang@cs.utsa.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Allows client libraries to have complete access to the rest of the
OSC ClientManager. In addition, extension libraries can define
global options (for API version options/env vars) and define
versioned API entry points similar to the in-repo commands.
The changes to ClientManager exposed some issues in the existing
object api tests that needed to be cleaned up.
Change-Id: Ic9662edf34c5dd130a2f1a69d2454adefc1f8a95
|
| |
|
|
|
|
|
|
|
|
| |
Add --os-cacert and --verify|--insecure options using the same
sematics as the other project CLIs. --verify is included for
completeness.
Bug: 1236608
Change-Id: I8a116d790db5aa4cb17a2207efedce7cb229eba3
|
| |
|
|
|
|
|
|
|
| |
* Add current auth info (auth_ref) to ClientManager
* Fix identity.v2_0.role.ListUserRole to get default user/project
from ClientManager.auth_ref
* Fix identity.v2_0.role.AddRole call to roles.add_user_role()
Change-Id: Ie8bf41c491d97b0292a2b86bdc9b7580989a7f97
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Add object-store API to ClientManager
* Add object-store client
* Add Object API library in openstackclient.object.v1.lib
* Add Object API {container,object} list commands
* Add library tests
* Add command tests
This should complete the Object v1 container and object list commands
Change-Id: Ib1770d45efa8871959826b85faafa1e0bcef0a03
|
| |
|
|
|
|
|
|
|
| |
Change the global auth options to use 'project', leave the original
tenant options in place but silent for compatability with the existing
project CLI auth options. This is the only compatibility for tenant
usage in this changeover.
Change-Id: I3cce6e552f18822cc9f445ec5f301b0f5d9003f8
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
made the changes suggested by dtroyer
added client
modified setup.py entry points
updated pip required
added support for create/delete/list volume types
openstack list type
openstack create type typeName
openstack delete type typeNameOrId
Change-Id: I43655de151582e37f14dc9550151a66db7a009ab
|
| |
|
|
|
|
|
|
| |
Made all the necessary changes to pass new PEP8 standards.
Also cleaned up docstrings to conform to the HACKING stanards.
Change-Id: Ib8df3030da7a7885655689ab5da0717748c9edbe
|
| |
|
|
| |
Change-Id: I64812bca01ca655c9cf9239a0daea84907082a29
|
| |
|
|
|
|
| |
First round of adding more complete unit test coverage.
Change-Id: Ic1979c499ca6fcb784892a95954a3527539c4e53
|
| |
|
|
| |
Change-Id: Ib0325e62a7e50aa94e852a73f9a2cb95daa8d5f6
|
