| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Black used with the '-l 79 -S' flags.
A future change will ignore this commit in git-blame history by adding a
'git-blame-ignore-revs' file.
Change-Id: Ifcb3c798666d74d596b8ecb3d6d507f782de7ba5
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
SDK starts caching token in keyring (when available and configured). A
small change is required in OSC not to reject this state.
Overall this helps avoiding reauthentication upon next openstack call.
If token is not valid anymore automatically reauthentication is done.
Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/735352
Depends-On: https://review.opendev.org/c/openstack/osc-lib/+/765650
Change-Id: I47261a32bd3b106a589974d3de5bf2a6ebd57263
|
| |
|
|
|
|
|
|
|
|
| |
The offending entry point object looks like:
EntryPoint(name='compute', value='openstackclient.compute.client',
group='openstack.cli.base')
Story: 2007917
Task: 40323
Change-Id: I0f3cc62e23efdc14203ce6645581d5ba5dbf7fa0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Importing pkg_resources scans every installed distribution to find
all of the entry points. Stevedore is adding a new caching layer using
importlib.metadata, which will not. Switching to the stevedore should
eventually speed up load times, especially for command line apps. This
change makes the switch now to ensure API compatibility.
We were already using stevedore for tests, so this moves the dependency
from test-requirements.txt to requirements.txt and raises the minimum
version to something more recent.
Change-Id: I3e3632783bc745979b6db73e610df8a77ffaceb0
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
|
| |
|
|
|
|
|
|
|
| |
* Remove openstackclient.api.utils and use osc_lib.api.utils
* Remove openstackclient.common.clientmanager.ClientManager.auth_ref
* Remove openstackclient.common.commandmanager
Change-Id: I67e1dbc53cc0b37967c0011bcb2fc09bdef62d94
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This patch implements an endpoint lookup when showing limits. This
addresses the issue when showing limits without both Nova and Cinder
and will display limits if one is missing.
Change-Id: I2214b281e0206f8fe117aae52de2bf4c4e2c6525
Closes-bug: #1707960
|
| |
|
|
| |
Change-Id: Idd8c15255f024bba7079d3a9a29545dec0c91b58
|
| |
|
|
|
|
|
|
|
| |
On loading external plugin, OSC should be robust on importing the
plugin module so that commands from other modules can continue to
execute.
Closes-Bug: #1722008
Change-Id: Ibe716681c7f78fabee31b7ef281af2588d68ab30
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In reviews we usually check import grouping but it is boring.
By using flake8-import-order plugin, we can avoid this.
It enforces loose checking so it sounds good to use it.
This flake8 plugin is already used in tempest.
Note that flake8-import-order version is pinned to avoid unexpected
breakage of pep8 job.
Setup for unit tests of hacking rules is tweaked to disable
flake8-import-order checks. This extension assumes an actual file exists
and causes hacking rule unit tests.
Change-Id: I12b596820727aeeb379bee16c2bc993dee9eb637
|
| |
|
|
|
|
|
|
|
|
|
| |
The commands that do not require authentication sometimes still need
to call ClientManager.is_network_endpoint_enabled() to see if Neutron
is available. Optimize the paths a bit to skip auth when it is not
necessary; the upshot is Neutron will be assumed in these cases now.
This gets a LOT cleaner when it appears is a future osc-lib.
Change-Id: Ifaddc57dfa192bde04d0482e2cdcce111313a22a
|
| |
|
|
|
|
| |
osc-lib 1.2 is minimum and now handles the password prompting.
Change-Id: Ie11ad64796d3a89c7396b321c34947d622d1ed39
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OSC networking commands need to authenticate to get
service catalog, then decide to show nova-network or
neutron command help message. Fake token and fake
auth_type in prepare_to_run_command() casue os-cloud-config
use AdminToken auth plugin, but pass all the auth information
(include: username, password and so on) to it, that casue the
class initialization error. Pop the fake token and url, then
try to load auth plugin again to fix the issue.
Change-Id: I8b140f0b0a60681fc2a35a013bb0c84ff8cb9589
Closes-Bug: #1650026
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Auth option prompting happens waaaay to early in the default
os-client-config flow, we need to defer it until adter the commands
have been parsed. This is why ClientManager.setup_auth() exists,
as it is not called until the first attempt to connect to a server
occurs. Commands that do not require authentication never hit this.
Also, required options were not being enforced. By doing this we handle
when no authentication info is present, we fail on missing auth-url rather
than attempt to prompt for a password (default auth is password).
Closes-Bug: 1619274
Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
|
| |
|
|
|
|
|
|
|
|
| |
Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.
Also, release note
Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We start by fixing this in the already-present OSC_Config class so OSC
can move forward. This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.
* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
that have a prompt defined and do not have a value already, so ask for one.
Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
now public in osc-lib's ClientManager. Leave back-compat copies in
place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
the one in osc-lib.
Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
|
| |
|
|
|
|
| |
This effectively reverts https://review.openstack.org/#/c/341618/.
Change-Id: Ic8e53e17b4a5352b0c00e39bcb5d248b057540a9
|
| |
|
|
|
|
|
|
| |
* Add compatibility for plugin v2 interface removed from osc-lib
* ClientManager.is_network_endpoint_enabled() is wrapper for
new is_service_available()
Change-Id: I6f26ce9e4d0702f50c7949bacfbeeb0f98cddb5d
|
| |
|
|
|
|
|
|
| |
These were removed prematurely from osc-lib (by me) but the real fix in
https://review.openstack.org/329189 is having racy functional test issues
that may be related to osc-lib, so let's clear this up while we fix that...
Change-Id: I8f67466967751fdf6fd24ae1b16ccee2aec52323
|
| |
|
|
|
|
| |
Move auth plugin checking to osc-lib.
Change-Id: I673d9c2d6e8bbf724c3000459a729e831d747814
|
| |
|
|
|
|
|
|
|
|
| |
The code is setting defaults for some scope parameters, cheking if the
name ends with some specific substring (namely ending in "password")
causing failures in some plugins that end with the same string, but do
not allow those parameters (like "user_domain_id" in "v3oidcpassword").
Closes-Bug: #1582774
Change-Id: Id7036db3b783b135353d035dc4c1df7c808d6474
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the scope validation to occur after a token has already
been created.
Previous flow:
1. Validate authentication options.
2. Validate authorization options if the command requires a scope.
3. Create a token (using authentication + authorization options)
4. Run command.
This means that scope was being checked, even if a default scope was
applied in step 3 by Keystone.
New flow:
1. Validate authentication options.
2. Create token (using authentication + authorization options)
3 Validate authorization options if the command requires a scope and
the token is not scoped.
4. Run command.
Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981
Closes-Bug: 1592062
|
| |
|
|
|
|
|
|
| |
Use osc-lib directly for exceptions.
Leave openstackclient.common.exceptions for deprecation period.
Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.
All dependant test have been updated.
Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects. The user_role_list tests failed when they
picked up an auth_ref that was a fixture. This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.
Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, "/usr/bin/openstack --insecure token issue"
fails when OS_AUTH_URL and OS_IDENTITY_API_VERSION
indicate keystone v2 if OS_PROJECT_DOMAIN_NAME or
OS_USER_DOMAIN_NAME are set. This patchset ignore domain
related configs if using with keystone v2 and print warning
for each ignored config.
Change-Id: I8afbda787df7855c3f8e868b0f07cbf3b9cd97fd
Closes-bug: #1447704
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, "/usr/bin/openstack --insecure token issue"
fails when OS_AUTH_URL and OS_IDENTITY_API_VERSION
indicate keystone v2 if OS_PROJECT_DOMAIN_NAME or
OS_USER_DOMAIN_NAME are set. This patchset ignore domain
related configs if using with keystone v2.
Change-Id: If7eea2ed1a4877c60d055ed0114a5e5f31e282a0
Closes-bug: #1447704
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, if an AttributeError was raised in a plugin's make_client
method, the plugin simply wouldn't be an attribute of the ClientManager,
producing tracebacks like
Traceback (most recent call last):
File ".../openstackclient/shell.py", line 118, in run
ret_val = super(OpenStackShell, self).run(argv)
...
File ".../openstackclient/object/v1/container.py", line 150, in take_action
data = self.app.client_manager.object_store.container_list(
File ".../openstackclient/common/clientmanager.py", line 66, in __getattr__
raise AttributeError(name)
AttributeError: object_store
This made writing minimal third-party auth plugins difficult, as it
obliterated the original AttributeError.
Now, AttributeErrors that are raised during plugin initialization will
be re-raised as PluginAttributeErrors, and the original traceback will
be preserved. This gives much more useful information to plugin
developers, as in
Traceback (most recent call last):
File ".../openstackclient/shell.py", line 118, in run
ret_val = super(OpenStackShell, self).run(argv)
...
File ".../openstackclient/object/v1/container.py", line 150, in take_action
data = self.app.client_manager.object_store.container_list(
File ".../openstackclient/common/clientmanager.py", line 57, in __get__
err_val, err_tb)
File ".../openstackclient/common/clientmanager.py", line 51, in __get__
self._handle = self.factory(instance)
File ".../openstackclient/object/client.py", line 35, in make_client
interface=instance._interface,
File ".../openstackclient/common/clientmanager.py", line 258,
in get_endpoint_for_service_type
endpoint = self.auth_ref.service_catalog.url_for(
PluginAttributeError: 'NoneType' object has no attribute 'url_for'
Change-Id: I0eee7eba6eccc6d471a699a381185c4e76da10bd
|
| |
|
|
|
|
|
|
|
|
| |
This change enables to specify a client certificate/key with:
* usual CLI options (--os-cert/--os-key)
* usual environment variables ($OS_CERT/$OS_KEY)
* os-client-config
Change-Id: Ibeaaa5897ae37b37c1e91f3e47076e4e8e4a8ded
Closes-Bug: #1565112
|
| |
|
|
|
|
| |
If a function returns nothing, do not add return in the end.
Change-Id: I298b8717462f68d3076a1619d674775be2a94c42
|
| |
|
|
|
|
|
| |
Nothing too complicated here. I fixed a bunch of spacing issues
that I saw in OSC.
Change-Id: I935ab48e7c5bac5f88ecdb3a05f73fb44fc9f41d
|
| |
|
|
|
|
|
| |
`dict.get()` returns `None` by default, if a key wasn't found.
Removing `None` as second argument to avoid redundancy.
Change-Id: Ia82f7469cd019509bbeccbfe54b15eeedc7bb6ea
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Make scope check optional for the "token issue" command as unscoped token is
a valid Keystone V2/V3 API.
Change-Id: Ie1cded4dbfdafd3a78c0ebdf89e3f66762509930
Closes-Bug: #1543214
|
| |/
|
|
|
|
|
|
| |
There are files containing string format arguments inside logging messages.
Using logging function parameters should be preferred.
Change-Id: I15b405bf4d4715263fe1e1262982467b3d4bc1f4
Closes-Bug: #1321274
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the network endpoint enablement checking from the 'server create'
command to the common client manager. This allows future network
commands to use either nova or neutron networking based on the cloud
environment.
This patch set also includes related unit test enhancements to the
common client manager to trigger authentication on the tests.
Change-Id: Ia37e81d4fb05a1e2fceb3e5d367bda769ab8e64b
Related-Bug: #1519511
Related-to: blueprint neutron-client
|
| |
|
|
|
| |
Change-Id: I0eb11a648c3be21749690f079229c8e63a678e6c
Closes-Bug: #1501598
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
External plugins need to know which plugin interface is being
used by the host OSC. Releases <1.6 (?) will not have a
version defined.
Plugins can add the following to their make_client() to discover
the interface version:
_plugin_interface_version = getattr(
instance,
"PLUGIN_INTERFACE_VERSION",
None,
)
Change-Id: Ifc0f40fec5bc27f6425139984936b7f6e032a580
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Create a `configuration show` command that displays the current
configuration of the CLI. Different configurations can be
displayed using options such as --os-cloud. Passwords and
tokens are redacted by default unless the --unmask
option is specified.
Closes-Bug: #1476729
Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I4e21d09bc747e8210f4f79a1d6c4c7ccf2f25d1c
Closes-Bug: #1454392
|
| |/
|
|
|
| |
Change-Id: Ie0e7a9cd6016b5c646a111a76e8372e10602a25c
Closes-Bug: #1473862
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
User should be able to specify the endpoint type through
a CLI optional argument/ENV variable setting. We will name this new
optional argument: --os-endpoint-type (Env: OS_ENDPOINT_TYPE) and
based on the value given, the service API will use that specific
endpoint type. Possible values: public, admin, internal.
DocImpact
Closes-Bug: #1454392
Change-Id: Ife3d4e46b44c0ddcd712b1130e27e362545a9a29
|
| |/
|
|
|
|
|
| |
This is already fine for user_domain_id, and needs to be replicated
for project_domain_id. Also added more logging.
Change-Id: I3fa8f29edb3fc430d453bd0fc835312c0c8401f4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because of the way OSC registers all plugins together we end up
with os-tenant-X parameters being saved to the project-X attribute after
parsing. If you are using the v2 plugins directly then they and os-client-config
expect the tenant_X values and will assuming no scoping information if
they are not present.
Validating options for scope will also fail in this situation, not just
because the resultant auth dictionary is missing the tenant-X
attributes, but because OSC validates that either project or domain
scope information is present.
Fix this by just always setting the v2 parameters if the v3 parameters
are present. This will have no effect on the generic or v3 case but fix
the v2 case.
Expand validation to include the tenant options so it knows that v2
plugins are scoped.
Change-Id: I8cab3e423663f801cbf2d83106c671bddc58d7e6
Closes-Bug: #1460369
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we execute an Openstack CLI command, keystone should log in
Keystone access log that the user-agent that made the request was
'python-openstackclient' instead of the default 'python-keystoneclient'.
Therefore, when we create the authentication session we
need to send the explicit user-agent.
Closes-Bug: #1453995
Change-Id: I75087fd4bb1ff1e6f2a911bc70bf8008268276bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new option --os-cloud that allows the configuration values
for multiple clouds to be stored in a local file and selected with
a single option.
Internal option names have had 'os_' removed to be comptible with
the options returned from OpenStackConfig().get_one_cloud().
The config file is ~/.config/openstack/clouds.yaml:
Sample
------
clouds:
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I4939acf8067e44ffe06a2e26fc28f1adf8985b7d
Depends-On: I45e2550af58aee616ca168d20a557077beeab007
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Subclass keystoneclient.session.Session to add the timing hooks to
record the elapsed time returned by requests.Response objects, including
the redirection history. Redirects are included individually and not
rolled into the total time for the original request.
This works for all clients that use OSC's session.
Closes-Bug: #1402577
Change-Id: I9360c90c151579b89a37edb8c11c17feb15b3cb9
|
| |\ |
|
