| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add --or-show for the following:
* v2 roles
* v2 projects
Change-Id: Ibbae19cda668575b9527fbd259f1298c48b8265b
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This should be the last of the v3 identity objects that return
a links section upon create or show.
Change-Id: I45a3b43c303bfed73950095bec8860cbea7a559c
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We should remove the 'links' portion from the returned object
for the following commands:
* create/show federation protocol
* create/show mapping
* create/show identity provider
Change-Id: I55654cce1f89de8e532f9acd8092257be33efd85
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --or-show option is added to create commands for the common case
of needing to ensure an object exists and getting its properties if
it does or creating a new one if it does not exist.
Note that if the object exists, any additional options that would
set values in a newly created object are ignored if the object
exists.
FakeResource needs the __name__ attribute to fall through utils.find_resource.
Prove the concept on v2 user create then propogate once we're happy with it...
Change-Id: I6268566514840c284e6a1d44b409a81d6699ef99
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A federated user can authenticate with the v3unscopedsaml plugin and
list the domains and projects she is allowed to scope to.
This patch introduces the new commands 'federation domain list' and
'federation project list'.
Note that for these commands -and plugin- to be available, the lxml
library must be installed.
Change-Id: I2707b624befcfb0a01b40a094e12fd68a3ee7773
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
IssueToken.take_action() was missed in updating the structure of
the ClientManager.
Also, TOKEN_WITH_TENANT_ID in v3 is just wrong...
Closes-Bug: #1383396
Change-Id: If2dd82a26af1d743ee9df73e0c1aebce497bf22e
|
| |
|
|
|
|
|
|
|
|
| |
Anything that needs a service catalog can get it directly from
auth_ref.service_catalog, no need to carry the extra attribute.
ClientManager.get_endpoint_for_service_type() reamins the proper
method to get an endpoint for clients that still need one directly.
Change-Id: I809091c9c71d08f29606d7fd8b500898ff2cb8ae
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The links field in the returned objects from the v3 Identity
API aren't really useful, so let's remove them.
Managed to remove most of them from the core API.
I'll likely remove the extension/contribution (oauth/federation)
related ones in another patch.
Also in this patch the code for setting services and projects
was changed. Though not incorrect, it was not needed to copy
the entire returned object, we should just need to pass in
the fields we want to update.
Change-Id: I164ca9ad8b28fa10b291e9115ef40753e387c547
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
mark v2 catalog, ec2, endpoint, project, role, service and token
Change-Id: I14a5852bfee4ca9e25130d001fdadd7778ad0996
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
implements bp use_i18n
Change-Id: I86508a232c9cf88695b7982dad0b9b02eaf8b3a1
|
| |\ \ \
| |_|/
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the code is broken as it references a part of
keystoneclient that does not exist.
Change-Id: I7fbc754537fbb4acffb166b5854840acfaef1fb8
Closes-Bug: #1379871
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Performing create, list, or set operations for users, groups, and projects
with the --domain option attempts to look up the domain for name to ID
conversion. In the case of an environment using Keystone domains, it is
desired to allow a domain admin to perform these operations for objects in
their domain without allowing them to list or show domains. The current
behavior prevents the domain admin from performing these operations since
they will be forbidden to perform the underlying list_domains operation.
This patch makes the domain lookup error a soft failure, and falls back
to using the passed in domain argument directly as a domain ID in the
request that it sends to Keystone.
Change-Id: I5139097f8cedc53693f6f71297518917ac72e50a
Closes-Bug: #1378565
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update `user show` for Identity V3 to account for a domain argument,
in doing so, also update `find resource` to be more flexible by
allowing **kwargs.
Also update `group show` and `project show` since they follow the
same logic as a user within a group.
Change-Id: Ib828e4dbeb0bd31164396069ce8a64c873179779
Closes-Bug: #1378165
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Openstackclient needs to have a capability to manage federated protocols
(like saml2, openid connect, abfab). This patch allows users to
administrate such operations from the commandline.
Change-Id: I59eef2acdda60c7ec795d1bfe31e8e960b4478a1
Implements: bp/add-openstackclient-federation-crud
|
| |\ \ \
| |/ /
|/| | |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The signature for users.set in keystoneclient dictates that
domain and project be sent in, not domainId and projectId,
which are being incorrectly sent in as 'extra' data.
Closes-Bug: #1376833
Change-Id: I44df3e492f61eab2241f3758dee622417bb6f399
|
| |/
|
|
|
| |
Change-Id: I4b8f2e77e741cf74f50aba98ab975af7321b02c6
Implements: bp/add-openstackclient-federation-crud
|
| |
|
|
|
| |
Change-Id: Ieca76bb6ee2f328f4e33010623c25eb9c18e6952
Closes-Bug: #1372744
|
| |
|
|
|
|
|
|
|
| |
This should make it easier to understand the
purpose of find_domain - I believe the reason
for which find_resource wasn't enough was not
quite clear.
Change-Id: I6a1cdfa86f52401d95c6da2cd38d7c95a140b4a1
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
'catalog list' and 'catalog show' for Identity v2
Identity v2 only so far.
Change-Id: I9df0dac3d5bb7c18f38a81bd7d29f8119462d3a5
|
| |/
|
|
|
|
|
|
| |
If non-admin user attempts 'project show' or 'user show' on the currently
authenticated project or user return the information that is already in the
service catalog rather than throwing a Forbidden error.
Change-Id: Ieeb6eacf71a471e410fbd3c09e7871740547e890
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This new action will allow a user to change their own password by
either providing the new password as an argument (--password) or by
being prompted to enter the new password.
In both cases user will be prompted to enter their current password
as required by the v3 API.
Closes-Bug: #1337245
Change-Id: I5e1e0fd2b46a4502318da57f7cce2b236fb2d93d
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Change-Id: I7eac5b2ff5f5a6f3f08b22dd3a48a5ae7e2c056b
Closes-Bug: #1281888
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This does a couple of things:
* Loads the Identity client module in the same manner as the other
'base' clients (where 'base' == 'included in the OSC repo')
* Changes the entry point group name for the base clients to
'openstack.cli.base'. The extension group name remains the same.
* Loads the base modules first followed by the extension modules.
This load order ensures that the extension module commands are all
loaded _after_ the base commands, allowing extensions to now override
the base commands.
Change-Id: I4b9ca7f1df6eb8bbe8e3f663f3065c2ed80ce20b
|
| |\ \ \ \
| |/ / / |
|
| | |/ /
| | |
| | |
| | |
| | | |
Change-Id: I1479460473656ea4e2a48a976808371e840b49c1
Closes-Bug: #1348867
|
| |/ /
| |
| |
| | |
Change-Id: I478215f62b51e6e73283f0304ea1b0736177d1b1
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
User create for v2.0 no longer always contains a tenantId in the
response. Add a guard to check for tenantId first before pop'ing it.
Change-Id: I428dbc26520bb86efad33768ce04f584217ad168
Closes-Bug: #1352119
|
| |/ /
| |
| |
| |
| | |
Change-Id: I71aab1ee4f467dc963e7afa7fc1c82b4255ea822
Closes-Bug: #1351121
|
| | |
| |
| |
| | |
Change-Id: Idf57a6a988f5c0f20f3b0b19ab896642ce10d70b
|
| | |
| |
| |
| | |
Change-Id: I5af4b9c52c69d6e31e6ca5f90d5880c097880a71
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Change-Id: I2b21bc904e35c1cc50da369d148e607fe3e8cf90
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
identity_client.identity_providers doesn't exist as a manager. These are
located at identity_client.federation.identity_providers. Fix the
routes.
Also fix passing id to .create() as a positional argument. This is not
allowed from keystoneclient it should be passed as a keyword argument.
Change-Id: I912c27fcee58b0723e27e9147def2cbd1c62c288
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Domain administrator cannot do project operations because the
require access to the domain API (which they don't have). When
attempting to find a domain for project operations, ignore errors
because the API returns nothing without indicating there is a
problem. The domain administrators will have to use a domain id,
but they will still be able to do project operations. If the user
does not have permission to read the domain table, they cannot
use domain names.
Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752
Closes-Bug: #1317478
Closes-Bug: #1317485
|
| |/ /
| |
| |
| | |
Change-Id: I0b6760a6401b50e3dfb891af75424ae89df42ebc
|
