From e063246b97a7f31a47aca0a5eb36d571f5df7236 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Mon, 20 Oct 2014 18:53:10 -0500 Subject: Clean up shell authentication * Remove the auth option checks as the auth plugins will validate their own options * Move the initialization of client_manager to the end of initialize_app() so it is always called. Note that no attempts to actually authenticate occur until the first use of one of the client attributes in client_manager. This leaves initialize_clientmanager() (formerly uathenticate_user()) empty so remove it. * Remove interact() as the client_manager has already been created And there is nothing left. * prepare_to_run_command() is reduced to trigger an authentication attempt for the best_effort auth commands, currently the only one is 'complete'. * Add prompt_for_password() to ask the user to enter a password when necessary. Passed to ClientManager in a new kward pw_func. Bug: 1355838 Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2 --- openstackclient/common/clientmanager.py | 46 ++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 7 deletions(-) (limited to 'openstackclient/common/clientmanager.py') diff --git a/openstackclient/common/clientmanager.py b/openstackclient/common/clientmanager.py index febcedf4..ae38f160 100644 --- a/openstackclient/common/clientmanager.py +++ b/openstackclient/common/clientmanager.py @@ -55,17 +55,46 @@ class ClientManager(object): for o in auth.OPTIONS_LIST]: return self._auth_params[name[1:]] - def __init__(self, auth_options, api_version=None, verify=True): + def __init__( + self, + auth_options, + api_version=None, + verify=True, + pw_func=None, + ): + """Set up a ClientManager + + :param auth_options: + Options collected from the command-line, environment, or wherever + :param api_version: + Dict of API versions: key is API name, value is the version + :param verify: + TLS certificate verification; may be a boolean to enable or disable + server certificate verification, or a filename of a CA certificate + bundle to be used in verification (implies True) + :param pw_func: + Callback function for asking the user for a password. The function + takes an optional string for the prompt ('Password: ' on None) and + returns a string containig the password + """ + # If no plugin is named by the user, select one based on # the supplied options if not auth_options.os_auth_plugin: auth_options.os_auth_plugin = auth.select_auth_plugin(auth_options) - self._auth_plugin = auth_options.os_auth_plugin + + # Horrible hack alert...must handle prompt for null password if + # password auth is requested. + if (self._auth_plugin.endswith('password') and + not auth_options.os_password): + auth_options.os_password = pw_func() + self._url = auth_options.os_url self._auth_params = auth.build_auth_params(auth_options) self._region_name = auth_options.os_region_name self._api_version = api_version + self._auth_ref = None self.timing = auth_options.timing # For compatibility until all clients can be updated @@ -99,13 +128,16 @@ class ClientManager(object): verify=verify, ) - self.auth_ref = None - if 'token' not in self._auth_params: - LOG.debug("Get service catalog") - self.auth_ref = self.auth.get_auth_ref(self.session) - return + @property + def auth_ref(self): + """Dereference will trigger an auth if it hasn't already""" + if not self._auth_ref: + LOG.debug("Get auth_ref") + self._auth_ref = self.auth.get_auth_ref(self.session) + return self._auth_ref + def get_endpoint_for_service_type(self, service_type, region_name=None): """Return the endpoint URL for the service type.""" # See if we are using password flow auth, i.e. we have a -- cgit v1.2.1