From ae957b176e5918f41024c00cbc39ea371a0c37c6 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Fri, 22 Aug 2014 17:26:07 -0500 Subject: Use Keystone client session.Session This replaces the restapi requests wrapper with the one from Keystone client so we can take advantage of the auth plugins. As a first step only the v2 and v3 token and password plugins are supported. This maintainis no changes to the command options or environment variables. The next steps will include reworking the other API client interfaces to fully utilize the single auth session. Blueprint: ksc-session-auth Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89 --- openstackclient/identity/client.py | 36 ++++++++++++---------------------- openstackclient/identity/v2_0/token.py | 3 +-- 2 files changed, 14 insertions(+), 25 deletions(-) (limited to 'openstackclient/identity') diff --git a/openstackclient/identity/client.py b/openstackclient/identity/client.py index 820d08cb..a43b50e3 100644 --- a/openstackclient/identity/client.py +++ b/openstackclient/identity/client.py @@ -29,6 +29,12 @@ API_VERSIONS = { '3': 'keystoneclient.v3.client.Client', } +# Translate our API version to auth plugin version prefix +AUTH_VERSIONS = { + '2.0': 'v2', + '3': 'v3', +} + def make_client(instance): """Returns an identity service client.""" @@ -38,6 +44,8 @@ def make_client(instance): API_VERSIONS) LOG.debug('Instantiating identity client: %s', identity_client) + # TODO(dtroyer): Something doesn't like the session.auth when using + # token auth, chase that down. if instance._url: LOG.debug('Using token auth') client = identity_client( @@ -50,32 +58,14 @@ def make_client(instance): else: LOG.debug('Using password auth') client = identity_client( - username=instance._username, - password=instance._password, - user_domain_id=instance._user_domain_id, - user_domain_name=instance._user_domain_name, - project_domain_id=instance._project_domain_id, - project_domain_name=instance._project_domain_name, - domain_id=instance._domain_id, - domain_name=instance._domain_name, - tenant_name=instance._project_name, - tenant_id=instance._project_id, - auth_url=instance._auth_url, - region_name=instance._region_name, + session=instance.session, cacert=instance._cacert, - insecure=instance._insecure, - trust_id=instance._trust_id, ) - # TODO(dtroyer): the identity v2 role commands use this yet, fix that - # so we can remove it - instance.auth_ref = client.auth_ref - - # NOTE(dtroyer): this is hanging around until restapi is replace by - # ksc session - instance.session.set_auth( - client.auth_ref.auth_token, - ) + # TODO(dtroyer): the identity v2 role commands use this yet, fix that + # so we can remove it + if not instance._url: + instance.auth_ref = instance.auth.get_auth_ref(instance.session) return client diff --git a/openstackclient/identity/v2_0/token.py b/openstackclient/identity/v2_0/token.py index cc2c8a7f..f3fedc01 100644 --- a/openstackclient/identity/v2_0/token.py +++ b/openstackclient/identity/v2_0/token.py @@ -33,9 +33,8 @@ class IssueToken(show.ShowOne): def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) - identity_client = self.app.client_manager.identity - token = identity_client.service_catalog.get_token() + token = self.app.client_manager.auth_ref.service_catalog.get_token() token['project_id'] = token.pop('tenant_id') return zip(*sorted(six.iteritems(token))) -- cgit v1.2.1