Defer auth prompting until it is actually needed

Auth option prompting happens waaaay to early in the default os-client-config flow, we need to defer it until adter the commands have been parsed. This is why ClientManager.setup_auth() exists, as it is not called until the first attempt to connect to a server occurs. Commands that do not require authentication never hit this. Also, required options were not being enforced. By doing this we handle when no authentication info is present, we fail on missing auth-url rather than attempt to prompt for a password (default auth is password). Closes-Bug: 1619274 Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
2016-09-01 10:54:29 -05:00
parent 59404393d3
commit 14dbfe4474
3 changed files with 81 additions and 3 deletions
--- a/openstackclient/shell.py
+++ b/openstackclient/shell.py
@ -140,12 +140,11 @@ class OpenStackShell(shell.OpenStackShell):
        # First, throw away what has already been done with o-c-c and
        # use our own.
        try:
-            cc = cloud_config.OSC_Config(
+            self.cloud_config = cloud_config.OSC_Config(
                override_defaults={
                    'interface': None,
                    'auth_type': self._auth_type,
                },
-                pw_func=shell.prompt_for_password,
            )
        except (IOError, OSError) as e:
            self.log.critical("Could not read clouds.yaml configuration file")
@ -154,9 +153,13 @@ class OpenStackShell(shell.OpenStackShell):

        if not self.options.debug:
            self.options.debug = None
-        self.cloud = cc.get_one_cloud(
+
+        # NOTE(dtroyer): Need to do this with validate=False to defer the
+        #                auth plugin handling to ClientManager.setup_auth()
+        self.cloud = self.cloud_config.get_one_cloud(
            cloud=self.options.cloud,
            argparse=self.options,
+            validate=False,
        )

        # Then, re-create the client_manager with the correct arguments
@ -165,6 +168,33 @@ class OpenStackShell(shell.OpenStackShell):
            api_version=self.api_version,
        )

+    def prepare_to_run_command(self, cmd):
+        """Set up auth and API versions"""
+
+        # TODO(dtroyer): Move this to osc-lib
+        # NOTE(dtroyer): If auth is not required for a command, force fake
+        #                token auth so KSA plugins are happy
+
+        kwargs = {}
+        if not cmd.auth_required:
+            # Build fake token creds to keep ksa and o-c-c hushed
+            kwargs['auth_type'] = 'token_endpoint'
+            kwargs['auth'] = {}
+            kwargs['auth']['token'] = 'x'
+            kwargs['auth']['url'] = 'x'
+
+        # Validate auth options
+        self.cloud = self.cloud_config.get_one_cloud(
+            cloud=self.options.cloud,
+            argparse=self.options,
+            validate=True,
+            **kwargs
+        )
+        # Push the updated args into ClientManager
+        self.client_manager._cli_options = self.cloud
+
+        return super(OpenStackShell, self).prepare_to_run_command(cmd)
+

 def main(argv=None):
    if argv is None: