diff --git a/doc/source/command-objects/request-token.rst b/doc/source/command-objects/request-token.rst
new file mode 100644
index 0000000000..501f67a57f
--- /dev/null
+++ b/doc/source/command-objects/request-token.rst
@@ -0,0 +1,37 @@
+=============
+request token
+=============
+
+Identity v3
+
+`Requires: OS-OAUTH1 extension`
+
+request token create
+--------------------
+
+Create a request token
+
+.. program:: request token create
+.. code:: bash
+
+ os request token create
+ --consumer-key <consumer-key>
+ --consumer-secret <consumer-secret>
+ --project <project>
+ [--domain <domain>]
+
+.. option:: --consumer-key <consumer-key>
+
+ Consumer key (required)
+
+.. option:: --description <description>
+
+ Consumer secret (required)
+
+.. option:: --project <project>
+
+ Project that consumer wants to access (name or ID) (required)
+
+.. option:: --domain <domain>
+
+ Domain owning <project> (name or ID)
diff --git a/doc/source/commands.rst b/doc/source/commands.rst
index 9d60984354..1136f0a2bd 100644
--- a/doc/source/commands.rst
+++ b/doc/source/commands.rst
@@ -100,7 +100,7 @@ referring to both Compute and Volume quotas.
* ``project``: (**Identity**) owns a group of resources
* ``quota``: (**Compute**, **Volume**) resource usage restrictions
* ``region``: (**Identity**) a subset of an OpenStack deployment
-* ``request token``: Identity - temporary OAuth-based token
+* ``request token``: (**Identity**) temporary OAuth-based token
* ``role``: (**Identity**) a policy object used to determine authorization
* ``role assignment``: (**Identity**) a relationship between roles, users or groups, and domains or projects
* ``security group``: Compute, Network - groups of network access rules
diff --git a/openstackclient/identity/v3/token.py b/openstackclient/identity/v3/token.py
index 5b09b69f61..86f31a2a4d 100644
--- a/openstackclient/identity/v3/token.py
+++ b/openstackclient/identity/v3/token.py
@@ -20,6 +20,9 @@ import six
from cliff import show
+from openstackclient.common import utils
+from openstackclient.identity import common
+
class AuthorizeRequestToken(show.ShowOne):
"""Authorize request token"""
@@ -53,6 +56,7 @@ class AuthorizeRequestToken(show.ShowOne):
verifier_pin = identity_client.oauth1.request_tokens.authorize(
parsed_args.request_key,
roles)
+
info = {}
info.update(verifier_pin._info)
return zip(*sorted(six.iteritems(info)))
@@ -110,7 +114,7 @@ class CreateAccessToken(show.ShowOne):
class CreateRequestToken(show.ShowOne):
- """Create request token"""
+ """Create a request token"""
log = logging.getLogger(__name__ + '.CreateRequestToken')
@@ -119,33 +123,50 @@ class CreateRequestToken(show.ShowOne):
parser.add_argument(
'--consumer-key',
metavar='<consumer-key>',
- help='Consumer key',
+ help='Consumer key (required)',
required=True
)
parser.add_argument(
'--consumer-secret',
metavar='<consumer-secret>',
- help='Consumer secret',
+ help='Consumer secret (required)',
required=True
)
parser.add_argument(
- '--project-id',
- metavar='<project-id>',
- help='Requested project ID',
+ '--project',
+ metavar='<project>',
+ help='Project that consumer wants to access (name or ID)'
+ ' (required)',
required=True
)
+ parser.add_argument(
+ '--domain',
+ metavar='<domain>',
+ help='Domain owning <project> (name or ID)',
+ )
return parser
def take_action(self, parsed_args):
self.log.debug('take_action(%s)' % parsed_args)
- token_client = self.app.client_manager.identity.oauth1.request_tokens
+
+ identity_client = self.app.client_manager.identity
+
+ if parsed_args.domain:
+ domain = common.find_domain(identity_client, parsed_args.domain)
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project,
+ domain_id=domain.id)
+ else:
+ project = utils.find_resource(identity_client.projects,
+ parsed_args.project)
+
+ token_client = identity_client.oauth1.request_tokens
+
request_token = token_client.create(
parsed_args.consumer_key,
parsed_args.consumer_secret,
- parsed_args.project_id)
- info = {}
- info.update(request_token._info)
- return zip(*sorted(six.iteritems(info)))
+ project.id)
+ return zip(*sorted(six.iteritems(request_token._info)))
class IssueToken(show.ShowOne):
diff --git a/openstackclient/tests/identity/v3/test_oauth.py b/openstackclient/tests/identity/v3/test_oauth.py
index 15ba04e33f..36a65e4cf9 100644
--- a/openstackclient/tests/identity/v3/test_oauth.py
+++ b/openstackclient/tests/identity/v3/test_oauth.py
@@ -26,6 +26,8 @@ class TestOAuth1(identity_fakes.TestOAuth1):
self.access_tokens_mock.reset_mock()
self.request_tokens_mock = identity_client.oauth1.request_tokens
self.request_tokens_mock.reset_mock()
+ self.projects_mock = identity_client.projects
+ self.projects_mock.reset_mock()
class TestRequestTokenCreate(TestOAuth1):
@@ -39,18 +41,24 @@ class TestRequestTokenCreate(TestOAuth1):
loaded=True,
)
+ self.projects_mock.get.return_value = fakes.FakeResource(
+ None,
+ copy.deepcopy(identity_fakes.PROJECT),
+ loaded=True,
+ )
+
self.cmd = token.CreateRequestToken(self.app, None)
def test_create_request_tokens(self):
arglist = [
'--consumer-key', identity_fakes.consumer_id,
'--consumer-secret', identity_fakes.consumer_secret,
- '--project-id', identity_fakes.project_id,
+ '--project', identity_fakes.project_id,
]
verifylist = [
('consumer_key', identity_fakes.consumer_id),
('consumer_secret', identity_fakes.consumer_secret),
- ('project_id', identity_fakes.project_id),
+ ('project', identity_fakes.project_id),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
columns, data = self.cmd.take_action(parsed_args)