Anything that needs a service catalog can get it directly from
auth_ref.service_catalog, no need to carry the extra attribute.
ClientManager.get_endpoint_for_service_type() reamins the proper
method to get an endpoint for clients that still need one directly.
Change-Id: I809091c9c71d08f29606d7fd8b500898ff2cb8ae
Clients that can use ksc Session don't need the old junk to
fake auth anymore:
* compute
* volume
Clients that still need to be fed credentials can pick directly
from the auth object in clientmanager. The _token attribute is
removed, the token can be retrieved from the auth object:
openstackclient/tests/common/test_clientmanager.py
This change will break any plugin that relies on getting a token
from instance._token. They should be updated to use the above, or
preferable, to use keystoneclient.session.Session to create its
HTTP interface object.
Change-Id: I877a29de97a42f85f12a14c274fc003e6fba5135
The OSC plugins work by adding an object as an attribute to a
ClientManager instance. The initialization and management of
thos plugins belongs in clientmanager.py.
At this point the only part not moved is the API version dict
initialization bcause the timing and connection to the
CommandManager initialization. It gets refactored anyway when
API discovery becomes operational.
Change-Id: If9cb9a0c45a3a577082a5cdbb793769211f20ebb
The ksc auth plugins do not have support for the original
token-endpoint (aka token flow) auth where the user supplies
a token (possibly the Keystone admin_token) and an API endpoint.
This is used for bootstrapping Keystone but also has other uses
when a scoped user token is provided.
The api.auth:TokenEndpoint class is required to provide the
same interface methods so all of the special-case code branches
to support token-endpoint can be removed.
Some additional cleanups related to ClientManager and creating
the Compute client also were done to streamline using sessions.
Change-Id: I1a6059afa845a591eff92567ca346c09010a93af
In a cloud with AZs, you can get multiple entries back from the service
catalog - one for each AZ and then one that is AZ agnostic that's tied
to the region. If the region_name is plumbed all the way through, this
works as intended.
Change-Id: I3b365ea306e8111fc80830672ae8080a5d1dc8e0
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
Add support for --timing options. Use cliff via a pseudo-command
'Timing' to support multiple outputformats.
If an output format other than the default 'table' is selected
use CSV since the timing data is in list form.
Will pick up timing data for any client object that has a method
similar to novaclient's get_timings().
TODO:
* Stop instantiating all of the clientmanager client objects just
to check for timing data. Descriptor magic required?
Change-Id: I7f1076b7a250fba6a8b24b2ae9353a7f51b792b2
This patch enables authenticating by using a trust. The trust ID
must be set with the parameter --os-trust-id or the env variable
OS_TRUST_ID. Trusts are available for the identity v3 API.
Co-Authored-By: Florent Flament <florent.flament@cloudwatt.com>
Change-Id: Iacc389b203bbadda53ca31a7f5a9b8b6e1a1f522
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
Add the ability to pass user_domain_id / user_domain_name, domain_id
/ domain_name, and project_domain_id / project_domain_name to keystone.
These parameters are the first step needed to getting multi-domain
support working via the CLI.
Closes-Bug: #1198171
Change-Id: I81a8534913978ff1cce01ec02741ae477e8c5fa4
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Signed-off-by: Bo Tang <btang@cs.utsa.edu>
Allows client libraries to have complete access to the rest of the
OSC ClientManager. In addition, extension libraries can define
global options (for API version options/env vars) and define
versioned API entry points similar to the in-repo commands.
The changes to ClientManager exposed some issues in the existing
object api tests that needed to be cleaned up.
Change-Id: Ic9662edf34c5dd130a2f1a69d2454adefc1f8a95
Add --os-cacert and --verify|--insecure options using the same
sematics as the other project CLIs. --verify is included for
completeness.
Bug: 1236608
Change-Id: I8a116d790db5aa4cb17a2207efedce7cb229eba3
* Add current auth info (auth_ref) to ClientManager
* Fix identity.v2_0.role.ListUserRole to get default user/project
from ClientManager.auth_ref
* Fix identity.v2_0.role.AddRole call to roles.add_user_role()
Change-Id: Ie8bf41c491d97b0292a2b86bdc9b7580989a7f97
* Add object-store API to ClientManager
* Add object-store client
* Add Object API library in openstackclient.object.v1.lib
* Add Object API {container,object} list commands
* Add library tests
* Add command tests
This should complete the Object v1 container and object list commands
Change-Id: Ib1770d45efa8871959826b85faafa1e0bcef0a03
Change the global auth options to use 'project', leave the original
tenant options in place but silent for compatability with the existing
project CLI auth options. This is the only compatibility for tenant
usage in this changeover.
Change-Id: I3cce6e552f18822cc9f445ec5f301b0f5d9003f8
made the changes suggested by dtroyer
added client
modified setup.py entry points
updated pip required
added support for create/delete/list volume types
openstack list type
openstack create type typeName
openstack delete type typeNameOrId
Change-Id: I43655de151582e37f14dc9550151a66db7a009ab
Made all the necessary changes to pass new PEP8 standards.
Also cleaned up docstrings to conform to the HACKING stanards.
Change-Id: Ib8df3030da7a7885655689ab5da0717748c9edbe
* Specific versions supported are managed in XXXXXX.client.py with a
mapping from version to client class. This is based on the scheme
that is included in novaclient; none of the other client libs have
that capability.
Change-Id: I930b197f1189e7f52c3b0096e73e0773cf925542
* move auth option checking back to OpenStackShell() to keep the shell-level
interaction at that level; add checking for token flow options
* make identity.client.make_client() configure keystoneclient.v2_0.Client()
properly for both password flow and token flow auth
* eliminated ClientManager.init_token(), set _service_catalog in __init__()
* compute client handles token flow
Change-Id: I42481b5424489387798c4ec6d3e2a723ab1e6067
* Make the Identity client in identity.client.make_client()
* Auth via ClientManager.identity
* Skip extra auth roundtrip in compute client
Change-Id: I0190639e38f83997c233195f6cc27ff3afdfba10
blueprint client-manager
blueprint nova-client
bug 992841
Move the authentication logic into a new ClientManager class so that only commands that need to authenticate will trigger that code.
Implement "list server" and "show server" commands as examples of using the ClientManager, Lister, and ShowOne classes.
Change-Id: I9845b70b33bae4b193dbe41871bf0ca8e286a727
