ec2creds.py was referencing a function on self, but wasn't there.
Correctly reference the right function.
Change-Id: I62f09c497be9dbb394341914388d60634e8b80c2
Closes-Bug: 1465561
Currently, we can get scoped token (domain scoped, project scoped)
as well as unscoped token.
When we use OSC to get a domain scoped token without explicitly set
domain information, the hint message show us we need to set a scoped
domain or project, but it miss that the parameters to be set in order
to get project or domain scoped token is not the same.
Thus, the hint message could be improved to make it more clear to
end user.
Change-Id: I94768c619b30be18737fec189ae6d81e81ba090d
the oidc plugin should be included in the list of valid federation
protocols that can leverage `federation project list`
Change-Id: I3f5c5ab262c7097273716a81618a2dcbb159dd6f
This is already fine for user_domain_id, and needs to be replicated
for project_domain_id. Also added more logging.
Change-Id: I3fa8f29edb3fc430d453bd0fc835312c0c8401f4
Many of the commands for the group and role resources were lacking an
option to specify the specific domain groups, projects or users belong
to. This commit fixes that.
Change-Id: I461d2bcfd01ad2dea970de38ec7ad6f4a631ceb1
Closes-bug: #1446546
`project` argument is deprecated in keystoneclient for V3 API,
and use `default_project` instead, should use `default_project`
as the argument name in the openstackclient accordingly.
Change-Id: Ib9d70801c933a184afcdab75204393efa764fa87
Closes-Bug: #1462389
Change --insecure to ignore the --os-cacert setting. This is a change
from before where OSC followed the requests pattern of cacert taking
priority.
This logic is also introduced in os-client-config 1.3.0; we
do not require that release yet so it is duplicated here for now.
That change will come with the upcoming global options refactor.
Closes-Bug: #1447784
Change-Id: Iaa6d499ed0929c00a56dcd92a2017487c702774a
Re-sync the text in v2 and v3 help and the docs
Depends-On: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275
Change-Id: Iabef2f271fcf46748295c29713fea1811dcab29c
A follow up work item from I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
to support domain scoped users and projects for ec2creds in the
v3 identity api.
Related-Bug: 1236326
Change-Id: If4ac5356ade8cff347bb9eb9f88d1ace82bb7275
EC2 support is provided for the v2 identity API and is available in
almost exactly the same format in the v3 API and enabled by default.
Supporting EC2 in the v3 identity API in OSC will make it much easier to
transition devstack to a v3 only state.
Closes-Bug: 1236326
Change-Id: I52ff2020ef2fcbdc8a98280b73c6fd4a93bc8e0f
The payload data of credentials is the unfortunately named blob.
Currently when listing credentials the payload is excluded as OSC is
looking for a column called data which does not exist.
Change-Id: I6fa4579d7ec9ba393ede550191dbd8aa29767bf4
Security group list command tries to get a project list and
this may fail with a multitude of exceptions including but
not limited to 401, 404, ConnectionRefused and EndpointNotFound.
Rather than try to capture every possibility, this patch just
catches the base class. Converting project ids to names is
less important than having a working security group list command.
Change-Id: I68214d2680bad907f9d04ad3ca2f62cf3feee028
Closes-Bug: #1459629
This is the first step in reworking the shell argument handling,
clean up and add tests to ensure functionality doesn't change.
* Rework shell tests to break down global options and auth options.
* Make tests table-driven
* Remove 'os_' from 'cacert' and 'default_domain' internal option names
Change-Id: Icf69c7e84f3f44b366fe64b6bbf4e3fe958eb302
Because of the way OSC registers all plugins together we end up
with os-tenant-X parameters being saved to the project-X attribute after
parsing. If you are using the v2 plugins directly then they and os-client-config
expect the tenant_X values and will assuming no scoping information if
they are not present.
Validating options for scope will also fail in this situation, not just
because the resultant auth dictionary is missing the tenant-X
attributes, but because OSC validates that either project or domain
scope information is present.
Fix this by just always setting the v2 parameters if the v3 parameters
are present. This will have no effect on the generic or v3 case but fix
the v2 case.
Expand validation to include the tenant options so it knows that v2
plugins are scoped.
Change-Id: I8cab3e423663f801cbf2d83106c671bddc58d7e6
Closes-Bug: #1460369
Added following commands for volume V2 API:
volume show
volume delete
volume type show
volume type delete
snapshot show
snapshot delete
backup show
backup delete
Implements: blueprint volume-v2
Change-Id: I68bd303c194f304ad15f899d335b72a8bf3ebe10
Currently argument 'domain' is not supported by command 'os project
set', but it is required by keystone v3 update project API to match
the domain id.
Closes-Bug: #1460122
Change-Id: I1b32f67f78b369f6134a74cdf9a4811b7539d44b
This allows the server delete command to wait for the server to be
deleted (obviously).
The wait method is the same model that Tempest uses, i.e. wait for a 404
on server GET (successful deletion), fail if the server went to ERROR
status, or fail if a timeout is reached. The default timeout of 300
seconds is also what Tempest uses.
Closes-Bug: #1460112
Change-Id: I0e66c400903e82832944d1cad61e7eb30177c3e8
The tests that will change after the verify-always-true bug is fixed
are currently commented out. The commented asserts show where we
want to go.
Also fixes --verify parser value
Change-Id: I891e3ead5fc3da3ed2ecba5d2befd9e910778655
Personally, I think these tests should be removed, they are
testing OCC. An internal OCC change on a private method broke
this test.
Change-Id: I760bf90ef8bd97e30be7838874337be695d45285
Recently oslo serialization has started to also include
python-msgpack. Since we were only using it for json support, we
should just use python's json support. Especially since it's only
used by our tests.
Change-Id: I0f8d939d6fca7608eaa3eea7ea4ca93296aaab3a
Enable user to update the following image properties from OSC:
container-format, disk-format, size
Closes-Bug: #1446362
Change-Id: Id9f40f15702e8f14f0327a37fcc7d7971338c258
The insecure and verify options are broken so that verify always
gets set to True. One problem was that the parsed args not
defaulted so os_cloud_config thinks there was always a command
line specified. The other problem was getattr was called on cloud
config instead of get.
Closes-Bug: #1450855
Change-Id: Ib5f004f51a7453cc8f5a89759e2031ec42e04a30
If users, projects or groups are provided by name, there is a
possibility of the existence other users/projects/groups with the same
name in other domain. Even though this is not a problem if the actual
ID is given instead of a name; this is mostly a usability enhancement.
So, three options were added, one for specifying the domain where the
user belongs, another one to specify the project's domain, and finally
one to specify the group's domain.
Change-Id: Iab04b0e04fa75ea5aa3723b8ea42a45f58a6cdb2
Closes-Bug: #1421328
When we execute an Openstack CLI command, keystone should log in
Keystone access log that the user-agent that made the request was
'python-openstackclient' instead of the default 'python-keystoneclient'.
Therefore, when we create the authentication session we
need to send the explicit user-agent.
Closes-Bug: #1453995
Change-Id: I75087fd4bb1ff1e6f2a911bc70bf8008268276bb
