293 Commits

Author SHA1 Message Date
Dean Troyer
14dbfe4474 Defer auth prompting until it is actually needed
Auth option prompting happens waaaay to early in the default
os-client-config flow, we need to defer it until adter the commands
have been parsed.  This is why ClientManager.setup_auth() exists,
as it is not called until the first attempt to connect to a server
occurs.  Commands that do not require authentication never hit this.

Also, required options were not being enforced.  By doing this we handle
when no authentication info is present, we fail on missing auth-url rather
than attempt to prompt for a password (default auth is password).

Closes-Bug: 1619274
Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
2016-09-08 10:31:13 -05:00
Dean Troyer
84c83fc3ae Provide fallback prompt function for current osc-lib
Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956
2016-08-29 19:22:06 -05:00
Jenkins
c5f8f761de Merge "Fix auth prompt brokenness" 2016-08-29 21:09:58 +00:00
Dean Troyer
bec206fa0a Fix auth prompt brokenness
We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442
2016-08-29 11:58:49 -05:00
Cao Xuan Hoang
f854b7d6ea Clean imports in code
In some part in the code we import objects.
In the Openstack style guidelines they recommend to import only modules.

http://docs.openstack.org/developer/hacking/#imports

Change-Id: I2eb35dc53f0fdb61c31022bb70293d1df8aaf482
2016-08-25 13:50:38 +07:00
Dean Troyer
684412ca4c Work around a version clash issue with os-client-config
Need to add the fixed_arguments arg to _validate_auth() so
os-client-config 1.19.1 and 1.20.0 can call our version properly.

Change-Id: I328e47ba2f8115e6b18bf1482fd4aa35056907a4
2016-08-22 08:29:35 -05:00
Dean Troyer
2a1a174086 Gate-unbreaking combo review
Fix argument precedence hack
  Working around issues in os-client-config <= 1.18.0

  This is ugly because the issues in o-c-c 1.19.1 run even deeper
  than in 1.18.0, so we're going to use 1.19.0 get_one_cloud() that
  is known to work for OSC and fix o-c-c with an axe.

Remove return values for set commands
  'identity provider set' and 'service provider set' were still
  returning their show-like data, this is a fail for set commands
  now, don't know how this ever passed before...

Constraints are ready to be used for tox.ini
  Per email[1] from Andreas, we don't need to hack at install_command
  any longer.

  [1] http://openstack.markmail.org/thread/a4l7tokbotwqvuoh

Co-authorioed-by: Steve Martinelli <s.martinelli@gmail.com>
Depends-On: I49313dc7d4f44ec897de7a375f25b7ed864226f1
Change-Id: I426548376fc7d3cdb36501310dafd8c44d22ae30
2016-08-18 07:21:15 -05:00
Dean Troyer
6a15f90dae osc-lib: shell
Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
  now public in osc-lib's ClientManager.  Leave back-compat copies in
  place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
  a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
  the one in osc-lib.

Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
2016-08-05 13:48:55 -05:00
Elena Ezhova
b50c2b6a88 Allow setting quotas for server groups and server group members
Adds support of --server-groups and --server-group-members options
to the "quota set" command.

Change-Id: I178d1e267d010be7e908adefcf3b15abdafd9da4
Closes-Bug: #1602223
2016-07-27 13:04:36 +03:00
Dean Troyer
0bc2d83f68 Remove temporary code in ClientManager
This effectively reverts https://review.openstack.org/#/c/341618/.

Change-Id: Ic8e53e17b4a5352b0c00e39bcb5d248b057540a9
2016-07-25 14:55:33 -05:00
Dean Troyer
f38c51c1b9 Rework clientmanager
* Add compatibility for plugin v2 interface removed from osc-lib
* ClientManager.is_network_endpoint_enabled() is wrapper for
  new is_service_available()

Change-Id: I6f26ce9e4d0702f50c7949bacfbeeb0f98cddb5d
2016-07-22 20:49:18 +00:00
SongmingYan
1b878b4efd Remove execute permission on a few files
Some files have execute permission unnecessarily. Change them from
755 to 644.

Change-Id: I471ebd1c3d123ad4a7376f7f5996f53f8c2d9b0b
2016-07-22 17:38:34 +00:00
Dean Troyer
067647b6a4 Temp work around for missing select_auth_plugin()
These were removed prematurely from osc-lib (by me) but the real fix in
https://review.openstack.org/329189 is having racy functional test issues
that may be related to osc-lib, so let's clear this up while we fix that...

Change-Id: I8f67466967751fdf6fd24ae1b16ccee2aec52323
2016-07-13 10:33:19 -05:00
Jenkins
ffb232a90e Merge "Correct reraising of exception" 2016-07-07 20:56:18 +00:00
Jenkins
2adeac2bc2 Merge "osc-lib: api.auth" 2016-07-07 19:49:06 +00:00
qinchunhua
6f36385cb8 Correct reraising of exception
When an exception was caught and rethrown,
it should call 'raise' without any arguments
because it shows the place where an exception
occured initially instead of place where the exception re-raised.

Change-Id: I5fb6dea5da7fb6e1e2b339a713c7d37f8c99e407
2016-07-07 15:05:58 +00:00
Dean Troyer
d324530532 osc-lib: api.auth
Move auth plugin checking to osc-lib.

Change-Id: I673d9c2d6e8bbf724c3000459a729e831d747814
2016-06-30 08:57:59 -05:00
Jenkins
05e818ce50 Merge "Improve masking of secrets in configuration show" 2016-06-23 20:59:19 +00:00
Jenkins
775b1acccd Merge "Make set/unset commands in compute/image/common return normally when nothing specified" 2016-06-22 14:37:44 +00:00
Tang Chen
9c62af8a42 Make set/unset commands in compute/image/common return normally when nothing specified
After this patch, all set/unset commands will return normally
when nothing specified.

Change-Id: Id94d0329faa1a674006a9aae901f834b41917317
Close-bug: #1588588
2016-06-21 15:15:18 +08:00
Alvaro Lopez Garcia
1de4c66009 Improve masking of secrets in configuration show
The command "configuration show" tries to redact some of the secrets
that are shown on the screen. However, this failed redacting options
that were marked as secrete by the auth plugins (if any) and it redacted
other options that were not redacted at all. For example, when using
the OpenID Connect plugins, it redacted the "access_token_endpoint" as
the word "token" appears there, but it failed to redact "client_secret"
even when this option is marked as secret in the corresponding plugin.

Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
2016-06-21 06:56:23 +00:00
Alvaro Lopez Garcia
099a2c38b9 Refactor setting defaults for some scope parameters
The code is setting defaults for some scope parameters, cheking if the
name ends with some specific substring (namely ending in "password")
causing failures in some plugins that end with the same string, but do
not allow those parameters (like "user_domain_id" in "v3oidcpassword").

Closes-Bug: #1582774
Change-Id: Id7036db3b783b135353d035dc4c1df7c808d6474
2016-06-21 08:55:30 +02:00
Tang Chen
047cb68493 Standardize logger usage
Use file logger for all command specific logs.

This patch also fixes some usage that doesn't
follow rules in:
http://docs.openstack.org/developer/oslo.i18n/guidelines.html

After this patch, all self.log and self.app.log
will be standardized to LOG().

NOTE: In shell.py, we got the log in class OpenStackShell,
      which is also known as self.app.log in other classes.
      This logger is used to record non-command-specific logs.
      So we leave it as-is.

Change-Id: I114f73ee6c7e84593d71e724bc1ad00d343c1896
Implements: blueprint log-usage
2016-06-20 15:16:51 +00:00
Dolph Mathews
fe0c8e955b Do not prompt for scope options with default scoped tokens
This changes the scope validation to occur after a token has already
been created.

Previous flow:

1. Validate authentication options.
2. Validate authorization options if the command requires a scope.
3. Create a token (using authentication + authorization options)
4. Run command.

This means that scope was being checked, even if a default scope was
applied in step 3 by Keystone.

New flow:

1. Validate authentication options.
2. Create token (using authentication + authorization options)
3  Validate authorization options if the command requires a scope and
   the token is not scoped.
4. Run command.

Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981
Closes-Bug: 1592062
2016-06-17 12:37:15 -04:00
Dean Troyer
e7ed403712 Finish osc-lib transition for command.py
https://review.openstack.org/#/c/328318/ was the transition of
openstackclient/common/command.py to osc-lib but it was incomplete;
https://review.openstack.org/#/c/329885/ started to fix it but
was also incomplete.  Third time is charm?

Change-Id: Ib6c0266155c2155ae59067ce7b15bebca1e375e8
2016-06-15 22:50:43 +00:00
Tang Chen
ec630e033a Setup deprecate msg for command.py
This could be a miss when we use osc_lib first in OSC.
command.py has been moved to osc_lib, and should reuse
it and print a deprecate msg if the old file is used.

Change-Id: Ibc35659f6f78b8f5e3c6026db2644a876ef7c549
2016-06-15 15:24:35 +00:00
Dean Troyer
a55eb915a0 osc-lib: timing
Change-Id: I3fe27d98efa5090e084c676f7f8e6dad0157ed21
2016-06-13 11:08:21 -05:00
Dean Troyer
9e2b8e6730 osc-lib: command
Leave command.py and test_command.py as a sanity check during the
deprecation period.

Change-Id: I24e1b755cbfbcbcaeb5273ec0c9706b82384fc85
2016-06-13 11:00:22 -05:00
Dean Troyer
be192676bd osc-lib: parseractions
Leave parseractions.py and test_parseractions.py as a sanity check during the
deprecation period.

Change-Id: I1a7469b6d872284e0276502a1a287bc0b87f8f83
2016-06-13 10:55:44 -05:00
Dean Troyer
59dffb9c62 osc-lib: logs
Change-Id: I2a4d40cd72cc22e97a600751ae29c2309ebed28b
2016-06-13 10:55:44 -05:00
Dean Troyer
e5e29a8fef osc-lib: utils
Use osc-lib directly for utils.

Leave openstackclient.common.utils for deprecation period.

Change-Id: I5bd9579abc4e07f45219ccd0565626e6667472f7
2016-06-13 10:50:44 -05:00
Dean Troyer
d20c863ebc osc-lib: exceptions
Use osc-lib directly for exceptions.

Leave openstackclient.common.exceptions for deprecation period.

Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828
2016-06-13 10:50:01 -05:00
Jenkins
17627c5595 Merge "Moving authentication from keystoneclient to keystoneauth" 2016-06-13 15:39:36 +00:00
Dean Troyer
6c269efda8 Use osc-lib and set up deprecation warnings
The initial use of osc-lib is behind the compatibility/deprecation
modules that we will leave in place for a time for plugins to catch
up.

* openstackclient.common.exceptions
* openstackclient.common.utils

Module-level warnings are emitted directly on stderr since logging
has not been configured yet.

Change-Id: I79e57ce9523a20366bccaf9b949ab5906792ea0d
2016-06-10 08:35:54 -05:00
Navid Pustchi
6ae0d2e8a5 Moving authentication from keystoneclient to keystoneauth
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.

All dependant test have been updated.

Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects.  The user_role_list tests failed when they
picked up an auth_ref that was a fixture.  This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.

Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
2016-06-09 18:00:40 +02:00
Rui Chen
a4670054c6 Remove duplicate file logger formatter setting
Change-Id: Ia7851a4266fa61658c48cc894163c6afb7252750
2016-06-08 16:28:59 +08:00
Jenkins
c272476b7b Merge "Error handling for KeyValueAction class." 2016-06-08 04:30:58 +00:00
Huanxuan Ao
cf12239773 Error handling for KeyValueAction class.
The set --property command requires that the input match
the "key=value" type, but if the type don't match, the return
value will be None, and the command still can be implemented
successfully, this may confuse the users. I think we should
raise exception if the argument type don't match "key=value".
So I make some changes in KeyValueAction class in this patch.

Change-Id: I14e64922faa7e083bc8b5e7e1cac41ef8117c224
Closes-Bug: #1589935
2016-06-08 10:15:19 +08:00
Huanxuan Ao
b36d521ff6 Fix i18n supports in commom
I checked all the files in openstackclient/common
and fixed the missing i18n supprots.

Change-Id: Id7f76a24aae663f5832ef9bcf1bd5a6b7081af24
Partial-bug: #1574965
2016-06-07 19:56:00 +08:00
Lu lei
54e81a9984 Add newline to strings in stdout/stderr.write()
Function stdout/stderr.write() can't break line automatically.

Change-Id: I903c2d1cc1a669adb6be5aa4eb783d3b9943e685
2016-06-06 13:54:55 +08:00
Richard Theis
6f2c1734e3 Fix --enable options on commands
The --enable option on commands is ignored when the arguments are parsed.
This is related to the --enable-beta-commands option. Renaming the option
to --os-beta-command fixes the problem.

There's no need to handle backwards compatibility for the option name
change because there hasn't been an OSC release yet with beta commands.

Change-Id: I0327ba8a2058858a83e9a42e231470ed733cc834
Closes-Bug: #1588384
2016-06-02 10:07:34 -05:00
Fang Zhen
b92cf77fb5 Add network support for "quota set"
The "quota set" command support compute and volume quotas previously.
This patch add support network.

Partially-implements: blueprint neutron-client-quota
Closes-bug: 1489441

Change-Id: I9d297f52bc30614b3493f09ed15f8f1d3f8ff952
2016-05-19 20:42:59 +08:00
Steve Martinelli
ebcbd6ba71 remove #noqa from i18n imports
hacking checks no longer fail on `import _`

Change-Id: Idd60f0a0e71e5081691eacb39e5091ab08fcce6d
2016-05-13 13:14:02 -07:00
Hieu LE
b8432408e6 Ignore domain related config when using with keystone v2
Currently, "/usr/bin/openstack --insecure token issue"
fails when OS_AUTH_URL and OS_IDENTITY_API_VERSION
indicate keystone v2 if OS_PROJECT_DOMAIN_NAME or
OS_USER_DOMAIN_NAME are set. This patchset ignore domain
related configs if using with keystone v2 and print warning
for each ignored config.

Change-Id: I8afbda787df7855c3f8e868b0f07cbf3b9cd97fd
Closes-bug: #1447704
2016-05-09 12:29:44 +07:00
Hieu LE
59de9c477c Ignore domain related config when using with keystone v2
Currently, "/usr/bin/openstack --insecure token issue"
fails when OS_AUTH_URL and OS_IDENTITY_API_VERSION
indicate keystone v2 if OS_PROJECT_DOMAIN_NAME or
OS_USER_DOMAIN_NAME are set. This patchset ignore domain
related configs if using with keystone v2.

Change-Id: If7eea2ed1a4877c60d055ed0114a5e5f31e282a0
Closes-bug: #1447704
2016-05-06 03:42:15 +00:00
Michael McCune
b33ee3daf6 remove assert in favor an if/else
the assert usage in the NonNegativeAction has the potential to allow
unexpected behavior when the python is byte-compiled with optimization
turned on.

Changes
* remove assert in favor of if/else in NonNegativeAction class
* add type specifier to parser arguments for non-negative actions
* correct tests for new int based values

Change-Id: I093e7440b8beff4f179e2c4ed81daff82704c40e
Closes-Bug: #1576375
2016-05-02 15:11:45 -04:00
Richard Theis
27024d70af Support quota show for current project
The "os quota show" command "<project/class>" argument is now
optional. If not specified, the user's current project is used.
This allows non-admin users to show quotas for their current
project.

Change-Id: I602d4cc09c9d29ce84271eff78137f8810cb1a47
Closes-Bug: #1572733
2016-04-21 11:33:24 -05:00
Tim Burke
926330d372 Propagate AttributeErrors when lazily loading plugins
Previously, if an AttributeError was raised in a plugin's make_client
method, the plugin simply wouldn't be an attribute of the ClientManager,
producing tracebacks like

Traceback (most recent call last):
  File ".../openstackclient/shell.py", line 118, in run
    ret_val = super(OpenStackShell, self).run(argv)

  ...

  File ".../openstackclient/object/v1/container.py", line 150, in take_action
    data = self.app.client_manager.object_store.container_list(
  File ".../openstackclient/common/clientmanager.py", line 66, in __getattr__
    raise AttributeError(name)
AttributeError: object_store

This made writing minimal third-party auth plugins difficult, as it
obliterated the original AttributeError.

Now, AttributeErrors that are raised during plugin initialization will
be re-raised as PluginAttributeErrors, and the original traceback will
be preserved. This gives much more useful information to plugin
developers, as in

Traceback (most recent call last):
  File ".../openstackclient/shell.py", line 118, in run
    ret_val = super(OpenStackShell, self).run(argv)

  ...

  File ".../openstackclient/object/v1/container.py", line 150, in take_action
    data = self.app.client_manager.object_store.container_list(
  File ".../openstackclient/common/clientmanager.py", line 57, in __get__
    err_val, err_tb)
  File ".../openstackclient/common/clientmanager.py", line 51, in __get__
    self._handle = self.factory(instance)
  File ".../openstackclient/object/client.py", line 35, in make_client
    interface=instance._interface,
  File ".../openstackclient/common/clientmanager.py", line 258,
  in get_endpoint_for_service_type
    endpoint = self.auth_ref.service_catalog.url_for(
PluginAttributeError: 'NoneType' object has no attribute 'url_for'

Change-Id: I0eee7eba6eccc6d471a699a381185c4e76da10bd
2016-04-14 21:12:35 -07:00
Jenkins
0edab95fd1 Merge "Support client certificate/key" 2016-04-06 21:42:56 +00:00
Cedric Brandily
3a8320a1d7 Support client certificate/key
This change enables to specify a client certificate/key with:
 * usual CLI options (--os-cert/--os-key)
 * usual environment variables ($OS_CERT/$OS_KEY)
 * os-client-config

Change-Id: Ibeaaa5897ae37b37c1e91f3e47076e4e8e4a8ded
Closes-Bug: #1565112
2016-04-06 20:21:19 +02:00