Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
now public in osc-lib's ClientManager. Leave back-compat copies in
place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
the one in osc-lib.
Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
Devstack now issues all v3 OSC commands for our CI, and since v3
has everything v2 has, we should be able to switch to v3.
Furthermore, most OSC users were initially using OSC since they
were looking to exploit v3 keystone capabilities.
Change-Id: If7de86946f6dd0f148aa5f526155cccf90adfcc3
Setting default versions in parsed args makes it so OCC
cannot tell if the argument was parsed, an environment
variable was set or it is just defaulted. In order to
set api versions from OCC, it will have to be defaulted
after processing OCC.
Closes-Bug: #1453229
Change-Id: I4d065919397b783f3bdd4022c986c0234a7a16e6
User should be able to specify the endpoint type through
a CLI optional argument/ENV variable setting. We will name this new
optional argument: --os-endpoint-type (Env: OS_ENDPOINT_TYPE) and
based on the value given, the service API will use that specific
endpoint type. Possible values: public, admin, internal.
DocImpact
Closes-Bug: #1454392
Change-Id: Ife3d4e46b44c0ddcd712b1130e27e362545a9a29
Not returning a value is the same as returning None. In the event that
someone asks ClientManager for an attribute that doesn't exist it should
raise AttributeError in the same way as other python objects rather
than return an empty value.
Change-Id: Id0ee825e6527c831c38e3a671958ded362fb96e1
We do not take into account region names for identity and volume
clients.
Change-Id: I4263e9013226b0adc6b9ad7540d6ad3efb42e809
Co-Authored-By: Eric Helgeson <erichelgeson@gmail.com>
Related-Bug: #1405416
For class-loading purposes we can just use the major version,
so accept that. Only Identity and Compute were affected; Compute
is included just to be pedantically complete.
For command groups we also just use the major version so fix
Compute and the version option handling.
Change the internal default for Identity to a simple '2' so it
is also consistent with the rest of the world.
Then comes microversioning...
Closes-Bug: #1292638
Change-Id: Ibaf823b31caa288a83de38d2c258860b128b87d8
Anything that needs a service catalog can get it directly from
auth_ref.service_catalog, no need to carry the extra attribute.
ClientManager.get_endpoint_for_service_type() reamins the proper
method to get an endpoint for clients that still need one directly.
Change-Id: I809091c9c71d08f29606d7fd8b500898ff2cb8ae
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
This does a couple of things:
* Loads the Identity client module in the same manner as the other
'base' clients (where 'base' == 'included in the OSC repo')
* Changes the entry point group name for the base clients to
'openstack.cli.base'. The extension group name remains the same.
* Loads the base modules first followed by the extension modules.
This load order ensures that the extension module commands are all
loaded _after_ the base commands, allowing extensions to now override
the base commands.
Change-Id: I4b9ca7f1df6eb8bbe8e3f663f3065c2ed80ce20b
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
This patch enables authenticating by using a trust. The trust ID
must be set with the parameter --os-trust-id or the env variable
OS_TRUST_ID. Trusts are available for the identity v3 API.
Co-Authored-By: Florent Flament <florent.flament@cloudwatt.com>
Change-Id: Iacc389b203bbadda53ca31a7f5a9b8b6e1a1f522
Add the ability to pass user_domain_id / user_domain_name, domain_id
/ domain_name, and project_domain_id / project_domain_name to keystone.
These parameters are the first step needed to getting multi-domain
support working via the CLI.
Closes-Bug: #1198171
Change-Id: I81a8534913978ff1cce01ec02741ae477e8c5fa4
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Signed-off-by: Bo Tang <btang@cs.utsa.edu>
Allows client libraries to have complete access to the rest of the
OSC ClientManager. In addition, extension libraries can define
global options (for API version options/env vars) and define
versioned API entry points similar to the in-repo commands.
The changes to ClientManager exposed some issues in the existing
object api tests that needed to be cleaned up.
Change-Id: Ic9662edf34c5dd130a2f1a69d2454adefc1f8a95
Add --os-cacert and --verify|--insecure options using the same
sematics as the other project CLIs. --verify is included for
completeness.
Bug: 1236608
Change-Id: I8a116d790db5aa4cb17a2207efedce7cb229eba3
* Add current auth info (auth_ref) to ClientManager
* Fix identity.v2_0.role.ListUserRole to get default user/project
from ClientManager.auth_ref
* Fix identity.v2_0.role.AddRole call to roles.add_user_role()
Change-Id: Ie8bf41c491d97b0292a2b86bdc9b7580989a7f97
Change the global auth options to use 'project', leave the original
tenant options in place but silent for compatability with the existing
project CLI auth options. This is the only compatibility for tenant
usage in this changeover.
Change-Id: I3cce6e552f18822cc9f445ec5f301b0f5d9003f8
* Add security group: create, delete, list, set, show
* Add server: add secgroup, remove secgroup
* Add security group rule: create, delete, list
* Add Oslo's strutils and gettextutils
* Adds parseractions.RangeAction() to handle option arguments of either a single number
or a range of numbers: '--port 25' or '--port 1024:65535'
Blueprint: nova-client
Change-Id: Iad2de1b273ba29197709fc4c6a1036b4ae99725f
Made all the necessary changes to pass new PEP8 standards.
Also cleaned up docstrings to conform to the HACKING stanards.
Change-Id: Ib8df3030da7a7885655689ab5da0717748c9edbe
updated with latest comments
modified entry points in setup.py
added group.py (v3)
added project.py (v3)
fixed indentation
updated to include new headers
Change-Id: Ice68b6c5bacb68d2e95321d903043056a9b8e810
* Specific versions supported are managed in XXXXXX.client.py with a
mapping from version to client class. This is based on the scheme
that is included in novaclient; none of the other client libs have
that capability.
Change-Id: I930b197f1189e7f52c3b0096e73e0773cf925542
* move auth option checking back to OpenStackShell() to keep the shell-level
interaction at that level; add checking for token flow options
* make identity.client.make_client() configure keystoneclient.v2_0.Client()
properly for both password flow and token flow auth
* eliminated ClientManager.init_token(), set _service_catalog in __init__()
* compute client handles token flow
Change-Id: I42481b5424489387798c4ec6d3e2a723ab1e6067
* Make the Identity client in identity.client.make_client()
* Auth via ClientManager.identity
* Skip extra auth roundtrip in compute client
Change-Id: I0190639e38f83997c233195f6cc27ff3afdfba10