This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
This new action will allow a user to change their own password by
either providing the new password as an argument (--password) or by
being prompted to enter the new password.
In both cases user will be prompted to enter their current password
as required by the v3 API.
Closes-Bug: #1337245
Change-Id: I5e1e0fd2b46a4502318da57f7cce2b236fb2d93d
This does a couple of things:
* Loads the Identity client module in the same manner as the other
'base' clients (where 'base' == 'included in the OSC repo')
* Changes the entry point group name for the base clients to
'openstack.cli.base'. The extension group name remains the same.
* Loads the base modules first followed by the extension modules.
This load order ensures that the extension module commands are all
loaded _after_ the base commands, allowing extensions to now override
the base commands.
Change-Id: I4b9ca7f1df6eb8bbe8e3f663f3065c2ed80ce20b
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
User create for v2.0 no longer always contains a tenantId in the
response. Add a guard to check for tenantId first before pop'ing it.
Change-Id: I428dbc26520bb86efad33768ce04f584217ad168
Closes-Bug: #1352119
identity_client.identity_providers doesn't exist as a manager. These are
located at identity_client.federation.identity_providers. Fix the
routes.
Also fix passing id to .create() as a positional argument. This is not
allowed from keystoneclient it should be passed as a keyword argument.
Change-Id: I912c27fcee58b0723e27e9147def2cbd1c62c288
Domain administrator cannot do project operations because the
require access to the domain API (which they don't have). When
attempting to find a domain for project operations, ignore errors
because the API returns nothing without indicating there is a
problem. The domain administrators will have to use a domain id,
but they will still be able to do project operations. If the user
does not have permission to read the domain table, they cannot
use domain names.
Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752
Closes-Bug: #1317478
Closes-Bug: #1317485
This patch enables authenticating by using a trust. The trust ID
must be set with the parameter --os-trust-id or the env variable
OS_TRUST_ID. Trusts are available for the identity v3 API.
Co-Authored-By: Florent Flament <florent.flament@cloudwatt.com>
Change-Id: Iacc389b203bbadda53ca31a7f5a9b8b6e1a1f522
Complete the 'group list' and 'user list' filter options following
the refactor in https://review.openstack.org/69878
Change-Id: Ib4af417c56d4f7da4b88852f191af615cc7fa2ec
The keystoneclient code for oauth1 support has changed.
As such, we should remove the delete, list and authenticate
functions, since they are not in keystoneclient.
Also, we must now pass in the project id when creating a
request token. Additionally we must now pass in roles
when authorizing a request token.
Added functional tests to ensure output and input args
are the same.
bp add-oauth-support
Change-Id: I559c18a73ad95a0c8b7a6a95f463b78334186f61
Currently parts of user list and group list command are actually
functioning as role listing, which is quite counter intuitive and
misleading.
This refactor change move role related logic to a single place of role
list command. It now allows role grants listing for user/group +
domain/project combinations.
If no user or group specified, it will list all roles in the system,
which is the default behaviour.
Change-Id: I4ced6df4b76f018d01000d28b4281ad9f252ffcc
The assignments manager and its test class were created.
Some fake stubs were also added on the fakes.py module.
The "openstack role assignment list" command was created.
Change-Id: Iae94f4fee608ea3e09ff38961ad22edc38efb89c
Implements: blueprint roles-assignment-list
Closes-Bug: 1246310
Identity v2 has undocumented support for token delete and
keystoneclient also has support.
Change-Id: Ib98d17958ceb88f7b63471691dee71fdb884ce2e
Closes-Bug: #1318442
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
Thinking ahead, a few other upcoming keystone features could
benefit from reading contents from a file. Thus, moving the
function from policy to utils.
Change-Id: I713ab0e5a00c949ad996daf83b775a7c19044888
Keystoneclient has added the positional decorator which emits a warning
if arguments aren't passed by keyword. This means we are getting
warnings in certain places in openstackclient.
Change-Id: Ic5446cd6f122cbb56fce543011386d53bc31fe18
Closes-Bug: #1302199
The --project option to the user list command was not implemented
* Allow users to be filted by project
* Support id or name of project with the find_resource command
* Make sure the report does not contain duplicates
Change-Id: Ic0e10cccd7749d38a7d4b80bbdc68e61a660084b
Closes-Bug: #1177255
Make endpoints more consistent across create, show, etc
* Make the name option required for create
* Use a common function to fetch services by id, name or type
* Have show work by endpoint id or by service id, type or name
* Have show display all the fields by default
* Remove capability to filter queries by attribute value pairs
Change-Id: Idaa4b8d930ba859fd62de777e44a10b1ed58c79b
Partial-Bug: #1184012
This change corrects the display of ec2 credentails within the
ListEC2Creds method. Added explicit headers and corrected data listt o
specify tenant_id instead of project id.
Change-Id: I2ea579082bee800d774f202bdc38e2d546e57e77
Closes-Bug: #1292337
The underlying keystoneclient interface allows filtering by domain,
so support it in the cli interface because it makes project list
much nicer to use in a multi-domain deployment.
Change-Id: If3f5cf1205c1e9cf314f8286a3ae81bda4456b8f
Closes-Bug: #1289513
