377 Commits

Author SHA1 Message Date
Colleen Murphy
5203cc9707 Remove auth_with_unscoped_saml decorator
The auth_with_unscoped_saml decorator existed to make sure the user
selected the right auth plugin before trying to call either a
'federation domain' or 'federation project' command. This is outdated,
because openstackclient now uses keystoneauth[1] and keystoneauth
removed its entrypoints for the federation plugins[2] since its
_Rescoped class no longer needs them. This patch removes the decorator
since that validation check was the only thing standing in the way of
the commands working correctly. Also removed the '*_list_wrong_auth'
tests since those only existed to test the decorator, and stopped
setting the plugin in the positive tests since the
automatically-determined token plugin should now be fine.

[1] http://git.openstack.org/cgit/openstack/python-openstackclient/commit/?id=6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e
[2] http://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=d9e4d26bb86f8d48e43188b88bab9d7fe778d2c1

Change-Id: Id981739663113447a7bba8ddba81ba9394a19e07
Closes-bug: #1624115
2016-12-04 18:59:09 +00:00
Steve Martinelli
0ef8535036 translate all command help strings
Leverage the new cliff command class attribute (_description)
to get the help of a command, this allows us to mark strings
for translation. We could not do this before since the help
was grabbed from the docstring.

This also depends on a new release of cliff and a bump to the
minimum level in osc's requirements.

Closes-Bug: 1636209
Depends-On: Id915f6aa7d95a0ff3dc6e2ceaac5decb3f3bf0da
Change-Id: I8673080bb5625e8e3c499feaefd42dfc7121e96f
2016-11-17 02:33:42 +00:00
qtang
3770ad08b2 Warning for empty password set for user create/set
Raise warning when empty password set for user

Change-Id: If03516f3f1290e4c329fe3d1277dee0512de0410
Closes-Bug: #1607959
2016-10-19 03:07:54 +00:00
Steve Martinelli
24c8b94baf format token expires time to prevent json loading datetime data
When output to shell, the token issue time is fine; however when
selecting the json formatter (via the --format json) option, an
exception is raised when formatting the dataetime data.

Rather than pass in the datetime data, we should format the data
with the ISO 8601 formatting.

Closes-Bug: 1619937
Change-Id: Iffebb2d5413fabfd283dfa94fc560fc37270f9dd
2016-09-05 17:23:42 +00:00
Jenkins
7489fa36aa Merge "Add support for domain specific roles" 2016-08-18 23:30:54 +00:00
Dean Troyer
cc3d46a47b Fix up last-minute imports to use osc-lib
Change-Id: I1ed2983cf574ebd565eeac4f8199fbc3a2e29c8e
2016-08-18 18:22:42 +00:00
Dean Troyer
2a1a174086 Gate-unbreaking combo review
Fix argument precedence hack
  Working around issues in os-client-config <= 1.18.0

  This is ugly because the issues in o-c-c 1.19.1 run even deeper
  than in 1.18.0, so we're going to use 1.19.0 get_one_cloud() that
  is known to work for OSC and fix o-c-c with an axe.

Remove return values for set commands
  'identity provider set' and 'service provider set' were still
  returning their show-like data, this is a fail for set commands
  now, don't know how this ever passed before...

Constraints are ready to be used for tox.ini
  Per email[1] from Andreas, we don't need to hack at install_command
  any longer.

  [1] http://openstack.markmail.org/thread/a4l7tokbotwqvuoh

Co-authorioed-by: Steve Martinelli <s.martinelli@gmail.com>
Depends-On: I49313dc7d4f44ec897de7a375f25b7ed864226f1
Change-Id: I426548376fc7d3cdb36501310dafd8c44d22ae30
2016-08-18 07:21:15 -05:00
Henry Nash
5eb7e626b1 Add support for domain specific roles
A role entity can now be specified as domain specific.

Closes-bug: #1606105
Change-Id: I564cf3da1d61f5bfcf85be591480d2f5c8d694a0
2016-08-10 20:32:55 +00:00
Dean Troyer
6a15f90dae osc-lib: shell
Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
  now public in osc-lib's ClientManager.  Leave back-compat copies in
  place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
  a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
  the one in osc-lib.

Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
2016-08-05 13:48:55 -05:00
Jenkins
97ccb65f83 Merge "Fix error for find_service() in identity" 2016-07-27 03:37:52 +00:00
Jenkins
566b8566c0 Merge "Standardize import format" 2016-07-26 07:22:27 +00:00
Henry Nash
713d92df4e Add assignment list to v2 identity and deprecate alternate listing
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.

This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).

This patch:

- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments

Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
2016-07-22 21:46:29 +00:00
SongmingYan
1b878b4efd Remove execute permission on a few files
Some files have execute permission unnecessarily. Change them from
755 to 644.

Change-Id: I471ebd1c3d123ad4a7376f7f5996f53f8c2d9b0b
2016-07-22 17:38:34 +00:00
sunyajing
c45b1d7b23 Fix error for find_service() in identity
if there are more than one services be found with one
name, a NoUniqueMatch exception should be raised but
we can see a NotFound Exception raised instead. It is
because in "find_service()", we use "find_resource()"
first, if "find_resource()" return a exception, we just
think it is a NotFound Exception and continue to find
by type but ignore a NoUniqueMatch exception of
"find_resource()". This patch refactor the "find_service()"
method to solve this problem.

Change-Id: Id4619092c57f276ae0698c89df0d5503b7423a4e
Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn>
Closes-Bug:#1597296
2016-07-22 19:40:50 +08:00
shizhihui
f996138a0d Standardize import format
According to the rule in
http://docs.openstack.org/developer/hacking/#imports
I modify some irregular import format.

Change-Id: Ibf29ccaf3ddec4a956334cc3368ebee7a66e282c
2016-07-22 19:24:02 +08:00
Jenkins
ae2fd1a9ae Merge "Modify some help and error messages in ec2creds identityv2" 2016-07-19 09:26:22 +00:00
Jenkins
eb0a2f9834 Merge "Update doc for credential in indentityv3" 2016-07-19 09:21:56 +00:00
Huanxuan Ao
60639d76a7 Support bulk deletion for delete commands in identityv3
Support bulk deletion for delete commands in the list below
identity/v3/consumer
identity/v3/credential
identity/v3/domain
identity/v3/ec2creds
identity/v3/endpoint
identity/v3/federation_protocol
identity/v3/identity_provider
identity/v3/mapping
identity/v3/policy
identity/v3/region
identity/v3/service_provider
identity/v3/service

The unit test in identityv3 need to be refactored, so I add
some functional tests instead. I will add all unit tests at
one time after the refactor completed.

Change-Id: I82367570f59817b47c87b6c7bfeae95ccfe5c50e
Closes-Bug: #1592906
2016-07-19 09:49:36 +08:00
Huanxuan Ao
c0467edc64 Update doc for credential in indentityv3
Change-Id: I5f49c038a75ea67674b6d9279a6e60d6ded8d12f
2016-07-15 10:54:45 +08:00
Huanxuan Ao
e5a3c403e5 Make set/unset commands pass normally when nothing specified in identityv3
Change-Id: I554b41969f96b62a2c6d37024caa56b1441d5ed1
Partial-bug: #1588588
2016-07-14 14:12:30 +08:00
Huanxuan Ao
536c0d9dea Modify some help and error messages in ec2creds identityv2
Usually we use "(s)" to show about multi deletion in
help message. In addition, I think "EC2 credentials"
is better than "EC2 keys" in the error message.

Change-Id: I6a6461291542701d87a55d9ea0ea1fda6db04601
2016-07-12 15:55:33 +08:00
Jenkins
ffb232a90e Merge "Correct reraising of exception" 2016-07-07 20:56:18 +00:00
Jenkins
2adeac2bc2 Merge "osc-lib: api.auth" 2016-07-07 19:49:06 +00:00
qinchunhua
6f36385cb8 Correct reraising of exception
When an exception was caught and rethrown,
it should call 'raise' without any arguments
because it shows the place where an exception
occured initially instead of place where the exception re-raised.

Change-Id: I5fb6dea5da7fb6e1e2b339a713c7d37f8c99e407
2016-07-07 15:05:58 +00:00
Dean Troyer
d324530532 osc-lib: api.auth
Move auth plugin checking to osc-lib.

Change-Id: I673d9c2d6e8bbf724c3000459a729e831d747814
2016-06-30 08:57:59 -05:00
sunyajing
6df09fd377 Support multi-delete for commands in identity V2
Commands are "ec2 credentials delete", "service delete", "endpoint delete".
Also update their unit tests and functional tests.

Partial-Bug: #1592906
Change-Id: I1a0b7160b803a523646d09d030e6f112c81c4c24
2016-06-23 23:57:49 -04:00
Jenkins
b7909252a5 Merge "Use resource id when name given for identity show" 2016-06-23 17:14:02 +00:00
sunyajing
e8483c9022 Standardize logger usage of catalog in identity
Change-Id: I5307f949b3a350e41840a4a5c191ceacf1b3b291
Partially-Implements: blueprint log-usage
2016-06-23 08:22:51 +00:00
David Rosales
337d013c94 Use resource id when name given for identity show
Currently a user is allowed to specify either a resource ID or name
when running openstack identity comands. In some cases, when a name
is specified instead of an ID, the command will return as not able
to find the resource when it in fact does exist.

The changes here are to check the client against the token on such
requests and to extract the ID of the resource specified if enough
information exists between the two. We then use the ID associated
with the resource to complete the user requests.

Change-Id: I40713b0ded42063b786dc21247e854224b9d2fe2
Closes-Bug: #1561599
2016-06-22 21:55:46 -07:00
Jenkins
f5ae23ab86 Merge "Standardize logger usage" 2016-06-20 17:26:57 +00:00
Tang Chen
047cb68493 Standardize logger usage
Use file logger for all command specific logs.

This patch also fixes some usage that doesn't
follow rules in:
http://docs.openstack.org/developer/oslo.i18n/guidelines.html

After this patch, all self.log and self.app.log
will be standardized to LOG().

NOTE: In shell.py, we got the log in class OpenStackShell,
      which is also known as self.app.log in other classes.
      This logger is used to record non-command-specific logs.
      So we leave it as-is.

Change-Id: I114f73ee6c7e84593d71e724bc1ad00d343c1896
Implements: blueprint log-usage
2016-06-20 15:16:51 +00:00
sunyajing
6dbe911800 Modify help msg and docs in identity
Migrate 'change', 'update' to 'modify',
migrate 'user to delete' to 'user(s) to delete',
migrate '(name or ID)' to '(type, name or ID)'.

Change-Id: Ie425e178bb5ddf773e6e793fcd91c78e9c4a5053
2016-06-17 09:41:39 +00:00
Jenkins
1464c8a237 Merge "Make set/unset command in identity and image pass normally when nothing specified" 2016-06-17 06:24:35 +00:00
sunyajing
8a12a39ece Make set/unset command in identity and image pass normally when nothing specified
Also update its unit tests.

Change-Id: I82b90658b0d4247cdc9a650f14aceda640a32059
Partial-bug: #1588588
2016-06-17 04:20:28 +00:00
Jenkins
b5e524ac84 Merge "Fix help msg of identity endpoint" 2016-06-16 12:43:32 +00:00
sunyajing
9eb77ae1de Fix help msg of identity endpoint
<service> argument of `endpoint create` command doesn't mean
`new endpoint service`, but an existent service that the new endpoint attached to.

Change-Id: I846fdb501bdea14499f42288186f375a3b2b5951
2016-06-16 09:55:10 +08:00
Jenkins
2c92b60f45 Merge "osc-lib: command" 2016-06-14 06:45:17 +00:00
Jenkins
287fe3610a Merge "osc-lib: parseractions" 2016-06-14 04:22:03 +00:00
Tang Chen
304f565439 Fix i18n problems for common files in identity
Some missing parts in identity.

Change-Id: I8777b845613d7d7df36ac3c198da552e11aaad1b
Partial-bug: #1574965
2016-06-14 09:50:23 +08:00
Dean Troyer
9e2b8e6730 osc-lib: command
Leave command.py and test_command.py as a sanity check during the
deprecation period.

Change-Id: I24e1b755cbfbcbcaeb5273ec0c9706b82384fc85
2016-06-13 11:00:22 -05:00
Dean Troyer
be192676bd osc-lib: parseractions
Leave parseractions.py and test_parseractions.py as a sanity check during the
deprecation period.

Change-Id: I1a7469b6d872284e0276502a1a287bc0b87f8f83
2016-06-13 10:55:44 -05:00
Dean Troyer
e5e29a8fef osc-lib: utils
Use osc-lib directly for utils.

Leave openstackclient.common.utils for deprecation period.

Change-Id: I5bd9579abc4e07f45219ccd0565626e6667472f7
2016-06-13 10:50:44 -05:00
Dean Troyer
d20c863ebc osc-lib: exceptions
Use osc-lib directly for exceptions.

Leave openstackclient.common.exceptions for deprecation period.

Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828
2016-06-13 10:50:01 -05:00
Navid Pustchi
6ae0d2e8a5 Moving authentication from keystoneclient to keystoneauth
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.

All dependant test have been updated.

Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects.  The user_role_list tests failed when they
picked up an auth_ref that was a fixture.  This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.

Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
2016-06-09 18:00:40 +02:00
Tang Chen
5293bb103e Fix i18n support problems in identity
Change-Id: I3b48d17850343051239b5b69e8b890dba32d3ac8
Partial-bug: #1574965
2016-06-07 09:37:02 +08:00
Lu lei
54e81a9984 Add newline to strings in stdout/stderr.write()
Function stdout/stderr.write() can't break line automatically.

Change-Id: I903c2d1cc1a669adb6be5aa4eb783d3b9943e685
2016-06-06 13:54:55 +08:00
Dean Troyer
41f5521ee9 Update v2 endpoint show help
https://review.openstack.org/#/c/319821/ updated v2 endpoint show
and the doc, but not the v3 help.

Change-Id: Ifaa90f6266eabafb9de544199759f4ee8bcc1c83
2016-06-02 14:32:16 -05:00
Alvaro Lopez Garcia
5f950788ff Do not require an scope when setting a password
Changing the password in Keystone V3 is an unscoped operation, but we
were requiring a scope.

Change-Id: If0653ac7b59320c2cd9d42a2c73dd29c3626d389
Closes-Bug: 1543222
2016-05-27 09:12:24 +02:00
Jenkins
9da02d14ea Merge "fix endpoint show help" 2016-05-26 22:10:23 +00:00
sunyajing
9e9e4e6f59 fix endpoint show help
endpoint show command can also work on service name or type or ID option

Change-Id: I43c8df4bc093d4130cf33fd2520736ce9077dc82
2016-05-26 19:40:26 +08:00