The auth_with_unscoped_saml decorator existed to make sure the user
selected the right auth plugin before trying to call either a
'federation domain' or 'federation project' command. This is outdated,
because openstackclient now uses keystoneauth[1] and keystoneauth
removed its entrypoints for the federation plugins[2] since its
_Rescoped class no longer needs them. This patch removes the decorator
since that validation check was the only thing standing in the way of
the commands working correctly. Also removed the '*_list_wrong_auth'
tests since those only existed to test the decorator, and stopped
setting the plugin in the positive tests since the
automatically-determined token plugin should now be fine.
[1] http://git.openstack.org/cgit/openstack/python-openstackclient/commit/?id=6ae0d2e8a54fd5139e63a990ab4bdce634e73c5e
[2] http://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=d9e4d26bb86f8d48e43188b88bab9d7fe778d2c1
Change-Id: Id981739663113447a7bba8ddba81ba9394a19e07
Closes-bug: #1624115
Leverage the new cliff command class attribute (_description)
to get the help of a command, this allows us to mark strings
for translation. We could not do this before since the help
was grabbed from the docstring.
This also depends on a new release of cliff and a bump to the
minimum level in osc's requirements.
Closes-Bug: 1636209
Depends-On: Id915f6aa7d95a0ff3dc6e2ceaac5decb3f3bf0da
Change-Id: I8673080bb5625e8e3c499feaefd42dfc7121e96f
When output to shell, the token issue time is fine; however when
selecting the json formatter (via the --format json) option, an
exception is raised when formatting the dataetime data.
Rather than pass in the datetime data, we should format the data
with the ISO 8601 formatting.
Closes-Bug: 1619937
Change-Id: Iffebb2d5413fabfd283dfa94fc560fc37270f9dd
Fix argument precedence hack
Working around issues in os-client-config <= 1.18.0
This is ugly because the issues in o-c-c 1.19.1 run even deeper
than in 1.18.0, so we're going to use 1.19.0 get_one_cloud() that
is known to work for OSC and fix o-c-c with an axe.
Remove return values for set commands
'identity provider set' and 'service provider set' were still
returning their show-like data, this is a fail for set commands
now, don't know how this ever passed before...
Constraints are ready to be used for tox.ini
Per email[1] from Andreas, we don't need to hack at install_command
any longer.
[1] http://openstack.markmail.org/thread/a4l7tokbotwqvuoh
Co-authorioed-by: Steve Martinelli <s.martinelli@gmail.com>
Depends-On: I49313dc7d4f44ec897de7a375f25b7ed864226f1
Change-Id: I426548376fc7d3cdb36501310dafd8c44d22ae30
Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
now public in osc-lib's ClientManager. Leave back-compat copies in
place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
the one in osc-lib.
Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.
This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).
This patch:
- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments
Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
if there are more than one services be found with one
name, a NoUniqueMatch exception should be raised but
we can see a NotFound Exception raised instead. It is
because in "find_service()", we use "find_resource()"
first, if "find_resource()" return a exception, we just
think it is a NotFound Exception and continue to find
by type but ignore a NoUniqueMatch exception of
"find_resource()". This patch refactor the "find_service()"
method to solve this problem.
Change-Id: Id4619092c57f276ae0698c89df0d5503b7423a4e
Co-Authored-By: Huanxuan Ao <huanxuan.ao@easystack.cn>
Closes-Bug:#1597296
Support bulk deletion for delete commands in the list below
identity/v3/consumer
identity/v3/credential
identity/v3/domain
identity/v3/ec2creds
identity/v3/endpoint
identity/v3/federation_protocol
identity/v3/identity_provider
identity/v3/mapping
identity/v3/policy
identity/v3/region
identity/v3/service_provider
identity/v3/service
The unit test in identityv3 need to be refactored, so I add
some functional tests instead. I will add all unit tests at
one time after the refactor completed.
Change-Id: I82367570f59817b47c87b6c7bfeae95ccfe5c50e
Closes-Bug: #1592906
Usually we use "(s)" to show about multi deletion in
help message. In addition, I think "EC2 credentials"
is better than "EC2 keys" in the error message.
Change-Id: I6a6461291542701d87a55d9ea0ea1fda6db04601
When an exception was caught and rethrown,
it should call 'raise' without any arguments
because it shows the place where an exception
occured initially instead of place where the exception re-raised.
Change-Id: I5fb6dea5da7fb6e1e2b339a713c7d37f8c99e407
Commands are "ec2 credentials delete", "service delete", "endpoint delete".
Also update their unit tests and functional tests.
Partial-Bug: #1592906
Change-Id: I1a0b7160b803a523646d09d030e6f112c81c4c24
Currently a user is allowed to specify either a resource ID or name
when running openstack identity comands. In some cases, when a name
is specified instead of an ID, the command will return as not able
to find the resource when it in fact does exist.
The changes here are to check the client against the token on such
requests and to extract the ID of the resource specified if enough
information exists between the two. We then use the ID associated
with the resource to complete the user requests.
Change-Id: I40713b0ded42063b786dc21247e854224b9d2fe2
Closes-Bug: #1561599
Use file logger for all command specific logs.
This patch also fixes some usage that doesn't
follow rules in:
http://docs.openstack.org/developer/oslo.i18n/guidelines.html
After this patch, all self.log and self.app.log
will be standardized to LOG().
NOTE: In shell.py, we got the log in class OpenStackShell,
which is also known as self.app.log in other classes.
This logger is used to record non-command-specific logs.
So we leave it as-is.
Change-Id: I114f73ee6c7e84593d71e724bc1ad00d343c1896
Implements: blueprint log-usage
Migrate 'change', 'update' to 'modify',
migrate 'user to delete' to 'user(s) to delete',
migrate '(name or ID)' to '(type, name or ID)'.
Change-Id: Ie425e178bb5ddf773e6e793fcd91c78e9c4a5053
<service> argument of `endpoint create` command doesn't mean
`new endpoint service`, but an existent service that the new endpoint attached to.
Change-Id: I846fdb501bdea14499f42288186f375a3b2b5951
Use osc-lib directly for exceptions.
Leave openstackclient.common.exceptions for deprecation period.
Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.
All dependant test have been updated.
Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects. The user_role_list tests failed when they
picked up an auth_ref that was a fixture. This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.
Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
Changing the password in Keystone V3 is an unscoped operation, but we
were requiring a scope.
Change-Id: If0653ac7b59320c2cd9d42a2c73dd29c3626d389
Closes-Bug: 1543222