This replaces the restapi requests wrapper with the one from Keystone client so
we can take advantage of the auth plugins.
As a first step only the v2 and v3 token and password plugins are supported.
This maintainis no changes to the command options or environment variables.
The next steps will include reworking the other API client interfaces to
fully utilize the single auth session.
Blueprint: ksc-session-auth
Change-Id: I47ec63291e4c3cf36c8061299a4764f60b36ab89
This new action will allow a user to change their own password by
either providing the new password as an argument (--password) or by
being prompted to enter the new password.
In both cases user will be prompted to enter their current password
as required by the v3 API.
Closes-Bug: #1337245
Change-Id: I5e1e0fd2b46a4502318da57f7cce2b236fb2d93d
identity_client.identity_providers doesn't exist as a manager. These are
located at identity_client.federation.identity_providers. Fix the
routes.
Also fix passing id to .create() as a positional argument. This is not
allowed from keystoneclient it should be passed as a keyword argument.
Change-Id: I912c27fcee58b0723e27e9147def2cbd1c62c288
Domain administrator cannot do project operations because the
require access to the domain API (which they don't have). When
attempting to find a domain for project operations, ignore errors
because the API returns nothing without indicating there is a
problem. The domain administrators will have to use a domain id,
but they will still be able to do project operations. If the user
does not have permission to read the domain table, they cannot
use domain names.
Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752
Closes-Bug: #1317478
Closes-Bug: #1317485
Complete the 'group list' and 'user list' filter options following
the refactor in https://review.openstack.org/69878
Change-Id: Ib4af417c56d4f7da4b88852f191af615cc7fa2ec
The keystoneclient code for oauth1 support has changed.
As such, we should remove the delete, list and authenticate
functions, since they are not in keystoneclient.
Also, we must now pass in the project id when creating a
request token. Additionally we must now pass in roles
when authorizing a request token.
Added functional tests to ensure output and input args
are the same.
bp add-oauth-support
Change-Id: I559c18a73ad95a0c8b7a6a95f463b78334186f61
Currently parts of user list and group list command are actually
functioning as role listing, which is quite counter intuitive and
misleading.
This refactor change move role related logic to a single place of role
list command. It now allows role grants listing for user/group +
domain/project combinations.
If no user or group specified, it will list all roles in the system,
which is the default behaviour.
Change-Id: I4ced6df4b76f018d01000d28b4281ad9f252ffcc
- Add support in the common section for extension list. This only
supports Identity for now. Once the APIs for volume and compute
are supported in the respective APIs, they will be added. Once
network is added to this client, it will be added (the API already
supports it).
- Include extension fakes for volume and compute for pre-enablement.
Change-Id: Iebb0156a779887d2ab06488a2a27b70b56369376
Closes-Bug: #1319115
The assignments manager and its test class were created.
Some fake stubs were also added on the fakes.py module.
The "openstack role assignment list" command was created.
Change-Id: Iae94f4fee608ea3e09ff38961ad22edc38efb89c
Implements: blueprint roles-assignment-list
Closes-Bug: 1246310
Identity v2 has undocumented support for token delete and
keystoneclient also has support.
Change-Id: Ib98d17958ceb88f7b63471691dee71fdb884ce2e
Closes-Bug: #1318442
Keystoneclient has added the positional decorator which emits a warning
if arguments aren't passed by keyword. This means we are getting
warnings in certain places in openstackclient.
Change-Id: Ic5446cd6f122cbb56fce543011386d53bc31fe18
Closes-Bug: #1302199
The --project option to the user list command was not implemented
* Allow users to be filted by project
* Support id or name of project with the find_resource command
* Make sure the report does not contain duplicates
Change-Id: Ic0e10cccd7749d38a7d4b80bbdc68e61a660084b
Closes-Bug: #1177255
The underlying keystoneclient interface allows filtering by domain,
so support it in the cli interface because it makes project list
much nicer to use in a multi-domain deployment.
Change-Id: If3f5cf1205c1e9cf314f8286a3ae81bda4456b8f
Closes-Bug: #1289513
Add supporto of extra key value pairs for projects (aka tenants)
* Added option --property key=value to create and set commands
* Support for versions v2 and v3
Change-Id: I84064b8b308579d1b66c83b1ed3d1a37614ec087
Closes-Bug: #1220280
* Add get_password method to the utilities
* Add --password-prompt option
* Call the get_password method if a prompt is requested
* Various tests
Change-Id: I1786ad531e2a2fbcc21b8bc86aac0ccd7985995a
Closes-Bug: 1100116
Implements token create subcommand which is an equivalent of keystone
token-get command. Original "wrap" parameter for keystone token-get is
not implemented yet due to cliff Bug #1269299
This is a part of: blueprint add-identity-token-support
Change-Id: I2255021c9d1f10f757686583b1ebe40b5f3a9ecb
Implements token create subcommand which is an equivalent of keystone
token-get command. Original "wrap" parameter for keystone token-get is
not implemented yet due to cliff Bug #1269299
This is a part of: blueprint add-identity-token-support
Change-Id: I9e4de93306f2f5959717b5219621da03961524d8
This finally gets all of the API tests into a common framework regarding
test classes and so forth.
Change-Id: If675347129c50dcba0bfc5b6c58f5a2ca57ff46c
* Add project, user, role and service v3 tests
* Fix issues in commands with enable/disable
* Make commands and tests more consistent between versions
* Make formatting and comments more consistent
Change-Id: Id21e7a5abd7e421a7742f937861ec46b53095fc7
* Split identity/fakes.py for v2_0 and v3
* Split identity/test_identity.py for v2_0 and v3
* Fix issues in commands with enable/disable
* Clean up v2 commands
Change-Id: I6e536b6a130fc556dbd7dcf9f2e76d939ca1bc1c
* Add current auth info (auth_ref) to ClientManager
* Fix identity.v2_0.role.ListUserRole to get default user/project
from ClientManager.auth_ref
* Fix identity.v2_0.role.AddRole call to roles.add_user_role()
Change-Id: Ie8bf41c491d97b0292a2b86bdc9b7580989a7f97
* Move fake data structures into tests/identity/fakes.py
* Use fake clients correctly and support multiple client versions
Change-Id: Icacbb2ca740b63937bd2c4442af61b620638b53e
* implement Identity command tests for v2 user
Also re-work the user create and set commands for exclusive options
(--enable|--disable) to actually behave properly. Yay tests!
Change-Id: Ie1ec2569b3d85a9d556ee70f2e8f69fd2a3c03c8
* establish the the form of cliff command classes
* implement some common fake objects
* implement Identity command tests for v2 project
* fix stdout/stderr capture
Also re-work the project create and set commands for exclusive options
(--enable|--disable) to actually behave properly. Yay tests!
Change-Id: Icbb313db544c1f8dd3c9af7709971838b5a4d115
There are several reasons for this. One is that the majority of
OpenStack packages behave this way. The second is that it makes writing
software that extends something easier to test (which is a clear usecase
for openstackclient) And third, tests/__init__.py implies a global
package named "tests" - which I'm pretty sure we're not providing.
Change-Id: Ic708ffd92aea78c2ffc1a8579af0587af4fca4ff