0f749cacc2
Now, keystone has supported serverl auth method, like 'totp'. Before we use this method, we should create the credential first. And we need create it with type 'totp'. But now we cannot create credential with this method. Also, I think the type should not have constrains. We can create any type in keystone project. So, we should do these actions too. The type would be more which We cannot control. Change-Id: Ie0482da3133fb515e4bb8e45f8c54f509589cc5e Closes-bug: #1731848
229 lines
7.4 KiB
Python
229 lines
7.4 KiB
Python
# Copyright 2012-2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
"""Identity v3 Credential action implementations"""
|
|
|
|
import logging
|
|
|
|
from osc_lib.command import command
|
|
from osc_lib import exceptions
|
|
from osc_lib import utils
|
|
import six
|
|
|
|
from openstackclient.i18n import _
|
|
from openstackclient.identity import common
|
|
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class CreateCredential(command.ShowOne):
|
|
_description = _("Create new credential")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(CreateCredential, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'user',
|
|
metavar='<user>',
|
|
help=_('user that owns the credential (name or ID)'),
|
|
)
|
|
parser.add_argument(
|
|
'--type',
|
|
default="cert",
|
|
metavar='<type>',
|
|
help=_('New credential type: cert, ec2, totp and so on'),
|
|
)
|
|
parser.add_argument(
|
|
'data',
|
|
metavar='<data>',
|
|
help=_('New credential data'),
|
|
)
|
|
parser.add_argument(
|
|
'--project',
|
|
metavar='<project>',
|
|
help=_('Project which limits the scope of '
|
|
'the credential (name or ID)'),
|
|
)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
identity_client = self.app.client_manager.identity
|
|
user_id = utils.find_resource(identity_client.users,
|
|
parsed_args.user).id
|
|
if parsed_args.project:
|
|
project = utils.find_resource(identity_client.projects,
|
|
parsed_args.project).id
|
|
else:
|
|
project = None
|
|
credential = identity_client.credentials.create(
|
|
user=user_id,
|
|
type=parsed_args.type,
|
|
blob=parsed_args.data,
|
|
project=project)
|
|
|
|
credential._info.pop('links')
|
|
return zip(*sorted(six.iteritems(credential._info)))
|
|
|
|
|
|
class DeleteCredential(command.Command):
|
|
_description = _("Delete credential(s)")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(DeleteCredential, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'credential',
|
|
metavar='<credential-id>',
|
|
nargs='+',
|
|
help=_('ID of credential(s) to delete'),
|
|
)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
identity_client = self.app.client_manager.identity
|
|
result = 0
|
|
for i in parsed_args.credential:
|
|
try:
|
|
identity_client.credentials.delete(i)
|
|
except Exception as e:
|
|
result += 1
|
|
LOG.error(_("Failed to delete credentials with "
|
|
"ID '%(credential)s': %(e)s"),
|
|
{'credential': i, 'e': e})
|
|
|
|
if result > 0:
|
|
total = len(parsed_args.credential)
|
|
msg = (_("%(result)s of %(total)s credential failed "
|
|
"to delete.") % {'result': result, 'total': total})
|
|
raise exceptions.CommandError(msg)
|
|
|
|
|
|
class ListCredential(command.Lister):
|
|
_description = _("List credentials")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(ListCredential, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'--user',
|
|
metavar='<user>',
|
|
help=_('Filter credentials by <user> (name or ID)'),
|
|
)
|
|
common.add_user_domain_option_to_parser(parser)
|
|
parser.add_argument(
|
|
'--type',
|
|
metavar='<type>',
|
|
help=_('Filter credentials by type: cert, ec2, totp and so on'),
|
|
)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
kwargs = {}
|
|
if parsed_args.user:
|
|
user_id = common.find_user(
|
|
identity_client,
|
|
parsed_args.user,
|
|
parsed_args.user_domain,
|
|
).id
|
|
kwargs["user_id"] = user_id
|
|
|
|
if parsed_args.type:
|
|
kwargs["type"] = parsed_args.type
|
|
|
|
columns = ('ID', 'Type', 'User ID', 'Blob', 'Project ID')
|
|
column_headers = ('ID', 'Type', 'User ID', 'Data', 'Project ID')
|
|
data = self.app.client_manager.identity.credentials.list(**kwargs)
|
|
return (column_headers,
|
|
(utils.get_item_properties(
|
|
s, columns,
|
|
formatters={},
|
|
) for s in data))
|
|
|
|
|
|
class SetCredential(command.Command):
|
|
_description = _("Set credential properties")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(SetCredential, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'credential',
|
|
metavar='<credential-id>',
|
|
help=_('ID of credential to change'),
|
|
)
|
|
parser.add_argument(
|
|
'--user',
|
|
metavar='<user>',
|
|
required=True,
|
|
help=_('User that owns the credential (name or ID)'),
|
|
)
|
|
parser.add_argument(
|
|
'--type',
|
|
metavar='<type>',
|
|
required=True,
|
|
help=_('New credential type: cert, ec2, totp and so on'),
|
|
)
|
|
parser.add_argument(
|
|
'--data',
|
|
metavar='<data>',
|
|
required=True,
|
|
help=_('New credential data'),
|
|
)
|
|
parser.add_argument(
|
|
'--project',
|
|
metavar='<project>',
|
|
help=_('Project which limits the scope of '
|
|
'the credential (name or ID)'),
|
|
)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
user_id = utils.find_resource(identity_client.users,
|
|
parsed_args.user).id
|
|
|
|
if parsed_args.project:
|
|
project = utils.find_resource(identity_client.projects,
|
|
parsed_args.project).id
|
|
else:
|
|
project = None
|
|
|
|
identity_client.credentials.update(parsed_args.credential,
|
|
user=user_id,
|
|
type=parsed_args.type,
|
|
blob=parsed_args.data,
|
|
project=project)
|
|
|
|
|
|
class ShowCredential(command.ShowOne):
|
|
_description = _("Display credential details")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(ShowCredential, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'credential',
|
|
metavar='<credential-id>',
|
|
help=_('ID of credential to display'),
|
|
)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
identity_client = self.app.client_manager.identity
|
|
credential = utils.find_resource(identity_client.credentials,
|
|
parsed_args.credential)
|
|
|
|
credential._info.pop('links')
|
|
return zip(*sorted(six.iteritems(credential._info)))
|