updating shell and client to use KeystoneAuth
Also renaming OS_AUTH_TOKEN to OS_TOKEN to be more consistent with OpenStackClient. Minor formatting changes. Added 'env/' to gitignore. Change-Id: I2ef4e6920b75b0abe79c7fe3e1ac06d8230001e3
This commit is contained in:
parent
be016f2996
commit
d199682bd2
|
@ -18,3 +18,4 @@ stacktaskclient/versioninfo
|
|||
*.log
|
||||
.testrepository
|
||||
.pypirc
|
||||
env/
|
||||
|
|
|
@ -9,7 +9,7 @@ PrettyTable<0.8,>=0.7
|
|||
oslo.i18n>=2.1.0
|
||||
oslo.serialization>=1.10.0
|
||||
oslo.utils>=3.16.0
|
||||
python-keystoneclient>=3.4.0
|
||||
keystoneauth1>=2.11.0
|
||||
PyYAML>=3.10.0
|
||||
requests>=2.10.0
|
||||
six>=1.9.0
|
||||
|
|
|
@ -30,7 +30,7 @@ from stacktaskclient.common import utils
|
|||
from stacktaskclient import exc
|
||||
from stacktaskclient.openstack.common._i18n import _
|
||||
from stacktaskclient.openstack.common._i18n import _LW
|
||||
from keystoneclient import adapter
|
||||
from keystoneauth1 import adapter
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
USER_AGENT = 'python-stacktaskclient'
|
||||
|
|
|
@ -23,13 +23,9 @@ import sys
|
|||
from oslo_utils import encodeutils
|
||||
from oslo_utils import importutils
|
||||
import six
|
||||
import six.moves.urllib.parse as urlparse
|
||||
|
||||
from keystoneclient.auth.identity import v2 as v2_auth
|
||||
from keystoneclient.auth.identity import v3 as v3_auth
|
||||
from keystoneclient import discover
|
||||
from keystoneclient import exceptions as ks_exc
|
||||
from keystoneclient import session as kssession
|
||||
from keystoneauth1.identity import generic
|
||||
from keystoneauth1 import session as kssession
|
||||
|
||||
import stacktaskclient
|
||||
from stacktaskclient import client as stacktask_client
|
||||
|
@ -204,13 +200,13 @@ class StacktaskShell(object):
|
|||
parser.add_argument('--os_region_name', help=argparse.SUPPRESS)
|
||||
|
||||
parser.add_argument(
|
||||
'--os-auth-token',
|
||||
default=utils.env('OS_AUTH_TOKEN'),
|
||||
'--os-token',
|
||||
default=utils.env('OS_TOKEN'),
|
||||
help=_('Defaults to %(value)s.') % {
|
||||
'value': 'env[OS_AUTH_TOKEN]'
|
||||
'value': 'env[OS_TOKEN]'
|
||||
})
|
||||
|
||||
parser.add_argument('--os_auth_token', help=argparse.SUPPRESS)
|
||||
parser.add_argument('--os_token', help=argparse.SUPPRESS)
|
||||
|
||||
parser.add_argument(
|
||||
'--os-service-type',
|
||||
|
@ -367,40 +363,11 @@ class StacktaskShell(object):
|
|||
if verbose:
|
||||
exc.verbose = 1
|
||||
|
||||
def _discover_auth_versions(self, session, auth_url):
|
||||
# discover the API versions the server is supporting base on the
|
||||
# given URL
|
||||
v2_auth_url = None
|
||||
v3_auth_url = None
|
||||
try:
|
||||
ks_discover = discover.Discover(session=session, auth_url=auth_url)
|
||||
v2_auth_url = ks_discover.url_for('2.0')
|
||||
v3_auth_url = ks_discover.url_for('3.0')
|
||||
except ks_exc.ClientException:
|
||||
# Identity service may not support discover API version.
|
||||
# Lets trying to figure out the API version from the original URL.
|
||||
url_parts = urlparse.urlparse(auth_url)
|
||||
(scheme, netloc, path, params, query, fragment) = url_parts
|
||||
path = path.lower()
|
||||
if path.startswith('/v3'):
|
||||
v3_auth_url = auth_url
|
||||
elif path.startswith('/v2'):
|
||||
v2_auth_url = auth_url
|
||||
else:
|
||||
# not enough information to determine the auth version
|
||||
msg = _('Unable to determine the Keystone version '
|
||||
'to authenticate with using the given '
|
||||
'auth_url. Identity service may not support API '
|
||||
'version discovery. Please provide a versioned '
|
||||
'auth_url instead.')
|
||||
raise exc.CommandError(msg)
|
||||
|
||||
return (v2_auth_url, v3_auth_url)
|
||||
|
||||
def _get_keystone_session(self, **kwargs):
|
||||
# first create a Keystone session
|
||||
cacert = kwargs.pop('cacert', None)
|
||||
cert = kwargs.pop('cert', None)
|
||||
key = kwargs.pop('key', None)
|
||||
insecure = kwargs.pop('insecure', False)
|
||||
timeout = kwargs.pop('timeout', None)
|
||||
verify = kwargs.pop('verify', None)
|
||||
|
@ -410,69 +377,13 @@ class StacktaskShell(object):
|
|||
verify = False
|
||||
else:
|
||||
verify = cacert or True
|
||||
if cert and key:
|
||||
# passing cert and key together is deprecated in favour of the
|
||||
# requests lib form of having the cert and key as a tuple
|
||||
cert = (cert, key)
|
||||
|
||||
return kssession.Session(verify=verify, cert=cert, timeout=timeout)
|
||||
|
||||
def _get_keystone_v3_auth(self, v3_auth_url, **kwargs):
|
||||
auth_token = kwargs.pop('auth_token', None)
|
||||
if auth_token:
|
||||
return v3_auth.Token(v3_auth_url, auth_token)
|
||||
else:
|
||||
return v3_auth.Password(v3_auth_url, **kwargs)
|
||||
|
||||
def _get_keystone_v2_auth(self, v2_auth_url, **kwargs):
|
||||
auth_token = kwargs.pop('auth_token', None)
|
||||
tenant_id = kwargs.pop('project_id', None)
|
||||
tenant_name = kwargs.pop('project_name', None)
|
||||
if auth_token:
|
||||
return v2_auth.Token(v2_auth_url, auth_token,
|
||||
tenant_id=tenant_id,
|
||||
tenant_name=tenant_name)
|
||||
else:
|
||||
return v2_auth.Password(v2_auth_url,
|
||||
username=kwargs.pop('username', None),
|
||||
password=kwargs.pop('password', None),
|
||||
tenant_id=tenant_id,
|
||||
tenant_name=tenant_name)
|
||||
|
||||
def _get_keystone_auth(self, session, auth_url, **kwargs):
|
||||
# FIXME(dhu): this code should come from keystoneclient
|
||||
|
||||
# discover the supported keystone versions using the given url
|
||||
(v2_auth_url, v3_auth_url) = self._discover_auth_versions(
|
||||
session=session,
|
||||
auth_url=auth_url)
|
||||
|
||||
# Determine which authentication plugin to use. First inspect the
|
||||
# auth_url to see the supported version. If both v3 and v2 are
|
||||
# supported, then use the highest version if possible.
|
||||
auth = None
|
||||
if v3_auth_url and v2_auth_url:
|
||||
user_domain_name = kwargs.get('user_domain_name', None)
|
||||
user_domain_id = kwargs.get('user_domain_id', None)
|
||||
project_domain_name = kwargs.get('project_domain_name', None)
|
||||
project_domain_id = kwargs.get('project_domain_id', None)
|
||||
|
||||
# support both v2 and v3 auth. Use v3 if domain information is
|
||||
# provided.
|
||||
if (user_domain_name or user_domain_id or project_domain_name or
|
||||
project_domain_id):
|
||||
auth = self._get_keystone_v3_auth(v3_auth_url, **kwargs)
|
||||
else:
|
||||
auth = self._get_keystone_v2_auth(v2_auth_url, **kwargs)
|
||||
elif v3_auth_url:
|
||||
# support only v3
|
||||
auth = self._get_keystone_v3_auth(v3_auth_url, **kwargs)
|
||||
elif v2_auth_url:
|
||||
# support only v2
|
||||
auth = self._get_keystone_v2_auth(v2_auth_url, **kwargs)
|
||||
else:
|
||||
raise exc.CommandError(_('Unable to determine the Keystone '
|
||||
'version to authenticate with using the '
|
||||
'given auth_url.'))
|
||||
|
||||
return auth
|
||||
|
||||
def main(self, argv):
|
||||
# Parse args once to find version
|
||||
parser = self.get_base_parser()
|
||||
|
@ -502,27 +413,27 @@ class StacktaskShell(object):
|
|||
self.do_bash_completion(args)
|
||||
return 0
|
||||
|
||||
if not args.os_username and not args.os_auth_token:
|
||||
if not args.os_username and not args.os_token:
|
||||
raise exc.CommandError(
|
||||
_("You must provide a username via"
|
||||
" either --os-username or env[OS_USERNAME]"
|
||||
" or a token via --os-auth-token or"
|
||||
" env[OS_AUTH_TOKEN]"))
|
||||
_("You must provide a username via either "
|
||||
"--os-username or env[OS_USERNAME] "
|
||||
"or a token via --os-token or "
|
||||
"env[OS_TOKEN]"))
|
||||
|
||||
if not args.os_password and not args.os_auth_token:
|
||||
if not args.os_password and not args.os_token:
|
||||
raise exc.CommandError(
|
||||
_("You must provide a password via"
|
||||
" either --os-password or env[OS_PASSWORD]"
|
||||
" or a token via --os-auth-token or"
|
||||
" env[OS_AUTH_TOKEN]"))
|
||||
_("You must provide a password via either "
|
||||
"--os-password or env[OS_PASSWORD] "
|
||||
"or a token via --os-token or "
|
||||
"env[OS_TOKEN]"))
|
||||
|
||||
if args.os_no_client_auth:
|
||||
if not args.bypass_url:
|
||||
raise exc.CommandError(
|
||||
_("If you specify --os-no-client-auth"
|
||||
" you must also specify a Stacktask API"
|
||||
" URL via either --bypass-url or"
|
||||
" env[STACKTASK_BYPASS_URL]"))
|
||||
_("If you specify --os-no-client-auth "
|
||||
"you must also specify a Stacktask API "
|
||||
"URL via either --bypass-url or "
|
||||
"env[STACKTASK_BYPASS_URL]"))
|
||||
else:
|
||||
# Tenant/project name or ID is needed to make keystoneclient
|
||||
# retrieve a service catalog, it's not required if
|
||||
|
@ -531,22 +442,18 @@ class StacktaskShell(object):
|
|||
if not (args.os_tenant_id or args.os_tenant_name or
|
||||
args.os_project_id or args.os_project_name):
|
||||
raise exc.CommandError(
|
||||
_("You must provide a tenant id via"
|
||||
" either --os-tenant-id or"
|
||||
" env[OS_TENANT_ID] or a tenant name"
|
||||
" via either --os-tenant-name or"
|
||||
" env[OS_TENANT_NAME] or a project id"
|
||||
" via either --os-project-id or"
|
||||
" env[OS_PROJECT_ID] or a project"
|
||||
" name via either --os-project-name or"
|
||||
" env[OS_PROJECT_NAME]"))
|
||||
_("You must provide a tenant id via either "
|
||||
"--os-tenant-id or env[OS_TENANT_ID] or a tenant name "
|
||||
"via either --os-tenant-name or env[OS_TENANT_NAME] "
|
||||
"or a project id via either --os-project-id or "
|
||||
"env[OS_PROJECT_ID] or a project name via "
|
||||
"either --os-project-name or env[OS_PROJECT_NAME]"))
|
||||
|
||||
if not args.os_auth_url:
|
||||
raise exc.CommandError(
|
||||
_("You must provide an auth url via"
|
||||
" either --os-auth-url or via"
|
||||
" env[OS_AUTH_URL]"))
|
||||
|
||||
_("You must provide an auth url via "
|
||||
"either --os-auth-url or via "
|
||||
"env[OS_AUTH_URL]"))
|
||||
kwargs = {
|
||||
'insecure': args.insecure,
|
||||
'cacert': args.os_cacert,
|
||||
|
@ -564,31 +471,36 @@ class StacktaskShell(object):
|
|||
'username': args.os_username,
|
||||
'password': args.os_password,
|
||||
'auth_url': args.os_auth_url,
|
||||
'token': args.os_auth_token,
|
||||
'token': args.os_token,
|
||||
'include_pass': None, # args.include_password,
|
||||
'insecure': args.insecure,
|
||||
'timeout': args.api_timeout
|
||||
}
|
||||
else:
|
||||
keystone_session = self._get_keystone_session(**kwargs)
|
||||
project_id = args.os_project_id or args.os_tenant_id
|
||||
project_name = args.os_project_name or args.os_tenant_name
|
||||
endpoint_type = args.os_endpoint_type or 'publicURL'
|
||||
kwargs = {
|
||||
'username': args.os_username,
|
||||
'user_id': args.os_user_id,
|
||||
'user_domain_id': args.os_user_domain_id,
|
||||
'user_domain_name': args.os_user_domain_name,
|
||||
'password': args.os_password,
|
||||
'auth_token': args.os_auth_token,
|
||||
'project_id': project_id,
|
||||
'project_name': project_name,
|
||||
'project_domain_id': args.os_project_domain_id,
|
||||
'project_domain_name': args.os_project_domain_name,
|
||||
}
|
||||
keystone_auth = self._get_keystone_auth(keystone_session,
|
||||
args.os_auth_url,
|
||||
**kwargs)
|
||||
if args.os_token:
|
||||
kwargs = {
|
||||
'token': args.os_token,
|
||||
'auth_url': args.os_auth_url
|
||||
}
|
||||
keystone_auth = generic.Token(**kwargs)
|
||||
else:
|
||||
project_id = args.os_project_id or args.os_tenant_id
|
||||
project_name = args.os_project_name or args.os_tenant_name
|
||||
kwargs = {
|
||||
'username': args.os_username,
|
||||
'user_id': args.os_user_id,
|
||||
'user_domain_id': args.os_user_domain_id,
|
||||
'user_domain_name': args.os_user_domain_name,
|
||||
'password': args.os_password,
|
||||
'auth_url': args.os_auth_url,
|
||||
'project_id': project_id,
|
||||
'project_name': project_name,
|
||||
'project_domain_id': args.os_project_domain_id,
|
||||
'project_domain_name': args.os_project_domain_name,
|
||||
}
|
||||
keystone_auth = generic.Password(**kwargs)
|
||||
if not endpoint:
|
||||
svc_type = service_type
|
||||
region_name = args.os_region_name
|
||||
|
|
Loading…
Reference in New Issue