257 lines
9.2 KiB
Python
257 lines
9.2 KiB
Python
#!/usr/bin/env python
|
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2010 United States Government as represented by the
|
|
# Administrator of the National Aeronautics and Space Administration.
|
|
# Copyright 2011 OpenStack LLC.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""
|
|
Keystone Identity Server - CLI Management Interface
|
|
"""
|
|
|
|
import sys
|
|
import logging
|
|
import optparse
|
|
|
|
import keystone
|
|
from keystone.common import config
|
|
from keystone.manage import api
|
|
import keystone.backends as db
|
|
|
|
|
|
class RaisingOptionParser(optparse.OptionParser):
|
|
def error(self, msg):
|
|
self.print_usage(sys.stderr)
|
|
raise optparse.OptParseError(msg)
|
|
|
|
|
|
def parse_args(args=None):
|
|
usage = "usage: %prog [options] type command [id [attributes]]"
|
|
|
|
# Initialize a parser for our configuration paramaters
|
|
parser = RaisingOptionParser(usage, version='%%prog %s'
|
|
% keystone.version())
|
|
_common_group = config.add_common_options(parser)
|
|
config.add_log_options(parser)
|
|
|
|
# Parse command-line and load config
|
|
(options, args) = config.parse_options(parser, args)
|
|
_config_file, conf = config.load_paste_config('admin', options, args)
|
|
|
|
config.setup_logging(options, conf)
|
|
|
|
db.configure_backends(conf.global_conf)
|
|
|
|
return args
|
|
|
|
|
|
def process(*args):
|
|
"""
|
|
Usage: keystone-manage [options] type command [id [attributes]]
|
|
type : role, tenant, user, token, endpoint, endpointTemplates
|
|
command : add, list, disable, delete, grant, revoke
|
|
id : name or id
|
|
attributes : depending on type...
|
|
users : password, tenant
|
|
tokens : user, tenant, expiration
|
|
|
|
role list [tenant] will list roles granted on that tenant
|
|
|
|
options
|
|
-c | --config-file : config file to use
|
|
-d | --debug : debug mode
|
|
|
|
Example: keystone-manage user add Admin P@ssw0rd
|
|
"""
|
|
# Check arguments
|
|
if len(args) == 0:
|
|
raise optparse.OptParseError(
|
|
'No obj type specified for first argument')
|
|
|
|
object_type = args[0]
|
|
if object_type not in ['user', 'tenant', 'role', 'service',
|
|
'endpointTemplates', 'token', 'endpoint', 'credentials']:
|
|
raise optparse.OptParseError(
|
|
'%s is not a supported obj type' % object_type)
|
|
|
|
if len(args) == 1:
|
|
raise optparse.OptParseError(
|
|
'No command specified for second argument')
|
|
command = args[1]
|
|
if command not in ['add', 'list', 'disable', 'delete', 'grant', 'revoke']:
|
|
raise optparse.OptParseError('add, disable, delete, and list are the '
|
|
'only supported commands (right now)')
|
|
|
|
if len(args) == 2:
|
|
if command != 'list':
|
|
raise optparse.OptParseError('No id specified for third argument')
|
|
if len(args) > 2:
|
|
object_id = args[2]
|
|
|
|
# Helper functions
|
|
|
|
def require_args(args, min, msg):
|
|
"""Ensure there are at least `min` arguments"""
|
|
if len(args) < min:
|
|
raise optparse.OptParseError(msg)
|
|
|
|
optional_arg = (lambda args, x: len(args) > x and args[x] or None)
|
|
|
|
def print_table(header_row, rows):
|
|
"""Prints a lists of lists as table in a human readable format"""
|
|
print "\t".join(header_row)
|
|
print '-' * 79
|
|
rows = [[str(col) for col in row] for row in rows]
|
|
print "\n".join(["\t".join(row) for row in rows])
|
|
|
|
# Execute command
|
|
|
|
if (object_type, command) == ('user', 'add'):
|
|
require_args(args, 4, 'No password specified for fourth argument')
|
|
if api.add_user(name=object_id, password=args[3],
|
|
tenant=optional_arg(args, 4)):
|
|
print "SUCCESS: User %s created." % object_id
|
|
|
|
elif (object_type, command) == ('user', 'disable'):
|
|
if api.disable_user(name=object_id):
|
|
print "SUCCESS: User %s disabled." % object_id
|
|
|
|
elif (object_type, command) == ('user', 'list'):
|
|
print_table(('id', 'enabled', 'tenant'), api.list_users())
|
|
|
|
elif (object_type, command) == ('tenant', 'add'):
|
|
if api.add_tenant(name=object_id):
|
|
print "SUCCESS: Tenant %s created." % object_id
|
|
|
|
elif (object_type, command) == ('tenant', 'list'):
|
|
print_table(('id', 'name', 'enabled'), api.list_tenants())
|
|
|
|
elif (object_type, command) == ('tenant', 'disable'):
|
|
if api.disable_tenant(name=object_id):
|
|
print "SUCCESS: Tenant %s disabled." % object_id
|
|
|
|
elif (object_type, command) == ('role', 'add'):
|
|
if api.add_role(name=object_id):
|
|
print "SUCCESS: Role %s created successfully." % object_id
|
|
|
|
elif (object_type, command) == ('role', 'list'):
|
|
tenant = optional_arg(args, 2)
|
|
if tenant:
|
|
# print with users
|
|
print 'Role assignments for tenant %s' % tenant
|
|
print_table(('User', 'Role'), api.list_roles(tenant=tenant))
|
|
else:
|
|
# print without tenants
|
|
print_table(('id', 'name'), api.list_roles())
|
|
|
|
elif (object_type, command) == ('role', 'grant'):
|
|
require_args(args, 4, "Missing arguments: role grant 'role' 'user' "
|
|
"'tenant (optional)'")
|
|
tenant = optional_arg(args, 4)
|
|
if api.grant_role(object_id, args[3], tenant):
|
|
print("SUCCESS: Granted %s the %s role on %s." %
|
|
(object_id, args[3], tenant))
|
|
|
|
elif (object_type, command) == ('endpointTemplates', 'add'):
|
|
require_args(args, 9, "Missing arguments: endpointTemplates add "
|
|
"'region' 'service' 'publicURL' 'adminURL' 'internalURL' "
|
|
"'enabled' 'global'")
|
|
if api.add_endpoint_template(region=args[2], service=args[3],
|
|
public_url=args[4], admin_url=args[5], internal_url=args[6],
|
|
enabled=args[7], is_global=args[8]):
|
|
print("SUCCESS: Created EndpointTemplates for %s pointing to %s." %
|
|
(args[3], args[4]))
|
|
|
|
elif (object_type, command) == ('endpointTemplates', 'list'):
|
|
tenant = optional_arg(args, 2)
|
|
if tenant:
|
|
print 'Endpoints for tenant %s' % tenant
|
|
print_table(('service', 'region', 'Public URL'),
|
|
api.list_tenant_endpoints())
|
|
else:
|
|
print 'All EndpointTemplates'
|
|
print_table(('service', 'region', 'Public URL'),
|
|
api.list_endpoint_templates())
|
|
|
|
elif (object_type, command) == ('endpoint', 'add'):
|
|
require_args(args, 4, "Missing arguments: endPoint add tenant "
|
|
"endPointTemplate")
|
|
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
|
|
print("SUCCESS: Endpoint %s added to tenant %s." %
|
|
(args[3], args[2]))
|
|
|
|
elif (object_type, command) == ('token', 'add'):
|
|
require_args(args, 6, 'Creating a token requires a token id, user, '
|
|
'tenant, and expiration')
|
|
if api.add_token(token=object_id, user=args[3], tenant=args[4],
|
|
expires=args[5]):
|
|
print "SUCCESS: Token %s created." % (object_id,)
|
|
|
|
elif (object_type, command) == ('token', 'list'):
|
|
print_table(('token', 'user', 'expiration', 'tenant'),
|
|
api.list_tokens())
|
|
|
|
elif (object_type, command) == ('token', 'delete'):
|
|
if api.delete_token(token=object_id):
|
|
print 'SUCCESS: Token %s deleted.' % (object_id,)
|
|
|
|
elif (object_type, command) == ('service', 'add'):
|
|
require_args(args, 4, "Missing arguments: service add name "
|
|
"type")
|
|
type = optional_arg(args, 3)
|
|
desc = optional_arg(args, 4)
|
|
if api.add_service(name=object_id, type=type, desc=desc):
|
|
print "SUCCESS: Service %s created successfully." % (object_id,)
|
|
|
|
elif (object_type, command) == ('service', 'list'):
|
|
print_table(('id', 'name', 'type'), api.list_services())
|
|
|
|
elif (object_type, command) == ('credentials', 'add'):
|
|
require_args(args, 6, 'Creating a credentials requires a type, key, '
|
|
'secret, and tenant_id (id is user_id)')
|
|
if api.add_credentials(user=object_id, type=args[3], key=args[4],
|
|
secrete=args[5], tenant=optional_arg(args, 6)):
|
|
print "SUCCESS: Credentials %s created." % object_id
|
|
|
|
else:
|
|
# Command not handled
|
|
print ("ERROR: unrecognized command %s %s" % (object_type, command))
|
|
|
|
|
|
def main(args=None):
|
|
try:
|
|
process(*parse_args(args))
|
|
except optparse.OptParseError as exc:
|
|
print >> sys.stderr, exc
|
|
sys.exit(2)
|
|
except Exception as exc:
|
|
try:
|
|
info = exc.args[1]
|
|
except IndexError:
|
|
print "ERROR: %s" % (exc,)
|
|
logging.error(str(exc))
|
|
else:
|
|
print "ERROR: %s: %s" % (exc.args[0], info)
|
|
logging.error(exc.args[0], exc_info=info)
|
|
raise exc
|
|
|
|
|
|
if __name__ == '__main__':
|
|
try:
|
|
main()
|
|
except Exception as exc:
|
|
sys.exit(1)
|