Change --os-auth-plugin to --os-auth-type
User's don't know what a plugin is. * Internally, os_auth_type and/or auth_type represents what the user supplied. * auth_plugin_name is the name of the selected plugin * auth_plugin is the actual plugin object Plugin selection process: * if --os-auth-type is supplied: * if it matches against an available plugin, done * (if it can map to an availble plugin type, done; TODO in a followup) * if --os-auth-type is not supplied: * if --os-url and --os-token are supplied, select 'token_endpoint' * if --os-username supplied, select identity_api_version + 'password' * if --os-token supplied, select identity_api_version + 'token' Change-Id: Ice4535214e311ebf924087cf77f6d84d76f5f3ee
This commit is contained in:
parent
f766bca5f9
commit
a9ad5cfcda
@ -36,8 +36,6 @@ PLUGIN_LIST = stevedore.ExtensionManager(
|
|||||||
invoke_on_load=False,
|
invoke_on_load=False,
|
||||||
propagate_map_exceptions=True,
|
propagate_map_exceptions=True,
|
||||||
)
|
)
|
||||||
# TODO(dtroyer): add some method to list the plugins for the
|
|
||||||
# --os_auth_plugin option
|
|
||||||
|
|
||||||
# Get the command line options so the help action has them available
|
# Get the command line options so the help action has them available
|
||||||
OPTIONS_LIST = {}
|
OPTIONS_LIST = {}
|
||||||
@ -56,50 +54,53 @@ for plugin in PLUGIN_LIST:
|
|||||||
|
|
||||||
|
|
||||||
def select_auth_plugin(options):
|
def select_auth_plugin(options):
|
||||||
"""If no auth plugin was specified, pick one based on other options"""
|
"""Pick an auth plugin based on --os-auth-type or other options"""
|
||||||
|
|
||||||
|
auth_plugin_name = None
|
||||||
|
|
||||||
|
if options.os_auth_type in [plugin.name for plugin in PLUGIN_LIST]:
|
||||||
|
# A direct plugin name was given, use it
|
||||||
|
return options.os_auth_type
|
||||||
|
|
||||||
auth_plugin = None
|
|
||||||
if options.os_url and options.os_token:
|
if options.os_url and options.os_token:
|
||||||
# service token authentication
|
# service token authentication
|
||||||
auth_plugin = 'token_endpoint'
|
auth_plugin_name = 'token_endpoint'
|
||||||
elif options.os_username:
|
elif options.os_username:
|
||||||
if options.os_identity_api_version == '3':
|
if options.os_identity_api_version == '3':
|
||||||
auth_plugin = 'v3password'
|
auth_plugin_name = 'v3password'
|
||||||
elif options.os_identity_api_version == '2.0':
|
elif options.os_identity_api_version == '2.0':
|
||||||
auth_plugin = 'v2password'
|
auth_plugin_name = 'v2password'
|
||||||
else:
|
else:
|
||||||
# let keystoneclient figure it out itself
|
# let keystoneclient figure it out itself
|
||||||
auth_plugin = 'password'
|
auth_plugin_name = 'password'
|
||||||
elif options.os_token:
|
elif options.os_token:
|
||||||
if options.os_identity_api_version == '3':
|
if options.os_identity_api_version == '3':
|
||||||
auth_plugin = 'v3token'
|
auth_plugin_name = 'v3token'
|
||||||
elif options.os_identity_api_version == '2.0':
|
elif options.os_identity_api_version == '2.0':
|
||||||
auth_plugin = 'v2token'
|
auth_plugin_name = 'v2token'
|
||||||
else:
|
else:
|
||||||
# let keystoneclient figure it out itself
|
# let keystoneclient figure it out itself
|
||||||
auth_plugin = 'token'
|
auth_plugin_name = 'token'
|
||||||
else:
|
else:
|
||||||
raise exc.CommandError(
|
raise exc.CommandError(
|
||||||
"Could not figure out which authentication method "
|
"Authentication type must be selected with --os-auth-type"
|
||||||
"to use, please set --os-auth-plugin"
|
|
||||||
)
|
)
|
||||||
LOG.debug("No auth plugin selected, picking %s from other "
|
LOG.debug("Auth plugin %s selected" % auth_plugin_name)
|
||||||
"options" % auth_plugin)
|
return auth_plugin_name
|
||||||
return auth_plugin
|
|
||||||
|
|
||||||
|
|
||||||
def build_auth_params(cmd_options):
|
def build_auth_params(auth_plugin_name, cmd_options):
|
||||||
auth_params = {}
|
auth_params = {}
|
||||||
if cmd_options.os_auth_plugin:
|
if auth_plugin_name:
|
||||||
LOG.debug('auth_plugin: %s', cmd_options.os_auth_plugin)
|
LOG.debug('auth_type: %s', auth_plugin_name)
|
||||||
auth_plugin = base.get_plugin_class(cmd_options.os_auth_plugin)
|
auth_plugin_class = base.get_plugin_class(auth_plugin_name)
|
||||||
plugin_options = auth_plugin.get_options()
|
plugin_options = auth_plugin_class.get_options()
|
||||||
for option in plugin_options:
|
for option in plugin_options:
|
||||||
option_name = 'os_' + option.dest
|
option_name = 'os_' + option.dest
|
||||||
LOG.debug('fetching option %s' % option_name)
|
LOG.debug('fetching option %s' % option_name)
|
||||||
auth_params[option.dest] = getattr(cmd_options, option_name, None)
|
auth_params[option.dest] = getattr(cmd_options, option_name, None)
|
||||||
# grab tenant from project for v2.0 API compatibility
|
# grab tenant from project for v2.0 API compatibility
|
||||||
if cmd_options.os_auth_plugin.startswith("v2"):
|
if auth_plugin_name.startswith("v2"):
|
||||||
auth_params['tenant_id'] = getattr(
|
auth_params['tenant_id'] = getattr(
|
||||||
cmd_options,
|
cmd_options,
|
||||||
'os_project_id',
|
'os_project_id',
|
||||||
@ -111,14 +112,14 @@ def build_auth_params(cmd_options):
|
|||||||
None,
|
None,
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
LOG.debug('no auth_plugin')
|
LOG.debug('no auth_type')
|
||||||
# delay the plugin choice, grab every option
|
# delay the plugin choice, grab every option
|
||||||
plugin_options = set([o.replace('-', '_') for o in OPTIONS_LIST])
|
plugin_options = set([o.replace('-', '_') for o in OPTIONS_LIST])
|
||||||
for option in plugin_options:
|
for option in plugin_options:
|
||||||
option_name = 'os_' + option
|
option_name = 'os_' + option
|
||||||
LOG.debug('fetching option %s' % option_name)
|
LOG.debug('fetching option %s' % option_name)
|
||||||
auth_params[option] = getattr(cmd_options, option_name, None)
|
auth_params[option] = getattr(cmd_options, option_name, None)
|
||||||
return auth_params
|
return (auth_plugin_class, auth_params)
|
||||||
|
|
||||||
|
|
||||||
def build_auth_plugins_option_parser(parser):
|
def build_auth_plugins_option_parser(parser):
|
||||||
@ -130,15 +131,12 @@ def build_auth_plugins_option_parser(parser):
|
|||||||
"""
|
"""
|
||||||
available_plugins = [plugin.name for plugin in PLUGIN_LIST]
|
available_plugins = [plugin.name for plugin in PLUGIN_LIST]
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--os-auth-plugin',
|
'--os-auth-type',
|
||||||
metavar='<OS_AUTH_PLUGIN>',
|
metavar='<auth-type>',
|
||||||
default=utils.env('OS_AUTH_PLUGIN'),
|
default=utils.env('OS_AUTH_TYPE'),
|
||||||
help='The authentication method to use. If this option is not set, '
|
help='Select an auhentication type. Available types: ' +
|
||||||
'openstackclient will attempt to guess the authentication method '
|
', '.join(available_plugins) +
|
||||||
'to use based on the other options. If this option is set, '
|
'. Default: selected based on --os-username/--os-token',
|
||||||
'the --os-identity-api-version argument must be consistent '
|
|
||||||
'with the version of the method.\nAvailable methods are ' +
|
|
||||||
', '.join(available_plugins),
|
|
||||||
choices=available_plugins
|
choices=available_plugins
|
||||||
)
|
)
|
||||||
# make sur we catch old v2.0 env values
|
# make sur we catch old v2.0 env values
|
||||||
|
@ -19,7 +19,6 @@ import logging
|
|||||||
import pkg_resources
|
import pkg_resources
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from keystoneclient.auth import base
|
|
||||||
from keystoneclient import session
|
from keystoneclient import session
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
@ -78,20 +77,22 @@ class ClientManager(object):
|
|||||||
returns a string containig the password
|
returns a string containig the password
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# If no plugin is named by the user, select one based on
|
# If no auth type is named by the user, select one based on
|
||||||
# the supplied options
|
# the supplied options
|
||||||
if not auth_options.os_auth_plugin:
|
self.auth_plugin_name = auth.select_auth_plugin(auth_options)
|
||||||
auth_options.os_auth_plugin = auth.select_auth_plugin(auth_options)
|
|
||||||
self._auth_plugin = auth_options.os_auth_plugin
|
|
||||||
|
|
||||||
# Horrible hack alert...must handle prompt for null password if
|
# Horrible hack alert...must handle prompt for null password if
|
||||||
# password auth is requested.
|
# password auth is requested.
|
||||||
if (self._auth_plugin.endswith('password') and
|
if (self.auth_plugin_name.endswith('password') and
|
||||||
not auth_options.os_password):
|
not auth_options.os_password):
|
||||||
auth_options.os_password = pw_func()
|
auth_options.os_password = pw_func()
|
||||||
|
|
||||||
|
(auth_plugin, self._auth_params) = auth.build_auth_params(
|
||||||
|
self.auth_plugin_name,
|
||||||
|
auth_options,
|
||||||
|
)
|
||||||
|
|
||||||
self._url = auth_options.os_url
|
self._url = auth_options.os_url
|
||||||
self._auth_params = auth.build_auth_params(auth_options)
|
|
||||||
self._region_name = auth_options.os_region_name
|
self._region_name = auth_options.os_region_name
|
||||||
self._api_version = api_version
|
self._api_version = api_version
|
||||||
self._auth_ref = None
|
self._auth_ref = None
|
||||||
@ -117,8 +118,7 @@ class ClientManager(object):
|
|||||||
root_logger = logging.getLogger('')
|
root_logger = logging.getLogger('')
|
||||||
LOG.setLevel(root_logger.getEffectiveLevel())
|
LOG.setLevel(root_logger.getEffectiveLevel())
|
||||||
|
|
||||||
LOG.debug('Using auth plugin: %s' % self._auth_plugin)
|
LOG.debug('Using auth plugin: %s' % self.auth_plugin_name)
|
||||||
auth_plugin = base.get_plugin_class(self._auth_plugin)
|
|
||||||
self.auth = auth_plugin.load_from_options(**self._auth_params)
|
self.auth = auth_plugin.load_from_options(**self._auth_params)
|
||||||
# needed by SAML authentication
|
# needed by SAML authentication
|
||||||
request_session = requests.session()
|
request_session = requests.session()
|
||||||
|
@ -44,7 +44,7 @@ class FakeOptions(object):
|
|||||||
def __init__(self, **kwargs):
|
def __init__(self, **kwargs):
|
||||||
for option in auth.OPTIONS_LIST:
|
for option in auth.OPTIONS_LIST:
|
||||||
setattr(self, 'os_' + option.replace('-', '_'), None)
|
setattr(self, 'os_' + option.replace('-', '_'), None)
|
||||||
self.os_auth_plugin = None
|
self.os_auth_type = None
|
||||||
self.os_identity_api_version = '2.0'
|
self.os_identity_api_version = '2.0'
|
||||||
self.timing = None
|
self.timing = None
|
||||||
self.os_region_name = None
|
self.os_region_name = None
|
||||||
@ -81,7 +81,7 @@ class TestClientManager(utils.TestCase):
|
|||||||
client_manager = clientmanager.ClientManager(
|
client_manager = clientmanager.ClientManager(
|
||||||
auth_options=FakeOptions(os_token=fakes.AUTH_TOKEN,
|
auth_options=FakeOptions(os_token=fakes.AUTH_TOKEN,
|
||||||
os_url=fakes.AUTH_URL,
|
os_url=fakes.AUTH_URL,
|
||||||
os_auth_plugin='token_endpoint'),
|
os_auth_type='token_endpoint'),
|
||||||
api_version=API_VERSION,
|
api_version=API_VERSION,
|
||||||
verify=True
|
verify=True
|
||||||
)
|
)
|
||||||
@ -105,7 +105,7 @@ class TestClientManager(utils.TestCase):
|
|||||||
client_manager = clientmanager.ClientManager(
|
client_manager = clientmanager.ClientManager(
|
||||||
auth_options=FakeOptions(os_token=fakes.AUTH_TOKEN,
|
auth_options=FakeOptions(os_token=fakes.AUTH_TOKEN,
|
||||||
os_auth_url=fakes.AUTH_URL,
|
os_auth_url=fakes.AUTH_URL,
|
||||||
os_auth_plugin='v2token'),
|
os_auth_type='v2token'),
|
||||||
api_version=API_VERSION,
|
api_version=API_VERSION,
|
||||||
verify=True
|
verify=True
|
||||||
)
|
)
|
||||||
@ -183,7 +183,7 @@ class TestClientManager(utils.TestCase):
|
|||||||
auth_options=FakeOptions(os_auth_url=fakes.AUTH_URL,
|
auth_options=FakeOptions(os_auth_url=fakes.AUTH_URL,
|
||||||
os_username=fakes.USERNAME,
|
os_username=fakes.USERNAME,
|
||||||
os_password=fakes.PASSWORD,
|
os_password=fakes.PASSWORD,
|
||||||
os_auth_plugin='v2password'),
|
os_auth_type='v2password'),
|
||||||
api_version=API_VERSION,
|
api_version=API_VERSION,
|
||||||
verify='cafile',
|
verify='cafile',
|
||||||
)
|
)
|
||||||
@ -192,8 +192,8 @@ class TestClientManager(utils.TestCase):
|
|||||||
self.assertTrue(client_manager._verify)
|
self.assertTrue(client_manager._verify)
|
||||||
self.assertEqual('cafile', client_manager._cacert)
|
self.assertEqual('cafile', client_manager._cacert)
|
||||||
|
|
||||||
def _select_auth_plugin(self, auth_params, api_version, auth_plugin):
|
def _select_auth_plugin(self, auth_params, api_version, auth_plugin_name):
|
||||||
auth_params['os_auth_plugin'] = auth_plugin
|
auth_params['os_auth_type'] = auth_plugin_name
|
||||||
auth_params['os_identity_api_version'] = api_version
|
auth_params['os_identity_api_version'] = api_version
|
||||||
client_manager = clientmanager.ClientManager(
|
client_manager = clientmanager.ClientManager(
|
||||||
auth_options=FakeOptions(**auth_params),
|
auth_options=FakeOptions(**auth_params),
|
||||||
@ -201,8 +201,8 @@ class TestClientManager(utils.TestCase):
|
|||||||
verify=True
|
verify=True
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
auth_plugin,
|
auth_plugin_name,
|
||||||
client_manager._auth_plugin,
|
client_manager.auth_plugin_name,
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_client_manager_select_auth_plugin(self):
|
def test_client_manager_select_auth_plugin(self):
|
||||||
|
@ -108,8 +108,8 @@ class TestShell(utils.TestCase):
|
|||||||
default_args["region_name"])
|
default_args["region_name"])
|
||||||
self.assertEqual(_shell.options.os_trust_id,
|
self.assertEqual(_shell.options.os_trust_id,
|
||||||
default_args["trust_id"])
|
default_args["trust_id"])
|
||||||
self.assertEqual(_shell.options.os_auth_plugin,
|
self.assertEqual(_shell.options.os_auth_type,
|
||||||
default_args['auth_plugin'])
|
default_args['auth_type'])
|
||||||
|
|
||||||
def _assert_token_auth(self, cmd_options, default_args):
|
def _assert_token_auth(self, cmd_options, default_args):
|
||||||
with mock.patch("openstackclient.shell.OpenStackShell.initialize_app",
|
with mock.patch("openstackclient.shell.OpenStackShell.initialize_app",
|
||||||
@ -190,7 +190,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -210,7 +210,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -230,7 +230,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -250,7 +250,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -270,7 +270,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -290,7 +290,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -310,7 +310,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -330,7 +330,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -350,7 +350,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -370,7 +370,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -390,7 +390,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": DEFAULT_PASSWORD,
|
"password": DEFAULT_PASSWORD,
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -410,7 +410,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": DEFAULT_REGION_NAME,
|
"region_name": DEFAULT_REGION_NAME,
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
@ -430,12 +430,12 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "1234",
|
"trust_id": "1234",
|
||||||
"auth_plugin": "",
|
"auth_type": "",
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
def test_only_auth_plugin_flow(self):
|
def test_only_auth_type_flow(self):
|
||||||
flag = "--os-auth-plugin " + "v2password"
|
flag = "--os-auth-type " + "v2password"
|
||||||
kwargs = {
|
kwargs = {
|
||||||
"auth_url": "",
|
"auth_url": "",
|
||||||
"project_id": "",
|
"project_id": "",
|
||||||
@ -450,7 +450,7 @@ class TestShellPasswordAuth(TestShell):
|
|||||||
"password": "",
|
"password": "",
|
||||||
"region_name": "",
|
"region_name": "",
|
||||||
"trust_id": "",
|
"trust_id": "",
|
||||||
"auth_plugin": DEFAULT_AUTH_PLUGIN
|
"auth_type": DEFAULT_AUTH_PLUGIN
|
||||||
}
|
}
|
||||||
self._assert_password_auth(flag, kwargs)
|
self._assert_password_auth(flag, kwargs)
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user