If the endpoint is passed in, make sure keystone uses it instead of
looking up the endpoint in the auth plugin.
Original fix: 9e28993ee6
Graduate from Oslo Incubator to oslo.i18n library.
Cleanup of unused Oslo Incubator utils.
Added optional enable_lazy() usage.
Signed-off-by: Chuck Short <firstname.lastname@example.org>
We should not use endpoint_override by default and rather
use service_type with session. This also refactors some of
the associated code.
However, if one wants to override the endpoint they can pass
endpoint_override to the client constructor along with session.
Co-Authored-By: Rabi Mishra <email@example.com>
heatclient allows to provide client certificate/key using --os-key/cert
options but not using usual environment variables.
This change uses OS_KEY/OS_CERT environment variables as default values
for client certificate/key.
Misspelling in following message:
"# refactor this code once this functionality is avaible in"
"# refactor this code once this functionality is available in"
Totally 1 occurrence in python-heatclient base code.
depending on any oslo-incubator code from another project is
dangerous. keystoneclient makes its exceptions public and it's
not recommended to use any code from
keystoneclient.openstack.common.apiclient since it's maintained
This patch migrates the namespace of oslo packages from oslo.foobar to
oslo_foobar. The oslo_incubator code need to be resynced, which will be
submitted in another patch.
Whatever the endpoint type passed with --os-endpoint-type or
OS_ENDPOINT_TYPE, the publicURL is always used (instead of, for
instance, adminURL or internalURL).
This patch passes the user-defined endpoint type to keystoneclient's
get_endpoint() so that the correct endpoint is chosen from the catalog.
Remove remaining reference to gettextutils and remove the module,
as it no longer exists in oslo-incubator. Also remove timeutils
for the same reason, it's not referenced by any remaining code.
Convert the encode/decode functions from oslo-incubator to use
oslo.utils encodeutils, as the incubator functions are now
Also syncs oslo-incubator to 62394a3 to purge usage of strutils
from the openstack/common modules.
Note includes oslo fix https://review.openstack.org/#/c/133290/
which we need or the python3 tests won't pass.
The standalone auth_password middleware expects 'X-Auth-Url' header
in the request. The recent version of heatclient doesn't pass the
required header which is retrieved from the option '--os-auth-url',
though we explicitly specify it in the commandline. Let's pass the
argument 'auth_url' and get heatclient working in standalone mode.
To be able to create profiling traces for Heat, the client should be
able to send special HTTP header that contains trace info.
When an user intentionally provides an keyboard interrupt, heatclient
throws the entire traceback on to the terminal instead of handling it.
heatclient will now handle the keyboard interrrupt and provides an crisp
message on to the terminal.
The first part of the commit is to re-propose the v3 auth changes.
The second part of the commit is to address the unexpected keyword
argument 'follow_redirect' and missing endpoint issue in certain
code path such as 'heat event-list' or 'heat resource-metadata'.
With the fix, follow_redirect argument is consumed by
SessionClient. Heat endpoint is now passed from Heatclient
shell to SessionClient.
Unit tests were added and updated to cover the issue.
This reverts commit a98c1f3617.
The new usage of session doesn't work with resources or events.
This change enables the heat client to use the keystone v3 API (in
addition to v2). This allows user domains and tenant/project domains to
be specified. This is necessary because keystone v2 API is deprecated
as of Icehouse.
This change makes the following improvements to the output of a heat
command with the --debug option set:
* Silences spurious logging from iso8601 and urllib3.connectionpool
* Removes the line number from the logging format, since the intent
of --debug is to show the user what network requests are occuring.
This option is standard in OpenStack clients to pass in the
location of any extra CA certificate bundle needed to
negotiate an SSL connection with SSL-secured services.
Replace the --create-timeout option with a more generic and intuitive
--timeout option, which can also later be used for update.
Since users may be using this option and it does currently work, leave
the old -c/--create-timeout option for now, but mark deprecated in the
usage and output a warning message if users use it. To make this
warning visible the default loglevel is changed to WARNING.
Note neither timeout contains an integer default now, we rely on the
server-side default (which is 60mins anyway) as this make the fallback
to support the previous option easier and potentially to provide an
easier way to solve heat bug #1290603.
The --timeout option doesn't work for standalone use-cases when
you specify no-client-auth, and it's also confusing since it's
easily misinterpreted as an option related to the heat timeouts
provided to stack-create and in future stack-update.
So take this opportunity to rename the option to --api-timeout,
which hopefully more accurately reflects it's purpose, and don't
pass a default (just let requests use the global default socket
timeout) as it seems relatively unlikely users will wait for 10
minutes before pressing Ctrl-C on interactive shell requests.
Follow oslo.config style guide for help strings better to create
consistent help strings:
* Finish help strings with "."
* Add missing spaces between words
Co-Authored-By: Shilla Saebi<firstname.lastname@example.org>
bash_completion feature can improve CLI user experience, projects like
nova, keystone, and cinder already support it.
NOTE: this patch just provides simple functionality, which means cache
for IDs and names is not used (like nova).
Currently --os-no-client-auth assumes you'll only ever want to pass
a username and password to the standalone auth_password middleware,
but it's also valid to pass a token and endpoint, which can then
be used to either connect to a normal (non-standalone) Heat without
needing the client to connect to keystone, or pass a token to custom
auth middleware in standalone mode where tokens are accepted.
--heat-url http://127.0.0.1:8004/v1/<tenant ID>
--os-auth-token <a token> stack-list
Currently the --os-auth-token/env[OS_AUTH_TOKEN] case doesn't
work, as we always expect a username/password to create the
connection to keystone. This enables the client to be used
with only a token and tenant (which is required for keystoneclient
to retrieve the catalog) specified, e.g:
heat --os-auth-url http://127.0.0.1:35357/v2.0/ \
--os-auth-token <a keystone token> \
--os-tenant-id <tenant ID> stack-list