Improve usability of CLI.

* Fixes bug #936422
  * Fixes bug #932223
  * Depends on bcwaldon's review: https://review.openstack.org/#change,4305
  * This review proposes making changes outlined in this spreadsheet:
    https://docs.google.com/spreadsheet/ccc?key=0Ak6TA47h_6fwdGZwRE5WWEJBdEhnckpMTG5RcWFjY3c#gid=0
    This cleans up the CLI, normalizing commands and arguments, correcting
    optional and required arguments and flags.
  * included https://review.openstack.org/4270 here per Brian's request

  Note that some commands have changed names to conform to noun-verb form:
  user-update-password  ->  user-password-update
  add-user-role  ->  user-role-add
  remove-user-role  ->  user-role-remove
  ec2-create-credentials  ->  ec2-credentials-create
  ec2-list-credentials  ->  ec2-credentials-list
  ec2-delete-credentials  ->  ec2-credentials-delete
  token  ->  token-get

Change-Id: I8128fa105a1b8002199211f9e475b1a7a6229b8c

README.rst

@@ -66,28 +66,66 @@ can specify the one you want with ``--region_name`` (or
 You'll find complete documentation on the shell by running
 ``keystone help``::
 
-    usage: keystone [--username user] [--password password] 
+    usage: keystone [--username USERNAME] [--password PASSWORD]
-                    [--tenant_name tenant] [--auth_url URL]
+                    [--tenant_name TENANT_NAME] [--tenant_id TENANT_ID]
+                    [--auth_url AUTH_URL] [--region_name REGION_NAME]
+                    [--identity_api_version IDENTITY_API_VERSION] [--token TOKEN]
+                    [--endpoint ENDPOINT]
                     <subcommand> ...
 
     Command-line interface to the OpenStack Keystone API.
 
     Positional arguments:
       <subcommand>
-        add-fixed-ip        Add a new fixed IP address to a servers network.
+        catalog             List service catalog, possibly filtered by service.
-
+        ec2-credentials-create
+                            Create EC2-compatibile credentials for user per tenant
+        ec2-credentials-delete
+                            Delete EC2-compatibile credentials
+        ec2-credentials-list
+                            List EC2-compatibile credentials for a user
+        endpoint-get        Find endpoint filtered by a specific attribute or
+                            service type
+        role-create         Create new role
+        role-delete         Delete role
+        role-get            Display role details
+        role-list           List all available roles
+        service-create      Add service to Service Catalog
+        service-delete      Delete service from Service Catalog
+        service-get         Display service from Service Catalog
+        service-list        List all services in Service Catalog
+        tenant-create       Create new tenant
+        tenant-delete       Delete tenant
+        tenant-get          Display tenant details
+        tenant-list         List all tenants
+        tenant-update       Update tenant name, description, enabled status
+        token-get           Display the current user token
+        user-create         Create new user
+        user-delete         Delete user
+        user-list           List users
+        user-password-update
+                            Update user password
+        user-role-add       Add role to user
+        user-role-remove    Remove role from user
+        user-update         Update user's name, email, and enabled status
+        discover            Discover Keystone servers and show authentication
+                            protocols and
+        help                Display help about this program or one of its
+                            subcommands.
 
     Optional arguments:
-      --username USER            Defaults to env[OS_USERNAME].
+      --username USERNAME   Defaults to env[OS_USERNAME]
-      --password PASSWORD        Defaults to env[OS_PASSWORD].
+      --password PASSWORD   Defaults to env[OS_PASSWORD]
-      --tenant_name TENANT_NAME  Defaults to env[OS_TENANT_NAME].
+      --tenant_name TENANT_NAME
-      --tenant_id TENANT_ID      Defaults to env[OS_TENANT_ID].
+                            Defaults to env[OS_TENANT_NAME]
-      --url AUTH_URL             Defaults to env[OS_AUTH_URL].
+      --tenant_id TENANT_ID
+                            Defaults to env[OS_TENANT_ID]
+      --auth_url AUTH_URL   Defaults to env[OS_AUTH_URL]
+      --region_name REGION_NAME
+                            Defaults to env[OS_REGION_NAME]
       --identity_api_version IDENTITY_API_VERSION
-                                 Defaults to env[OS_IDENTITY_API_VERSION] or 2.0.
+                            Defaults to env[OS_IDENTITY_API_VERSION] or 2.0
-      --region_name NAME         The region name in the Keystone Service 
+      --token TOKEN         Defaults to env[SERVICE_TOKEN]
-                                 Catalog to use after authentication. 
+      --endpoint ENDPOINT   Defaults to env[SERVICE_ENDPOINT]
-                                 Defaults to env[KEYSTONE_REGION_NAME] or the
-                                 first item in the list returned.
 
 See "keystone help COMMAND" for help on a specific command.

keystoneclient/shell.py

@@ -66,41 +66,41 @@ class OpenStackIdentityShell(object):
             action='store_true',
             help=argparse.SUPPRESS)
 
-        parser.add_argument('--token',
-            default=env('SERVICE_TOKEN'),
-            help='Defaults to env[SERVICE_TOKEN].')
-
-        parser.add_argument('--endpoint',
-            default=env('SERVICE_ENDPOINT'),
-            help='Defaults to env[SERVICE_ENDPOINT].')
-
         parser.add_argument('--username',
             default=env('OS_USERNAME'),
-            help='Defaults to env[OS_USERNAME].')
+            help='Defaults to env[OS_USERNAME]')
 
         parser.add_argument('--password',
             default=env('OS_PASSWORD'),
-            help='Defaults to env[OS_PASSWORD].')
+            help='Defaults to env[OS_PASSWORD]')
 
         parser.add_argument('--tenant_name',
             default=env('OS_TENANT_NAME'),
-            help='Defaults to env[OS_TENANT_NAME].')
+            help='Defaults to env[OS_TENANT_NAME]')
 
         parser.add_argument('--tenant_id',
             default=env('OS_TENANT_ID'),
-            help='Defaults to env[OS_TENANT_ID].')
+            help='Defaults to env[OS_TENANT_ID]')
 
         parser.add_argument('--auth_url',
             default=env('OS_AUTH_URL'),
-            help='Defaults to env[OS_AUTH_URL].')
+            help='Defaults to env[OS_AUTH_URL]')
 
         parser.add_argument('--region_name',
             default=env('OS_REGION_NAME'),
-            help='Defaults to env[OS_REGION_NAME].')
+            help='Defaults to env[OS_REGION_NAME]')
 
         parser.add_argument('--identity_api_version',
             default=env('OS_IDENTITY_API_VERSION', 'KEYSTONE_VERSION'),
-            help='Defaults to env[OS_IDENTITY_API_VERSION] or 2.0.')
+            help='Defaults to env[OS_IDENTITY_API_VERSION] or 2.0')
+
+        parser.add_argument('--token',
+            default=env('SERVICE_TOKEN'),
+            help='Defaults to env[SERVICE_TOKEN]')
+
+        parser.add_argument('--endpoint',
+            default=env('SERVICE_ENDPOINT'),
+            help='Defaults to env[SERVICE_ENDPOINT]')
 
         return parser
 

keystoneclient/utils.py

@@ -88,3 +88,7 @@ def isunauthenticated(f):
     set to True, False otherwise.
     """
     return getattr(f, 'unauthenticated', False)
+
+
+def string_to_bool(arg):
+    return arg.strip().lower() in ('t', 'true', 'yes', '1')

keystoneclient/v2_0/shell.py

@@ -21,108 +21,107 @@ from keystoneclient import utils
 CLIENT_CLASS = client.Client
 
 
-@utils.arg('tenant', metavar='<tenant_id>', nargs='?',
+@utils.arg('tenant', metavar='<tenant-id>', nargs='?', default=None,
-           help='ID of Tenant. (Optional)', default=None)
+           help='Tenant ID (Optional);  lists all users if not specified')
 def do_user_list(kc, args):
+    """List users"""
     users = kc.users.list(tenant_id=args.tenant)
-    utils.print_list(users, ['id', 'enabled', 'email', 'name', 'tenantId'])
+    utils.print_list(users, ['id', 'enabled', 'email', 'name'])
 
 
-@utils.arg('--name', metavar='<name>', nargs='?',
+@utils.arg('--name', metavar='<user-name>', required=True,
-           help='Desired username. (unique)')
+           help='New user name (must be unique)')
-@utils.arg('--pass', metavar='<pass>', nargs='?',
+@utils.arg('--tenant_id', metavar='<tenant-id>',
-           dest='passwd',
+           help='New user default tenant')
-           help='Desired password.')
+@utils.arg('--pass', metavar='<pass>', dest='passwd',
-@utils.arg('--email', metavar='<email>', nargs='?',
+           help='New user password')
-           help='Desired email address. (unique)')
+@utils.arg('--email', metavar='<email>',
-@utils.arg('--tenant_id', metavar='<tenant>', nargs='?',
+           help='New user email address')
-           help='User will join the default tenant as a Member.')
+@utils.arg('--enabled', metavar='<true|false>', default=True,
-@utils.arg('--enabled', metavar='<enabled>', nargs='?', default=True,
+           help='Initial user enabled status (default true)')
-           help='Enable user immediately (Optional, default True)')
 def do_user_create(kc, args):
+    """Create new user"""
     user = kc.users.create(args.name, args.passwd, args.email,
                            tenant_id=args.tenant_id, enabled=args.enabled)
     utils.print_dict(user._info)
 
 
-@utils.arg('id', metavar='<user_id>', help='User ID to update.')
+@utils.arg('--name', metavar='<user-name>',
-@utils.arg('name', metavar='<name>', nargs='?',
+           help='Desired new user name')
-           help='New desired user name.')
+@utils.arg('--email', metavar='<email>',
-@utils.arg('email', metavar='<email>', nargs='?',
+           help='Desired new email address')
-           help='New desired email address.')
+@utils.arg('--enabled', metavar='<true|false>',
+           help='Enable or disable user')
+@utils.arg('id', metavar='<user-id>', help='User ID to update')
 def do_user_update(kc, args):
-    user = kc.users.update(args.id, name=args.name, email=args.email)
+    """Update user's name, email, and enabled status"""
-    utils.print_dict(user._info)
+    kwargs = {}
+    if args.name:
+        kwargs['name'] = args.name
+    if args.email:
+        kwargs['email'] = args.email
+    if args.enabled:
+        kwargs['enabled'] = utils.string_to_bool(args.enabled)
 
+    if not len(kwargs):
+        print "User not updated, no arguments present."
+        return
 
-@utils.arg('id', metavar='<user_id>', nargs='?', help='User ID to enable.')
-def do_user_enable(kc, args):
     try:
-        kc.users.update_enabled(args.id, True)
+        kc.users.update(args.id, **kwargs)
-        print 'User has been enabled.'
+        print 'User has been updated.'
-    except:
+    except Exception, e:
-        print 'Unable to enable user.'
+        print 'Unable to update user: %s' % e
 
 
-@utils.arg('id', metavar='<user_id>', nargs='?', help='User ID to disable.')
+@utils.arg('--pass', metavar='<password>', required=True,
-def do_user_disable(kc, args):
+           help='Desired new password')
-    try:
+@utils.arg('id', metavar='<user-id>', help='User ID to update')
-        kc.users.update_enabled(args.id, False)
+def do_user_password_update(kc, args):
-        print 'User has been disabled.'
+    """Update user password"""
-    except:
-        print 'Unable to disable user.'
-
-
-@utils.arg('id', metavar='<user_id>', help='User ID to update.')
-@utils.arg('password', metavar='<password>', help='New desired password.')
-def do_user_update_password(kc, args):
-    try:
     kc.users.update_password(args.id, args.password)
-        print 'User password has been udpated.'
-    except:
-        print 'Unable to update users password.'
 
 
-@utils.arg('id', metavar='<user_id>', help='User ID to delete.')
+@utils.arg('id', metavar='<user-id>', help='User ID to delete')
 def do_user_delete(kc, args):
-    try:
+    """Delete user"""
     kc.users.delete(args.id)
-        print 'User has been deleted.'
-    except:
-        print 'Unable to delete user.'
 
 
 def do_tenant_list(kc, args):
+    """List all tenants"""
     tenants = kc.tenants.list()
     utils.print_list(tenants, ['id', 'name', 'enabled'])
 
 
-@utils.arg('id', metavar='<tenant_id>', help='Tenant ID to show.')
+@utils.arg('id', metavar='<tenant-id>', help='Tenant ID to display')
 def do_tenant_get(kc, args):
+    """Display tenant details"""
     tenant = kc.tenants.get(args.id)
     utils.print_dict(tenant._info)
 
 
-@utils.arg('--name', metavar='<tenant_name>', nargs='?',
+@utils.arg('--name', metavar='<tenant-name>', required=True,
-           help='Desired name of new tenant.')
+           help='New tenant name (must be unique)')
-@utils.arg('--description', metavar='<description>', nargs='?', default=None,
+@utils.arg('--description', metavar='<tenant-description>', default=None,
-           help='Useful description of new tenant (optional, default is None)')
+           help='Description of new tenant (default is none)')
-@utils.arg('--enabled', metavar='<True/False>', nargs='?', default=True,
+@utils.arg('--enabled', metavar='<true|false>', default=True,
-           help='Enable user immediately (Optional, default True)')
+           help='Initial tenant enabled status (default true)')
 def do_tenant_create(kc, args):
+    """Create new tenant"""
     tenant = kc.tenants.create(args.name,
                              description=args.description,
                              enabled=args.enabled)
     utils.print_dict(tenant._info)
 
 
-@utils.arg('--name', metavar='<tenant_name>', nargs='?',
+@utils.arg('--name', metavar='<tenant_name>',
-           help='Desired name of tenant.')
+           help='Desired new name of tenant')
-@utils.arg('--description', metavar='<description>', nargs='?', default=None,
+@utils.arg('--description', metavar='<tenant-description>', default=None,
-           help='Desired description of tenant')
+           help='Desired new description of tenant')
-@utils.arg('--enabled', metavar='<True/False>', nargs='?', const=True,
+@utils.arg('--enabled', metavar='<true|false>',
-           help='Enable/disable tenant')
+           help='Enable or disable tenant')
-@utils.arg('id', metavar='<tenant_id>', help='Tenant ID to update')
+@utils.arg('id', metavar='<tenant-id>', help='Tenant ID to update')
 def do_tenant_update(kc, args):
     """Update tenant name, description, enabled status"""
     tenant = kc.tenants.get(args.id)
@@ -138,31 +137,24 @@ def do_tenant_update(kc, args):
     if kwargs == {}:
         print "Tenant not updated, no arguments present."
         return
-
-    try:
     tenant.update(**kwargs)
-        print 'Tenant has been updated.'
-    except Exception, e:
-        print 'Unable to update tenant: %s' % e
 
 
-@utils.arg('id', metavar='<tenant_id>', help='Tenant ID to delete')
+@utils.arg('id', metavar='<tenant-id>', help='Tenant ID to delete')
 def do_tenant_delete(kc, args):
-    try:
+    """Delete tenant"""
     kc.tenants.delete(args.id)
-        print 'Tenant has been deleted.'
-    except:
-        print 'Unable to delete tenant.'
 
 
-@utils.arg('--name', metavar='<name>',
+@utils.arg('--name', metavar='<name>', required=True,
-           help='Desired name of service. (unique)')
+           help='Name of new service (must be unique)')
-@utils.arg('--type', metavar='<type>',
+@utils.arg('--type', metavar='<type>', required=True,
-           help='Possible service types: identity, compute, network, \
+           help='Service type (one of: identity, compute, network, '
-                 image, or object-store.')
+                 'image, or object-store)')
-@utils.arg('--description', metavar='<service_description>', nargs='?',
+@utils.arg('--description', metavar='<service-description>',
-           help='Useful description of service.')
+           help='Description of service')
 def do_service_create(kc, args):
+    """Add service to Service Catalog"""
     service = kc.services.create(args.name,
                                  args.type,
                                  args.description)
@@ -170,98 +162,98 @@ def do_service_create(kc, args):
 
 
 def do_service_list(kc, args):
+    """List all services in Service Catalog"""
     services = kc.services.list()
     utils.print_list(services, ['id', 'name', 'type', 'description'])
 
 
-@utils.arg('id', metavar='<service_id>', help='ID of Service to retrieve.')
+@utils.arg('id', metavar='<service-id>', help='Service ID to display')
 def do_service_get(kc, args):
+    """Display service from Service Catalog"""
     service = kc.services.get(args.id)
     utils.print_dict(service._info)
 
 
-@utils.arg('id', metavar='<service_id>', help='ID of Service to delete')
+@utils.arg('id', metavar='<service-id>', help='Service ID to delete')
 def do_service_delete(kc, args):
-    try:
+    """Delete service from Service Catalog"""
     kc.services.delete(args.id)
-        print 'Service has been deleted'
-    except:
-        print 'Unable to delete service.'
 
 
 def do_role_list(kc, args):
+    """List all available roles"""
     roles = kc.roles.list()
     utils.print_list(roles, ['id', 'name'])
 
 
-@utils.arg('id', metavar='<role_id>', help='ID of Role to fetch.')
+@utils.arg('id', metavar='<role-id>', help='Role ID to display')
 def do_role_get(kc, args):
+    """Display role details"""
     role = kc.roles.get(args.id)
     utils.print_dict(role._info)
 
 
-@utils.arg('--name', metavar='<name>', help='Desired name of new role.')
+@utils.arg('--name', metavar='<role-name>', required=True,
+           help='Name of new role')
 def do_role_create(kc, args):
+    """Create new role"""
     role = kc.roles.create(args.name)
     utils.print_dict(role._info)
 
 
-@utils.arg('id', metavar='<role_id>', help='ID of Role to delete.')
+@utils.arg('id', metavar='<role-id>', help='Role ID to delete')
 def do_role_delete(kc, args):
-    try:
+    """Delete role"""
     kc.roles.delete(args.id)
-        print 'Role has been deleted.'
-    except:
-        print 'Unable to delete role.'
 
 
 # TODO(jakedahn): refactor this to allow role, user, and tenant names.
-@utils.arg('user_id', metavar='<user_id>', help='ID of User')
+@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
-@utils.arg('role_id', metavar='<role_id>', help='ID of Role')
+@utils.arg('--role', metavar='<role-id>', required=True, help='Role ID')
-@utils.arg('tenant', metavar='<tenant_id>',
+@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
-           help='ID of Tenant', nargs='?')
+def do_user_role_add(kc, args):
-def do_add_user_role(kc, args):
+    """Add role to user"""
-    kc.roles.add_user_role(args.user_id, args.role_id, args.tenant)
+    kc.roles.add_user_role(args.user, args.role, args.tenant_id)
 
 
 # TODO(jakedahn): refactor this to allow role, user, and tenant names.
-@utils.arg('user_id', metavar='<user_id>', help='ID of User')
+@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
-@utils.arg('role_id', metavar='<role_id>', help='ID of Role')
+@utils.arg('--role', metavar='<role-id>', required=True, help='Role ID')
-@utils.arg('tenant', metavar='<tenant_id>',
+@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
-           help='ID of Tenant', nargs='?')
+def do_user_role_remove(kc, args):
-def do_remove_user_role(kc, args):
+    """Remove role from user"""
-    kc.roles.remove_user_role(args.user_id, args.role_id, args.tenant)
+    kc.roles.remove_user_role(args.user, args.role, args.tenant_id)
 
 
-@utils.arg('--tenant_id', metavar='<tenant_id>', help='ID of Tenant')
+@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
-@utils.arg('--user_id', metavar='<user_id>', help='ID of User')
+@utils.arg('--tenant_id', metavar='<tenant-id>', required=True,
-def do_ec2_create_credentials(kc, args):
+           help='Tenant ID')
-    credentials = kc.ec2.create(args.user_id, args.tenant_id)
+def do_ec2_credentials_create(kc, args):
+    """Create EC2-compatibile credentials for user per tenant"""
+    credentials = kc.ec2.create(args.user, args.tenant_id)
     utils.print_dict(credentials._info)
 
 
-@utils.arg('user_id', metavar='<user_id>', help='ID of User')
+@utils.arg('--user', metavar='<user-id>', help='User ID to list')
-def do_ec2_list_credentials(kc, args):
+def do_ec2_credentials_list(kc, args):
-    credentials = kc.ec2.list(args.user_id)
+    """List EC2-compatibile credentials for a user"""
+    credentials = kc.ec2.list(args.user)
     for cred in credentials:
         cred.tenant = kc.tenants.get(cred.tenant_id).name
     utils.print_list(credentials, ['tenant', 'key', 'secret'])
 
 
-@utils.arg('user_id', metavar='<user_id>', help='ID of User')
+@utils.arg('--user', metavar='<user-id>', help='User ID')
-@utils.arg('key', metavar='<access_key>', help='Access Key')
+@utils.arg('--key', metavar='<access-key>', help='Access Key')
-def do_ec2_delete_credentials(kc, args):
+def do_ec2_credentials_delete(kc, args):
-    try:
+    """Delete EC2-compatibile credentials"""
-        kc.ec2.delete(args.user_id, args.key)
+    kc.ec2.delete(args.user, args.key)
-        print 'Deleted EC2 Credentials.'
-    except:
-        print 'Unable to delete EC2 Credentials.'
 
 
-@utils.arg('--service', metavar='<service_type>',
+@utils.arg('--service', metavar='<service-type>', default=None,
-           help='Service type to return', nargs='?', default=None)
+           help='Service type to return')
 def do_catalog(kc, args):
-    """List service catalog, possibly filtered by service"""
+    """List service catalog, possibly filtered by service."""
     endpoints = kc.service_catalog.get_endpoints(service_type=args.service)
     for (service, service_endpoints) in endpoints.iteritems():
         if len(service_endpoints) > 0:
@@ -270,14 +262,14 @@ def do_catalog(kc, args):
                 utils.print_dict(ep)
 
 
-@utils.arg('--endpoint_type', metavar='<endpoint_type>',
+@utils.arg('--service', metavar='<service-type>', required=True,
-           help='Endpoint type to select', nargs='?', default='publicURL')
+           help='Service type to select')
-@utils.arg('--service', metavar='<service_type>',
+@utils.arg('--endpoint_type', metavar='<endpoint-type>', default='publicURL',
-           help='Service type to select', nargs='?', required=True)
+           help='Endpoint type to select')
-@utils.arg('--attr', metavar='<attribute>',
+@utils.arg('--attr', metavar='<service-attribute>',
-           help='Attribute to match', nargs='?')
+           help='Service attribute to match for selection')
 @utils.arg('--value', metavar='<value>',
-           help='Value of attribute to match', nargs='?')
+           help='Value of attribute to match')
 def do_endpoint_get(kc, args):
     """Find endpoint filtered by a specific attribute or service type"""
     kwargs = {
@@ -295,6 +287,6 @@ def do_endpoint_get(kc, args):
     utils.print_dict({'%s.%s' % (args.service, args.endpoint_type): url})
 
 
-def do_token(kc, args):
+def do_token_get(kc, args):
-    """Fetch the current user's token"""
+    """Display the current user token"""
     utils.print_dict(kc.service_catalog.get_token())

keystoneclient/v2_0/users.py

@@ -40,7 +40,7 @@ class UserManager(base.ManagerWithFind):
         """
         Update user data.
 
-        Supported arguments include ``name`` and ``email``.
+        Supported arguments include ``name``, ``email``, and ``enabled``.
         """
         # FIXME(gabriel): "tenantId" seems to be accepted by the API but
         #                 fails to actually update the default tenant.