Session loading from CLI options

We will want this to standardize session loading amongst the various
CLIs.

Implements: blueprint standard-client-params
Change-Id: Icc740db6d471a0953b7946e00e6317802b6d2255

keystoneclient/session.py

@@ -10,7 +10,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import argparse
 import logging
+import os
 
 from oslo.config import cfg
 import requests
@@ -27,6 +29,20 @@ USER_AGENT = 'python-keystoneclient'
 _logger = logging.getLogger(__name__)
 
 
+def _positive_non_zero_float(argument_value):
+    if argument_value is None:
+        return None
+    try:
+        value = float(argument_value)
+    except ValueError:
+        msg = "%s must be a float" % argument_value
+        raise argparse.ArgumentTypeError(msg)
+    if value <= 0:
+        msg = "%s must be greater than 0" % argument_value
+        raise argparse.ArgumentTypeError(msg)
+    return value
+
+
 def request(url, method='GET', **kwargs):
     return Session().request(url, method=method, **kwargs)
 
@@ -546,3 +562,59 @@ class Session(object):
         kwargs['timeout'] = c.timeout
 
         return cls._make(**kwargs)
+
+    @staticmethod
+    def register_cli_options(parser):
+        """Register the argparse arguments that are needed for a session.
+
+        :param argparse.ArgumentParser parser: parser to add to.
+        """
+        parser.add_argument('--insecure',
+                            default=False,
+                            action='store_true',
+                            help='Explicitly allow client to perform '
+                                 '"insecure" TLS (https) requests. The '
+                                 'server\'s certificate will not be verified '
+                                 'against any certificate authorities. This '
+                                 'option should be used with caution.')
+
+        parser.add_argument('--os-cacert',
+                            metavar='<ca-certificate>',
+                            default=os.environ.get('OS_CACERT'),
+                            help='Specify a CA bundle file to use in '
+                                 'verifying a TLS (https) server certificate. '
+                                 'Defaults to env[OS_CACERT].')
+
+        parser.add_argument('--os-cert',
+                            metavar='<certificate>',
+                            default=os.environ.get('OS_CERT'),
+                            help='Defaults to env[OS_CERT].')
+
+        parser.add_argument('--os-key',
+                            metavar='<key>',
+                            default=os.environ.get('OS_KEY'),
+                            help='Defaults to env[OS_KEY].')
+
+        parser.add_argument('--timeout',
+                            default=600,
+                            type=_positive_non_zero_float,
+                            metavar='<seconds>',
+                            help='Set request timeout (in seconds).')
+
+    @classmethod
+    def load_from_cli_options(cls, args, **kwargs):
+        """Create a session object from CLI arguments.
+
+        The CLI arguments must have been registered with register_cli_options.
+
+        :param Namespace args: result of parsed arguments.
+
+        :returns: A new session object.
+        """
+        kwargs['insecure'] = args.insecure
+        kwargs['cacert'] = args.os_cacert
+        kwargs['cert'] = args.os_cert
+        kwargs['key'] = args.os_key
+        kwargs['timeout'] = args.timeout
+
+        return cls._make(**kwargs)

keystoneclient/shell.py

@@ -38,24 +38,11 @@ from keystoneclient.contrib.bootstrap import shell as shell_bootstrap
 from keystoneclient import exceptions as exc
 from keystoneclient.generic import shell as shell_generic
 from keystoneclient.openstack.common import strutils
+from keystoneclient import session
 from keystoneclient import utils
 from keystoneclient.v2_0 import shell as shell_v2_0
 
 
-def positive_non_zero_float(argument_value):
-    if argument_value is None:
-        return None
-    try:
-        value = float(argument_value)
-    except ValueError:
-        msg = "%s must be a float" % argument_value
-        raise argparse.ArgumentTypeError(msg)
-    if value <= 0:
-        msg = "%s must be greater than 0" % argument_value
-        raise argparse.ArgumentTypeError(msg)
-    return value
-
-
 def env(*vars, **kwargs):
     """Search for the first defined of possibly many env vars
 
@@ -104,12 +91,6 @@ class OpenStackIdentityShell(object):
                                  "calls. Helpful for debugging and "
                                  "understanding the API calls.")
 
-        parser.add_argument('--timeout',
-                            default=600,
-                            type=positive_non_zero_float,
-                            metavar='<seconds>',
-                            help="Set request timeout (in seconds).")
-
         parser.add_argument('--os-username',
                             metavar='<auth-user-name>',
                             default=env('OS_USERNAME'),
@@ -187,38 +168,6 @@ class OpenStackIdentityShell(object):
                                  '(via authentication). '
                                  'Defaults to env[OS_SERVICE_ENDPOINT].')
 
-        parser.add_argument('--os-cacert',
-                            metavar='<ca-certificate>',
-                            default=env('OS_CACERT', default=None),
-                            help='Specify a CA bundle file to use in '
-                                 'verifying a TLS (https) server certificate. '
-                                 'Defaults to env[OS_CACERT].')
-        parser.add_argument('--os_cacert',
-                            help=argparse.SUPPRESS)
-
-        parser.add_argument('--insecure',
-                            default=False,
-                            action="store_true",
-                            help='Explicitly allow keystoneclient to perform '
-                                 '"insecure" TLS (https) requests. The '
-                                 'server\'s certificate will not be verified '
-                                 'against any certificate authorities. This '
-                                 'option should be used with caution.')
-
-        parser.add_argument('--os-cert',
-                            metavar='<certificate>',
-                            default=env('OS_CERT'),
-                            help='Defaults to env[OS_CERT].')
-        parser.add_argument('--os_cert',
-                            help=argparse.SUPPRESS)
-
-        parser.add_argument('--os-key',
-                            metavar='<key>',
-                            default=env('OS_KEY'),
-                            help='Defaults to env[OS_KEY].')
-        parser.add_argument('--os_key',
-                            help=argparse.SUPPRESS)
-
         parser.add_argument('--os-cache',
                             default=env('OS_CACHE', default=False),
                             action='store_true',
@@ -227,6 +176,10 @@ class OpenStackIdentityShell(object):
         parser.add_argument('--os_cache',
                             help=argparse.SUPPRESS)
 
+        parser.add_argument('--os_cacert', help=argparse.SUPPRESS)
+        parser.add_argument('--os_key', help=argparse.SUPPRESS)
+        parser.add_argument('--os_cert', help=argparse.SUPPRESS)
+
         parser.add_argument('--force-new-token',
                             default=False,
                             action="store_true",
@@ -249,6 +202,7 @@ class OpenStackIdentityShell(object):
                                  "network delays. Default is %s seconds." %
                                  access.STALE_TOKEN_DURATION)
 
+        session.Session.register_cli_options(parser)
         return parser
 
     def get_subcommand_parser(self, version):

keystoneclient/tests/test_session.py

@@ -10,6 +10,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import argparse
 import uuid
 
 import httpretty
@@ -661,3 +662,38 @@ class ConfLoadingTests(utils.TestCase):
         self.assertThat(opt_names, matchers.HasLength(len(opts)))
         for opt in opts:
             self.assertIn(depr[opt.name][0], opt.deprecated_opts)
+
+
+class CliLoadingTests(utils.TestCase):
+
+    def setUp(self):
+        super(CliLoadingTests, self).setUp()
+
+        self.parser = argparse.ArgumentParser()
+        client_session.Session.register_cli_options(self.parser)
+
+    def get_session(self, val, **kwargs):
+        args = self.parser.parse_args(val.split())
+        return client_session.Session.load_from_cli_options(args, **kwargs)
+
+    def test_insecure_timeout(self):
+        s = self.get_session('--insecure --timeout 5.5')
+
+        self.assertFalse(s.verify)
+        self.assertEqual(5.5, s.timeout)
+
+    def test_client_certs(self):
+        cert = '/path/to/certfile'
+        key = '/path/to/keyfile'
+
+        s = self.get_session('--os-cert %s --os-key %s' % (cert, key))
+
+        self.assertTrue(s.verify)
+        self.assertEqual((cert, key), s.cert)
+
+    def test_cacert(self):
+        cacert = '/path/to/cacert'
+
+        s = self.get_session('--os-cacert %s' % cacert)
+
+        self.assertEqual(cacert, s.verify)