Merge "Make ec2-credentials-* commands work properly for non-admin user"

2012-03-07 18:16:17 +00:00
parent 9c07999dd5 bdc0abbd81
commit 5c5918baac
5 changed files with 40 additions and 12 deletions
--- a/keystoneclient/service_catalog.py
+++ b/keystoneclient/service_catalog.py
@@ -31,9 +31,10 @@ class ServiceCatalog(object):
        token = {'id': self.catalog['token']['id'],
                'expires': self.catalog['token']['expires']}
        try:
-            token['tenant'] = self.catalog['token']['tenant']['id']
+            token['user_id'] = self.catalog['user']['id']
+            token['tenant_id'] = self.catalog['token']['tenant']['id']
        except:
-            # just leave the tenant out if it doesn't exist
+            # just leave the tenant and user out if it doesn't exist
            pass
        return token

--- a/keystoneclient/v2_0/client.py
+++ b/keystoneclient/v2_0/client.py
@@ -113,7 +113,11 @@ class Client(client.HTTPClient):
        """ Set the client's service catalog from the response data. """
        self.service_catalog = service_catalog.ServiceCatalog(body)
        try:
-            self.auth_token = self.service_catalog.get_token()['id']
+            sc = self.service_catalog.get_token()
+            self.auth_token = sc['id']
+            # Save these since we have them and they'll be useful later
+            self.auth_tenant_id = sc['tenant_id']
+            self.auth_user_id = sc['user_id']
        except KeyError:
            raise exceptions.AuthorizationFailure()

--- a/keystoneclient/v2_0/shell.py
+++ b/keystoneclient/v2_0/shell.py
@@ -225,42 +225,58 @@ def do_user_role_remove(kc, args):
    kc.roles.remove_user_role(args.user, args.role, args.tenant_id)


-@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
-@utils.arg('--tenant_id', metavar='<tenant-id>', required=True,
-           help='Tenant ID')
+@utils.arg('--user', metavar='<user-id>', help='User ID')
+@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
 def do_ec2_credentials_create(kc, args):
    """Create EC2-compatibile credentials for user per tenant"""
+    if not args.tenant_id:
+        # use the authenticated tenant id as a default
+        args.tenant_id = kc.auth_tenant_id
+    if not args.user:
+        # use the authenticated user id as a default
+        args.user = kc.auth_user_id
    credentials = kc.ec2.create(args.user, args.tenant_id)
    utils.print_dict(credentials._info)


-@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
+@utils.arg('--user', metavar='<user-id>', help='User ID')
@utils.arg('--access', metavar='<access-key>', required=True,
        help='Access Key')
 def do_ec2_credentials_get(kc, args):
    """Display EC2-compatibile credentials"""
+    if not args.user:
+        # use the authenticated user id as a default
+        args.user = kc.auth_user_id
    cred = kc.ec2.get(args.user, args.access)
    if cred:
        utils.print_dict(cred._info)


-@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
+@utils.arg('--user', metavar='<user-id>', help='User ID')
 def do_ec2_credentials_list(kc, args):
    """List EC2-compatibile credentials for a user"""
+    if not args.user:
+        # use the authenticated user id as a default
+        args.user = kc.auth_user_id
    credentials = kc.ec2.list(args.user)
    for cred in credentials:
        try:
            cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name')
        except:
-            pass
+            # FIXME(dtroyer): Retrieving the tenant name fails for normal
+            #                 users; stuff in the tenant_id instead.
+            cred.tenant = cred.tenant_id
    utils.print_list(credentials, ['tenant', 'access', 'secret'])


-@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
+@utils.arg('--user', metavar='<user-id>', help='User ID')
@utils.arg('--access', metavar='<access-key>', required=True,
        help='Access Key')
 def do_ec2_credentials_delete(kc, args):
    """Delete EC2-compatibile credentials"""
+    if not args.user:
+        # use the authenticated user id as a default
+        args.user = kc.auth_user_id
    try:
        kc.ec2.delete(args.user, args.access)
        print 'Credential has been deleted.'
--- a/tests/test_service_catalog.py
+++ b/tests/test_service_catalog.py
@@ -122,7 +122,8 @@ class ServiceCatalogTest(utils.TestCase):

        self.assertEquals(sc.get_token(),
                {'id': 'ab48a9efdfedb23ty3494',
-                 'tenant': '345',
+                 'tenant_id': '345',
+                 'user_id': '123',
                 'expires': '2010-11-01T03:32:15-05:00'})
        self.assertEquals(sc.catalog['token']['expires'],
                "2010-11-01T03:32:15-05:00")
--- a/tests/v2_0/test_auth.py
+++ b/tests/v2_0/test_auth.py
@@ -25,7 +25,13 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase):
                "access": {
                    "token": {
                        "expires": "12345",
-                        "id": self.TEST_TOKEN
+                        "id": self.TEST_TOKEN,
+                        "tenant": {
+                            "id": self.TEST_TENANT_ID
+                        },
+                    },
+                    "user": {
+                        "id": self.TEST_USER
                    },
                    "serviceCatalog": self.TEST_SERVICE_CATALOG
                }