From bdc0abbd81a7988188adaae2af22006274a23801 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Tue, 6 Mar 2012 12:08:42 -0600 Subject: [PATCH] Make ec2-credentials-* commands work properly for non-admin user * Add user id to token-get output * Save authenticated user and tenant IDs in client in Client._extract_service_catalog() * Handle default user and tenant IDs in ec2-credentials-* commands Fixed bug 947011 Change-Id: I97750f666ba03f32f0bb1be0c2df5ad8a321b433 --- keystoneclient/service_catalog.py | 5 +++-- keystoneclient/v2_0/client.py | 6 +++++- keystoneclient/v2_0/shell.py | 30 +++++++++++++++++++++++------- tests/test_service_catalog.py | 3 ++- tests/v2_0/test_auth.py | 8 +++++++- 5 files changed, 40 insertions(+), 12 deletions(-) diff --git a/keystoneclient/service_catalog.py b/keystoneclient/service_catalog.py index 91ac17032..eb0941b40 100644 --- a/keystoneclient/service_catalog.py +++ b/keystoneclient/service_catalog.py @@ -31,9 +31,10 @@ class ServiceCatalog(object): token = {'id': self.catalog['token']['id'], 'expires': self.catalog['token']['expires']} try: - token['tenant'] = self.catalog['token']['tenant']['id'] + token['user_id'] = self.catalog['user']['id'] + token['tenant_id'] = self.catalog['token']['tenant']['id'] except: - # just leave the tenant out if it doesn't exist + # just leave the tenant and user out if it doesn't exist pass return token diff --git a/keystoneclient/v2_0/client.py b/keystoneclient/v2_0/client.py index a609b8700..fb59ffc27 100644 --- a/keystoneclient/v2_0/client.py +++ b/keystoneclient/v2_0/client.py @@ -113,7 +113,11 @@ class Client(client.HTTPClient): """ Set the client's service catalog from the response data. """ self.service_catalog = service_catalog.ServiceCatalog(body) try: - self.auth_token = self.service_catalog.get_token()['id'] + sc = self.service_catalog.get_token() + self.auth_token = sc['id'] + # Save these since we have them and they'll be useful later + self.auth_tenant_id = sc['tenant_id'] + self.auth_user_id = sc['user_id'] except KeyError: raise exceptions.AuthorizationFailure() diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py index 6825b16b8..91d0b23c7 100755 --- a/keystoneclient/v2_0/shell.py +++ b/keystoneclient/v2_0/shell.py @@ -225,42 +225,58 @@ def do_user_role_remove(kc, args): kc.roles.remove_user_role(args.user, args.role, args.tenant_id) -@utils.arg('--user', metavar='', required=True, help='User ID') -@utils.arg('--tenant_id', metavar='', required=True, - help='Tenant ID') +@utils.arg('--user', metavar='', help='User ID') +@utils.arg('--tenant_id', metavar='', help='Tenant ID') def do_ec2_credentials_create(kc, args): """Create EC2-compatibile credentials for user per tenant""" + if not args.tenant_id: + # use the authenticated tenant id as a default + args.tenant_id = kc.auth_tenant_id + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id credentials = kc.ec2.create(args.user, args.tenant_id) utils.print_dict(credentials._info) -@utils.arg('--user', metavar='', required=True, help='User ID') +@utils.arg('--user', metavar='', help='User ID') @utils.arg('--access', metavar='', required=True, help='Access Key') def do_ec2_credentials_get(kc, args): """Display EC2-compatibile credentials""" + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id cred = kc.ec2.get(args.user, args.access) if cred: utils.print_dict(cred._info) -@utils.arg('--user', metavar='', required=True, help='User ID') +@utils.arg('--user', metavar='', help='User ID') def do_ec2_credentials_list(kc, args): """List EC2-compatibile credentials for a user""" + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id credentials = kc.ec2.list(args.user) for cred in credentials: try: cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name') except: - pass + # FIXME(dtroyer): Retrieving the tenant name fails for normal + # users; stuff in the tenant_id instead. + cred.tenant = cred.tenant_id utils.print_list(credentials, ['tenant', 'access', 'secret']) -@utils.arg('--user', metavar='', required=True, help='User ID') +@utils.arg('--user', metavar='', help='User ID') @utils.arg('--access', metavar='', required=True, help='Access Key') def do_ec2_credentials_delete(kc, args): """Delete EC2-compatibile credentials""" + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id try: kc.ec2.delete(args.user, args.access) print 'Credential has been deleted.' diff --git a/tests/test_service_catalog.py b/tests/test_service_catalog.py index cba2164db..bef0d52de 100644 --- a/tests/test_service_catalog.py +++ b/tests/test_service_catalog.py @@ -122,7 +122,8 @@ class ServiceCatalogTest(utils.TestCase): self.assertEquals(sc.get_token(), {'id': 'ab48a9efdfedb23ty3494', - 'tenant': '345', + 'tenant_id': '345', + 'user_id': '123', 'expires': '2010-11-01T03:32:15-05:00'}) self.assertEquals(sc.catalog['token']['expires'], "2010-11-01T03:32:15-05:00") diff --git a/tests/v2_0/test_auth.py b/tests/v2_0/test_auth.py index 1b8f22ea2..8bc4edac4 100644 --- a/tests/v2_0/test_auth.py +++ b/tests/v2_0/test_auth.py @@ -25,7 +25,13 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase): "access": { "token": { "expires": "12345", - "id": self.TEST_TOKEN + "id": self.TEST_TOKEN, + "tenant": { + "id": self.TEST_TENANT_ID + }, + }, + "user": { + "id": self.TEST_USER }, "serviceCatalog": self.TEST_SERVICE_CATALOG }