openstack/python-keystoneclient
Code Issues Proposed changes

Merge "Make ec2-credentials-* commands work properly for non-admin user"

Browse Source
This commit is contained in:
Jenkins
2012-03-07 18:16:17 +00:00
committed by Gerrit Code Review
parent 9c07999dd5 bdc0abbd81
commit 5c5918baac
5 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
keystoneclient/service_catalog.py
View File

@@ -31,9 +31,10 @@ class ServiceCatalog(object):
token = {'id': self.catalog['token']['id'], token = {'id': self.catalog['token']['id'],
'expires': self.catalog['token']['expires']} 'expires': self.catalog['token']['expires']}
try: try:
token['tenant'] = self.catalog['token']['tenant']['id'] token['user_id'] = self.catalog['user']['id']
token['tenant_id'] = self.catalog['token']['tenant']['id']
except: except:
# just leave the tenant out if it doesn't exist # just leave the tenant and user out if it doesn't exist
pass pass
return token return token

6
keystoneclient/v2_0/client.py
View File

@@ -113,7 +113,11 @@ class Client(client.HTTPClient):
""" Set the client's service catalog from the response data. """ """ Set the client's service catalog from the response data. """
self.service_catalog = service_catalog.ServiceCatalog(body) self.service_catalog = service_catalog.ServiceCatalog(body)
try: try:
self.auth_token = self.service_catalog.get_token()['id'] sc = self.service_catalog.get_token()
self.auth_token = sc['id']
# Save these since we have them and they'll be useful later
self.auth_tenant_id = sc['tenant_id']
self.auth_user_id = sc['user_id']
except KeyError: except KeyError:
raise exceptions.AuthorizationFailure() raise exceptions.AuthorizationFailure()

30
keystoneclient/v2_0/shell.py
View File

@@ -225,42 +225,58 @@ def do_user_role_remove(kc, args):
kc.roles.remove_user_role(args.user, args.role, args.tenant_id) kc.roles.remove_user_role(args.user, args.role, args.tenant_id)
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') @utils.arg('--user', metavar='<user-id>', help='User ID')
@utils.arg('--tenant_id', metavar='<tenant-id>', required=True, @utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
help='Tenant ID')
def do_ec2_credentials_create(kc, args): def do_ec2_credentials_create(kc, args):
"""Create EC2-compatibile credentials for user per tenant""" """Create EC2-compatibile credentials for user per tenant"""
if not args.tenant_id:
# use the authenticated tenant id as a default
args.tenant_id = kc.auth_tenant_id
if not args.user:
# use the authenticated user id as a default
args.user = kc.auth_user_id
credentials = kc.ec2.create(args.user, args.tenant_id) credentials = kc.ec2.create(args.user, args.tenant_id)
utils.print_dict(credentials._info) utils.print_dict(credentials._info)
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') @utils.arg('--user', metavar='<user-id>', help='User ID')
@utils.arg('--access', metavar='<access-key>', required=True, @utils.arg('--access', metavar='<access-key>', required=True,
help='Access Key') help='Access Key')
def do_ec2_credentials_get(kc, args): def do_ec2_credentials_get(kc, args):
"""Display EC2-compatibile credentials""" """Display EC2-compatibile credentials"""
if not args.user:
# use the authenticated user id as a default
args.user = kc.auth_user_id
cred = kc.ec2.get(args.user, args.access) cred = kc.ec2.get(args.user, args.access)
if cred: if cred:
utils.print_dict(cred._info) utils.print_dict(cred._info)
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') @utils.arg('--user', metavar='<user-id>', help='User ID')
def do_ec2_credentials_list(kc, args): def do_ec2_credentials_list(kc, args):
"""List EC2-compatibile credentials for a user""" """List EC2-compatibile credentials for a user"""
if not args.user:
# use the authenticated user id as a default
args.user = kc.auth_user_id
credentials = kc.ec2.list(args.user) credentials = kc.ec2.list(args.user)
for cred in credentials: for cred in credentials:
try: try:
cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name') cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name')
except: except:
pass # FIXME(dtroyer): Retrieving the tenant name fails for normal
# users; stuff in the tenant_id instead.
cred.tenant = cred.tenant_id
utils.print_list(credentials, ['tenant', 'access', 'secret']) utils.print_list(credentials, ['tenant', 'access', 'secret'])
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') @utils.arg('--user', metavar='<user-id>', help='User ID')
@utils.arg('--access', metavar='<access-key>', required=True, @utils.arg('--access', metavar='<access-key>', required=True,
help='Access Key') help='Access Key')
def do_ec2_credentials_delete(kc, args): def do_ec2_credentials_delete(kc, args):
"""Delete EC2-compatibile credentials""" """Delete EC2-compatibile credentials"""
if not args.user:
# use the authenticated user id as a default
args.user = kc.auth_user_id
try: try:
kc.ec2.delete(args.user, args.access) kc.ec2.delete(args.user, args.access)
print 'Credential has been deleted.' print 'Credential has been deleted.'

3
tests/test_service_catalog.py
View File

@@ -122,7 +122,8 @@ class ServiceCatalogTest(utils.TestCase):
self.assertEquals(sc.get_token(), self.assertEquals(sc.get_token(),
{'id': 'ab48a9efdfedb23ty3494', {'id': 'ab48a9efdfedb23ty3494',
'tenant': '345', 'tenant_id': '345',
'user_id': '123',
'expires': '2010-11-01T03:32:15-05:00'}) 'expires': '2010-11-01T03:32:15-05:00'})
self.assertEquals(sc.catalog['token']['expires'], self.assertEquals(sc.catalog['token']['expires'],
"2010-11-01T03:32:15-05:00") "2010-11-01T03:32:15-05:00")

8
tests/v2_0/test_auth.py
View File

@@ -25,7 +25,13 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase):
"access": { "access": {
"token": { "token": {
"expires": "12345", "expires": "12345",
"id": self.TEST_TOKEN "id": self.TEST_TOKEN,
"tenant": {
"id": self.TEST_TENANT_ID
},
},
"user": {
"id": self.TEST_USER
}, },
"serviceCatalog": self.TEST_SERVICE_CATALOG "serviceCatalog": self.TEST_SERVICE_CATALOG
} }