Merge "Make ec2-credentials-* commands work properly for non-admin user"
This commit is contained in:
@@ -31,9 +31,10 @@ class ServiceCatalog(object):
|
|||||||
token = {'id': self.catalog['token']['id'],
|
token = {'id': self.catalog['token']['id'],
|
||||||
'expires': self.catalog['token']['expires']}
|
'expires': self.catalog['token']['expires']}
|
||||||
try:
|
try:
|
||||||
token['tenant'] = self.catalog['token']['tenant']['id']
|
token['user_id'] = self.catalog['user']['id']
|
||||||
|
token['tenant_id'] = self.catalog['token']['tenant']['id']
|
||||||
except:
|
except:
|
||||||
# just leave the tenant out if it doesn't exist
|
# just leave the tenant and user out if it doesn't exist
|
||||||
pass
|
pass
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
@@ -113,7 +113,11 @@ class Client(client.HTTPClient):
|
|||||||
""" Set the client's service catalog from the response data. """
|
""" Set the client's service catalog from the response data. """
|
||||||
self.service_catalog = service_catalog.ServiceCatalog(body)
|
self.service_catalog = service_catalog.ServiceCatalog(body)
|
||||||
try:
|
try:
|
||||||
self.auth_token = self.service_catalog.get_token()['id']
|
sc = self.service_catalog.get_token()
|
||||||
|
self.auth_token = sc['id']
|
||||||
|
# Save these since we have them and they'll be useful later
|
||||||
|
self.auth_tenant_id = sc['tenant_id']
|
||||||
|
self.auth_user_id = sc['user_id']
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise exceptions.AuthorizationFailure()
|
raise exceptions.AuthorizationFailure()
|
||||||
|
|
||||||
|
@@ -225,42 +225,58 @@ def do_user_role_remove(kc, args):
|
|||||||
kc.roles.remove_user_role(args.user, args.role, args.tenant_id)
|
kc.roles.remove_user_role(args.user, args.role, args.tenant_id)
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
@utils.arg('--user', metavar='<user-id>', help='User ID')
|
||||||
@utils.arg('--tenant_id', metavar='<tenant-id>', required=True,
|
@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
|
||||||
help='Tenant ID')
|
|
||||||
def do_ec2_credentials_create(kc, args):
|
def do_ec2_credentials_create(kc, args):
|
||||||
"""Create EC2-compatibile credentials for user per tenant"""
|
"""Create EC2-compatibile credentials for user per tenant"""
|
||||||
|
if not args.tenant_id:
|
||||||
|
# use the authenticated tenant id as a default
|
||||||
|
args.tenant_id = kc.auth_tenant_id
|
||||||
|
if not args.user:
|
||||||
|
# use the authenticated user id as a default
|
||||||
|
args.user = kc.auth_user_id
|
||||||
credentials = kc.ec2.create(args.user, args.tenant_id)
|
credentials = kc.ec2.create(args.user, args.tenant_id)
|
||||||
utils.print_dict(credentials._info)
|
utils.print_dict(credentials._info)
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
@utils.arg('--user', metavar='<user-id>', help='User ID')
|
||||||
@utils.arg('--access', metavar='<access-key>', required=True,
|
@utils.arg('--access', metavar='<access-key>', required=True,
|
||||||
help='Access Key')
|
help='Access Key')
|
||||||
def do_ec2_credentials_get(kc, args):
|
def do_ec2_credentials_get(kc, args):
|
||||||
"""Display EC2-compatibile credentials"""
|
"""Display EC2-compatibile credentials"""
|
||||||
|
if not args.user:
|
||||||
|
# use the authenticated user id as a default
|
||||||
|
args.user = kc.auth_user_id
|
||||||
cred = kc.ec2.get(args.user, args.access)
|
cred = kc.ec2.get(args.user, args.access)
|
||||||
if cred:
|
if cred:
|
||||||
utils.print_dict(cred._info)
|
utils.print_dict(cred._info)
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
@utils.arg('--user', metavar='<user-id>', help='User ID')
|
||||||
def do_ec2_credentials_list(kc, args):
|
def do_ec2_credentials_list(kc, args):
|
||||||
"""List EC2-compatibile credentials for a user"""
|
"""List EC2-compatibile credentials for a user"""
|
||||||
|
if not args.user:
|
||||||
|
# use the authenticated user id as a default
|
||||||
|
args.user = kc.auth_user_id
|
||||||
credentials = kc.ec2.list(args.user)
|
credentials = kc.ec2.list(args.user)
|
||||||
for cred in credentials:
|
for cred in credentials:
|
||||||
try:
|
try:
|
||||||
cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name')
|
cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name')
|
||||||
except:
|
except:
|
||||||
pass
|
# FIXME(dtroyer): Retrieving the tenant name fails for normal
|
||||||
|
# users; stuff in the tenant_id instead.
|
||||||
|
cred.tenant = cred.tenant_id
|
||||||
utils.print_list(credentials, ['tenant', 'access', 'secret'])
|
utils.print_list(credentials, ['tenant', 'access', 'secret'])
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
|
@utils.arg('--user', metavar='<user-id>', help='User ID')
|
||||||
@utils.arg('--access', metavar='<access-key>', required=True,
|
@utils.arg('--access', metavar='<access-key>', required=True,
|
||||||
help='Access Key')
|
help='Access Key')
|
||||||
def do_ec2_credentials_delete(kc, args):
|
def do_ec2_credentials_delete(kc, args):
|
||||||
"""Delete EC2-compatibile credentials"""
|
"""Delete EC2-compatibile credentials"""
|
||||||
|
if not args.user:
|
||||||
|
# use the authenticated user id as a default
|
||||||
|
args.user = kc.auth_user_id
|
||||||
try:
|
try:
|
||||||
kc.ec2.delete(args.user, args.access)
|
kc.ec2.delete(args.user, args.access)
|
||||||
print 'Credential has been deleted.'
|
print 'Credential has been deleted.'
|
||||||
|
@@ -122,7 +122,8 @@ class ServiceCatalogTest(utils.TestCase):
|
|||||||
|
|
||||||
self.assertEquals(sc.get_token(),
|
self.assertEquals(sc.get_token(),
|
||||||
{'id': 'ab48a9efdfedb23ty3494',
|
{'id': 'ab48a9efdfedb23ty3494',
|
||||||
'tenant': '345',
|
'tenant_id': '345',
|
||||||
|
'user_id': '123',
|
||||||
'expires': '2010-11-01T03:32:15-05:00'})
|
'expires': '2010-11-01T03:32:15-05:00'})
|
||||||
self.assertEquals(sc.catalog['token']['expires'],
|
self.assertEquals(sc.catalog['token']['expires'],
|
||||||
"2010-11-01T03:32:15-05:00")
|
"2010-11-01T03:32:15-05:00")
|
||||||
|
@@ -25,7 +25,13 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase):
|
|||||||
"access": {
|
"access": {
|
||||||
"token": {
|
"token": {
|
||||||
"expires": "12345",
|
"expires": "12345",
|
||||||
"id": self.TEST_TOKEN
|
"id": self.TEST_TOKEN,
|
||||||
|
"tenant": {
|
||||||
|
"id": self.TEST_TENANT_ID
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"user": {
|
||||||
|
"id": self.TEST_USER
|
||||||
},
|
},
|
||||||
"serviceCatalog": self.TEST_SERVICE_CATALOG
|
"serviceCatalog": self.TEST_SERVICE_CATALOG
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user