openstack/python-keystoneclient
Code Issues Proposed changes

Change CLIAuth arg names

Browse Source 
Change the argument names used for common Keystone authentication per the
updated http://wiki.openstack.org/CLIAuth:

--auth_url -> --os_auth_url
--password -> --os_password
--username -> --os_username
--tenant_id -> os_tenant_id
--tenant_name -> os_tenant_name
--region -> os_region_name

All old args are depricated but available for backward compatibility.

Fixes bug 954532

Change-Id: I26f8e0cf491549f5836c4079ff86e4823c0ef9a7
This commit is contained in:
Dean Troyer
2012-03-13 23:43:53 -05:00
parent 5c223fb641
commit 9dc4e6a8e1
4 changed files with 124 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
README.rst
View File

@@ -41,15 +41,15 @@ Command-line API
Installing this package gets you a shell command, ``keystone``, that you Installing this package gets you a shell command, ``keystone``, that you
can use to interact with Keystone's Identity API. can use to interact with Keystone's Identity API.
You'll need to provide your OpenStack tenant, username and password. You can do this You'll need to provide your OpenStack tenant, username and password. You can
with the ``tenant_name``, ``--username`` and ``--password`` params, but it's do this with the ``--os_tenant_name``, ``--os_username`` and ``--os_password``
easier to just set them as environment variables:: params, but it's easier to just set them as environment variables::
export OS_TENANT_NAME=project export OS_TENANT_NAME=project
export OS_USERNAME=user export OS_USERNAME=user
export OS_PASSWORD=pass export OS_PASSWORD=pass
You will also need to define the authentication url with ``--auth_url`` and the You will also need to define the authentication url with ``--os_auth_url`` and the
version of the API with ``--identity_api_version``. Or set them as an environment version of the API with ``--identity_api_version``. Or set them as an environment
variables as well:: variables as well::
@@ -73,9 +73,10 @@ can specify the one you want with ``--region_name`` (or
You'll find complete documentation on the shell by running You'll find complete documentation on the shell by running
``keystone help``:: ``keystone help``::
usage: keystone [--username USERNAME] [--password PASSWORD] usage: keystone [--os_username OS_USERNAME] [--os_password OS_PASSWORD]
[--tenant_name TENANT_NAME] [--tenant_id TENANT_ID] [--os_tenant_name OS_TENANT_NAME]
[--auth_url AUTH_URL] [--region_name REGION_NAME] [--os_tenant_id OS_TENANT_ID] [--os_auth_url OS_AUTH_URL]
[--os_region_name OS_REGION_NAME]
[--identity_api_version IDENTITY_API_VERSION] [--token TOKEN] [--identity_api_version IDENTITY_API_VERSION] [--token TOKEN]
[--endpoint ENDPOINT] [--endpoint ENDPOINT]
<subcommand> ... <subcommand> ...
@@ -89,10 +90,15 @@ You'll find complete documentation on the shell by running
Create EC2-compatibile credentials for user per tenant Create EC2-compatibile credentials for user per tenant
ec2-credentials-delete ec2-credentials-delete
Delete EC2-compatibile credentials Delete EC2-compatibile credentials
ec2-credentials-get
Display EC2-compatibile credentials
ec2-credentials-list ec2-credentials-list
List EC2-compatibile credentials for a user List EC2-compatibile credentials for a user
endpoint-create Create a new endpoint associated with a service
endpoint-delete Delete a service endpoint
endpoint-get Find endpoint filtered by a specific attribute or endpoint-get Find endpoint filtered by a specific attribute or
service type service type
endpoint-list List configured service endpoints
role-create Create new role role-create Create new role
role-delete Delete role role-delete Delete role
role-get Display role details role-get Display role details
@@ -121,14 +127,17 @@ You'll find complete documentation on the shell by running
subcommands. subcommands.
Optional arguments: Optional arguments:
--username USERNAME Defaults to env[OS_USERNAME] --os_username OS_USERNAME
--password PASSWORD Defaults to env[OS_PASSWORD] Defaults to env[OS_USERNAME]
--tenant_name TENANT_NAME --os_password OS_PASSWORD
Defaults to env[OS_PASSWORD]
--os_tenant_name OS_TENANT_NAME
Defaults to env[OS_TENANT_NAME] Defaults to env[OS_TENANT_NAME]
--tenant_id TENANT_ID --os_tenant_id OS_TENANT_ID
Defaults to env[OS_TENANT_ID] Defaults to env[OS_TENANT_ID]
--auth_url AUTH_URL Defaults to env[OS_AUTH_URL] --os_auth_url OS_AUTH_URL
--region_name REGION_NAME Defaults to env[OS_AUTH_URL]
--os_region_name OS_REGION_NAME
Defaults to env[OS_REGION_NAME] Defaults to env[OS_REGION_NAME]
--identity_api_version IDENTITY_API_VERSION --identity_api_version IDENTITY_API_VERSION
Defaults to env[OS_IDENTITY_API_VERSION] or 2.0 Defaults to env[OS_IDENTITY_API_VERSION] or 2.0

4
docs/shell.rst
View File

@@ -16,8 +16,8 @@ First, you'll need an OpenStack Keystone account. You get this by using the
`keystone-manage` command in OpenStack Keystone. `keystone-manage` command in OpenStack Keystone.
You'll need to provide :program:`keystone` with your OpenStack username and You'll need to provide :program:`keystone` with your OpenStack username and
password. You can do this with the :option:`--username`, :option:`--password`. password. You can do this with the :option:`--os_username`, :option:`--os_password`.
You can optionally specify a :option:`--tenant_id` or :option:`--tenant_name`, You can optionally specify a :option:`--os_tenant_id` or :option:`--os_tenant_name`,
to scope your token to a specific tenant. If you don't specify a tenant, you to scope your token to a specific tenant. If you don't specify a tenant, you
will be scoped to your default tenant if you have one. Instead of using will be scoped to your default tenant if you have one. Instead of using
options, it is easier to just set them as environment variables: options, it is easier to just set them as environment variables:

97
keystoneclient/shell.py
View File

@@ -66,42 +66,64 @@ class OpenStackIdentityShell(object):
action='store_true', action='store_true',
help=argparse.SUPPRESS) help=argparse.SUPPRESS)
parser.add_argument('--username', parser.add_argument('--os_username', metavar='<auth-user-name>',
default=env('OS_USERNAME'), default=env('OS_USERNAME'),
help='Defaults to env[OS_USERNAME]') help='Defaults to env[OS_USERNAME]')
parser.add_argument('--password', parser.add_argument('--os_password', metavar='<auth-password>',
default=env('OS_PASSWORD'), default=env('OS_PASSWORD'),
help='Defaults to env[OS_PASSWORD]') help='Defaults to env[OS_PASSWORD]')
parser.add_argument('--tenant_name', parser.add_argument('--os_tenant_name', metavar='<auth-tenant-name>',
default=env('OS_TENANT_NAME'), default=env('OS_TENANT_NAME'),
help='Defaults to env[OS_TENANT_NAME]') help='Defaults to env[OS_TENANT_NAME]')
parser.add_argument('--tenant_id', parser.add_argument('--os_tenant_id', metavar='<tenant-id>',
default=env('OS_TENANT_ID'), dest='os_tenant_id', default=env('OS_TENANT_ID'),
help='Defaults to env[OS_TENANT_ID]') help='Defaults to env[OS_TENANT_ID]')
parser.add_argument('--auth_url', parser.add_argument('--os_auth_url', metavar='<auth-url>',
default=env('OS_AUTH_URL'), default=env('OS_AUTH_URL'),
help='Defaults to env[OS_AUTH_URL]') help='Defaults to env[OS_AUTH_URL]')
parser.add_argument('--region_name', parser.add_argument('--os_region_name', metavar='<region-name>',
default=env('OS_REGION_NAME'), default=env('OS_REGION_NAME'),
help='Defaults to env[OS_REGION_NAME]') help='Defaults to env[OS_REGION_NAME]')
parser.add_argument('--identity_api_version', parser.add_argument('--os_identity_api_version',
metavar='<identity-api-version>',
default=env('OS_IDENTITY_API_VERSION', 'KEYSTONE_VERSION'), default=env('OS_IDENTITY_API_VERSION', 'KEYSTONE_VERSION'),
help='Defaults to env[OS_IDENTITY_API_VERSION] or 2.0') help='Defaults to env[OS_IDENTITY_API_VERSION] or 2.0')
parser.add_argument('--token', parser.add_argument('--token', metavar='<service-token>',
default=env('SERVICE_TOKEN'), default=env('SERVICE_TOKEN'),
help='Defaults to env[SERVICE_TOKEN]') help='Defaults to env[SERVICE_TOKEN]')
parser.add_argument('--endpoint', parser.add_argument('--endpoint', metavar='<service-endpoint>',
default=env('SERVICE_ENDPOINT'), default=env('SERVICE_ENDPOINT'),
help='Defaults to env[SERVICE_ENDPOINT]') help='Defaults to env[SERVICE_ENDPOINT]')
# FIXME(dtroyer): The args below are here for diablo compatibility,
# remove them in folsum cycle
parser.add_argument('--username', metavar='<auth-user-name>',
help='Deprecated')
parser.add_argument('--password', metavar='<auth-password>',
help='Deprecated')
parser.add_argument('--tenant_name', metavar='<tenant-name>',
help='Deprecated')
parser.add_argument('--tenant_id', metavar='<tenant-id>',
help='Deprecated')
parser.add_argument('--auth_url', metavar='<auth-url>',
help='Deprecated')
parser.add_argument('--region_name', metavar='<region-name>',
help='Deprecated')
return parser return parser
def get_subcommand_parser(self, version): def get_subcommand_parser(self, version):
@@ -153,7 +175,7 @@ class OpenStackIdentityShell(object):
(options, args) = parser.parse_known_args(argv) (options, args) = parser.parse_known_args(argv)
# build available subcommands based on version # build available subcommands based on version
api_version = options.identity_api_version api_version = options.os_identity_api_version
subcommand_parser = self.get_subcommand_parser(api_version) subcommand_parser = self.get_subcommand_parser(api_version)
self.parser = subcommand_parser self.parser = subcommand_parser
@@ -180,36 +202,57 @@ class OpenStackIdentityShell(object):
if not utils.isunauthenticated(args.func): if not utils.isunauthenticated(args.func):
if not (args.token and args.endpoint): if not (args.token and args.endpoint):
if not args.username: if not args.os_username:
raise exc.CommandError("You must provide a username " if not args.username:
"via either --username or env[OS_USERNAME]") raise exc.CommandError("You must provide a username "
"via either --os_username or env[OS_USERNAME]")
else:
args.os_username = args.username
if not args.password: if not args.os_password:
raise exc.CommandError("You must provide a password " if not args.password:
"via either --password or env[OS_PASSWORD]") raise exc.CommandError("You must provide a password "
"via either --os_password or env[OS_PASSWORD]")
else:
args.os_password = args.password
if not args.auth_url: if not args.os_auth_url:
raise exc.CommandError("You must provide an auth url " if not args.auth_url:
"via either --auth_url or via env[OS_AUTH_URL]") raise exc.CommandError("You must provide an auth url "
"via either --os_auth_url or via "
"env[OS_AUTH_URL]")
else:
args.os_auth_url = args.auth_url
if not args.os_tenant_name and args.tenant_name:
args.os_tenant_name = args.tenant_name
if not args.os_tenant_id and args.tenant_id:
args.os_tenant_id = args.tenant_id
if not args.os_region_name and args.region_name:
args.os_region_name = args.region_name
if utils.isunauthenticated(args.func): if utils.isunauthenticated(args.func):
self.cs = shell_generic.CLIENT_CLASS(endpoint=args.auth_url) if not args.os_auth_url and args.auth_url:
args.os_auth_url = args.auth_url
self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url)
else: else:
token = None token = None
endpoint = None endpoint = None
if args.token and args.endpoint: if args.token and args.endpoint:
token = args.token token = args.token
endpoint = args.endpoint endpoint = args.endpoint
api_version = options.identity_api_version api_version = options.os_identity_api_version
self.cs = self.get_api_class(api_version)( self.cs = self.get_api_class(api_version)(
username=args.username, username=args.os_username,
tenant_name=args.tenant_name, tenant_name=args.os_tenant_name,
tenant_id=args.os_tenant_id, tenant_id=args.os_tenant_id,
token=token, token=token,
endpoint=endpoint, endpoint=endpoint,
password=args.password, password=args.os_password,
auth_url=args.auth_url, auth_url=args.os_auth_url,
region_name=args.region_name) region_name=args.os_region_name)
try: try:
args.func(self.cs, args) args.func(self.cs, args)

54
tests/test_shell.py
View File

@@ -54,17 +54,20 @@ class ShellTest(utils.TestCase):
shell('user-list') shell('user-list')
assert do_tenant_mock.called assert do_tenant_mock.called
((a, b), c) = do_tenant_mock.call_args ((a, b), c) = do_tenant_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id, assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID, (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '') DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
shell('--auth_url http://0.0.0.0:5000/ --password xyzpdq ' shell('--os_auth_url http://0.0.0.0:5000/ --os_password xyzpdq '
'--tenant_id 1234 --tenant_name fred --username barney ' '--os_tenant_id 1234 --os_tenant_name fred '
'--identity_api_version 2.0 user-list') '--os_username barney '
'--os_identity_api_version 2.0 user-list')
assert do_tenant_mock.called assert do_tenant_mock.called
((a, b), c) = do_tenant_mock.call_args ((a, b), c) = do_tenant_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id, assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
('http://0.0.0.0:5000/', 'xyzpdq', '1234', ('http://0.0.0.0:5000/', 'xyzpdq', '1234',
'fred', 'barney', '2.0') 'fred', 'barney', '2.0')
@@ -82,23 +85,23 @@ class ShellTest(utils.TestCase):
'--pass=secrete --tenant_id=barrr --enabled=true') '--pass=secrete --tenant_id=barrr --enabled=true')
assert do_uc_mock.called assert do_uc_mock.called
((a, b), c) = do_uc_mock.call_args ((a, b), c) = do_uc_mock.call_args
# restore os_tenant_id when review 4295 is merged assert (b.os_auth_url, b.os_password, b.os_tenant_id,
assert (b.auth_url, b.password, # b.os_tenant_id, b.os_tenant_name, b.os_username,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, # DEFAULT_TENANT_ID, (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '') DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.name, b.passwd, b.enabled) == \ assert (b.tenant_id, b.name, b.passwd, b.enabled) == \
('barrr', 'FOO', 'secrete', 'true') ('barrr', 'FOO', 'secrete', 'true')
# Test case with two --tenant_id args present # Test case with --os_tenant_id and --tenant_id args present
shell('--tenant_id=os-tenant user-create --name=FOO ' shell('--os_tenant_id=os-tenant user-create --name=FOO '
'--pass=secrete --tenant_id=barrr --enabled=true') '--pass=secrete --tenant_id=barrr --enabled=true')
assert do_uc_mock.called assert do_uc_mock.called
((a, b), c) = do_uc_mock.call_args ((a, b), c) = do_uc_mock.call_args
# restore os_tenant_id when review 4295 is merged assert (b.os_auth_url, b.os_password, b.os_tenant_id,
assert (b.auth_url, b.password, # b.os_tenant_id, b.os_tenant_name, b.os_username,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, # 'os-tenant', (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, 'os-tenant',
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '') DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.name, b.passwd, b.enabled) == \ assert (b.tenant_id, b.name, b.passwd, b.enabled) == \
('barrr', 'FOO', 'secrete', 'true') ('barrr', 'FOO', 'secrete', 'true')
@@ -136,19 +139,21 @@ class ShellTest(utils.TestCase):
'--tenant_id=ec2-tenant --user=ec2-user') '--tenant_id=ec2-tenant --user=ec2-user')
assert do_ec2_mock.called assert do_ec2_mock.called
((a, b), c) = do_ec2_mock.call_args ((a, b), c) = do_ec2_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id, assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID, (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '') DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.user) == ('ec2-tenant', 'ec2-user') assert (b.tenant_id, b.user) == ('ec2-tenant', 'ec2-user')
# Test case with two --tenant_id args present # Test case with two --tenant_id args present
shell('--tenant_id=os-tenant ec2-credentials-create ' shell('--os_tenant_id=os-tenant ec2-credentials-create '
'--tenant_id=ec2-tenant --user=ec2-user') '--tenant_id=ec2-tenant --user=ec2-user')
assert do_ec2_mock.called assert do_ec2_mock.called
((a, b), c) = do_ec2_mock.call_args ((a, b), c) = do_ec2_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id, assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, 'os-tenant', (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, 'os-tenant',
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '') DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.user) == ('ec2-tenant', 'ec2-user') assert (b.tenant_id, b.user) == ('ec2-tenant', 'ec2-user')
@@ -190,8 +195,9 @@ class ShellTest(utils.TestCase):
'--adminurl=http://example.com:9876/adm') '--adminurl=http://example.com:9876/adm')
assert do_shell_mock.called assert do_shell_mock.called
((a, b), c) = do_shell_mock.call_args ((a, b), c) = do_shell_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id, assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \ b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID, (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '') DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.service_id, b.publicurl, b.adminurl) == ('2', assert (b.service_id, b.publicurl, b.adminurl) == ('2',