openstack/python-keystoneclient
Code Issues Proposed changes

Change CLIAuth arg names

Browse Source 
Change the argument names used for common Keystone authentication per the
updated http://wiki.openstack.org/CLIAuth:

--auth_url -> --os_auth_url
--password -> --os_password
--username -> --os_username
--tenant_id -> os_tenant_id
--tenant_name -> os_tenant_name
--region -> os_region_name

All old args are depricated but available for backward compatibility.

Fixes bug 954532

Change-Id: I26f8e0cf491549f5836c4079ff86e4823c0ef9a7
This commit is contained in:
Dean Troyer
2012-03-13 23:43:53 -05:00
parent 5c223fb641
commit 9dc4e6a8e1
4 changed files with 124 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
README.rst
View File

@@ -41,15 +41,15 @@ Command-line API
Installing this package gets you a shell command, ``keystone``, that you
can use to interact with Keystone's Identity API.
You'll need to provide your OpenStack tenant, username and password. You can do this
with the ``tenant_name``, ``--username`` and ``--password`` params, but it's
easier to just set them as environment variables::
You'll need to provide your OpenStack tenant, username and password. You can
do this with the ``--os_tenant_name``, ``--os_username`` and ``--os_password``
params, but it's easier to just set them as environment variables::
export OS_TENANT_NAME=project
export OS_USERNAME=user
export OS_PASSWORD=pass
You will also need to define the authentication url with ``--auth_url`` and the
You will also need to define the authentication url with ``--os_auth_url`` and the
version of the API with ``--identity_api_version``. Or set them as an environment
variables as well::
@@ -73,9 +73,10 @@ can specify the one you want with ``--region_name`` (or
You'll find complete documentation on the shell by running
``keystone help``::
usage: keystone [--username USERNAME] [--password PASSWORD]
[--tenant_name TENANT_NAME] [--tenant_id TENANT_ID]
[--auth_url AUTH_URL] [--region_name REGION_NAME]
usage: keystone [--os_username OS_USERNAME] [--os_password OS_PASSWORD]
[--os_tenant_name OS_TENANT_NAME]
[--os_tenant_id OS_TENANT_ID] [--os_auth_url OS_AUTH_URL]
[--os_region_name OS_REGION_NAME]
[--identity_api_version IDENTITY_API_VERSION] [--token TOKEN]
[--endpoint ENDPOINT]
<subcommand> ...
@@ -89,10 +90,15 @@ You'll find complete documentation on the shell by running
Create EC2-compatibile credentials for user per tenant
ec2-credentials-delete
Delete EC2-compatibile credentials
ec2-credentials-get
Display EC2-compatibile credentials
ec2-credentials-list
List EC2-compatibile credentials for a user
endpoint-create Create a new endpoint associated with a service
endpoint-delete Delete a service endpoint
endpoint-get Find endpoint filtered by a specific attribute or
service type
endpoint-list List configured service endpoints
role-create Create new role
role-delete Delete role
role-get Display role details
@@ -121,14 +127,17 @@ You'll find complete documentation on the shell by running
subcommands.
Optional arguments:
--username USERNAME Defaults to env[OS_USERNAME]
--password PASSWORD Defaults to env[OS_PASSWORD]
--tenant_name TENANT_NAME
--os_username OS_USERNAME
Defaults to env[OS_USERNAME]
--os_password OS_PASSWORD
Defaults to env[OS_PASSWORD]
--os_tenant_name OS_TENANT_NAME
Defaults to env[OS_TENANT_NAME]
--tenant_id TENANT_ID
--os_tenant_id OS_TENANT_ID
Defaults to env[OS_TENANT_ID]
--auth_url AUTH_URL Defaults to env[OS_AUTH_URL]
--region_name REGION_NAME
--os_auth_url OS_AUTH_URL
Defaults to env[OS_AUTH_URL]
--os_region_name OS_REGION_NAME
Defaults to env[OS_REGION_NAME]
--identity_api_version IDENTITY_API_VERSION
Defaults to env[OS_IDENTITY_API_VERSION] or 2.0

4
docs/shell.rst
View File

@@ -16,8 +16,8 @@ First, you'll need an OpenStack Keystone account. You get this by using the
`keystone-manage` command in OpenStack Keystone.
You'll need to provide :program:`keystone` with your OpenStack username and
password. You can do this with the :option:`--username`, :option:`--password`.
You can optionally specify a :option:`--tenant_id` or :option:`--tenant_name`,
password. You can do this with the :option:`--os_username`, :option:`--os_password`.
You can optionally specify a :option:`--os_tenant_id` or :option:`--os_tenant_name`,
to scope your token to a specific tenant. If you don't specify a tenant, you
will be scoped to your default tenant if you have one. Instead of using
options, it is easier to just set them as environment variables:

85
keystoneclient/shell.py
View File

@@ -66,42 +66,64 @@ class OpenStackIdentityShell(object):
action='store_true',
help=argparse.SUPPRESS)
parser.add_argument('--username',
parser.add_argument('--os_username', metavar='<auth-user-name>',
default=env('OS_USERNAME'),
help='Defaults to env[OS_USERNAME]')
parser.add_argument('--password',
parser.add_argument('--os_password', metavar='<auth-password>',
default=env('OS_PASSWORD'),
help='Defaults to env[OS_PASSWORD]')
parser.add_argument('--tenant_name',
parser.add_argument('--os_tenant_name', metavar='<auth-tenant-name>',
default=env('OS_TENANT_NAME'),
help='Defaults to env[OS_TENANT_NAME]')
parser.add_argument('--tenant_id',
default=env('OS_TENANT_ID'), dest='os_tenant_id',
parser.add_argument('--os_tenant_id', metavar='<tenant-id>',
default=env('OS_TENANT_ID'),
help='Defaults to env[OS_TENANT_ID]')
parser.add_argument('--auth_url',
parser.add_argument('--os_auth_url', metavar='<auth-url>',
default=env('OS_AUTH_URL'),
help='Defaults to env[OS_AUTH_URL]')
parser.add_argument('--region_name',
parser.add_argument('--os_region_name', metavar='<region-name>',
default=env('OS_REGION_NAME'),
help='Defaults to env[OS_REGION_NAME]')
parser.add_argument('--identity_api_version',
parser.add_argument('--os_identity_api_version',
metavar='<identity-api-version>',
default=env('OS_IDENTITY_API_VERSION', 'KEYSTONE_VERSION'),
help='Defaults to env[OS_IDENTITY_API_VERSION] or 2.0')
parser.add_argument('--token',
parser.add_argument('--token', metavar='<service-token>',
default=env('SERVICE_TOKEN'),
help='Defaults to env[SERVICE_TOKEN]')
parser.add_argument('--endpoint',
parser.add_argument('--endpoint', metavar='<service-endpoint>',
default=env('SERVICE_ENDPOINT'),
help='Defaults to env[SERVICE_ENDPOINT]')
# FIXME(dtroyer): The args below are here for diablo compatibility,
# remove them in folsum cycle
parser.add_argument('--username', metavar='<auth-user-name>',
help='Deprecated')
parser.add_argument('--password', metavar='<auth-password>',
help='Deprecated')
parser.add_argument('--tenant_name', metavar='<tenant-name>',
help='Deprecated')
parser.add_argument('--tenant_id', metavar='<tenant-id>',
help='Deprecated')
parser.add_argument('--auth_url', metavar='<auth-url>',
help='Deprecated')
parser.add_argument('--region_name', metavar='<region-name>',
help='Deprecated')
return parser
def get_subcommand_parser(self, version):
@@ -153,7 +175,7 @@ class OpenStackIdentityShell(object):
(options, args) = parser.parse_known_args(argv)
# build available subcommands based on version
api_version = options.identity_api_version
api_version = options.os_identity_api_version
subcommand_parser = self.get_subcommand_parser(api_version)
self.parser = subcommand_parser
@@ -180,36 +202,57 @@ class OpenStackIdentityShell(object):
if not utils.isunauthenticated(args.func):
if not (args.token and args.endpoint):
if not args.os_username:
if not args.username:
raise exc.CommandError("You must provide a username "
"via either --username or env[OS_USERNAME]")
"via either --os_username or env[OS_USERNAME]")
else:
args.os_username = args.username
if not args.os_password:
if not args.password:
raise exc.CommandError("You must provide a password "
"via either --password or env[OS_PASSWORD]")
"via either --os_password or env[OS_PASSWORD]")
else:
args.os_password = args.password
if not args.os_auth_url:
if not args.auth_url:
raise exc.CommandError("You must provide an auth url "
"via either --auth_url or via env[OS_AUTH_URL]")
"via either --os_auth_url or via "
"env[OS_AUTH_URL]")
else:
args.os_auth_url = args.auth_url
if not args.os_tenant_name and args.tenant_name:
args.os_tenant_name = args.tenant_name
if not args.os_tenant_id and args.tenant_id:
args.os_tenant_id = args.tenant_id
if not args.os_region_name and args.region_name:
args.os_region_name = args.region_name
if utils.isunauthenticated(args.func):
self.cs = shell_generic.CLIENT_CLASS(endpoint=args.auth_url)
if not args.os_auth_url and args.auth_url:
args.os_auth_url = args.auth_url
self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url)
else:
token = None
endpoint = None
if args.token and args.endpoint:
token = args.token
endpoint = args.endpoint
api_version = options.identity_api_version
api_version = options.os_identity_api_version
self.cs = self.get_api_class(api_version)(
username=args.username,
tenant_name=args.tenant_name,
username=args.os_username,
tenant_name=args.os_tenant_name,
tenant_id=args.os_tenant_id,
token=token,
endpoint=endpoint,
password=args.password,
auth_url=args.auth_url,
region_name=args.region_name)
password=args.os_password,
auth_url=args.os_auth_url,
region_name=args.os_region_name)
try:
args.func(self.cs, args)

54
tests/test_shell.py
View File

@@ -54,17 +54,20 @@ class ShellTest(utils.TestCase):
shell('user-list')
assert do_tenant_mock.called
((a, b), c) = do_tenant_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
shell('--auth_url http://0.0.0.0:5000/ --password xyzpdq '
'--tenant_id 1234 --tenant_name fred --username barney '
'--identity_api_version 2.0 user-list')
shell('--os_auth_url http://0.0.0.0:5000/ --os_password xyzpdq '
'--os_tenant_id 1234 --os_tenant_name fred '
'--os_username barney '
'--os_identity_api_version 2.0 user-list')
assert do_tenant_mock.called
((a, b), c) = do_tenant_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
('http://0.0.0.0:5000/', 'xyzpdq', '1234',
'fred', 'barney', '2.0')
@@ -82,23 +85,23 @@ class ShellTest(utils.TestCase):
'--pass=secrete --tenant_id=barrr --enabled=true')
assert do_uc_mock.called
((a, b), c) = do_uc_mock.call_args
# restore os_tenant_id when review 4295 is merged
assert (b.auth_url, b.password, # b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, # DEFAULT_TENANT_ID,
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.name, b.passwd, b.enabled) == \
('barrr', 'FOO', 'secrete', 'true')
# Test case with two --tenant_id args present
shell('--tenant_id=os-tenant user-create --name=FOO '
# Test case with --os_tenant_id and --tenant_id args present
shell('--os_tenant_id=os-tenant user-create --name=FOO '
'--pass=secrete --tenant_id=barrr --enabled=true')
assert do_uc_mock.called
((a, b), c) = do_uc_mock.call_args
# restore os_tenant_id when review 4295 is merged
assert (b.auth_url, b.password, # b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, # 'os-tenant',
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, 'os-tenant',
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.name, b.passwd, b.enabled) == \
('barrr', 'FOO', 'secrete', 'true')
@@ -136,19 +139,21 @@ class ShellTest(utils.TestCase):
'--tenant_id=ec2-tenant --user=ec2-user')
assert do_ec2_mock.called
((a, b), c) = do_ec2_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.user) == ('ec2-tenant', 'ec2-user')
# Test case with two --tenant_id args present
shell('--tenant_id=os-tenant ec2-credentials-create '
shell('--os_tenant_id=os-tenant ec2-credentials-create '
'--tenant_id=ec2-tenant --user=ec2-user')
assert do_ec2_mock.called
((a, b), c) = do_ec2_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, 'os-tenant',
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.tenant_id, b.user) == ('ec2-tenant', 'ec2-user')
@@ -190,8 +195,9 @@ class ShellTest(utils.TestCase):
'--adminurl=http://example.com:9876/adm')
assert do_shell_mock.called
((a, b), c) = do_shell_mock.call_args
assert (b.auth_url, b.password, b.os_tenant_id,
b.tenant_name, b.username, b.identity_api_version) == \
assert (b.os_auth_url, b.os_password, b.os_tenant_id,
b.os_tenant_name, b.os_username,
b.os_identity_api_version) == \
(DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
assert (b.service_id, b.publicurl, b.adminurl) == ('2',