From e77234bd3e9f49de509bd1ff776966e58be79904 Mon Sep 17 00:00:00 2001 From: Ken Thomas Date: Mon, 25 Jun 2012 20:41:41 +0000 Subject: [PATCH] If no password in env or command line, try prompting Implements keystone portion of blueprint prompt-for-password For security reasons, having the password on the command line or in the environment is an issue for us. (See the blueprint for details.) This change will simply make one attempt to prompt for a password if (1) nothing was specified already and (2) there's a tty available for the user to respond on. If we don't get a password, then the existing error will be raised. Remoted getpass from pip-requires, it's in the std lib Tweaked a comment Tweaked error message Don't catch Ctl-C Fix import to match conventions Missed a tweak during the rebase. Added suggested password prompt Change-Id: I54bca2397da7bd366f7ac503e767b109efc093e7 --- keystoneclient/shell.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/keystoneclient/shell.py b/keystoneclient/shell.py index ef5c41883..ef789f0b5 100644 --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -19,6 +19,7 @@ Command-line interface to the OpenStack Identity API. """ import argparse +import getpass import httplib2 import os import sys @@ -283,9 +284,20 @@ class OpenStackIdentityShell(object): '--os-username or env[OS_USERNAME]') if not args.os_password: - raise exc.CommandError( - 'Expecting a password provided via either ' - '--os-password or env[OS_PASSWORD]') + # No password, If we've got a tty, try prompting for it + if hasattr(sys.stdin, 'isatty') and sys.stdin.isatty(): + # Check for Ctl-D + try: + args.os_password = getpass.getpass('OS Password: ') + except EOFError: + pass + # No password because we did't have a tty or the + # user Ctl-D when prompted? + if not args.os_password: + raise exc.CommandError( + 'Expecting a password provided via either ' + '--os-password, env[OS_PASSWORD], or ' + 'prompted response') if not args.os_auth_url: raise exc.CommandError(