All occurrences of tenant replaced with project (where applicable).
Partially Implements blueprint: keystone-v3
Change-Id: I4919745aa59863f99c7740e730d8cbfd91c2f646
keystoneauth1 is the new auth-only library for getting keystone
Sessions, which is lighter-weight and does not require the entire
keystoneclient library. It also handles all of the keystone
version discover and plugin selection so that code doesn't have to
live in neutronclient.
Additionally, use os-client-config to process options and get the
Session from keystoneauth1. This adds support for reading clouds.yaml
files and supporting the OS_CLOUD env var for selecting named clouds
from a list of them.
This is a step towards bug#1503428 but is not the whole picture.
Remove the auth tests - since they are covered inside of ksa.
Closes-Bug: #1507384
Change-Id: Ic4f9fd8f231c33513fd74da58ab1b4a3fb00d9f4
This change enables the neutron client to use the keystone v3 API (in
addition to v2). This allows user domains and tenant/project domains to
be specified. This is necessary because keystone v2 API is deprecated
as of Icehouse.
The keystone session object (and auth plugin) can now be specified
and are required to use the keystone v3 API. The existing HTTPClient
is retained for backward compatibility. See changes in shell.py for
an example of how to construct the session and auth plugin.
Implements: blueprint keystone-api-v3-support
Change-Id: I9d0395d405b9fbe4db08ad3727f9413be7b82811
This patch adds a new option (-r | --retries) to specify how many times the
client should attempt to connect to the Neutron server when using idempotent
methods (GET, PUT and DELETE). The patch also provides more user-friendly
message when it's impossible to connect to Neutron server from CLI and
ensures that connection-related exceptions are raised to the caller by
default when neutronclient is used as a library.
DocImpact
Closes-Bug: #1312225
Change-Id: Id74d7cf9a0e8c5d2cd3ee4851c883d5286bea19d
Adds a new --timeout option and check to the env
var OS_NETWORK_TIMEOUT to set the HTTP timeout used
for the request to the Neutron backend.
DocImpact
Closes-Bug: #1338932
Change-Id: I0d9687e671f68c4845af2439abfe581c6dcf020c
In Keystone V3 user names are no longer necessarily unique
across domains.
A user can still authenticate a user in the non default
domain via the V2 API providng they use IDs instead of names.
Tenant_ID is already supported, this change adds support
for user ID
Closes-Bug: #1299807
Change-Id: I22fdd9a6749f7dfbdd2dc8313fddc81e5ea0b753
Network service type is selected as 'network' statically.
This will select the service_type from environment variables or CLI options.
The option works like the service type option in the novaclient.
Implements blueprint specify-service-type
Change-Id: If21bd2b5cb35da5bcabca79aa0567870331a3a6f
We don't need to have the vi modelines in each source file,
it can be set in a user's vimrc if required.
Change-Id: Ic30e91df1b0e25beda9b8d8c19be58573cdae4f6
Closes-Bug: #1229324
The quantum-debug commands would result in:
'ClientManager' object has no attribute 'quantum'
Fixes bug: #1234550
Change-Id: I7f5551c724cfe6d75855eee3433b66bb5ce9b1a4
Even in case of DEBUG level logging credentials (especially those that
give admin level access) should not be saved into log files.
This way of handling it has the side effect that if someone uses
password "password", it will be replaced in another place too... but
password "password" or some other keyword that can be found in the
request itself was a pretty bad idea to begin with.
Shell utilities are not affected and the verbose mode will still
display the passwords to make debugging easy.
Implements: blueprint limit-credentials-logging
Change-Id: I50d0ebbfbd44c7a5b162d9334b4fdbda67e5c28d
- add --os-cacert option which allows to set a file containing
certificates of root CAs (certificate authorities) that are
required for validation of HTTPS servers SSL certificates
- wrap httplib2 SSL certificates validation errors with a
custom quantumclient exception
Blueprint: quantum-client-ssl
Change-Id: I4e6a7d177ba14314ba9bed613ec2684bffc35222
Under the Keystone v3 API Tenant names are not necessarily uniques
across Domains for a User, so the client should also allow
authentication by tenant_id
Fixes bug 1196486
Change-Id: I3f385a19c1d3d66f5539f901796bbaa22d315762
