Currently SessionClient raises an exception when status code >= 400
unlike HTTPClient. neutronclient.v2_0.client expects HTTPClient
behavior.
This change disables exception raise when status code >= 400 in
SessionClient (more precisely in keystoneclient.session).
Change-Id: Ic96cb9326842f0b6a180fd8f94293da9fa0f6b2f
Closes-Bug: #1376171
Currently SessionClient.request never specifies Content-Type/Accept
headers in requests where HTTPClient.request always specifies json
Content-Type/Accept even with "--request-format xml" option ... requests
succeed because neutron deduces Content-Type/Accept from url suffix when
defined.
This change ensures HTTPClient/SessionClient define Content-Type/Accept
headers when needed and align them with --request-format option.
Closes-Bug: #1368335
Change-Id: I909e055e5e59fa5870a28ebb0f171812acca0745
Function get_status_code is used to get HTTP status code from
either requests.Response (status_code) or Webob.Response
(status_int). The latter was removed in 2012 and not needed
anymore.
Change-Id: Iacd6bbb83ce0d8ec5b8ec73273bc7bf39c9ccc8d
This change enables the neutron client to use the keystone v3 API (in
addition to v2). This allows user domains and tenant/project domains to
be specified. This is necessary because keystone v2 API is deprecated
as of Icehouse.
The keystone session object (and auth plugin) can now be specified
and are required to use the keystone v3 API. The existing HTTPClient
is retained for backward compatibility. See changes in shell.py for
an example of how to construct the session and auth plugin.
Implements: blueprint keystone-api-v3-support
Change-Id: I9d0395d405b9fbe4db08ad3727f9413be7b82811
Pass the timeout paramter set from the httpclient
init method to the request library so it has an effect.
Closes-Bug: #1338910
Change-Id: Icc818bffe5ca4fb141c976dcea6b44d947b69784
In Keystone V3 user names are no longer necessarily unique
across domains.
A user can still authenticate a user in the non default
domain via the V2 API providng they use IDs instead of names.
Tenant_ID is already supported, this change adds support
for user ID
Closes-Bug: #1299807
Change-Id: I22fdd9a6749f7dfbdd2dc8313fddc81e5ea0b753
This change introduces the use of requests in lieu of httplib2
to ensure proper handling of SSL termination.
Implements: blueprint tls-verify
Change-Id: If182f2addf26421873b8c3d2b60f8cba9b7a9450
The noauth strategy will not attempt to look for a token and will not use a
token if one is given. This strategy will also not attempt to find a catalog
and therefore the endpoint must be specified (either in the constructor or
using --os-url).
If the noauth strategy is specified and the endpoint is not it will fail with
a descriptive message.
A small amount of branching logic was added to do_request to only add the
X-Auth-Token when the auth strategy is keystone. There is a blueprint (see:
pluggable-neutronclient-auth) which should implement this logic in a more
elegant way.
A basic test was made to ensure that the auth strategy acted as designed.
Implements: blueprint support-neutronclient-noauth
Change-Id: Id875ce6a4dfd1f932aaab2c25d430ed60e4713bb
This can help unveil some useful information
to be used during a troubleshooting process.
Change-Id: I23657988fe31f5c552f17d6963de89c608273b44
Closes-bug: 1297309
- Map exceptions from neutron server into corresponding client
exceptions automatically (without exception mapping dict).
An exception from Neutron server 'SomeException' will be
mapped to an exception 'SomeExceptionClient' ('Client' suffix)
if it is defined.
- If no corresponding exception is defined in client side,
an exception per response code will be used. Previously
NeutronClientException was used for all cases and a user
of client library cannot know exception type without
checking exception.status_code. It allows client lib users
(such as Horizon) to handle exceptions more easily.
- All exceptions from client libarry inherit NeutronClientException
and all CLI related exceptions inherits NeutronCLIError now.
- Remove unused exceptions (including Quantum v1 related)
- MalformedRequestBody is renamed to MalformedResponseBody
because it is raised in deserializer and deserializer is
used to parse not request but response.
Closes-Bug: #1296148
Change-Id: I99b9560b3afaf5884fd00353323267da450338fa
Certain scenarios into the neutron client will not specify the
auth_url. This is typically when a token is specified. However, when
the token is expired the neutron client will attempt to refresh the
token. Users of this may not have passed in all of the required
information for this reauthentication to properly occur.
This code fixes an error that occurs in this flow where the auth_url
(which is None) is appended to another string. This results in a core
Python error.
The update will provide a more targetted error message specifying to
the user that the auth_url needs to be specified. An associated unit
test is also included to validate this behavior.
Change-Id: I577ce0c009a9a281acdc238d290a22c5e561ff82
Closes-Bug: #1241275
This commit also removes a blank line displayed
when error_dict['detail'] is empty.
When 403 is returned, Forbidden exception is raised from
HTTPClient (neutronclient/client.py). There is no reason
this exception is raised by it. By this commit v2_0.client
now handles 403 response to show human friendly message
by parsing Neutron 2.0 -specific error format.
Change-Id: Iefbd7db094267fe3799ebf4713e142e62c63174c
Closes-Bug: #1246271
Network service type is selected as 'network' statically.
This will select the service_type from environment variables or CLI options.
The option works like the service type option in the novaclient.
Implements blueprint specify-service-type
Change-Id: If21bd2b5cb35da5bcabca79aa0567870331a3a6f
It makes diagnostics in debuggers much harder - we can just use a
different variable name instead.
Change-Id: I69367336cbb0f9f302ef8d484a5d504d2b3869bb
httplib2 automatically retries a request on a timeout even if the request
is a POST. This can lead to orphaned objects being created that we
don't know about. This patch sets httplib2.RETRIES to 1 to avoid this.
Note: httplib2.RETRIES is only available in new versions of httplib2.
See: https://code.google.com/p/httplib2/issues/detail?id=124 for more
details.
Co-Authored-By: Ashwin Raveendran <ashw7n@gmail.com>
Co-Authored-By: Sudheendra Murthy <sudhi.vm@gmail.com
Change-Id: I5648b644bb9df1fd2ea219159794d9d122696af0
Closes-bug: #1267649
We don't need to have the vi modelines in each source file,
it can be set in a user's vimrc if required.
Change-Id: Ic30e91df1b0e25beda9b8d8c19be58573cdae4f6
Closes-Bug: #1229324
When a client is instantiated with pre-defined authorization token,
no authentication is done, so no auth_[tenant|user]_id keys are set
for HTTPClient. As a result, Client.get_auth_info() fails with KeyError.
Fixed the issue by setting those keys on HTTPClient initialization.
Change-Id: Ifc9d6b128286b635346a7bc026fcc55dbd002050
Closes-Bug: 1277120
The urlparse module is imported in neutronclient/client.py but not used, so we
can safely remove it.
Change-Id: Ia9e950e754d00ee4f28172f3e685b892748991e2
Using tools/check_i18n.py to scan source directory, and fix most of
the errors.
- Message internationalization
- First letter must be capital
- Using comma instead of percent in LOG.xxx
Partial-Bug: #1217100
Change-Id: I312f999f97e33d84c3f06fa1caacf32affc26a78
Neutron client is ending up with bad socket descriptors
which causes the behavior including trying to read from
the socket that amqp currently holds etc. A temporary
solution is to clear the connection pool so we get a
fresh socket built for every request.
Closes-Bug: 1229475
Change-Id: I43b1fe535bc5bd1fc726c97a293bf7912cd7ef1e
When nova uses neutron-client and the client needs to authenticate with
keystone it will additionally retrieve the service-catalog. The client will
then ignore the provided endpoint_url parameter given to it during
instantiation because the service-catalog retrieval process overrides that
parameter.
Using the endpoint declared in the service-catalog even though the endpoint is
given is unexpected given the precedent set by glance-client to respect that
parameter. Ensuring the parameter is used will allow users to override the
identity's catalog. This is useful if identity is in error, or if the user is
using a special development configuration.
Unit tests are included to test that said functionality occurs.
Fixes: bug #1212812
Change-Id: Iad2eaf4096fd5278740c3664cc369853814ee2d5
Even in case of DEBUG level logging credentials (especially those that
give admin level access) should not be saved into log files.
This way of handling it has the side effect that if someone uses
password "password", it will be replaced in another place too... but
password "password" or some other keyword that can be found in the
request itself was a pretty bad idea to begin with.
Shell utilities are not affected and the verbose mode will still
display the passwords to make debugging easy.
Implements: blueprint limit-credentials-logging
Change-Id: I50d0ebbfbd44c7a5b162d9334b4fdbda67e5c28d
- add --os-cacert option which allows to set a file containing
certificates of root CAs (certificate authorities) that are
required for validation of HTTPS servers SSL certificates
- wrap httplib2 SSL certificates validation errors with a
custom quantumclient exception
Blueprint: quantum-client-ssl
Change-Id: I4e6a7d177ba14314ba9bed613ec2684bffc35222
Under the Keystone v3 API Tenant names are not necessarily uniques
across Domains for a User, so the client should also allow
authentication by tenant_id
Fixes bug 1196486
Change-Id: I3f385a19c1d3d66f5539f901796bbaa22d315762
Currently HTTPClient class sets the 'force_exception_to_status_code'
instance variable to True. This actually leads to the next problem:
there is no way to distinguish between errors which have the same
status code. E. g. both SSL handshake error and a general Bad Request
error have status code 400, and the only way to distinguish between them
is to analyze the error message content, that is both error-prone and ugly.
The proposed solution:
- leaves the 'force_exception_to_status_code' set to False
- adds a try/except wrapper for the request() call to handle
httplib2 exceptions (e. g. host not found, socket timeout, etc)
Blueprint: quantum-client-ssl
Change-Id: Ib168fadc67568d5d6247f7addbe731e8832a39de
