The current auth plugin system lacks some functionality to be used with
other methods that might require additional configuration options or
that do not require a user to pass some options that are now compulsory
(for example, X.509 authentication needs to get a certificate file, and
does not need either a username or a password). This commit extends
the current system to handle these extra features, while remaining
compatible with older plugins.
DocImpact: We should documment how to implement additional
authentication plugins, such as BasicAuth, X509, etc.
Implements: blueprint authentication-plugins
Change-Id: I7b0ef4981efba8160dea94bf852dba7e2e4068f5
If we set up the debug level on the root logger, this can be used by the
submodules that might need to print some debug output.
Change-Id: I2a00b40d4748cc62e6081df7d6a44622f5ad4467
Currently novaclient doesn't handle properly incoming and outgoing
encode / decode process. As a solution for this, this patch implements a
decoding process for all data incoming from the user side and decodes
everything going out of the client, i.e: http requests, prints, etc.
This patch introduces a new module (strutils.py) taken from
oslo-incubator in order to use 2 of the functions present in it:
About safe_(decode|encode):
Both functions try to encode / decode the incoming text using the
stdin encoding, fallback to python's default encoding if that
returns None or to UTF-8 as the last option.
In both functions only basestring objects are accepted and they both
raise TypeError if an object of another type is passed.
About the general novaclient changes:
In order to better support non-ASCII characters, it is a good
practice to use unicode interanlly and encode everything that has to
go out. This patch aims to do that and introduces this behaviour in
the client.
Testing:
A good test (besides using tox) is to use nova client with and
without setting any locale (export LANG=).
Fixes bug: 1061156
Change-Id: I20b75e42b0c3dac89f1048faa1127253a64f86c7
follow on to previous attempt to fix to bug 1116302,
looks like we missed an import
Fixes LP#1116302
Change-Id: If56e3cedaa63a594907bb851a2701bd64806ed85
Issue was identified in the review for the previous
patch for bug 1116302. Took this chance to rename _IOError
to a better name (KeyringIOError)
Change-Id: I321353d519eaebea27617702f92ecafe2052eb8e
Using novaclient with some extensions via python code, you might have an
invocation like this:
extensions = shell.OpenStackComputeShell()._discover_extensions("1.1")
novaclient = Client("1.1", user, apikey, project, authurl, extensions=extensions,
endpoint_type=shell.DEFAULT_NOVA_ENDPOINT_TYPE,
service_type=shell.DEFAULT_NOVA_SERVICE_TYPE)
If you have an extension like 'myextension.py' in the v1_1/contrib directory, you'll
end up with a very sensible attribute on the resulting novaclient object, i.e.
novaclient.myextension
If you have a package distributed in the package myextension_python_novaclient_ext,
then it'll automatically be picked up as an extension (awesome!) but the name is not
as intuitive.
novaclient.myextension_python_novaclient_ext
This patch simply changes this to allow the Extension to provide a name for itself.
The possibility of collisions exists, but is not really any more significant than
before (where you might have different versions of the same package installed in the
system or heck, even a bizarrely named 'myextension_python_novaclient_ext.py' in the
contrib/ directory).
Fixes bug 1058366
Change-Id: Ie68463ffd7a939744e035b20fd50a7dc8da605de
find_network_password_sync throws a gnomekeyring.IOError
when a non-root user tries to run nova client
from a ssh console. If we don't catch this exception nova client
throws the traceback (shown in the bug report) and stops.
If we catch this exception (just like we catch ValueError),
and return None, Nova client executes just fine.
Fixes LP# 1116302
Change-Id: If6937b3f8eafb1dc55224b2ca2bd0f93ae07f8c6
Some calls in nova require a tenant_id when it could be interpreted
from the current authentication data, so save the tenant id and
use it in the quotas command if tenant_id is not specified.
Change-Id: I89647cfe9da73bc474ef80a61a5678db42a5571c
Fix how you keep on getting prompted for the password
all over the place and at the wrong time (the keyring code
should be used before a auth request, and not during).
Fix this by trying to use the token first (which comes from
the keyring module), then falling back to using the password
(which will get a token, and then store said token so that it
isn't fetched again).
Change-Id: I58e69f3b3fbcc7a467797f25695b7ca59178a1d7
Add a new cli argument (--timeout) which
is by default 600 seconds which will be
set in the requests library so that timeouts
can occur correctly.
Change-Id: I716ac15fe08f42c9464ee43010bc8fd2667bcbde
* Implement correct certificate verification
* Add --os-cacert
* Rework tests for requests
Pinned requests module to < 1.0 as 1.0.2 is now current in pipi
as of 17Dec2012.
Blueprint: tls-verify
Change-Id: I9a25a94c8dfcaf483c4c8328439809d65cf10b38
The commit to replace --os-no-cache with --os-no-cache works fine
with the cli options, but the env variable is stored in os_cache
which has the opposite of the intended effect. This patch converts
the variable to a bool and then inverts it before it stores it
in os_cache. This makes it work properly again.
Fixes bug 1089696
Change-Id: Iea12806603ecdc39c6475ad4d6f867ebb1e01633
Deprecates the old --no-cache option in favor of --os-cache.
The old CLI args (--no_cache and --no-cache) and ENV option
(OS_NO_CACHE) are still supported but no longer show up
in help.
The new option for --os-cache can also be set via the OS_CACHE ENV
variable... which now defaults to False. This should be much more user friendly.
Fixes LP Bug #1087776.
Change-Id: I3cea089c7e11ce75f22c2d7f3242b02b80441323
Currently, nova client can only discover extensions in two ways:
1. Installing the extension in the novaclient/v1_1/contrib/ directory.
2. Installing the extension in the top-level python path or modifying
the path to be picked up by pkgutils.iter_modules()
This patch allows a third, more flexible option of discovering
extensions via entry points. This means the extension can be
installed anywhere and entry points can be registered with python
to be picked up by pkg_resources.iter_entry_points().
To register an entry point, simply add the extension module to
the setup() call in setup.py like this:
setuptools.setup(
name='mydistribution',
packages=setuptools.find_packages(),
entry_points={
'novaclient.extension' : [
'foo = mydistribution.mynovaclientexts.foo'
]
},
)
Change-Id: Ic1e223a9173546131e742506897f585f4ac65767
When calling nova without arguments you'll receive the following
output:
error: too few arguments
Try 'nova help ' for more information.
Changing 'and' to 'or' the help is also shown when calling nova
without arguments. I think that's the expected behavior.
Change-Id: Id14f0292ad00e6e45ad66dd010f449c3abbf3871
Fixes bug 934081.
Previously, manipulating secgroups with Unicode names would fail
in _get_secgroup, due to the command-line argument being a raw
byte string, and the secgroup name from cs.security_groups.list()
being a Unicode string. This causes a UnicodeWarning and the
"if secgroup == s.name" test to fail for the desired secgroup, so
secgroup-add-rule and secgroup-delete would fail.
This change converts them to byte strings for comparison, fixing
these commands.
Likewise, error messages containing Unicode secgroup names would
fail to print. (i.e. "Security group <x> already exists")
Change-Id: Ie90cb49b8f11e3283fe509e95a8e9fd468cc9892
This changes every command-line option with a '_' in its name
and changes them to '-'. The old option names are maintained
for backward compatibility but are no longer in the help text.
BP command-options
Note: there is a dodgy hack in novaclient/shell.py to handle
usage-list's --end option that conflicts with --endpoint-type
if --endpoint_type is also present for backward compatibility.
If --endpoint_type is not added to the parser it works. Go figure.
Better solutions that do not break backward compatibility are welcome.
Rebased due to https://review.openstack.org/11072 merging.
Note: --availability_zone changed to --availability-zone with no
backward compatability since this s a new option.
Change-Id: I09ab546659be0a0d3f0eadb22ab5e13fac2f059d
- Remove the NOVA_RAX_AUTH hack and provide (temporary) compatibility
with the new system.
- Example plugin for RAX and HP provided here :
RAX - https://github.com/emonty/rackspace-auth-openstack
HP - https://github.com/emonty/hpcloud-auth-openstack
- Plugin are allowed to specify their own auth_url directly.
- Thanks to mtaylor for helping on this.
Change-Id: Ie96835be617c6a20d9c3fc3bd1536083aecfdc0b
Will use and/or store your Openstack Auth token in the operating
system's keyring if available. Cuts about a 1/2 second off operations.
Change-Id: Ibe2dc0c49baefd23afe3844a78c1df884a4fb7c7
--timings = show timings for each call made to nova (including auth)
--bypass_url = api node endpoint to use instead of one from service catalog
For example:
nova --timings --bypass_url=http://10.24.31.37:8774/v1.1/nova-staging boot --image f304d266-0a49-4877-b34c-63aea8360297 --flavor 3 delete_me_2
Change-Id: Ib2a258b7e969ad56ce4ee2bd64c61310278cb856
example without patch:
nova [...] flavor-delete 123
ERROR:
example with this patch:
nova [...] flavor-delete 123
ERROR: Flavor 123 could not be found. (HTTP 404)
fixes bug 981286
Change-Id: I9c5cead521e48b4970850262fb9af279ec5a7753
With no other arguments, '--help' now outputs the same as 'help', so
that the list of subcommands are no longer omitted. Additionally,
'$subcommand --help' now yields the same output as 'help $subcommand'.
Change-Id: Iabd926574e296ad14b622862b9fba038fdede66e
Previously we were giving advice like this:
"Try 'nova volume-show help' for more information."
Bad advice -- that doesn't work. Now when there's a subcommand
specified we make a proper suggestion:
"Try 'nova help volume-show' for more information."
Change-Id: I6ef49f9e4e1b67074f51ab442abd4a196d437b00
Output 'nova help' on error rather than `nova'
Change-Id: I71c3fb6786472c42b0bfd93a085168ba75d37590
Old-Change-Id: I67360589a4af5697d3f90afa74b8504eefaf4976
Change the argument names used for common Keystone authentication per the
updated http://wiki.openstack.org/CLIAuth:
--auth_url -> --os_auth_url
--password -> --os_password
--username -> --os_username
--tenant_name -> os_tenant_name
--region_name -> os_region_name
All old args are depricated but available for backward compatibility.
Fixes bug 954531
Change-Id: Ic67c447e4e4b8d793f587c789cecd149446194f3
* Depends on https://review.openstack.org/#change,4479
* Adds support to change service type including tests
* Adds decorator for methods that need to use another service type
* Changes volume and snapshots to use the volume endpoint
* These extensions will move into the volume client once it exists
* Fixes bug 940017
Change-Id: I683e4ca6c67e278d8aa8a9acec3dc0f1872f43f2
This is declared as NOVACLIENT_UUID_CACHE_DIR.
Resolves bug 932468 , defaulting to previous behaviour.
Added myself to AUTHORS
Change-Id: I154500517d7c882a4a090588a95f4b3bfee70595
Particularly to pythons logging infrastructure, and to always print
a backtrace if the CLI throws an exception. Show --debug in the
help output since end users may certainly have legitimate reasons for
wanting debug output.
Change-Id: Icfdaaf5511db8eecbf650e7ef4437b342b560141