Adds --os-auth-token (matching Glance client at least) to accept a
pre-obtained authentication token.
CS will be called iff:
One or both of token and URL are not provided;
AND the cache is empty/disabled or we don't have a tenant-id.
Removed some code altering the auth request to a GET if a token is
supplied - did not work for me and I think the path was dead previously.
Fixed test to account for this change.
Completes blueprint token-endpoint-instantiation
Change-Id: I67410b80e506bb80c152223cd113b7139a62a536
Instead of using novaclient.utils' bool_from_str, use bool_from_string
from the oslo incubating strutils
Notes:
0. utils.bool_from_str was strict, only accepted a small set of
values, while strutils.bool_from_string is not strict by default,
anything not true is false
1. bool_from_string accepts on/off, which bool_from_str did not
Change-Id: I04744844b55697819289def081d3c9117ed0713f
keyring.backend.* was deprecated in python-keyring 1.1 and we already
require keyring 1.6.1. This also makes novaclient compatible with python-keyring 3.0
which removes the deprecated paths.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728470#10.
Change-Id: I4919ac515e589fddc6044c0cd2f4cbc06c2ec91f
Co-Authored-By: Sebastian Ramacher <sramacher@debian.org>
Currently it prints a stacktrace and exits. This patch makes it print
a message and exit gracefully.
Closes-Bug: #1256732
Change-Id: I59ae8d09be43cd3e56dbe9bed4f6f328377dcc13
Set the default service type when talking to the Nova V3 API to
computev3 rather than compute. Although it is rather ugly to have
a different service type for a different version of a service,
this is necessary for the medium term because traditionally the
compute service endpoint has pointed to the V2 API rather than
the root and then version discovery done.
This change allows progression of the V3 API support in
novaclient and although devstack too currently points computev3
directly to the V3 API, the intent is to change this to point to
the root and implement version discovery during the Icehouse
development cycle.
Longer term when the V2 API support is eventually removed we can
reclaim the 'compute' service type and point it to the root.
Partially implements blueprint v3-api
Change-Id: If5d6a0d8af037cde7bf253d71aac2823b89f8066
client.authenticate doesn't actually do any rest calls if a token is present,
it just assumes the token is valid. Instead re-authentication is done if the
request raises an Unauthorized exception, at which point we want to
unauthenticate (delete the token from in-memory) and overwrite the old token
in the keyring. Also if a password is present allways pass it into the client
so re-authentication is possible during _cs_request.
Change-Id: I86d0356d5685ffa802f1bdc97e33727ff2dd075e
Before the --os-no-cache option logic would overwrite any value set in env['OS_CACHE'].
Since os-no-cache is deprecated, and also the default value, just remove it.
Also update the help message for --os-cache to mention the environment variable.
Change-Id: Ie2569d5cdf0f12f3a29e9a6f20faef75956d2209
The wrong help text of bash-completion is generated by the process of
choosing first line from the source code comment. We should get the all
help text from the source code comment, and use it.
So this commit removes this unnecessary process, and also fix the
README.rst for proper help text.
Fixes bug 1206005
Change-Id: Id4f5b6a7722197f09eb366ba8f3e643e1af91805
Tenant names are not necessarily unique for a User, so the client
should also allow authentication by tenant_id
If both ID and Name are specificed then use the ID
Fixes bug 1195454
Change-Id: Ib62aabc3702db88f02259cd721f9efb31404bcb7
Python3 enforces the distinction between byte strings and text strings
more rigorously than python2. So use six.text_type/six.u()
where appropriate
Change-Id: I890e19cb857e10f0292aabdaebaa8e7a7bd8db23
Signed-off-by: Chuck Short <chuck.short@canonical.com>
The current auth plugin system lacks some functionality to be used with
other methods that might require additional configuration options or
that do not require a user to pass some options that are now compulsory
(for example, X.509 authentication needs to get a certificate file, and
does not need either a username or a password). This commit extends
the current system to handle these extra features, while remaining
compatible with older plugins.
DocImpact: We should documment how to implement additional
authentication plugins, such as BasicAuth, X509, etc.
Implements: blueprint authentication-plugins
Change-Id: I7b0ef4981efba8160dea94bf852dba7e2e4068f5
If we set up the debug level on the root logger, this can be used by the
submodules that might need to print some debug output.
Change-Id: I2a00b40d4748cc62e6081df7d6a44622f5ad4467
Currently novaclient doesn't handle properly incoming and outgoing
encode / decode process. As a solution for this, this patch implements a
decoding process for all data incoming from the user side and decodes
everything going out of the client, i.e: http requests, prints, etc.
This patch introduces a new module (strutils.py) taken from
oslo-incubator in order to use 2 of the functions present in it:
About safe_(decode|encode):
Both functions try to encode / decode the incoming text using the
stdin encoding, fallback to python's default encoding if that
returns None or to UTF-8 as the last option.
In both functions only basestring objects are accepted and they both
raise TypeError if an object of another type is passed.
About the general novaclient changes:
In order to better support non-ASCII characters, it is a good
practice to use unicode interanlly and encode everything that has to
go out. This patch aims to do that and introduces this behaviour in
the client.
Testing:
A good test (besides using tox) is to use nova client with and
without setting any locale (export LANG=).
Fixes bug: 1061156
Change-Id: I20b75e42b0c3dac89f1048faa1127253a64f86c7
follow on to previous attempt to fix to bug 1116302,
looks like we missed an import
Fixes LP#1116302
Change-Id: If56e3cedaa63a594907bb851a2701bd64806ed85
Issue was identified in the review for the previous
patch for bug 1116302. Took this chance to rename _IOError
to a better name (KeyringIOError)
Change-Id: I321353d519eaebea27617702f92ecafe2052eb8e
Using novaclient with some extensions via python code, you might have an
invocation like this:
extensions = shell.OpenStackComputeShell()._discover_extensions("1.1")
novaclient = Client("1.1", user, apikey, project, authurl, extensions=extensions,
endpoint_type=shell.DEFAULT_NOVA_ENDPOINT_TYPE,
service_type=shell.DEFAULT_NOVA_SERVICE_TYPE)
If you have an extension like 'myextension.py' in the v1_1/contrib directory, you'll
end up with a very sensible attribute on the resulting novaclient object, i.e.
novaclient.myextension
If you have a package distributed in the package myextension_python_novaclient_ext,
then it'll automatically be picked up as an extension (awesome!) but the name is not
as intuitive.
novaclient.myextension_python_novaclient_ext
This patch simply changes this to allow the Extension to provide a name for itself.
The possibility of collisions exists, but is not really any more significant than
before (where you might have different versions of the same package installed in the
system or heck, even a bizarrely named 'myextension_python_novaclient_ext.py' in the
contrib/ directory).
Fixes bug 1058366
Change-Id: Ie68463ffd7a939744e035b20fd50a7dc8da605de
find_network_password_sync throws a gnomekeyring.IOError
when a non-root user tries to run nova client
from a ssh console. If we don't catch this exception nova client
throws the traceback (shown in the bug report) and stops.
If we catch this exception (just like we catch ValueError),
and return None, Nova client executes just fine.
Fixes LP# 1116302
Change-Id: If6937b3f8eafb1dc55224b2ca2bd0f93ae07f8c6
Some calls in nova require a tenant_id when it could be interpreted
from the current authentication data, so save the tenant id and
use it in the quotas command if tenant_id is not specified.
Change-Id: I89647cfe9da73bc474ef80a61a5678db42a5571c
Fix how you keep on getting prompted for the password
all over the place and at the wrong time (the keyring code
should be used before a auth request, and not during).
Fix this by trying to use the token first (which comes from
the keyring module), then falling back to using the password
(which will get a token, and then store said token so that it
isn't fetched again).
Change-Id: I58e69f3b3fbcc7a467797f25695b7ca59178a1d7
Add a new cli argument (--timeout) which
is by default 600 seconds which will be
set in the requests library so that timeouts
can occur correctly.
Change-Id: I716ac15fe08f42c9464ee43010bc8fd2667bcbde
* Implement correct certificate verification
* Add --os-cacert
* Rework tests for requests
Pinned requests module to < 1.0 as 1.0.2 is now current in pipi
as of 17Dec2012.
Blueprint: tls-verify
Change-Id: I9a25a94c8dfcaf483c4c8328439809d65cf10b38
The commit to replace --os-no-cache with --os-no-cache works fine
with the cli options, but the env variable is stored in os_cache
which has the opposite of the intended effect. This patch converts
the variable to a bool and then inverts it before it stores it
in os_cache. This makes it work properly again.
Fixes bug 1089696
Change-Id: Iea12806603ecdc39c6475ad4d6f867ebb1e01633
Deprecates the old --no-cache option in favor of --os-cache.
The old CLI args (--no_cache and --no-cache) and ENV option
(OS_NO_CACHE) are still supported but no longer show up
in help.
The new option for --os-cache can also be set via the OS_CACHE ENV
variable... which now defaults to False. This should be much more user friendly.
Fixes LP Bug #1087776.
Change-Id: I3cea089c7e11ce75f22c2d7f3242b02b80441323
Currently, nova client can only discover extensions in two ways:
1. Installing the extension in the novaclient/v1_1/contrib/ directory.
2. Installing the extension in the top-level python path or modifying
the path to be picked up by pkgutils.iter_modules()
This patch allows a third, more flexible option of discovering
extensions via entry points. This means the extension can be
installed anywhere and entry points can be registered with python
to be picked up by pkg_resources.iter_entry_points().
To register an entry point, simply add the extension module to
the setup() call in setup.py like this:
setuptools.setup(
name='mydistribution',
packages=setuptools.find_packages(),
entry_points={
'novaclient.extension' : [
'foo = mydistribution.mynovaclientexts.foo'
]
},
)
Change-Id: Ic1e223a9173546131e742506897f585f4ac65767
When calling nova without arguments you'll receive the following
output:
error: too few arguments
Try 'nova help ' for more information.
Changing 'and' to 'or' the help is also shown when calling nova
without arguments. I think that's the expected behavior.
Change-Id: Id14f0292ad00e6e45ad66dd010f449c3abbf3871
Fixes bug 934081.
Previously, manipulating secgroups with Unicode names would fail
in _get_secgroup, due to the command-line argument being a raw
byte string, and the secgroup name from cs.security_groups.list()
being a Unicode string. This causes a UnicodeWarning and the
"if secgroup == s.name" test to fail for the desired secgroup, so
secgroup-add-rule and secgroup-delete would fail.
This change converts them to byte strings for comparison, fixing
these commands.
Likewise, error messages containing Unicode secgroup names would
fail to print. (i.e. "Security group <x> already exists")
Change-Id: Ie90cb49b8f11e3283fe509e95a8e9fd468cc9892
This changes every command-line option with a '_' in its name
and changes them to '-'. The old option names are maintained
for backward compatibility but are no longer in the help text.
BP command-options
Note: there is a dodgy hack in novaclient/shell.py to handle
usage-list's --end option that conflicts with --endpoint-type
if --endpoint_type is also present for backward compatibility.
If --endpoint_type is not added to the parser it works. Go figure.
Better solutions that do not break backward compatibility are welcome.
Rebased due to https://review.openstack.org/11072 merging.
Note: --availability_zone changed to --availability-zone with no
backward compatability since this s a new option.
Change-Id: I09ab546659be0a0d3f0eadb22ab5e13fac2f059d
- Remove the NOVA_RAX_AUTH hack and provide (temporary) compatibility
with the new system.
- Example plugin for RAX and HP provided here :
RAX - https://github.com/emonty/rackspace-auth-openstack
HP - https://github.com/emonty/hpcloud-auth-openstack
- Plugin are allowed to specify their own auth_url directly.
- Thanks to mtaylor for helping on this.
Change-Id: Ie96835be617c6a20d9c3fc3bd1536083aecfdc0b
