2013-05-21 00:57:19 -05:00
|
|
|
# Copyright 2012-2013 OpenStack, LLC.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
# not use this file except in compliance with the License. You may obtain
|
|
|
|
|
# a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
|
# License for the specific language governing permissions and limitations
|
|
|
|
|
# under the License.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
"""Identity v3 OAuth action implementations"""
|
|
|
|
|
|
|
|
|
|
import logging
|
|
|
|
|
import sys
|
|
|
|
|
|
|
|
|
|
from cliff import command
|
|
|
|
|
from cliff import lister
|
|
|
|
|
from cliff import show
|
|
|
|
|
|
|
|
|
|
from openstackclient.common import utils
|
|
|
|
|
|
|
|
|
|
|
2013-07-03 15:26:33 -05:00
|
|
|
class AuthenticateAccessToken(show.ShowOne):
|
2013-07-16 13:52:59 -05:00
|
|
|
"""Authenticate access token to receive keystone token"""
|
2013-07-03 15:26:33 -05:00
|
|
|
|
|
|
|
|
api = 'identity'
|
|
|
|
|
log = logging.getLogger(__name__ + '.AuthenticateAccessToken')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(AuthenticateAccessToken, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--consumer-key',
|
|
|
|
|
metavar='<consumer-key>',
|
|
|
|
|
help='Consumer key',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--consumer-secret',
|
|
|
|
|
metavar='<consumer-secret>',
|
|
|
|
|
help='Consumer secret',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--access-key',
|
|
|
|
|
metavar='<access-key>',
|
|
|
|
|
help='Access token key',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--access-secret',
|
|
|
|
|
metavar='<access-secret>',
|
|
|
|
|
help='Access token secret',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
oauth_client = self.app.client_manager.identity.oauth
|
|
|
|
|
keystone_token = oauth_client.authenticate(
|
|
|
|
|
parsed_args.consumer_key, parsed_args.consumer_secret,
|
|
|
|
|
parsed_args.access_key, parsed_args.access_secret)
|
|
|
|
|
return zip(*sorted(keystone_token.iteritems()))
|
|
|
|
|
|
|
|
|
|
|
2013-05-21 00:57:19 -05:00
|
|
|
class AuthorizeRequestToken(show.ShowOne):
|
|
|
|
|
"""Authorize request token command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.AuthorizeRequestToken')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(AuthorizeRequestToken, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--request-key',
|
|
|
|
|
metavar='<request-key>',
|
|
|
|
|
help='Consumer key',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--roles',
|
|
|
|
|
metavar='<roles>',
|
|
|
|
|
help='Role to authorize',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
2013-07-03 15:26:33 -05:00
|
|
|
oauth_client = self.app.client_manager.identity.oauth
|
2013-05-21 00:57:19 -05:00
|
|
|
|
|
|
|
|
verifier_pin = oauth_client.authorize_request_token(
|
2013-07-03 15:26:33 -05:00
|
|
|
parsed_args.request_key, parsed_args.roles)
|
2013-05-21 00:57:19 -05:00
|
|
|
info = {}
|
|
|
|
|
info.update(verifier_pin._info)
|
|
|
|
|
return zip(*sorted(info.iteritems()))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class CreateAccessToken(show.ShowOne):
|
|
|
|
|
"""Create access token command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.CreateAccessToken')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(CreateAccessToken, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--consumer-key',
|
|
|
|
|
metavar='<consumer-key>',
|
|
|
|
|
help='Consumer key',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
2013-07-03 15:26:33 -05:00
|
|
|
parser.add_argument(
|
|
|
|
|
'--consumer-secret',
|
|
|
|
|
metavar='<consumer-secret>',
|
|
|
|
|
help='Consumer secret',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
2013-05-21 00:57:19 -05:00
|
|
|
parser.add_argument(
|
|
|
|
|
'--request-key',
|
|
|
|
|
metavar='<request-key>',
|
2013-07-03 15:26:33 -05:00
|
|
|
help='Request token key',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--request-secret',
|
|
|
|
|
metavar='<request-secret>',
|
|
|
|
|
help='Request token secret',
|
2013-05-21 00:57:19 -05:00
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--verifier',
|
|
|
|
|
metavar='<verifier>',
|
|
|
|
|
help='Verifier Pin',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
2013-07-03 15:26:33 -05:00
|
|
|
oauth_client = self.app.client_manager.identity.oauth
|
2013-05-21 00:57:19 -05:00
|
|
|
access_token = oauth_client.create_access_token(
|
2013-07-03 15:26:33 -05:00
|
|
|
parsed_args.consumer_key, parsed_args.consumer_secret,
|
|
|
|
|
parsed_args.request_key, parsed_args.request_secret,
|
2013-05-21 00:57:19 -05:00
|
|
|
parsed_args.verifier)
|
2013-07-03 15:26:33 -05:00
|
|
|
return zip(*sorted(access_token.iteritems()))
|
2013-05-21 00:57:19 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class CreateConsumer(show.ShowOne):
|
|
|
|
|
"""Create consumer command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.CreateConsumer')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(CreateConsumer, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'name',
|
|
|
|
|
metavar='<consumer-name>',
|
|
|
|
|
help='New consumer name',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
2013-07-03 15:26:33 -05:00
|
|
|
consumer = identity_client.oauth.create_consumer(
|
2013-05-21 00:57:19 -05:00
|
|
|
parsed_args.name
|
|
|
|
|
)
|
|
|
|
|
info = {}
|
|
|
|
|
info.update(consumer._info)
|
|
|
|
|
return zip(*sorted(info.iteritems()))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class CreateRequestToken(show.ShowOne):
|
|
|
|
|
"""Create request token command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.CreateRequestToken')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(CreateRequestToken, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--consumer-key',
|
|
|
|
|
metavar='<consumer-key>',
|
|
|
|
|
help='Consumer key',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
2013-07-03 15:26:33 -05:00
|
|
|
parser.add_argument(
|
|
|
|
|
'--consumer-secret',
|
|
|
|
|
metavar='<consumer-secret>',
|
|
|
|
|
help='Consumer secret',
|
|
|
|
|
required=True
|
|
|
|
|
)
|
2013-05-21 00:57:19 -05:00
|
|
|
parser.add_argument(
|
|
|
|
|
'--roles',
|
|
|
|
|
metavar='<roles>',
|
|
|
|
|
help='Role requested',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
2013-07-03 15:26:33 -05:00
|
|
|
oauth_client = self.app.client_manager.identity.oauth
|
2013-05-21 00:57:19 -05:00
|
|
|
request_token = oauth_client.create_request_token(
|
2013-07-03 15:26:33 -05:00
|
|
|
parsed_args.consumer_key,
|
|
|
|
|
parsed_args.consumer_secret,
|
|
|
|
|
parsed_args.roles)
|
|
|
|
|
return zip(*sorted(request_token.iteritems()))
|
2013-05-21 00:57:19 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class DeleteConsumer(command.Command):
|
|
|
|
|
"""Delete consumer command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.DeleteConsumer')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(DeleteConsumer, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'consumer',
|
|
|
|
|
metavar='<consumer>',
|
|
|
|
|
help='Name or ID of consumer to delete',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
|
consumer = utils.find_resource(
|
2013-07-03 15:26:33 -05:00
|
|
|
identity_client.oauth, parsed_args.consumer)
|
|
|
|
|
identity_client.oauth.delete_consumer(consumer.id)
|
2013-05-21 00:57:19 -05:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
|
2013-07-16 13:52:59 -05:00
|
|
|
class DeleteUserAuthorization(command.Command):
|
|
|
|
|
"""Delete user authorization command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.DeleteUserAuthorization')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(DeleteUserAuthorization, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'user',
|
|
|
|
|
metavar='<user>',
|
|
|
|
|
help='Name or Id of user',
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'access_id',
|
|
|
|
|
metavar='<access-id>',
|
|
|
|
|
help='Access Id to be deleted',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
|
user = utils.find_resource(
|
|
|
|
|
identity_client.users, parsed_args.user).id
|
|
|
|
|
identity_client.oauth.delete_authorization(user,
|
|
|
|
|
parsed_args.access_id)
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
|
2013-05-21 00:57:19 -05:00
|
|
|
class ListConsumer(lister.Lister):
|
|
|
|
|
"""List consumer command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.ListConsumer')
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
columns = ('ID', 'Name', 'Consumer Key', 'Consumer Secret')
|
2013-07-03 15:26:33 -05:00
|
|
|
data = self.app.client_manager.identity.oauth.list_consumers()
|
2013-05-21 00:57:19 -05:00
|
|
|
return (columns,
|
|
|
|
|
(utils.get_item_properties(
|
|
|
|
|
s, columns,
|
|
|
|
|
formatters={},
|
|
|
|
|
) for s in data))
|
|
|
|
|
|
|
|
|
|
|
2013-07-16 13:52:59 -05:00
|
|
|
class ListUserAuthorizations(lister.Lister):
|
|
|
|
|
"""List user authorizations command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.ListUserAuthorizations')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(ListUserAuthorizations, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'user',
|
|
|
|
|
metavar='<user>',
|
|
|
|
|
help='Name or Id of user',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
|
user = utils.find_resource(
|
|
|
|
|
identity_client.users, parsed_args.user).id
|
|
|
|
|
|
|
|
|
|
columns = ('Access Key', 'Consumer Key', 'Issued At',
|
|
|
|
|
'Project Id', 'User Id', 'Requested Roles')
|
|
|
|
|
data = identity_client.oauth.list_authorizations(user)
|
|
|
|
|
return (columns,
|
|
|
|
|
(utils.get_item_properties(
|
|
|
|
|
s, columns,
|
|
|
|
|
formatters={},
|
|
|
|
|
) for s in data))
|
|
|
|
|
|
|
|
|
|
|
2013-05-21 00:57:19 -05:00
|
|
|
class SetConsumer(command.Command):
|
|
|
|
|
"""Set consumer command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.SetConsumer')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(SetConsumer, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'consumer',
|
|
|
|
|
metavar='<consumer>',
|
|
|
|
|
help='Name or ID of consumer to change',
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'--name',
|
|
|
|
|
metavar='<new-consumer-name>',
|
|
|
|
|
help='New consumer name',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
|
consumer = utils.find_resource(
|
2013-07-03 15:26:33 -05:00
|
|
|
identity_client.oauth, parsed_args.consumer)
|
2013-05-21 00:57:19 -05:00
|
|
|
kwargs = {}
|
|
|
|
|
if parsed_args.name:
|
|
|
|
|
kwargs['name'] = parsed_args.name
|
|
|
|
|
|
|
|
|
|
if not len(kwargs):
|
|
|
|
|
sys.stdout.write("Consumer not updated, no arguments present")
|
|
|
|
|
return
|
2013-07-03 15:26:33 -05:00
|
|
|
identity_client.oauth.update_consumer(consumer.id, **kwargs)
|
2013-05-21 00:57:19 -05:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
|
2013-07-16 13:52:59 -05:00
|
|
|
class ShowAuthorizationPin(show.ShowOne):
|
|
|
|
|
"""Show Authorization pin command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.ShowAuthorizationPin')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(ShowAuthorizationPin, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'request_id',
|
|
|
|
|
metavar='<request-id>',
|
|
|
|
|
help='Show pin for request token',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
|
data = identity_client.oauth.get_authorization_pin(
|
|
|
|
|
parsed_args.request_id)
|
|
|
|
|
info = {}
|
|
|
|
|
info.update(data._info)
|
|
|
|
|
return zip(*sorted(info.iteritems()))
|
|
|
|
|
|
|
|
|
|
|
2013-05-21 00:57:19 -05:00
|
|
|
class ShowConsumer(show.ShowOne):
|
|
|
|
|
"""Show consumer command"""
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__ + '.ShowConsumer')
|
|
|
|
|
|
|
|
|
|
def get_parser(self, prog_name):
|
|
|
|
|
parser = super(ShowConsumer, self).get_parser(prog_name)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
'consumer',
|
|
|
|
|
metavar='<consumer>',
|
|
|
|
|
help='Name or ID of consumer to display',
|
|
|
|
|
)
|
|
|
|
|
return parser
|
|
|
|
|
|
|
|
|
|
def take_action(self, parsed_args):
|
|
|
|
|
self.log.debug('take_action(%s)' % parsed_args)
|
|
|
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
|
consumer = utils.find_resource(
|
2013-07-03 15:26:33 -05:00
|
|
|
identity_client.oauth, parsed_args.consumer)
|
2013-05-21 00:57:19 -05:00
|
|
|
|
|
|
|
|
info = {}
|
|
|
|
|
info.update(consumer._info)
|
|
|
|
|
return zip(*sorted(info.iteritems()))
|
