novaclient 2.27.0 introduced the API microversion discovery and client.Client
now wants an api_version argument to properly work out the correct API
version in use. OSC needs to provide this when required.
Letting the compute client plugin do the version validity checking makes more
sense than encoding it into shell.py, so I've added a new OSC plugin interface
function check_api_version() that is called from shell.py if it exists. If it
either does not exist or it returns False the previous version checking using
API_VERSIONS is still performed.
compute.client.check_api_version() conditionally imports the new
novaclient.api_versions module and uses it if successful. Otherwise
check_api_version() returns False and the previous code path is resumed.
One side-effect of this is that it is now valid to use --os-compute-api-version
with any valid microversion supported by the installed python-novaclient.
Closes-Bug: #1492467
Change-Id: I4535b38a5639a03a9597bf83f6394f9bb45c2b9e
Configuration of logging gets triggered twice. The first time it
uses the CLI options when the application is started and second
it uses the configuration file after that is read. The state of
the logging needs to be saved from the first to the second time,
so I created a class.
Implements: blueprint logging-migration
Change-Id: I7b8d1a3b6fd128e98cafd7c16009c7b694a52146
Move the conversion of command line options to log level out
of shell.py.
Change-Id: I86cb45a85cd63927aa1c87c1eed27542981df659
Implements: blueprint logging-migration
This will allow users to record logs of all their commands into
a predefined log file, in clouds.yaml. The log should have a
format similar to that of oslo.log.
Change-Id: I1b334bf429d575fc25809c9706fc0b11116be3f1
Implements: blueprint every-time-record-log-in-file
Commit 50f05448982b5fafd9d9a7783b639dd145090a0d to os-client-config
removed the default values in the _defaults dict. This makes any
call to cloud_config.set_default() before initializing the dict
fail.
The fix changes the way the auth_type default is overriden, by
doing it when cloud_config.OpenStackConfig() is executed.
Change-Id: If37d3ba303f01d4c77fd7c15a3cde9634534b64a
Closes-bug: #1473921
Setting default versions in parsed args makes it so OCC
cannot tell if the argument was parsed, an environment
variable was set or it is just defaulted. In order to
set api versions from OCC, it will have to be defaulted
after processing OCC.
Closes-Bug: #1453229
Change-Id: I4d065919397b783f3bdd4022c986c0234a7a16e6
User should be able to specify the endpoint type through
a CLI optional argument/ENV variable setting. We will name this new
optional argument: --os-endpoint-type (Env: OS_ENDPOINT_TYPE) and
based on the value given, the service API will use that specific
endpoint type. Possible values: public, admin, internal.
DocImpact
Closes-Bug: #1454392
Change-Id: Ife3d4e46b44c0ddcd712b1130e27e362545a9a29
Change --insecure to ignore the --os-cacert setting. This is a change
from before where OSC followed the requests pattern of cacert taking
priority.
This logic is also introduced in os-client-config 1.3.0; we
do not require that release yet so it is duplicated here for now.
That change will come with the upcoming global options refactor.
Closes-Bug: #1447784
Change-Id: Iaa6d499ed0929c00a56dcd92a2017487c702774a
This is the first step in reworking the shell argument handling,
clean up and add tests to ensure functionality doesn't change.
* Rework shell tests to break down global options and auth options.
* Make tests table-driven
* Remove 'os_' from 'cacert' and 'default_domain' internal option names
Change-Id: Icf69c7e84f3f44b366fe64b6bbf4e3fe958eb302
Because of the way OSC registers all plugins together we end up
with os-tenant-X parameters being saved to the project-X attribute after
parsing. If you are using the v2 plugins directly then they and os-client-config
expect the tenant_X values and will assuming no scoping information if
they are not present.
Validating options for scope will also fail in this situation, not just
because the resultant auth dictionary is missing the tenant-X
attributes, but because OSC validates that either project or domain
scope information is present.
Fix this by just always setting the v2 parameters if the v3 parameters
are present. This will have no effect on the generic or v3 case but fix
the v2 case.
Expand validation to include the tenant options so it knows that v2
plugins are scoped.
Change-Id: I8cab3e423663f801cbf2d83106c671bddc58d7e6
Closes-Bug: #1460369
The tests that will change after the verify-always-true bug is fixed
are currently commented out. The commented asserts show where we
want to go.
Also fixes --verify parser value
Change-Id: I891e3ead5fc3da3ed2ecba5d2befd9e910778655
The insecure and verify options are broken so that verify always
gets set to True. One problem was that the parsed args not
defaulted so os_cloud_config thinks there was always a command
line specified. The other problem was getattr was called on cloud
config instead of get.
Closes-Bug: #1450855
Change-Id: Ib5f004f51a7453cc8f5a89759e2031ec42e04a30
If the clientmanager is unable to create a keystone session (due to
insufficient auth parameters or something else) then the exception
caused by this shouldn't be ignored, as was the case.
On the other hand, we don't want this behaviour in the case of the
'complete' command, so this is now properly detected.
Change-Id: If4f453d23cc87900cda752e9ffbcf41ded59e26f
Closes-Bug: #1444640
This adds a new option --os-cloud that allows the configuration values
for multiple clouds to be stored in a local file and selected with
a single option.
Internal option names have had 'os_' removed to be comptible with
the options returned from OpenStackConfig().get_one_cloud().
The config file is ~/.config/openstack/clouds.yaml:
Sample
------
clouds:
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I4939acf8067e44ffe06a2e26fc28f1adf8985b7d
Depends-On: I45e2550af58aee616ca168d20a557077beeab007
At least print a warning on authentication error. I have no
idea why an exception is being ignored here because if there
is no session, nothing is going to happen. This at least will
print some useful warning:
(.venv)terry@f350:~/python-openstackclient$ os flavor list --os-cloud pro
WARNING: openstackclient.shell Possible error authenticating: __init__() got an unexpected keyword argument 'asdf'
ERROR: openstack Authentication requires 'auth_url', which should be specified in 'HTTPClient'
This error was caused by having a bogus value 'asdf' in the cloud.yaml
for the cloud pro.
Change-Id: Ie08432e0464cfa86b3b3f67ca29d3b7d23d2f46f
Print a warning message if an unknown api version is supplied.
An attempt will be made to run the command anyway.
Change-Id: Idec8e88fe9621f10ec4b7eecd90708fb3730f56f
Subclass keystoneclient.session.Session to add the timing hooks to
record the elapsed time returned by requests.Response objects, including
the redirection history. Redirects are included individually and not
rolled into the total time for the original request.
This works for all clients that use OSC's session.
Closes-Bug: #1402577
Change-Id: I9360c90c151579b89a37edb8c11c17feb15b3cb9
Requests/urllib3 started issuing warnings about certificates and SSL
that our users are unable to do anything about. This is a very blunt
way to suppress these warnings unless --verbose or --debug is
supplied on the command line.
Being more precise in the suppression requires importing the warning
classes from urllib3 and dealing with the platforms where it has
been unvendored from requests. Maybe in the future if there are
concerns that this mutes too much otherwise.
Change-Id: I50bb10a16222de12c5b95bfe042b92e43ea8ee7c
This change removes openstackclient homemade hack to defer help
printing in initialize_app and uses cliff (new) option to defer
help printing.
Change-Id: Ie3e94ec96254745bfef8c5ff5abc405facfe1bea
Related-Bug: #1316622
The plugin detection at the top of openstackclient.api.auth did not
detect the plugins at the bottom of that file because, surprise,
they had not been declared yet so the entry points were ignored.
Move both plugin subclasses into openstackclient.api.auth_plugin.
Fix a problem with the password callback that was otherwise made
worse with this change.
Closes-Bug: 1428912
Change-Id: Idc3b72534071e0013c8922884a8bc14137509a0f
When we got picky with the auth arguments we broke using help without
any auth config supplied. This rearranges things a bit to do the argument
checking when the deferred auth request to Identity occurs so commands
that do not need auth have a chance to live short but useful lives.
Closes-Bug: #1399588
Change-Id: I8ceac491cf65e25eddb62ab2713f471fe686756d
Rather than pointing the 'project usage list' entry point directly to
ListUsage, this makes a ListProjectUsage subclass to alias the desired
command and still allow for changing behaviour or issuing a deprecation
messages. This implementation simply sets a new 'deprecated' attribute
in the command class that cliff will use to skip this command when
generating help output.
The actual skipping of the command in help output is dependant on
https://review.openstack.org/147349 merging in cliff, this review will
simply have no effect on help output until a version of cliff with
that update is present.
The deprecation message printed is somewhat generic until
https://review.openstack.org/147381 is merged in cliff.
Until that is merged, the deprecation message will not have the name
of the actual command given by the user in it, but rather the text
'this command'.
Closes-bug: #1406654
Change-Id: Ie08d4f88d71a660fca1862405351109cd0aa86b6
For class-loading purposes we can just use the major version,
so accept that. Only Identity and Compute were affected; Compute
is included just to be pedantically complete.
For command groups we also just use the major version so fix
Compute and the version option handling.
Change the internal default for Identity to a simple '2' so it
is also consistent with the rest of the world.
Then comes microversioning...
Closes-Bug: #1292638
Change-Id: Ibaf823b31caa288a83de38d2c258860b128b87d8
* Promote select messages to INFO so lower logging levels can be useful
* Help more modules not say so much all the time
Change-Id: I814023c1489595998ae74efe40ef439b3522ee74
* Remove the auth option checks as the auth plugins will validate
their own options
* Move the initialization of client_manager to the end of
initialize_app() so it is always called. Note that no attempts
to actually authenticate occur until the first use of one of the
client attributes in client_manager. This leaves
initialize_clientmanager() (formerly uathenticate_user()) empty
so remove it.
* Remove interact() as the client_manager has already been created
And there is nothing left.
* prepare_to_run_command() is reduced to trigger an authentication
attempt for the best_effort auth commands, currently the only
one is 'complete'.
* Add prompt_for_password() to ask the user to enter a password
when necessary. Passed to ClientManager in a new kward pw_func.
Bug: 1355838
Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2
Currently, we repeated to generate clientmanager instance when run
command in interactive mode. This should be avoided.
Change-Id: I0536a690bc173be38af08a2e4443115532041efd
Closes-Bug: #1383083
The OSC plugins work by adding an object as an attribute to a
ClientManager instance. The initialization and management of
thos plugins belongs in clientmanager.py.
At this point the only part not moved is the API version dict
initialization bcause the timing and connection to the
CommandManager initialization. It gets refactored anyway when
API discovery becomes operational.
Change-Id: If9cb9a0c45a3a577082a5cdbb793769211f20ebb
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
This does a couple of things:
* Loads the Identity client module in the same manner as the other
'base' clients (where 'base' == 'included in the OSC repo')
* Changes the entry point group name for the base clients to
'openstack.cli.base'. The extension group name remains the same.
* Loads the base modules first followed by the extension modules.
This load order ensures that the extension module commands are all
loaded _after_ the base commands, allowing extensions to now override
the base commands.
Change-Id: I4b9ca7f1df6eb8bbe8e3f663f3065c2ed80ce20b
