Setting default versions in parsed args makes it so OCC
cannot tell if the argument was parsed, an environment
variable was set or it is just defaulted. In order to
set api versions from OCC, it will have to be defaulted
after processing OCC.
Closes-Bug: #1453229
Change-Id: I4d065919397b783f3bdd4022c986c0234a7a16e6
User should be able to specify the endpoint type through
a CLI optional argument/ENV variable setting. We will name this new
optional argument: --os-endpoint-type (Env: OS_ENDPOINT_TYPE) and
based on the value given, the service API will use that specific
endpoint type. Possible values: public, admin, internal.
DocImpact
Closes-Bug: #1454392
Change-Id: Ife3d4e46b44c0ddcd712b1130e27e362545a9a29
Change --insecure to ignore the --os-cacert setting. This is a change
from before where OSC followed the requests pattern of cacert taking
priority.
This logic is also introduced in os-client-config 1.3.0; we
do not require that release yet so it is duplicated here for now.
That change will come with the upcoming global options refactor.
Closes-Bug: #1447784
Change-Id: Iaa6d499ed0929c00a56dcd92a2017487c702774a
This is the first step in reworking the shell argument handling,
clean up and add tests to ensure functionality doesn't change.
* Rework shell tests to break down global options and auth options.
* Make tests table-driven
* Remove 'os_' from 'cacert' and 'default_domain' internal option names
Change-Id: Icf69c7e84f3f44b366fe64b6bbf4e3fe958eb302
Because of the way OSC registers all plugins together we end up
with os-tenant-X parameters being saved to the project-X attribute after
parsing. If you are using the v2 plugins directly then they and os-client-config
expect the tenant_X values and will assuming no scoping information if
they are not present.
Validating options for scope will also fail in this situation, not just
because the resultant auth dictionary is missing the tenant-X
attributes, but because OSC validates that either project or domain
scope information is present.
Fix this by just always setting the v2 parameters if the v3 parameters
are present. This will have no effect on the generic or v3 case but fix
the v2 case.
Expand validation to include the tenant options so it knows that v2
plugins are scoped.
Change-Id: I8cab3e423663f801cbf2d83106c671bddc58d7e6
Closes-Bug: #1460369
The tests that will change after the verify-always-true bug is fixed
are currently commented out. The commented asserts show where we
want to go.
Also fixes --verify parser value
Change-Id: I891e3ead5fc3da3ed2ecba5d2befd9e910778655
The insecure and verify options are broken so that verify always
gets set to True. One problem was that the parsed args not
defaulted so os_cloud_config thinks there was always a command
line specified. The other problem was getattr was called on cloud
config instead of get.
Closes-Bug: #1450855
Change-Id: Ib5f004f51a7453cc8f5a89759e2031ec42e04a30
If the clientmanager is unable to create a keystone session (due to
insufficient auth parameters or something else) then the exception
caused by this shouldn't be ignored, as was the case.
On the other hand, we don't want this behaviour in the case of the
'complete' command, so this is now properly detected.
Change-Id: If4f453d23cc87900cda752e9ffbcf41ded59e26f
Closes-Bug: #1444640
This adds a new option --os-cloud that allows the configuration values
for multiple clouds to be stored in a local file and selected with
a single option.
Internal option names have had 'os_' removed to be comptible with
the options returned from OpenStackConfig().get_one_cloud().
The config file is ~/.config/openstack/clouds.yaml:
Sample
------
clouds:
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I4939acf8067e44ffe06a2e26fc28f1adf8985b7d
Depends-On: I45e2550af58aee616ca168d20a557077beeab007
At least print a warning on authentication error. I have no
idea why an exception is being ignored here because if there
is no session, nothing is going to happen. This at least will
print some useful warning:
(.venv)terry@f350:~/python-openstackclient$ os flavor list --os-cloud pro
WARNING: openstackclient.shell Possible error authenticating: __init__() got an unexpected keyword argument 'asdf'
ERROR: openstack Authentication requires 'auth_url', which should be specified in 'HTTPClient'
This error was caused by having a bogus value 'asdf' in the cloud.yaml
for the cloud pro.
Change-Id: Ie08432e0464cfa86b3b3f67ca29d3b7d23d2f46f
Print a warning message if an unknown api version is supplied.
An attempt will be made to run the command anyway.
Change-Id: Idec8e88fe9621f10ec4b7eecd90708fb3730f56f
Subclass keystoneclient.session.Session to add the timing hooks to
record the elapsed time returned by requests.Response objects, including
the redirection history. Redirects are included individually and not
rolled into the total time for the original request.
This works for all clients that use OSC's session.
Closes-Bug: #1402577
Change-Id: I9360c90c151579b89a37edb8c11c17feb15b3cb9
Requests/urllib3 started issuing warnings about certificates and SSL
that our users are unable to do anything about. This is a very blunt
way to suppress these warnings unless --verbose or --debug is
supplied on the command line.
Being more precise in the suppression requires importing the warning
classes from urllib3 and dealing with the platforms where it has
been unvendored from requests. Maybe in the future if there are
concerns that this mutes too much otherwise.
Change-Id: I50bb10a16222de12c5b95bfe042b92e43ea8ee7c
This change removes openstackclient homemade hack to defer help
printing in initialize_app and uses cliff (new) option to defer
help printing.
Change-Id: Ie3e94ec96254745bfef8c5ff5abc405facfe1bea
Related-Bug: #1316622
The plugin detection at the top of openstackclient.api.auth did not
detect the plugins at the bottom of that file because, surprise,
they had not been declared yet so the entry points were ignored.
Move both plugin subclasses into openstackclient.api.auth_plugin.
Fix a problem with the password callback that was otherwise made
worse with this change.
Closes-Bug: 1428912
Change-Id: Idc3b72534071e0013c8922884a8bc14137509a0f
When we got picky with the auth arguments we broke using help without
any auth config supplied. This rearranges things a bit to do the argument
checking when the deferred auth request to Identity occurs so commands
that do not need auth have a chance to live short but useful lives.
Closes-Bug: #1399588
Change-Id: I8ceac491cf65e25eddb62ab2713f471fe686756d
Rather than pointing the 'project usage list' entry point directly to
ListUsage, this makes a ListProjectUsage subclass to alias the desired
command and still allow for changing behaviour or issuing a deprecation
messages. This implementation simply sets a new 'deprecated' attribute
in the command class that cliff will use to skip this command when
generating help output.
The actual skipping of the command in help output is dependant on
https://review.openstack.org/147349 merging in cliff, this review will
simply have no effect on help output until a version of cliff with
that update is present.
The deprecation message printed is somewhat generic until
https://review.openstack.org/147381 is merged in cliff.
Until that is merged, the deprecation message will not have the name
of the actual command given by the user in it, but rather the text
'this command'.
Closes-bug: #1406654
Change-Id: Ie08d4f88d71a660fca1862405351109cd0aa86b6
For class-loading purposes we can just use the major version,
so accept that. Only Identity and Compute were affected; Compute
is included just to be pedantically complete.
For command groups we also just use the major version so fix
Compute and the version option handling.
Change the internal default for Identity to a simple '2' so it
is also consistent with the rest of the world.
Then comes microversioning...
Closes-Bug: #1292638
Change-Id: Ibaf823b31caa288a83de38d2c258860b128b87d8
* Promote select messages to INFO so lower logging levels can be useful
* Help more modules not say so much all the time
Change-Id: I814023c1489595998ae74efe40ef439b3522ee74
* Remove the auth option checks as the auth plugins will validate
their own options
* Move the initialization of client_manager to the end of
initialize_app() so it is always called. Note that no attempts
to actually authenticate occur until the first use of one of the
client attributes in client_manager. This leaves
initialize_clientmanager() (formerly uathenticate_user()) empty
so remove it.
* Remove interact() as the client_manager has already been created
And there is nothing left.
* prepare_to_run_command() is reduced to trigger an authentication
attempt for the best_effort auth commands, currently the only
one is 'complete'.
* Add prompt_for_password() to ask the user to enter a password
when necessary. Passed to ClientManager in a new kward pw_func.
Bug: 1355838
Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2
Currently, we repeated to generate clientmanager instance when run
command in interactive mode. This should be avoided.
Change-Id: I0536a690bc173be38af08a2e4443115532041efd
Closes-Bug: #1383083
The OSC plugins work by adding an object as an attribute to a
ClientManager instance. The initialization and management of
thos plugins belongs in clientmanager.py.
At this point the only part not moved is the API version dict
initialization bcause the timing and connection to the
CommandManager initialization. It gets refactored anyway when
API discovery becomes operational.
Change-Id: If9cb9a0c45a3a577082a5cdbb793769211f20ebb
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
This does a couple of things:
* Loads the Identity client module in the same manner as the other
'base' clients (where 'base' == 'included in the OSC repo')
* Changes the entry point group name for the base clients to
'openstack.cli.base'. The extension group name remains the same.
* Loads the base modules first followed by the extension modules.
This load order ensures that the extension module commands are all
loaded _after_ the base commands, allowing extensions to now override
the base commands.
Change-Id: I4b9ca7f1df6eb8bbe8e3f663f3065c2ed80ce20b
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
Add support for --timing options. Use cliff via a pseudo-command
'Timing' to support multiple outputformats.
If an output format other than the default 'table' is selected
use CSV since the timing data is in list form.
Will pick up timing data for any client object that has a method
similar to novaclient's get_timings().
TODO:
* Stop instantiating all of the clientmanager client objects just
to check for timing data. Descriptor magic required?
Change-Id: I7f1076b7a250fba6a8b24b2ae9353a7f51b792b2
* The encryption it purports to offer is completely insecure.
* It also appears to be broken.
Closes-Bug: #1319381
Change-Id: Id15ecfbbfd15f142b14c125bfd85afd5032699ac
This patch enables authenticating by using a trust. The trust ID
must be set with the parameter --os-trust-id or the env variable
OS_TRUST_ID. Trusts are available for the identity v3 API.
Co-Authored-By: Florent Flament <florent.flament@cloudwatt.com>
Change-Id: Iacc389b203bbadda53ca31a7f5a9b8b6e1a1f522
The following logging levels are set according to the combination of
--verbose, --quiet and --debug options:
verbose_level logging level options
0 --quiet ERROR
1 (none) WARNING
2 --verbose INFO
3+ --verbose --verbose DEBUG
or --debug
Logging levels for the requests and iso8601 modules are forced to ERROR.
This is the first step in bp use-logging-not-print
The difference between '--debug' and '--verbose --verbose' is --debug triggers
cliff's exception handling and traceback display.
Change-Id: Ide2233b3316471d279260fb1e7255a6ca2072023
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
If authorization fails for the complete command, generate the bash complete anyway.
* Added best_effort flag to command
* Attempts to authorize for bash complete, but if it fails, it tries anyway
Change-Id: I796258f8044f42abc6a51164d920a26f73397962
Partial-Bug: #1283550
This fixes some errors and inconsistencies I found reviewing the
help strings:
* Capitalize help strings
* Add missing space between words (in multi-line strings)
* Improve wording
Change-Id: I2fb31ab4191c330146e31c1a9651115a6657769a
Add the ability to pass user_domain_id / user_domain_name, domain_id
/ domain_name, and project_domain_id / project_domain_name to keystone.
These parameters are the first step needed to getting multi-domain
support working via the CLI.
Closes-Bug: #1198171
Change-Id: I81a8534913978ff1cce01ec02741ae477e8c5fa4
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Signed-off-by: Bo Tang <btang@cs.utsa.edu>
Prepare to use the (soon to be) common Session from keystoneclient
* Rework RESTApi to eventually be a subclass of keystoneclient.Session
Change-Id: I68e610f8b19a3f6267a93f7bf3de54a228be68aa
