5 Commits

Author SHA1 Message Date
Marek Denis
c1b376dc33 Add environment variable in the os-auth-type help
Help for option --os-auth-type doesn't specify what environment variable
configures it. This patch fixes that.

Change-Id: Id2e29e477d5ca56339bd777fb73b5af13788615b
2014-11-17 09:50:12 +00:00
Dean Troyer
f079b5b9c4 Change --os-auth-plugin to --os-auth-type
User's don't know what a plugin is.

* Internally, os_auth_type and/or auth_type represents what the
  user supplied.
* auth_plugin_name is the name of the selected plugin
* auth_plugin is the actual plugin object

Plugin selection process:
* if --os-auth-type is supplied:
  * if it matches against an available plugin, done
  * (if it can map to an availble plugin type, done; TODO in a followup)
* if --os-auth-type is not supplied:
  * if --os-url and --os-token are supplied, select 'token_endpoint'
  * if --os-username supplied, select identity_api_version + 'password'
  * if --os-token supplied, select identity_api_version + 'token'

Change-Id: Ice4535214e311ebf924087cf77f6d84d76f5f3ee
2014-10-23 15:37:44 -05:00
Dean Troyer
e063246b97 Clean up shell authentication
* Remove the auth option checks as the auth plugins will validate
  their own options
* Move the initialization of client_manager to the end of
  initialize_app() so it is always called.  Note that no attempts
  to actually authenticate occur until the first use of one of the
  client attributes in client_manager.  This leaves
  initialize_clientmanager() (formerly uathenticate_user()) empty
  so remove it.
* Remove interact() as the client_manager has already been created
  And there is nothing left.
* prepare_to_run_command() is reduced to trigger an authentication
  attempt for the best_effort auth commands, currently the only
  one is 'complete'.
* Add prompt_for_password() to ask the user to enter a password
  when necessary.  Passed to ClientManager in a new kward pw_func.

Bug: 1355838
Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2
2014-10-21 23:16:16 -05:00
Dean Troyer
c3c6edbe8a Add plugin to support token-endpoint auth
The ksc auth plugins do not have support for the original
token-endpoint (aka token flow) auth where the user supplies
a token (possibly the Keystone admin_token) and an API endpoint.
This is used for bootstrapping Keystone but also has other uses
when a scoped user token is provided.

The api.auth:TokenEndpoint class is required to provide the
same interface methods so all of the special-case code branches
to support token-endpoint can be removed.

Some additional cleanups related to ClientManager and creating
the Compute client also were done to streamline using sessions.

Change-Id: I1a6059afa845a591eff92567ca346c09010a93af
2014-10-12 16:48:43 -05:00
Matthieu Huin
0c77a9fe8b Support for keystone auth plugins
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::

  OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
  OS_PASSWORD=admin openstack user list

  OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
  OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
  OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list

  OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
  OS_IDENTITY_API_VERSION=2.0 openstack user list

The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.

Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
2014-10-09 12:34:47 +02:00