Added command docs, and changed request token to take in name or
id of a project, and also support a domain option.
Change-Id: I87363274e5b7a0c687e234f5a4bcaaf166d28840
Adds a --project filter to `os user list`, which really
calls the role assignment manager behind the scenes.
Change-Id: I57a75018f12ed3acdf8f6611b6b58bd974f91da2
Closes-Bug: #1397251
Previously this column was coming up as empty, since user's
have a `default project id`, not just `project id`.
Change-Id: I3d7f7eb600e9526b9c6cc2a8c5d6009b9100b1f5
Change the implementation of --enable|--disable on domain create
and set commands to our usual style.
Change-Id: I10f2b96281a114fa3cf3b001394844770b2a8632
Updated the service name to be optional, mostly matching the cli arguments
with v3 service create.
Implemented the following changes on service create:
- if only a single positional is present, it's a <type>.
This is not currently legal so it is considered a new case.
- if --type option is present the positional is handled as <name>;
display deprecation message
- if --name option is present the positional is handled as <type>.
Making --type optional is new, but back-compatible
- Made --name and --type mutually exclusive.
- only '--name <service-name> <type>' shall appear in the help output
Change-Id: I8fd4adba3d8cd00d5a8cacc2c494d99d492c45a3
Closes-Bug: #1404073
This is part2. Add support for these objects:
identity.project(v2.0)
identity.role(v2.0)
identity.user(v2.0)
identity.project(v3)
identity.role(v3)
identity.user(v3)
identity.group(v3)
Closes-Bug: #1400597
Change-Id: I270434d657cf4ddc23c3aba2c704d6ef184b0dbc
This is part1, add support for these objects:
compute.server
imagev1.image
imagev2.image
network.network
volume.volume
volume.backup
volume.snapshot
Closes-Bug: #1400597
Change-Id: Ice21fee85203a8a55417e0ead8b509b8fd6705c1
The keystoneclient.openstack.common directory is where we sync files
from oslo incubator. It is not a public directory and should not be
being consumed by openstackclient.
Change-Id: I011bb95c2c824e2dbc4b822ca922ae77b8d9b955
For class-loading purposes we can just use the major version,
so accept that. Only Identity and Compute were affected; Compute
is included just to be pedantically complete.
For command groups we also just use the major version so fix
Compute and the version option handling.
Change the internal default for Identity to a simple '2' so it
is also consistent with the rest of the world.
Then comes microversioning...
Closes-Bug: #1292638
Change-Id: Ibaf823b31caa288a83de38d2c258860b128b87d8
The --or-show option is added to create commands for the common case
of needing to ensure an object exists and getting its properties if
it does or creating a new one if it does not exist.
Note that if the object exists, any additional options that would
set values in a newly created object are ignored if the object
exists.
FakeResource needs the __name__ attribute to fall through utils.find_resource.
Prove the concept on v2 user create then propogate once we're happy with it...
Change-Id: I6268566514840c284e6a1d44b409a81d6699ef99
We should use the fixture generation code from keystoneclient rather
than keep our own copies of the token and discovery structure.
Change-Id: I53c1d2935d1d65c39b8abea89427af2fc3edd181
A federated user can authenticate with the v3unscopedsaml plugin and
list the domains and projects she is allowed to scope to.
This patch introduces the new commands 'federation domain list' and
'federation project list'.
Note that for these commands -and plugin- to be available, the lxml
library must be installed.
Change-Id: I2707b624befcfb0a01b40a094e12fd68a3ee7773
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
* server create required --image even when booting the server from a
volume. Change options to require either --image or --volume to
specify the server boot disk. Using --volume currently uses device
'vda' for the block mapping and ignores any other block mappings
given in --block-device-mapping.
* server create and server show are both affected by bug 1378842 where
an excepion was thrown when no image ID was present in the returned
server object, which is the case for a server booted from a volume.
* Fix the remaining assertEqual() order problems in test_server.py
Closes-Bug: 1378842
Closes-Bug: 1383338
Change-Id: I5daebf4e50a765d4920088dfead95b6295af6a4d
User's don't know what a plugin is.
* Internally, os_auth_type and/or auth_type represents what the
user supplied.
* auth_plugin_name is the name of the selected plugin
* auth_plugin is the actual plugin object
Plugin selection process:
* if --os-auth-type is supplied:
* if it matches against an available plugin, done
* (if it can map to an availble plugin type, done; TODO in a followup)
* if --os-auth-type is not supplied:
* if --os-url and --os-token are supplied, select 'token_endpoint'
* if --os-username supplied, select identity_api_version + 'password'
* if --os-token supplied, select identity_api_version + 'token'
Change-Id: Ice4535214e311ebf924087cf77f6d84d76f5f3ee
IssueToken.take_action() was missed in updating the structure of
the ClientManager.
Also, TOKEN_WITH_TENANT_ID in v3 is just wrong...
Closes-Bug: #1383396
Change-Id: If2dd82a26af1d743ee9df73e0c1aebce497bf22e
Anything that needs a service catalog can get it directly from
auth_ref.service_catalog, no need to carry the extra attribute.
ClientManager.get_endpoint_for_service_type() reamins the proper
method to get an endpoint for clients that still need one directly.
Change-Id: I809091c9c71d08f29606d7fd8b500898ff2cb8ae
Clients that can use ksc Session don't need the old junk to
fake auth anymore:
* compute
* volume
Clients that still need to be fed credentials can pick directly
from the auth object in clientmanager. The _token attribute is
removed, the token can be retrieved from the auth object:
openstackclient/tests/common/test_clientmanager.py
This change will break any plugin that relies on getting a token
from instance._token. They should be updated to use the above, or
preferable, to use keystoneclient.session.Session to create its
HTTP interface object.
Change-Id: I877a29de97a42f85f12a14c274fc003e6fba5135
keystoneclient/openstack/common/jsonutils.py is removed in this patch
https://review.openstack.org/#/c/128454/
Now, we should use jsonutils in oslo.serialization package.
Change-Id: I7c8e8e6d5dffa85244368fd578616c9b19f4fd21
The files opened for the --files and --user-data options were never
closed, potentially leaking memory in a long-running client. Close
them if they are file objects.
Add a couple of basic tests for server create.
Change-Id: I1658b0caa2d6af17308149cb52196ee28266ddf2
* Switch to use io.open() for py3 compatibility and simpler testing.
* Open files in 'rb' mode to avoid translation on Windows
Previously tests simply relied on files that were present in the
repository to run tests using open(). Change the filenames to ensure
that no longer happens.
requests_mock doesn't have a way to match against the request body for
PUT/POST; an attempt to add a new Matcher to do that worked but it
needs to subclass the currently private adapter._Matcher class or
duplicate most of its functionality.
Change-Id: I8c30b41db20af8ecafe67e760e872fc08adec905
The ksc auth plugins do not have support for the original
token-endpoint (aka token flow) auth where the user supplies
a token (possibly the Keystone admin_token) and an API endpoint.
This is used for bootstrapping Keystone but also has other uses
when a scoped user token is provided.
The api.auth:TokenEndpoint class is required to provide the
same interface methods so all of the special-case code branches
to support token-endpoint can be removed.
Some additional cleanups related to ClientManager and creating
the Compute client also were done to streamline using sessions.
Change-Id: I1a6059afa845a591eff92567ca346c09010a93af