The command "configuration show" tries to redact some of the secrets
that are shown on the screen. However, this failed redacting options
that were marked as secrete by the auth plugins (if any) and it redacted
other options that were not redacted at all. For example, when using
the OpenID Connect plugins, it redacted the "access_token_endpoint" as
the word "token" appears there, but it failed to redact "client_secret"
even when this option is marked as secret in the corresponding plugin.
Change-Id: Idfad4fbbe5ddcff5e729e1dcd756d0379ad31dee
This changes the scope validation to occur after a token has already
been created.
Previous flow:
1. Validate authentication options.
2. Validate authorization options if the command requires a scope.
3. Create a token (using authentication + authorization options)
4. Run command.
This means that scope was being checked, even if a default scope was
applied in step 3 by Keystone.
New flow:
1. Validate authentication options.
2. Create token (using authentication + authorization options)
3 Validate authorization options if the command requires a scope and
the token is not scoped.
4. Run command.
Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981
Closes-Bug: 1592062
Use osc-lib directly for exceptions.
Leave openstackclient.common.exceptions for deprecation period.
Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.
All dependant test have been updated.
Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects. The user_role_list tests failed when they
picked up an auth_ref that was a fixture. This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.
Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
The set --property command requires that the input match
the "key=value" type, but if the type don't match, the return
value will be None, and the command still can be implemented
successfully, this may confuse the users. I think we should
raise exception if the argument type don't match "key=value".
So I make some changes in KeyValueAction class in this patch.
Change-Id: I14e64922faa7e083bc8b5e7e1cac41ef8117c224
Closes-Bug: #1589935
Add FakeExtension class in networkv2, computev2, volumev2,
identityv2_0 and update unit test test/common/test_extension.py
Change-Id: I94815de7801860edb7fa91a7d146455cab946652
The --enable option on commands is ignored when the arguments are parsed.
This is related to the --enable-beta-commands option. Renaming the option
to --os-beta-command fixes the problem.
There's no need to handle backwards compatibility for the option name
change because there hasn't been an OSC release yet with beta commands.
Change-Id: I0327ba8a2058858a83e9a42e231470ed733cc834
Closes-Bug: #1588384
The "quota set" command support compute and volume quotas previously.
This patch add support network.
Partially-implements: blueprint neutron-client-quota
Closes-bug: 1489441
Change-Id: I9d297f52bc30614b3493f09ed15f8f1d3f8ff952
The "os quota show" command "<project/class>" argument is now
optional. If not specified, the user's current project is used.
This allows non-admin users to show quotas for their current
project.
Change-Id: I602d4cc09c9d29ce84271eff78137f8810cb1a47
Closes-Bug: #1572733
Previously, if an AttributeError was raised in a plugin's make_client
method, the plugin simply wouldn't be an attribute of the ClientManager,
producing tracebacks like
Traceback (most recent call last):
File ".../openstackclient/shell.py", line 118, in run
ret_val = super(OpenStackShell, self).run(argv)
...
File ".../openstackclient/object/v1/container.py", line 150, in take_action
data = self.app.client_manager.object_store.container_list(
File ".../openstackclient/common/clientmanager.py", line 66, in __getattr__
raise AttributeError(name)
AttributeError: object_store
This made writing minimal third-party auth plugins difficult, as it
obliterated the original AttributeError.
Now, AttributeErrors that are raised during plugin initialization will
be re-raised as PluginAttributeErrors, and the original traceback will
be preserved. This gives much more useful information to plugin
developers, as in
Traceback (most recent call last):
File ".../openstackclient/shell.py", line 118, in run
ret_val = super(OpenStackShell, self).run(argv)
...
File ".../openstackclient/object/v1/container.py", line 150, in take_action
data = self.app.client_manager.object_store.container_list(
File ".../openstackclient/common/clientmanager.py", line 57, in __get__
err_val, err_tb)
File ".../openstackclient/common/clientmanager.py", line 51, in __get__
self._handle = self.factory(instance)
File ".../openstackclient/object/client.py", line 35, in make_client
interface=instance._interface,
File ".../openstackclient/common/clientmanager.py", line 258,
in get_endpoint_for_service_type
endpoint = self.auth_ref.service_catalog.url_for(
PluginAttributeError: 'NoneType' object has no attribute 'url_for'
Change-Id: I0eee7eba6eccc6d471a699a381185c4e76da10bd
Project show with name argument returns 'Could not find resource'
error when the user is not authorized. It should report the
authorization error instead. This patch makes that change.
Change-Id: Iac3521f8a411060b0ec9ef46c8f0e1f3551e56ae
Closes-Bug: #1511625
assertListEqual() is order sensitive. So we need to sort
the lists before we compare them. Use assertItemsEqual()
instead is better.
Change-Id: I9eaa98716c7401f5b099b007438acc916dae619b
Extension list involves identity, compute, volume and network.
Current test covers only identity and network. This patch added test
against compute and volum. Also refactored current implentation.
Change-Id: If9b36cba24c50a817a17f685801e418fb898596a
The cliff module expects an array of tuples however
the array that this function was returning was an array
of tuples that was also containing an array of values for
the commands attached to each group and the
cliff module wasn't liking it.
The output now comes out looking like:
| openstack.common | limits show |
| | extension list |
| openstack.baremetal.v1 | baremetal set |
Change-Id: Ifa1c149cb5c66ba27dc72bf72d7c8f2f50e42f73
Closes-Bug: 1545609
Class MultiKeyValueAction will be used to parse arguments like this:
--route destination=xxx,gateway=xxx --route destination=yyy,gateway=yyy
The result is a list like this:
[{destination:xxx, gateway:xxx}, {destination:yyy, gateway:yyy}]
This action also contain validation of the parameters.
Change-Id: Ie3aa8635c6a13fc2e429fe6922acd681dc7244cf
Make scope check optional for the "token issue" command as unscoped token is
a valid Keystone V2/V3 API.
Change-Id: Ie1cded4dbfdafd3a78c0ebdf89e3f66762509930
Closes-Bug: #1543214
Class mock.Mock does not exist method "called_once_with()", it just
exists method "assert_called_once_with()". "called_once_with()" does
nothing because it's a mock object.
In OSC, only one place is still using "called_once_with()". Fix it.
Change-Id: Ib890e95d775c3fc43df80fa05c82d726e78cdac8
Partial Bug: 1544522
As bug #1477199 describes, the wrong comment below is all over the
unit test code of OSC.
# DisplayCommandBase.take_action() returns two tuples
There is no such class named DisplayCommandBase in OSC. It is in cliff.
All OSC command classes inherit from the base classes in cliff,
class Command, class Lister and class ShowOne. It is like this:
Object
|--> Command
|--> DisplayCommandBase
|--> Lister
|--> ShowOne
take_action() is an abstract method of class Command, and generally is
overwritten by subclasses.
* Command.take_action() returns nothing.
* Lister.take_action() returns a tuple which contains a tuple of columns
and a generator used to generate the data.
* ShowOne.take_action() returns an iterator which contains a tuple of
columns and a tuple of data.
So, this problem should be fixed in 3 steps:
1. Remove all DisplayCommandBase comments for tests of classes inheriting
from class Command in cliff as it returns nothing.
2. Fix all DisplayCommandBase comments for tests of classes inheriting
from class Lister in cliff. Lister.take_action() returns a tuple and
a generator.
3. Fix all DisplayCommandBase comments for tests of classes inheriting
from class ShowOne in cliff. ShowOne.take_action() returns two tuples.
This patch finishes step 2 in all but identity tests. There are too many
such comments in identity tests. So fix them all in another patch.
Change-Id: I00f38d12f55abe20fa708f6349073da658622f8d
Partial-bug: #1477199
In https://review.openstack.org/#/c/273653/ Bryan Jones made
a point about using mock_sleep.assert_not_called() rather than
self.assertFalse(mock_sleep.called), so let's make that change
throughout these tests.
Change-Id: I826d608836955383891b303355edcca7b62faa16
Update the "os availability zone list" command to support listing
network availability zones along with the currently listed compute
and volume availability zones. This adds the --network option to
the command in order to only list network availability zones. By
default, all availability zones are listed. The --long option
was also updated to include a "Zone Resource" column which is
applicable to network availability zones. Example zone resources
include "network" and "router".
If the Network API does not support listing availability zones
then a warning message will be issued when the --network option
is specified.
This support requires an updated release of the SDK in order
to pull in [1].
[1] https://bugs.launchpad.net/python-openstacksdk/+bug/1532274
Change-Id: I78811d659b793d9d2111ea54665d5fe7e4887264
Closes-Bug: #1534202
The OpenStack SDK is now used for the network client. However,
the 'openstack quota show' command wasn't updated for the
client change. As a result, the command will fail to show
network quotas when a project name is specified. For example:
$ openstack quota show admin
'Proxy' object has no attribute 'show_quota'
This patch set fixes the command by using the OpenStack SDK
to get network quotas for a project.
Change-Id: I59a7b6780a7b80cd09e79d40d214751b25d3016e
Related-To: blueprint neutron-client
Closes-Bug: #1528249
Allow the exception and error status
strings to be passed in such that other plugins can
make use of this function.
There is a comment in find_resource:
The exception to catch here is dependent on which
client library the manager passed in belongs to.
Eventually this should be pulled from a common set
of client exceptions.
Since I think that is a long ways off, this change will
work now and also work when a common exception is defined
and used.
Change-Id: Iab56cd1166028caed4f1e657e0b1ee81af3f48d8
Update the "os availability zone list" command to support listing
volume availability zones along with the currently listed compute
availability zones. This adds a --compute and --volume option to
the command in order to select the availability zones to list. By
default, all availability zones are listed.
If the Block Storage API does not support listing availability
zones then an warning message will be issued.
Change-Id: I8159509a41bd1fb1b4e77fdbb512cf64a5ac11a9
Closes-Bug: #1532945
Refactor the "os availability zone list" command to make it a common
command instead of a compute-only command. Since availability zones
are common to compute, volume and network (new), this refactoring
allows availability zone support to be added for volume and network.
In addition to the refactor, unit and functional tests were added.
Change-Id: I63e9d41d229b21cd38e5a083493042c096d65e05
Partial-Bug: #1532945
columns and datalist has been set in each test case in compute,
which is not necessary. This patch abstract it out and remove
all redundant code.
Change-Id: I45a3582088161f12e60e7c933da8e7dcc0ae8e7b
Closes-Bug: #1532384
The usage of assertEqual(True/False, ***) should be changed
to a meaningful format of assertTrue/False(***).
Change-Id: I3437634329fc8ecef25082b43b5fc0e1030cdbda
Closes-Bug:#1512207
Move the network endpoint enablement checking from the 'server create'
command to the common client manager. This allows future network
commands to use either nova or neutron networking based on the cloud
environment.
This patch set also includes related unit test enhancements to the
common client manager to trigger authentication on the tests.
Change-Id: Ia37e81d4fb05a1e2fceb3e5d367bda769ab8e64b
Related-Bug: #1519511
Related-to: blueprint neutron-client
