If the clientmanager is unable to create a keystone session (due to
insufficient auth parameters or something else) then the exception
caused by this shouldn't be ignored, as was the case.
On the other hand, we don't want this behaviour in the case of the
'complete' command, so this is now properly detected.
Change-Id: If4f453d23cc87900cda752e9ffbcf41ded59e26f
Closes-Bug: #1444640
This adds a new option --os-cloud that allows the configuration values
for multiple clouds to be stored in a local file and selected with
a single option.
Internal option names have had 'os_' removed to be comptible with
the options returned from OpenStackConfig().get_one_cloud().
The config file is ~/.config/openstack/clouds.yaml:
Sample
------
clouds:
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
devstack:
auth:
auth_url: http://192.168.122.10:35357/
project_name: demo
username: demo
password: 0penstack
region_name: RegionOne
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I4939acf8067e44ffe06a2e26fc28f1adf8985b7d
Depends-On: I45e2550af58aee616ca168d20a557077beeab007
At least print a warning on authentication error. I have no
idea why an exception is being ignored here because if there
is no session, nothing is going to happen. This at least will
print some useful warning:
(.venv)terry@f350:~/python-openstackclient$ os flavor list --os-cloud pro
WARNING: openstackclient.shell Possible error authenticating: __init__() got an unexpected keyword argument 'asdf'
ERROR: openstack Authentication requires 'auth_url', which should be specified in 'HTTPClient'
This error was caused by having a bogus value 'asdf' in the cloud.yaml
for the cloud pro.
Change-Id: Ie08432e0464cfa86b3b3f67ca29d3b7d23d2f46f
Print a warning message if an unknown api version is supplied.
An attempt will be made to run the command anyway.
Change-Id: Idec8e88fe9621f10ec4b7eecd90708fb3730f56f
Subclass keystoneclient.session.Session to add the timing hooks to
record the elapsed time returned by requests.Response objects, including
the redirection history. Redirects are included individually and not
rolled into the total time for the original request.
This works for all clients that use OSC's session.
Closes-Bug: #1402577
Change-Id: I9360c90c151579b89a37edb8c11c17feb15b3cb9
Requests/urllib3 started issuing warnings about certificates and SSL
that our users are unable to do anything about. This is a very blunt
way to suppress these warnings unless --verbose or --debug is
supplied on the command line.
Being more precise in the suppression requires importing the warning
classes from urllib3 and dealing with the platforms where it has
been unvendored from requests. Maybe in the future if there are
concerns that this mutes too much otherwise.
Change-Id: I50bb10a16222de12c5b95bfe042b92e43ea8ee7c
This change removes openstackclient homemade hack to defer help
printing in initialize_app and uses cliff (new) option to defer
help printing.
Change-Id: Ie3e94ec96254745bfef8c5ff5abc405facfe1bea
Related-Bug: #1316622
The plugin detection at the top of openstackclient.api.auth did not
detect the plugins at the bottom of that file because, surprise,
they had not been declared yet so the entry points were ignored.
Move both plugin subclasses into openstackclient.api.auth_plugin.
Fix a problem with the password callback that was otherwise made
worse with this change.
Closes-Bug: 1428912
Change-Id: Idc3b72534071e0013c8922884a8bc14137509a0f
When we got picky with the auth arguments we broke using help without
any auth config supplied. This rearranges things a bit to do the argument
checking when the deferred auth request to Identity occurs so commands
that do not need auth have a chance to live short but useful lives.
Closes-Bug: #1399588
Change-Id: I8ceac491cf65e25eddb62ab2713f471fe686756d
Rather than pointing the 'project usage list' entry point directly to
ListUsage, this makes a ListProjectUsage subclass to alias the desired
command and still allow for changing behaviour or issuing a deprecation
messages. This implementation simply sets a new 'deprecated' attribute
in the command class that cliff will use to skip this command when
generating help output.
The actual skipping of the command in help output is dependant on
https://review.openstack.org/147349 merging in cliff, this review will
simply have no effect on help output until a version of cliff with
that update is present.
The deprecation message printed is somewhat generic until
https://review.openstack.org/147381 is merged in cliff.
Until that is merged, the deprecation message will not have the name
of the actual command given by the user in it, but rather the text
'this command'.
Closes-bug: #1406654
Change-Id: Ie08d4f88d71a660fca1862405351109cd0aa86b6
For class-loading purposes we can just use the major version,
so accept that. Only Identity and Compute were affected; Compute
is included just to be pedantically complete.
For command groups we also just use the major version so fix
Compute and the version option handling.
Change the internal default for Identity to a simple '2' so it
is also consistent with the rest of the world.
Then comes microversioning...
Closes-Bug: #1292638
Change-Id: Ibaf823b31caa288a83de38d2c258860b128b87d8
* Promote select messages to INFO so lower logging levels can be useful
* Help more modules not say so much all the time
Change-Id: I814023c1489595998ae74efe40ef439b3522ee74
* Remove the auth option checks as the auth plugins will validate
their own options
* Move the initialization of client_manager to the end of
initialize_app() so it is always called. Note that no attempts
to actually authenticate occur until the first use of one of the
client attributes in client_manager. This leaves
initialize_clientmanager() (formerly uathenticate_user()) empty
so remove it.
* Remove interact() as the client_manager has already been created
And there is nothing left.
* prepare_to_run_command() is reduced to trigger an authentication
attempt for the best_effort auth commands, currently the only
one is 'complete'.
* Add prompt_for_password() to ask the user to enter a password
when necessary. Passed to ClientManager in a new kward pw_func.
Bug: 1355838
Change-Id: I9fdec9144c4c84f65aed1cf91ce41fe1895089b2
Currently, we repeated to generate clientmanager instance when run
command in interactive mode. This should be avoided.
Change-Id: I0536a690bc173be38af08a2e4443115532041efd
Closes-Bug: #1383083
The OSC plugins work by adding an object as an attribute to a
ClientManager instance. The initialization and management of
thos plugins belongs in clientmanager.py.
At this point the only part not moved is the API version dict
initialization bcause the timing and connection to the
CommandManager initialization. It gets refactored anyway when
API discovery becomes operational.
Change-Id: If9cb9a0c45a3a577082a5cdbb793769211f20ebb
This patch allows the user to choose which authentication plugin
to use with the CLI. The arguments needed by the auth plugins are
automatically added to the argument parser. Some examples with
the currently available authentication plugins::
OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \
OS_PASSWORD=admin openstack user list
OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \
OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \
OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list
OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \
OS_IDENTITY_API_VERSION=2.0 openstack user list
The --os-auth-plugin option can be omitted; if so the CLI will attempt to
guess which plugin to use from the other options.
Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669
Co-Authored-By: Florent Flament <florent.flament-ext@cloudwatt.com>
This does a couple of things:
* Loads the Identity client module in the same manner as the other
'base' clients (where 'base' == 'included in the OSC repo')
* Changes the entry point group name for the base clients to
'openstack.cli.base'. The extension group name remains the same.
* Loads the base modules first followed by the extension modules.
This load order ensures that the extension module commands are all
loaded _after_ the base commands, allowing extensions to now override
the base commands.
Change-Id: I4b9ca7f1df6eb8bbe8e3f663f3065c2ed80ce20b
This is step 1 toward using Keystone client's session.Session as the
primary session/requests interface in OSC.
* Move the session create into ClientManager and rename 'restapi' attribute to 'session'
* Set up ClientManager and session loggers
* Fix container and object command references to restapi/api
Change-Id: I013d81520b336c7a6422cd22c05d1d65655e64f8
Add support for --timing options. Use cliff via a pseudo-command
'Timing' to support multiple outputformats.
If an output format other than the default 'table' is selected
use CSV since the timing data is in list form.
Will pick up timing data for any client object that has a method
similar to novaclient's get_timings().
TODO:
* Stop instantiating all of the clientmanager client objects just
to check for timing data. Descriptor magic required?
Change-Id: I7f1076b7a250fba6a8b24b2ae9353a7f51b792b2
* The encryption it purports to offer is completely insecure.
* It also appears to be broken.
Closes-Bug: #1319381
Change-Id: Id15ecfbbfd15f142b14c125bfd85afd5032699ac
This patch enables authenticating by using a trust. The trust ID
must be set with the parameter --os-trust-id or the env variable
OS_TRUST_ID. Trusts are available for the identity v3 API.
Co-Authored-By: Florent Flament <florent.flament@cloudwatt.com>
Change-Id: Iacc389b203bbadda53ca31a7f5a9b8b6e1a1f522
The following logging levels are set according to the combination of
--verbose, --quiet and --debug options:
verbose_level logging level options
0 --quiet ERROR
1 (none) WARNING
2 --verbose INFO
3+ --verbose --verbose DEBUG
or --debug
Logging levels for the requests and iso8601 modules are forced to ERROR.
This is the first step in bp use-logging-not-print
The difference between '--debug' and '--verbose --verbose' is --debug triggers
cliff's exception handling and traceback display.
Change-Id: Ide2233b3316471d279260fb1e7255a6ca2072023
There are files containing string format arguments inside
logging messages. Using logging function parameters should
be preferred.
Change-Id: Ic749ac9eb55564ed631d57055a5a4dfc3aebd169
If authorization fails for the complete command, generate the bash complete anyway.
* Added best_effort flag to command
* Attempts to authorize for bash complete, but if it fails, it tries anyway
Change-Id: I796258f8044f42abc6a51164d920a26f73397962
Partial-Bug: #1283550
This fixes some errors and inconsistencies I found reviewing the
help strings:
* Capitalize help strings
* Add missing space between words (in multi-line strings)
* Improve wording
Change-Id: I2fb31ab4191c330146e31c1a9651115a6657769a
Add the ability to pass user_domain_id / user_domain_name, domain_id
/ domain_name, and project_domain_id / project_domain_name to keystone.
These parameters are the first step needed to getting multi-domain
support working via the CLI.
Closes-Bug: #1198171
Change-Id: I81a8534913978ff1cce01ec02741ae477e8c5fa4
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Signed-off-by: Bo Tang <btang@cs.utsa.edu>
Prepare to use the (soon to be) common Session from keystoneclient
* Rework RESTApi to eventually be a subclass of keystoneclient.Session
Change-Id: I68e610f8b19a3f6267a93f7bf3de54a228be68aa
Allows client libraries to have complete access to the rest of the
OSC ClientManager. In addition, extension libraries can define
global options (for API version options/env vars) and define
versioned API entry points similar to the in-repo commands.
The changes to ClientManager exposed some issues in the existing
object api tests that needed to be cleaned up.
Change-Id: Ic9662edf34c5dd130a2f1a69d2454adefc1f8a95
Add --os-cacert and --verify|--insecure options using the same
sematics as the other project CLIs. --verify is included for
completeness.
Bug: 1236608
Change-Id: I8a116d790db5aa4cb17a2207efedce7cb229eba3
* Move the auth to OpenStackShell.prepare_to_run_command() and skip it if
the command's auth_required == False
* Default auth_required = True for all commands
* Do authentication up-front for interactive use as
OpenStackShell.prepare_to_run_command() is not called
Change-Id: Id330092f242af624f430d469882d15f4a22f4e37
* Add object-store API to ClientManager
* Add object-store client
* Add Object API library in openstackclient.object.v1.lib
* Add Object API {container,object} list commands
* Add library tests
* Add command tests
This should complete the Object v1 container and object list commands
Change-Id: Ib1770d45efa8871959826b85faafa1e0bcef0a03
* restapi module provides basic REST API support
* uses dicts rather than Resource classes
* JSON serialization/deserialization
* log requests in 'curl' format
* basic API boilerplate for create/delete/list/set/show verbs
* ignore H302 due to urllib import
Change-Id: I3cb91e44e631ee19e9f5dea19b6bac5d599d19ce
* rename HACKING to HACKING.rst and refer to the common OpenStack HACKING file
* add the barest of pointers to the wiki, etc. to the source docs
* add a bare-bones man page
Change-Id: I80e5b972af645f14ef17ae87f182ab09cb08dabe
Change the global auth options to use 'project', leave the original
tenant options in place but silent for compatability with the existing
project CLI auth options. This is the only compatibility for tenant
usage in this changeover.
Change-Id: I3cce6e552f18822cc9f445ec5f301b0f5d9003f8
