410 lines
14 KiB
Python
410 lines
14 KiB
Python
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
"""Keypair action implementations"""
|
|
|
|
import io
|
|
import logging
|
|
import os
|
|
import sys
|
|
|
|
from openstack import utils as sdk_utils
|
|
from osc_lib.command import command
|
|
from osc_lib import exceptions
|
|
from osc_lib import utils
|
|
|
|
from openstackclient.i18n import _
|
|
from openstackclient.identity import common as identity_common
|
|
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
def _get_keypair_columns(item, hide_pub_key=False, hide_priv_key=False):
|
|
# To maintain backwards compatibility we need to rename sdk props to
|
|
# whatever OSC was using before
|
|
column_map = {}
|
|
hidden_columns = ['links', 'location']
|
|
if hide_pub_key:
|
|
hidden_columns.append('public_key')
|
|
if hide_priv_key:
|
|
hidden_columns.append('private_key')
|
|
return utils.get_osc_show_columns_for_sdk_resource(
|
|
item, column_map, hidden_columns)
|
|
|
|
|
|
class CreateKeypair(command.ShowOne):
|
|
_description = _("Create new public or private key for server ssh access")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(CreateKeypair, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'name',
|
|
metavar='<name>',
|
|
help=_("New public or private key name")
|
|
)
|
|
key_group = parser.add_mutually_exclusive_group()
|
|
key_group.add_argument(
|
|
'--public-key',
|
|
metavar='<file>',
|
|
help=_("Filename for public key to add. If not used, "
|
|
"creates a private key.")
|
|
)
|
|
key_group.add_argument(
|
|
'--private-key',
|
|
metavar='<file>',
|
|
help=_("Filename for private key to save. If not used, "
|
|
"print private key in console.")
|
|
)
|
|
parser.add_argument(
|
|
'--type',
|
|
metavar='<type>',
|
|
choices=['ssh', 'x509'],
|
|
help=_(
|
|
"Keypair type. Can be ssh or x509. "
|
|
"(Supported by API versions '2.2' - '2.latest')"
|
|
),
|
|
)
|
|
parser.add_argument(
|
|
'--user',
|
|
metavar='<user>',
|
|
help=_(
|
|
'The owner of the keypair. (admin only) (name or ID). '
|
|
'Requires ``--os-compute-api-version`` 2.10 or greater.'
|
|
),
|
|
)
|
|
identity_common.add_user_domain_option_to_parser(parser)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
compute_client = self.app.client_manager.sdk_connection.compute
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
kwargs = {
|
|
'name': parsed_args.name
|
|
}
|
|
|
|
public_key = parsed_args.public_key
|
|
if public_key:
|
|
try:
|
|
with io.open(os.path.expanduser(parsed_args.public_key)) as p:
|
|
public_key = p.read()
|
|
except IOError as e:
|
|
msg = _("Key file %(public_key)s not found: %(exception)s")
|
|
raise exceptions.CommandError(
|
|
msg % {"public_key": parsed_args.public_key,
|
|
"exception": e}
|
|
)
|
|
|
|
kwargs['public_key'] = public_key
|
|
|
|
if parsed_args.type:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.2'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.2 or greater is required to '
|
|
'support the --type option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
kwargs['key_type'] = parsed_args.type
|
|
|
|
if parsed_args.user:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.10'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.10 or greater is required to '
|
|
'support the --user option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
kwargs['user_id'] = identity_common.find_user(
|
|
identity_client,
|
|
parsed_args.user,
|
|
parsed_args.user_domain,
|
|
).id
|
|
|
|
keypair = compute_client.create_keypair(**kwargs)
|
|
|
|
private_key = parsed_args.private_key
|
|
# Save private key into specified file
|
|
if private_key:
|
|
try:
|
|
with io.open(
|
|
os.path.expanduser(parsed_args.private_key), 'w+'
|
|
) as p:
|
|
p.write(keypair.private_key)
|
|
except IOError as e:
|
|
msg = _("Key file %(private_key)s can not be saved: "
|
|
"%(exception)s")
|
|
raise exceptions.CommandError(
|
|
msg % {"private_key": parsed_args.private_key,
|
|
"exception": e}
|
|
)
|
|
# NOTE(dtroyer): how do we want to handle the display of the private
|
|
# key when it needs to be communicated back to the user
|
|
# For now, duplicate nova keypair-add command output
|
|
if public_key or private_key:
|
|
display_columns, columns = _get_keypair_columns(
|
|
keypair, hide_pub_key=True, hide_priv_key=True)
|
|
data = utils.get_item_properties(keypair, columns)
|
|
|
|
return (display_columns, data)
|
|
else:
|
|
sys.stdout.write(keypair.private_key)
|
|
return ({}, {})
|
|
|
|
|
|
class DeleteKeypair(command.Command):
|
|
_description = _("Delete public or private key(s)")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(DeleteKeypair, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'name',
|
|
metavar='<key>',
|
|
nargs='+',
|
|
help=_("Name of key(s) to delete (name only)")
|
|
)
|
|
parser.add_argument(
|
|
'--user',
|
|
metavar='<user>',
|
|
help=_(
|
|
'The owner of the keypair. (admin only) (name or ID). '
|
|
'Requires ``--os-compute-api-version`` 2.10 or greater.'
|
|
),
|
|
)
|
|
identity_common.add_user_domain_option_to_parser(parser)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
compute_client = self.app.client_manager.sdk_connection.compute
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
kwargs = {}
|
|
result = 0
|
|
|
|
if parsed_args.user:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.10'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.10 or greater is required to '
|
|
'support the --user option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
kwargs['user_id'] = identity_common.find_user(
|
|
identity_client,
|
|
parsed_args.user,
|
|
parsed_args.user_domain,
|
|
).id
|
|
|
|
for n in parsed_args.name:
|
|
try:
|
|
compute_client.delete_keypair(
|
|
n, **kwargs, ignore_missing=False)
|
|
except Exception as e:
|
|
result += 1
|
|
LOG.error(_("Failed to delete key with name "
|
|
"'%(name)s': %(e)s"), {'name': n, 'e': e})
|
|
|
|
if result > 0:
|
|
total = len(parsed_args.name)
|
|
msg = (_("%(result)s of %(total)s keys failed "
|
|
"to delete.") % {'result': result, 'total': total})
|
|
raise exceptions.CommandError(msg)
|
|
|
|
|
|
class ListKeypair(command.Lister):
|
|
_description = _("List key fingerprints")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super().get_parser(prog_name)
|
|
user_group = parser.add_mutually_exclusive_group()
|
|
user_group.add_argument(
|
|
'--user',
|
|
metavar='<user>',
|
|
help=_(
|
|
'Show keypairs for another user (admin only) (name or ID). '
|
|
'Requires ``--os-compute-api-version`` 2.10 or greater.'
|
|
),
|
|
)
|
|
identity_common.add_user_domain_option_to_parser(parser)
|
|
user_group.add_argument(
|
|
'--project',
|
|
metavar='<project>',
|
|
help=_(
|
|
'Show keypairs for all users associated with project '
|
|
'(admin only) (name or ID). '
|
|
'Requires ``--os-compute-api-version`` 2.10 or greater.'
|
|
),
|
|
)
|
|
identity_common.add_project_domain_option_to_parser(parser)
|
|
parser.add_argument(
|
|
'--marker',
|
|
help=_('The last keypair ID of the previous page'),
|
|
)
|
|
parser.add_argument(
|
|
'--limit',
|
|
type=int,
|
|
help=_('Maximum number of keypairs to display'),
|
|
)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
compute_client = self.app.client_manager.sdk_connection.compute
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
kwargs = {}
|
|
|
|
if parsed_args.marker:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.35'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.35 or greater is required '
|
|
'to support the --marker option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
kwargs['marker'] = parsed_args.marker
|
|
|
|
if parsed_args.limit:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.35'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.35 or greater is required '
|
|
'to support the --limit option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
kwargs['limit'] = parsed_args.limit
|
|
|
|
if parsed_args.project:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.10'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.10 or greater is required to '
|
|
'support the --project option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
if parsed_args.marker:
|
|
# NOTE(stephenfin): Because we're doing this client-side, we
|
|
# can't really rely on the marker, because we don't know what
|
|
# user the marker is associated with
|
|
msg = _(
|
|
'--project is not compatible with --marker'
|
|
)
|
|
|
|
# NOTE(stephenfin): This is done client side because nova doesn't
|
|
# currently support doing so server-side. If this is slow, we can
|
|
# think about spinning up a threadpool or similar.
|
|
project = identity_common.find_project(
|
|
identity_client,
|
|
parsed_args.project,
|
|
parsed_args.project_domain,
|
|
).id
|
|
users = identity_client.users.list(tenant_id=project)
|
|
|
|
data = []
|
|
for user in users:
|
|
kwargs['user_id'] = user.id
|
|
data.extend(compute_client.keypairs(**kwargs))
|
|
elif parsed_args.user:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.10'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.10 or greater is required to '
|
|
'support the --user option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
user = identity_common.find_user(
|
|
identity_client,
|
|
parsed_args.user,
|
|
parsed_args.user_domain,
|
|
)
|
|
kwargs['user_id'] = user.id
|
|
|
|
data = compute_client.keypairs(**kwargs)
|
|
else:
|
|
data = compute_client.keypairs(**kwargs)
|
|
|
|
columns = (
|
|
"Name",
|
|
"Fingerprint"
|
|
)
|
|
|
|
if sdk_utils.supports_microversion(compute_client, '2.2'):
|
|
columns += ("Type", )
|
|
|
|
return (
|
|
columns,
|
|
(utils.get_item_properties(s, columns) for s in data),
|
|
)
|
|
|
|
|
|
class ShowKeypair(command.ShowOne):
|
|
_description = _("Display key details")
|
|
|
|
def get_parser(self, prog_name):
|
|
parser = super(ShowKeypair, self).get_parser(prog_name)
|
|
parser.add_argument(
|
|
'name',
|
|
metavar='<key>',
|
|
help=_("Public or private key to display (name only)")
|
|
)
|
|
parser.add_argument(
|
|
'--public-key',
|
|
action='store_true',
|
|
default=False,
|
|
help=_("Show only bare public key paired with the generated key")
|
|
)
|
|
parser.add_argument(
|
|
'--user',
|
|
metavar='<user>',
|
|
help=_(
|
|
'The owner of the keypair. (admin only) (name or ID). '
|
|
'Requires ``--os-compute-api-version`` 2.10 or greater.'
|
|
),
|
|
)
|
|
identity_common.add_user_domain_option_to_parser(parser)
|
|
return parser
|
|
|
|
def take_action(self, parsed_args):
|
|
compute_client = self.app.client_manager.sdk_connection.compute
|
|
identity_client = self.app.client_manager.identity
|
|
|
|
kwargs = {}
|
|
|
|
if parsed_args.user:
|
|
if not sdk_utils.supports_microversion(compute_client, '2.10'):
|
|
msg = _(
|
|
'--os-compute-api-version 2.10 or greater is required to '
|
|
'support the --user option'
|
|
)
|
|
raise exceptions.CommandError(msg)
|
|
|
|
kwargs['user_id'] = identity_common.find_user(
|
|
identity_client,
|
|
parsed_args.user,
|
|
parsed_args.user_domain,
|
|
).id
|
|
|
|
keypair = compute_client.find_keypair(
|
|
parsed_args.name, **kwargs, ignore_missing=False)
|
|
|
|
if not parsed_args.public_key:
|
|
display_columns, columns = _get_keypair_columns(
|
|
keypair, hide_pub_key=True)
|
|
data = utils.get_item_properties(keypair, columns)
|
|
return (display_columns, data)
|
|
else:
|
|
sys.stdout.write(keypair.public_key)
|
|
return ({}, {})
|