Application credential support follow-up
Following the recent v3applicationcredentials patch, if you have your environment variables set up to work with python-openstackclient using swiftclient's v1password plugin, swiftclient won't work: $ env | egrep '^(OS|ST)_' ST_KEY=testing ST_USER=test:tester OS_AUTH_URL=http://saio/auth/v1.0 ST_AUTH=http://saio/auth/v1.0 OS_USERNAME=test:tester OS_AUTH_TYPE=v1password OS_PASSWORD=testing $ openstack object store account show +------------+----------------------------+ | Field | Value | +------------+----------------------------+ | Account | AUTH_test | | Bytes | 0 | | Containers | 11 | | Objects | 0 | +------------+----------------------------+ $ swift stat Only "v3applicationcredential" is supported for --os-auth-type We don't really want to allow (and mostly ignore) arbitrary OS_AUTH_TYPE values, though -- there are a whole bunch of plugins we don't remotely support. But it seems OK to allow any of the password plugins; while we won't actually use them (currently), we provide roughly equivalent functionality. Handful of other drive-bys: * Use a None sentinel to determine whether keystoneauth1 is installed instead of trying to catch a NameError. * Clarify error state when keystoneauth1 is not installed. * Fix a typo: "sses" -> "sess". Change-Id: Id7ea9c3ea8278ae86a04d057a472a8f8a87b8eae Related-Change: I9190e5e7e24b6a741970fa0d0ac792deccf73d25
This commit is contained in:
Tim Burke
parent
5840efe1d6
commit
257a7185a8
|
|
@ -62,7 +62,7 @@ except ImportError:
|
|||
def createLock(self):
|
||||
self.lock = None
|
||||
|
||||
ksexceptions = ksclient_v2 = ksclient_v3 = None
|
||||
ksexceptions = ksclient_v2 = ksclient_v3 = ksa_v3 = None
|
||||
try:
|
||||
from keystoneclient import exceptions as ksexceptions
|
||||
# prevent keystoneclient warning us that it has no log handlers
|
||||
|
|
@ -72,8 +72,8 @@ except ImportError:
|
|||
pass
|
||||
try:
|
||||
from keystoneclient.v3 import client as ksclient_v3
|
||||
from keystoneauth1.identity import v3
|
||||
from keystoneauth1 import session
|
||||
from keystoneauth1.identity import v3 as ksa_v3
|
||||
from keystoneauth1 import session as ksa_session
|
||||
from keystoneauth1 import exceptions as ksauthexceptions
|
||||
except ImportError:
|
||||
pass
|
||||
|
|
@ -627,22 +627,27 @@ variables to be set or overridden with -A, -U, or -K.''')
|
|||
filter_kwargs['attr'] = 'region'
|
||||
filter_kwargs['filter_value'] = os_options['region_name']
|
||||
|
||||
if os_options.get('auth_type') == 'v3applicationcredential':
|
||||
try:
|
||||
v3
|
||||
except NameError:
|
||||
if os_options.get('auth_type') and os_options['auth_type'] not in (
|
||||
'password', 'v2password', 'v3password',
|
||||
'v3applicationcredential'):
|
||||
raise ClientException(
|
||||
'Swiftclient currently only supports v3applicationcredential '
|
||||
'for auth_type')
|
||||
elif os_options.get('auth_type') == 'v3applicationcredential':
|
||||
if ksa_v3 is None:
|
||||
raise ClientException('Auth v3applicationcredential requires '
|
||||
'python-keystoneclient>=2.0.0')
|
||||
'keystoneauth1 package; consider upgrading '
|
||||
'to python-keystoneclient>=2.0.0')
|
||||
|
||||
try:
|
||||
auth = v3.ApplicationCredential(
|
||||
auth = ksa_v3.ApplicationCredential(
|
||||
auth_url=auth_url,
|
||||
application_credential_secret=os_options.get(
|
||||
'application_credential_secret'),
|
||||
application_credential_id=os_options.get(
|
||||
'application_credential_id'))
|
||||
sses = session.Session(auth=auth)
|
||||
token = sses.get_token()
|
||||
sess = ksa_session.Session(auth=auth)
|
||||
token = sess.get_token()
|
||||
except ksauthexceptions.Unauthorized:
|
||||
msg = 'Unauthorized. Check application credential id and secret.'
|
||||
raise ClientException(msg)
|
||||
|
|
@ -650,7 +655,7 @@ variables to be set or overridden with -A, -U, or -K.''')
|
|||
raise ClientException('Authorization Failure. %s' % err)
|
||||
|
||||
try:
|
||||
endpoint = sses.get_endpoint_data(service_type=service_type,
|
||||
endpoint = sess.get_endpoint_data(service_type=service_type,
|
||||
endpoint_type=endpoint_type,
|
||||
**filter_kwargs)
|
||||
|
||||
|
|
|
|||
|
|
@ -1651,7 +1651,12 @@ def parse_args(parser, args, enforce_requires=True):
|
|||
return options, args
|
||||
|
||||
if enforce_requires:
|
||||
if options['os_auth_type'] == 'v3applicationcredential':
|
||||
if options['os_auth_type'] and options['os_auth_type'] not in (
|
||||
'password', 'v1password', 'v2password', 'v3password',
|
||||
'v3applicationcredential'):
|
||||
exit('Only "v3applicationcredential" is supported for '
|
||||
'--os-auth-type')
|
||||
elif options['os_auth_type'] == 'v3applicationcredential':
|
||||
if not (options['os_application_credential_id'] and
|
||||
options['os_application_credential_secret']):
|
||||
exit('Auth version 3 (application credential) requires '
|
||||
|
|
@ -1659,9 +1664,6 @@ def parse_args(parser, args, enforce_requires=True):
|
|||
'OS_APPLICATION_CREDENTIAL_SECRET to be set or '
|
||||
'overridden with --os-application-credential-id and '
|
||||
'--os-application-credential-secret respectively.')
|
||||
elif options['os_auth_type']:
|
||||
exit('Only "v3applicationcredential" is supported for '
|
||||
'--os-auth-type')
|
||||
elif options['auth_version'] == '3':
|
||||
if not options['auth']:
|
||||
exit('Auth version 3 requires OS_AUTH_URL to be set or '
|
||||
|
|
|
|||
|
|
@ -2721,7 +2721,7 @@ class TestParsing(TestBase):
|
|||
str(cm.exception))
|
||||
|
||||
os_opts = {
|
||||
"auth_type": "v3password",
|
||||
"auth_type": "v3oidcpassword",
|
||||
"application_credential_id": "proejct_id",
|
||||
"application_credential_secret": "secret",
|
||||
"auth_url": "http://example.com:5000/v3"}
|
||||
|
|
|
|||
Loading…
Reference in New Issue