| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code has been moved into openstacksdk. Make os-client-config a
thin wrapper around that code.
The legacy client code needs to stay, as it was removed in openstacksdk.
We also have to plumb os_client_config.defaults and
os_client_config.cloud_region.CloudRegion in so that users get the
os-client-config versions from the openstacksdk methods that return the
relevant objects.
Support for per-service region_name has been dropped. This was never
used anywhere and was added for compatibility with openstacksdk Profile
objects. Since Profile objects are no more, we can remove it. It never
made any sense.
Change-Id: I7180e20aa675c0ccbe3718493a6eff2be7e1b8b6
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
get_one_cloud() and get_one_cloud_osc() iterate over config
values and try to expand any variables in those values by
calling value.format(), however some config values
(e.g. password) should never have format() applied to them, not
only might that change the password but it will also cause the
format() function to raise an exception if it can not parse the
format string. Examples would be single brace (e.g. 'foo{')
which raises an ValueError because it's looking for a matching
end brace or a brace pair with a key value that cannot be found
(e.g. 'foo{bar}') which raises a KeyError.
It is not reasonsable to try to escape any braces because:
1) Escaping all braces breaks valid use of the format string syntax.
2) Trying to determine exactly which braces should be escaped and
which should be preserved is a daunting task and likely would not be
robust.
3) Some strings might look like valid format syntax but still should
be escaped (e.g. "foo{bar}", if this appeared in a password we
wouldn't escape it and there would be a key error on the 'bar' key.
4) In general passwords should never be modified, you never want to
apply formatting to them.
The right approach is to maintain a list of config values which are
excluded from having formatting applied to them. At the moment that
list just includes 'password' but perhaps down the road other
exceptions might crop up. This patch follows this approach,
the list of excluded values can easily be updated if others are
discovered.
Change-Id: I187bdec582d4c2cc6c7fda47a1538194137c616b
Closes-Bug: 1635696
Signed-off-by: John Dennis <jdennis@redhat.com>
|
| |/
|
|
|
|
|
|
| |
The service type overrides in get_service_type() fail if the
API version keys are not present in the config dict, which happens
when CloudConfig is created without reading defaults.
Change-Id: I8d035cfd1afc1cad01ceac7cd643568e94897e27
|
| |
|
|
|
|
|
|
|
| |
In some more complex clouds there can not only be more than one valid network
on a server that NAT can attach to, there can also be more than one valid
network from which to get a NAT address. Allow flagging a network so that it
can be found.
Change-Id: I3d8dd6d734a1013d2d4a43e11c3538c3a345820b
|
| |
|
|
|
|
|
|
|
| |
If there is only one cloud and that cloud is envvars, things work as
expected. If there is only one cloud in clouds.yaml and no envvars
cloud, we throw an error, even though it should be obvious which cloud
was intended.
Change-Id: Ia49d0fb2cc7dca36476d0e5ae3fe2b2aa1209e59
|
| |
|
|
|
|
|
|
|
|
| |
Unrevert the endpoint_type/interface patch. But this time around, put in
a check for API version 2.0 and only apply the interface arg if it's for
v3.
This reverts commit 4493871824839782846c3825c754895876f8d08e.
Change-Id: Ib347ec686d4d01788ee943c4c4f809aad06d9ccf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 38e5eba621e48d74c05315da2b89e6c801f4c43f.
This patch introduced a bug when using Keystone v2. With this patch, the
following works:
python -c "import os_client_config; print(os_client_config.make_client('identity', auth_url='http://localhost/identity_admin', username='admin', project_name='admin', password='testtest', identity_api_version='3').roles.list())"
But changing identity_api_version from 3 to 2.0 raises an exception.
Without this patch, both 3 and 2.0 works.
Change-Id: I8d2ad71ff51a08af1166d36805b740ea272939ed
|
| |
|
|
|
|
|
|
|
| |
keystoneauth in newton did not have app_name or app_version
as Session parameters. Although it isn't a super common combination,
user agent strings aren't a reason to break something. Add a
simple workaround.
Change-Id: Ib5774389fefdbc190a4b78dd6784c8006afbb270
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python Argparse supports the 'append' action [1] which is super handy to allow
a user to repeat several times the same argument, each time with different
values.
This doesn't work with occ that tries to "fix argv" but raises this error:
os_client_config.exceptions.OpenStackConfigException: The following options
were given: '--foo,--foo' which contain duplicates except that one has _
and one has -. There is no sane way for us to know what you're doing.
Remove the duplicate option and try again
This patch tweak the _fix_argv() function so that it doesn't explode
if the duplicate option has no '_' not '-' in its name.
Change-Id: I4f06b6aff8d3ab1df45637399bc3a9b4b61764a9
Related-bug: #1685630
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
keystoneauth supports adding a user_agent info to the Session and
Adapter via app_name. Allow users to add app_name/app_name and versions as
desired. Also, add os-client-config into additional_user_agent.
As an example, once this is landed and plumbed through shade,
nodepool will set app_name='nodepool' and we'll have:
User-Agent: nodepool/0.4.0 os-client-config/1.26.1 shade/1.19.1
keystoneauth1/2.18.0 python-requests/2.13.0 CPython/2.7.12
Change-Id: I1eb4dbd2587dcbe297b5c060c3c34b68ef51ef5e
|
| |
|
|
|
|
|
|
|
| |
We have a special case to work around a thing we're pretty sure
keystoneclient used to do but apparently doesn't do anymore. Remove the
workaround.
Co-Authored-By: Jamie Lennox <jamielennox@gmail.com>
Change-Id: I873ad91816150b593d4aef13dcd1520e8c91b22a
|
| |
|
|
|
|
| |
keystoneclient wants the interface argument.
Change-Id: I5898d8621259256f962fc006df38049d0cb059f8
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added a flag, 'load_yaml_config' that defaults to True.
If set to false, no clouds.yaml files will be loaded. This
is beneficial if os-client-config wants to be used inside of
a service where end-user clouds.yaml files would make things
more confusing.
Change-Id: Idbc82bb931e9edf1bbcc575237c0e202e219c218
|
| | |
| |
| |
| |
| |
| |
| | |
OSC doesn't use this codepath anyway (to my knowledge) and it masks
errors in exceptionally strange ways.
Change-Id: I15ec5aacb037813a98ac9ea8e9504a5d1cc90837
|
| |/
|
|
|
|
|
|
|
| |
The mistral team copied the heinous pervsion that the cinder team
propagated upon the world and appended a version to their service_type.
That's ok - there is nice copy-pastable code here we can use to prevent
users from feeling the pain.
Change-Id: Icf280f932014e4d9abeab3e944aece125988562e
|
| |
|
|
|
|
|
|
| |
This patch breaks stable/newton devstack-gate of shade.
This reverts commit fa4e1bd21db4bee2a0ee779067cdd659e647d7fc.
Change-Id: I31a7831693f567a0717a9b41c242453fb937d6d7
|
| |
|
|
|
|
|
|
|
|
| |
python-swiftclient has Session support now! Use it, and remove a pile of
customization specific for swift.
We still need to put a few parameters in different places, but that's
no worse than glance or trove.
Change-Id: Ic51aee2bc7b535aa4b6e261fb3deb59bd921f563
|
| |
|
|
|
| |
Change-Id: I83870e8b3ee6dc7fdbb6e9d67075cc4c08646e4e
Closes-Bug: #1648212
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 1f9e2cd123b38a7e744fb8a784d0ee3b523de95e.
Sad as this makes me, let's revert and come back to it when we figure
out the cliff thing.
Change-Id: I0413d5e3b3d8652833a8e7942ba81926787ba3bf
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This was a workaround for python-openstackclient back when it was still
dependent on keystoneclient. OSC has its own workaround now, so this
should no longer be needed.
Change-Id: Ib1877b7978b7b016b394232235e887360b6bdf85
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
There is a bug in validate_auth that gets hidden by validate_auth_ksc.
These tests are the test fixes for it.
Change-Id: I80d558a1c794725ba2a87fbd87bf8fbdf6633bee
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
Words cannot begin to adequately express the disappointment and rage I
felt upon learning that the cinder team had unleashed 'volumev3' upon
the world. Woe betide us, the mere users, for wanting to use a 'volume'
endpoint and have that choice mean something. Perhaps if we beat
ourselves with leather straps while crawling for days across the country
we can remove more joy from our lives. In the meantime, until we can
fully appreciate the existential crisis of being, let's continue to work
around it in os-client-config.
Change-Id: I171e3b01497b3e3a06c3a73577f0f67e0c1e6f73
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The docstring of the `get_session_endpoint` says ":returns: Endpoint
for the service, or None if not found" but apparently the `None` part
was forgotten.
This leads to this kind of spectacular traceback where the exception
bubles up (even through Shade):
Traceback (most recent call last):
File ".tox/run/bin/ospurge", line 11, in <module>
load_entry_point('ospurge', 'console_scripts', 'ospurge')()
File "/path/ospurge/main.py", line 154, in main
for resource in resource_manager.list():
File "/path/ospurge/resources/swift.py", line 15, in list
for container in self.cloud.list_containers():
File "/path/pkg/shade/openstackcloud.py", line 4909, in list_containers
full_listing=full_listing))
File "/path/pkg/shade/task_manager.py", line 244, in submit_task
return task.wait(raw)
File "/path/pkg/shade/task_manager.py", line 121, in wait
super(Task, self).wait()
File "/path/pkg/shade/task_manager.py", line 96, in wait
self._traceback)
File "/path/pkg/six.py", line 686, in reraise
raise value
File "/path/pkg/shade/task_manager.py", line 105, in run
self.done(self.main(client))
File "/path/pkg/shade/_tasks.py", line 549, in main
return client.swift_client.get_account(**self.args)[1]
File "/path/pkg/shade/openstackcloud.py", line 849, in swift_client
'object-store', swiftclient.client.Connection)
File "/path/pkg/shade/openstackcloud.py", line 343, in _get_client
**kwargs)
File "/path/pkg/os_client_config/cloud_config.py", line 301, in get_legacy_client
return self._get_swift_client(client_class=client_class, **kwargs)
File "/path/pkg/os_client_config/cloud_config.py", line 369, in _get_swift_client
endpoint = self.get_session_endpoint(service_key='object-store')
File "/path/pkg/os_client_config/cloud_config.py", line 253, in get_session_endpoint
region_name=self.region)
File "/path/pkg/keystoneauth1/session.py", line 765, in get_endpoint
return auth.get_endpoint(self, **kwargs)
File "/path/pkg/keystoneauth1/identity/base.py", line 216, in get_endpoint
service_name=service_name)
File "/path/pkg/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/path/pkg/keystoneauth1/access/service_catalog.py", line 228, in url_for
raise exceptions.EndpointNotFound(msg)
keystoneauth1.exceptions.catalog.EndpointNotFound: public endpoint for
object-store service in RegionOne region not found
Change-Id: Idbf5081117bb0a13d04a1a5cb9fd7682baaf04e5
|
| |\ |
|
| | |
| |
| |
| |
| | |
Change-Id: I52bdc44800da6c1393a69c4faf96375235ef98bb
Closes-Bug: #1627690
|
| |/
|
|
|
|
|
|
|
|
|
| |
Following OpenStack Style Guidelines[1]:
[H203] Unit test assertions tend to give better messages for more
specific assertions. As a result, assertIsNone(...) is preferred
over assertEqual(None, ...) and assertIs(None, ...)
[1] http://docs.openstack.org/developer/hacking/#unit-tests-and-assertraises
Change-Id: I4ce1745a90b043ea342fb157683b01f862c1bc3d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Teach OpenStackConfig to prompt the user for KSA plugin options
that have no value but have a prompt string defined.
* Add pw_func argument to __init__() to be used as the callback
for prompting the user. The default is None which skips the
prompt step.
* Add option_prompt() method to perform the checks for prompting,
call the callback and save the returned value. This is public
to handle cases where simply passing in a callback is insufficient
for the prompt mechanism.
Related-Bug: #1617384
Change-Id: I5faa86e94d6f71282ac270e2acfbd3016638c780
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Revert most of 'fixed_argparse change' from 1.19.1
* Create a new _validate_auth_correctly() method that contains the
logic from 1.19.0
* Create a new get_one_cloud_osc() method for use by OSC to get
the correct argument precedence without disrupting anyone else
Change-Id: Iae86cc4e267f23dbe8d010688a288db5514f329d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some clouds, like OSIC and v1 of DreamCompute, have a split stack
network. This means that a single Neutron Network has both an IPv4 and
an IPv6 subnet, but that the IPv4 subnet is a private/RFC-1918 and the
IPv6 subnet is a Global network. As any inferrance information is
attached to the Network, it's impossible to properly categorize IP
addresses that are on the Server in such a scenario.
Add support for ipv4 and ipv6 versions of the current routes_externally
config value, with each of them defaulting to the value of the
un-specialized routes_externally.
Change-Id: I1e87a1423d20eac31175f44f5f7b38dfcf3a11cb
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the user specifies a project_{name,id}, then we currently infer that
a domain_{name,id} is meant to be shorthand for user_domain_{name,id} and
project_domain_{name,id}. However, in other contexts, domain_id is a
perfectly valid value to pass to the auth plugins - such as when doing
domain-scoped activities.
The problem that was uncovered by the correction of argument precedence
is that we didn't pop the domain-id out of the root config dict, so if a
user set OS_DOMAIN_ID in the environment, we were happily setting the
user and project versions, but then leaving domain_id set as well. This
then meant that when we do the pass to pull valid arguments from the
root dict to the auth dict, we also pulled in domain_id - which led to
the error:
AuthorizationFailure: Authentication cannot be scoped to multiple
targets. Pick one of: project, domain, trust or unscoped
Popping the value from the root dict causes the things to work as
documented.
Change-Id: I6d208e5ec4115d2e72d30b2fedc90a81ea754d5a
|
| |
|
|
|
|
| |
This should cover both the OSC and the ansible incoming use cases.
Change-Id: I3fdc83837692d31c5579d91892a387a5d1023785
|
| |
|
|
|
|
|
| |
Turns out self._openstack_config is not the config dict. self.config is.
Also, return names.
Change-Id: Ib2013e737b506b3a2acd7aa7b7884240c25384c5
|
| |
|
|
|
|
|
|
| |
Add support for indicating default_interface. Also, add some validation
and normalization code, some interface methods and, shockingly,
documentation.
Change-Id: Ib45b68894585ac02821d5d2376510fd7a8e8ee40
|
| |
|
|
|
|
|
|
|
|
|
| |
Networks can have more information than just internal or external. Notably,
if you have two private networks and you're trying to assign floating
ips, you need to know which network should be the recipient.
This should be backwards compatible with existing external_network and
internal_network options.
Change-Id: I0d469339ba00486683fcd3ce2995002fa0a576d1
|
| |
|
|
|
|
|
|
|
|
|
| |
For longer-lived operations, tokens can timeout and we need to get new
ones. While in theory we should be keystoneauth aware and passing around
sessions, swiftclient does not yet support this. So, instead of passing
in just a preauthtoken, also pass in credentials if we have them. However, for
plugin types that swift does not know about directly, only preauthtoken will
be used as before.
Change-Id: If724fdcd0649d9fa3b3ee7b127e49a3f77e3b767
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We have no codepaths that currently set v2password plugin by default.
However, there are some cases, such as old clouds, where a user needs
to explicitly set v2password as the auth_type to avoid version discovery
because their cloud is old enough to not support it. If the user
sets v2password, keep it and align the auth parameters the other
direction to set tenant_name and tenant_id.
Co-Authored-By: David Shrewsbury <shrewsbury.dave@gmail.com>
Change-Id: Ib9eb3ae163b79b67737d01868868187b6dee1756
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The code to expand domain_{name,id} to {user,project}_domain_{name,id}
is flawed in that it sets a project_domain_{name,id} even if a
project_{name,id} is not set. There is a valid use case for not having
a project_{name,id} - specifically getting a domain-scoped token.
In the case where we do not set a project, check for that and don't make
further assumptions that the domain input needs to be "fixed".
Closes-Bug: #1535676
Change-Id: I825fe4bc375687208bb176bb5990c23fe87c8f9d
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Everyone except neutron has a first parameter called "version" - so we
can pass it by name. For neutron, add a workaround, becuase YAY people
being different.
Change-Id: Icfd92e5e31763ffccc1ff673298f89d1888941fe
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With the current code, OS_TENANT_NAME will take precednece over
--os-project-name beause OS_TENANT_NAME gets early-moved to
config['auth']['project_name'], then when the argparse value gets put
into config['project_name'] the auth fixing sees auth['project_name']
and thinks it should win.
Change-Id: I97084ea221eb963f14d98cf550a04bbd5c7d954c
|
| |\ \ \
| |/ /
| | /
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We return None for the file content for non-existent files as a
fallback. This is normally fine, but in the case of a person having
_only_ a secure.conf file, this means that the dictionary merge fails.
Change-Id: I61cc0a8c709ea3510428fc3dfce63dc254c07c83
|
| |/
|
|
|
|
|
|
|
|
| |
Replace assertEqual(None, *) with assertIsNone in tests to have
more clear messages in case of failure.
There have one more place should be modified.
Change-Id: I53a8f129db0108892b8377edce2dbf19b0b95f5d
Closes-bug: #1280522
|
| |\ |
|
