diff options
| author | Dean Troyer <dtroyer@gmail.com> | 2012-03-06 12:08:42 -0600 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2012-03-06 23:57:06 -0600 |
| commit | bdc0abbd81a7988188adaae2af22006274a23801 (patch) | |
| tree | a31ce384a17d0676e0b867c9211e68508d600b79 | |
| parent | ca767856b600f2f14243b0979f706b78635996fd (diff) | |
| download | python-keystoneclient-bdc0abbd81a7988188adaae2af22006274a23801.tar.gz | |
Make ec2-credentials-* commands work properly for non-admin user
* Add user id to token-get output
* Save authenticated user and tenant IDs in client in Client._extract_service_catalog()
* Handle default user and tenant IDs in ec2-credentials-* commands
Fixed bug 947011
Change-Id: I97750f666ba03f32f0bb1be0c2df5ad8a321b433
| -rw-r--r-- | keystoneclient/service_catalog.py | 5 | ||||
| -rw-r--r-- | keystoneclient/v2_0/client.py | 6 | ||||
| -rwxr-xr-x | keystoneclient/v2_0/shell.py | 30 | ||||
| -rw-r--r-- | tests/test_service_catalog.py | 3 | ||||
| -rw-r--r-- | tests/v2_0/test_auth.py | 8 |
5 files changed, 40 insertions, 12 deletions
diff --git a/keystoneclient/service_catalog.py b/keystoneclient/service_catalog.py index 91ac170..eb0941b 100644 --- a/keystoneclient/service_catalog.py +++ b/keystoneclient/service_catalog.py @@ -31,9 +31,10 @@ class ServiceCatalog(object): token = {'id': self.catalog['token']['id'], 'expires': self.catalog['token']['expires']} try: - token['tenant'] = self.catalog['token']['tenant']['id'] + token['user_id'] = self.catalog['user']['id'] + token['tenant_id'] = self.catalog['token']['tenant']['id'] except: - # just leave the tenant out if it doesn't exist + # just leave the tenant and user out if it doesn't exist pass return token diff --git a/keystoneclient/v2_0/client.py b/keystoneclient/v2_0/client.py index a609b87..fb59ffc 100644 --- a/keystoneclient/v2_0/client.py +++ b/keystoneclient/v2_0/client.py @@ -113,7 +113,11 @@ class Client(client.HTTPClient): """ Set the client's service catalog from the response data. """ self.service_catalog = service_catalog.ServiceCatalog(body) try: - self.auth_token = self.service_catalog.get_token()['id'] + sc = self.service_catalog.get_token() + self.auth_token = sc['id'] + # Save these since we have them and they'll be useful later + self.auth_tenant_id = sc['tenant_id'] + self.auth_user_id = sc['user_id'] except KeyError: raise exceptions.AuthorizationFailure() diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py index 6825b16..91d0b23 100755 --- a/keystoneclient/v2_0/shell.py +++ b/keystoneclient/v2_0/shell.py @@ -225,42 +225,58 @@ def do_user_role_remove(kc, args): kc.roles.remove_user_role(args.user, args.role, args.tenant_id) -@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') -@utils.arg('--tenant_id', metavar='<tenant-id>', required=True, - help='Tenant ID') +@utils.arg('--user', metavar='<user-id>', help='User ID') +@utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID') def do_ec2_credentials_create(kc, args): """Create EC2-compatibile credentials for user per tenant""" + if not args.tenant_id: + # use the authenticated tenant id as a default + args.tenant_id = kc.auth_tenant_id + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id credentials = kc.ec2.create(args.user, args.tenant_id) utils.print_dict(credentials._info) -@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') +@utils.arg('--user', metavar='<user-id>', help='User ID') @utils.arg('--access', metavar='<access-key>', required=True, help='Access Key') def do_ec2_credentials_get(kc, args): """Display EC2-compatibile credentials""" + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id cred = kc.ec2.get(args.user, args.access) if cred: utils.print_dict(cred._info) -@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') +@utils.arg('--user', metavar='<user-id>', help='User ID') def do_ec2_credentials_list(kc, args): """List EC2-compatibile credentials for a user""" + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id credentials = kc.ec2.list(args.user) for cred in credentials: try: cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name') except: - pass + # FIXME(dtroyer): Retrieving the tenant name fails for normal + # users; stuff in the tenant_id instead. + cred.tenant = cred.tenant_id utils.print_list(credentials, ['tenant', 'access', 'secret']) -@utils.arg('--user', metavar='<user-id>', required=True, help='User ID') +@utils.arg('--user', metavar='<user-id>', help='User ID') @utils.arg('--access', metavar='<access-key>', required=True, help='Access Key') def do_ec2_credentials_delete(kc, args): """Delete EC2-compatibile credentials""" + if not args.user: + # use the authenticated user id as a default + args.user = kc.auth_user_id try: kc.ec2.delete(args.user, args.access) print 'Credential has been deleted.' diff --git a/tests/test_service_catalog.py b/tests/test_service_catalog.py index cba2164..bef0d52 100644 --- a/tests/test_service_catalog.py +++ b/tests/test_service_catalog.py @@ -122,7 +122,8 @@ class ServiceCatalogTest(utils.TestCase): self.assertEquals(sc.get_token(), {'id': 'ab48a9efdfedb23ty3494', - 'tenant': '345', + 'tenant_id': '345', + 'user_id': '123', 'expires': '2010-11-01T03:32:15-05:00'}) self.assertEquals(sc.catalog['token']['expires'], "2010-11-01T03:32:15-05:00") diff --git a/tests/v2_0/test_auth.py b/tests/v2_0/test_auth.py index 1b8f22e..8bc4eda 100644 --- a/tests/v2_0/test_auth.py +++ b/tests/v2_0/test_auth.py @@ -25,7 +25,13 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase): "access": { "token": { "expires": "12345", - "id": self.TEST_TOKEN + "id": self.TEST_TOKEN, + "tenant": { + "id": self.TEST_TENANT_ID + }, + }, + "user": { + "id": self.TEST_USER }, "serviceCatalog": self.TEST_SERVICE_CATALOG } |