diff options
-rw-r--r-- | README.rst | 26 | ||||
-rw-r--r-- | keystoneclient/client.py | 16 | ||||
-rw-r--r-- | keystoneclient/shell.py | 78 | ||||
-rw-r--r-- | keystoneclient/v2_0/client.py | 40 | ||||
-rw-r--r-- | keystoneclient/v2_0/tokens.py | 17 |
5 files changed, 92 insertions, 85 deletions
@@ -27,7 +27,7 @@ By way of a quick-start:: # use v2.0 auth with http://example.com:5000/v2.0") >>> from keystoneclient.v2_0 import client - >>> keystone = client.Client(username=USERNAME, password=API_KEY, project_id=TENANT, auth_url=KEYSTONE_URL) + >>> keystone = client.Client(user_name=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=KEYSTONE_URL) >>> keystone.tenants.list() >>> tenant = keystone.tenants.create(name="test", descrption="My new tenant!", enabled=True) >>> tenant.delete() @@ -48,17 +48,16 @@ You'll need to provide your OpenStack username and API key. You can do this with the ``--username``, ``--apikey`` and ``--projectid`` params, but it's easier to just set them as environment variables:: - export KEYSTONE_USERNAME=openstack - export KEYSTONE_API_KEY=yadayada - export KEYSTONE_PROJECTID=yadayada + export OS_TENANT_NAME=project + export OS_USER_NAME=user + export OS_PASSWORD=pass You will also need to define the authentication url with ``--url`` and the version of the API with ``--version``. Or set them as an environment variables as well:: - export KEYSTONE_URL=http://example.com:5000/v2.0 + export OS_AUTH_URL=http://example.com:5000/v2.0 export KEYSTONE_ADMIN_URL=http://example.com:35357/v2.0 - export KEYSTONE_VERSION=2.0 Since Keystone can return multiple regions in the Service Catalog, you can specify the one you want with ``--region_name`` (or @@ -67,8 +66,8 @@ can specify the one you want with ``--region_name`` (or You'll find complete documentation on the shell by running ``keystone help``:: - usage: keystone [--username USERNAME] [--apikey APIKEY] [--projectid PROJECTID] - [--url URL] [--version VERSION] [--region_name NAME] + usage: keystone [--user_name user] [--password password] + [--tenant_name tenant] [--auth_url URL] <subcommand> ... Command-line interface to the OpenStack Keystone API. @@ -79,11 +78,12 @@ You'll find complete documentation on the shell by running Optional arguments: - --username USERNAME Defaults to env[KEYSTONE_USERNAME]. - --apikey APIKEY Defaults to env[KEYSTONE_API_KEY]. - --apikey PROJECTID Defaults to env[KEYSTONE_PROJECT_ID]. - --url AUTH_URL Defaults to env[KEYSTONE_URL] or - --url ADMIN_URL Defaults to env[KEYSTONE_ADMIN_URL] + --user_name USER Defaults to env[OS_USER_NAME]. + --user_id USERID Defaults to env[OS_USER_ID]. + --password PASSWORD Defaults to env[OS_PASSWORD]. + --tenant_name TENANT Defaults to env[OS_TENANT_NAME]. + --tenant_id TENANTID Defaults to env[OS_TENANT_]. + --url AUTH_URL Defaults to env[OS_AUTH_URL] or --version VERSION Defaults to env[KEYSTONE_VERSION] or 2.0. --region_name NAME The region name in the Keystone Service Catalog to use after authentication. Defaults to diff --git a/keystoneclient/client.py b/keystoneclient/client.py index afdb5c2..94d9c94 100644 --- a/keystoneclient/client.py +++ b/keystoneclient/client.py @@ -38,19 +38,22 @@ class HTTPClient(httplib2.Http): USER_AGENT = 'python-keystoneclient' - def __init__(self, username=None, password=None, token=None, + def __init__(self, user_name=None, user_id=None, + tenant_id=None, tenant_name=None, password=None, project_id=None, auth_url=None, region_name=None, - timeout=None, endpoint=None): + timeout=None, endpoint=None, token=None): super(HTTPClient, self).__init__(timeout=timeout) - self.user = username + self.user_id = user_id + self.user_name = user_name + self.tenant_id = tenant_id + self.tenant_name = tenant_name self.password = password - self.project_id = unicode(project_id) self.auth_url = auth_url self.version = 'v2.0' self.region_name = region_name + self.auth_token = token self.management_url = endpoint - self.auth_token = token or password # httplib2 overrides self.force_exception_to_status_code = True @@ -140,12 +143,11 @@ class HTTPClient(httplib2.Http): kwargs.setdefault('headers', {}) if self.auth_token and self.auth_token != self.password: kwargs['headers']['X-Auth-Token'] = self.auth_token - if self.project_id: - kwargs['headers']['X-Auth-Project-Id'] = self.project_id # Perform the request once. If we get a 401 back then it # might be because the auth token expired, so try to # re-authenticate and try again. If it still fails, bail. + print 'SENDING: %s' % kwargs try: resp, body = self.request(self.management_url + url, method, **kwargs) diff --git a/keystoneclient/shell.py b/keystoneclient/shell.py index 7d145fa..0fb9840 100644 --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -55,21 +55,29 @@ class OpenStackIdentityShell(object): action='store_true', help=argparse.SUPPRESS) - parser.add_argument('--username', - default=env('KEYSTONE_USERNAME'), - help='Defaults to env[KEYSTONE_USERNAME].') + parser.add_argument('--user_name', + default=env('OS_USER_NAME'), + help='Defaults to env[OS_USER_NAME].') - parser.add_argument('--apikey', - default=env('KEYSTONE_API_KEY'), - help='Defaults to env[KEYSTONE_API_KEY].') + parser.add_argument('--user_id', + default=env('OS_USER_ID'), + help='Defaults to env[OS_USER_ID].') - parser.add_argument('--projectid', - default=env('KEYSTONE_PROJECT_ID'), - help='Defaults to env[KEYSTONE_PROJECT_ID].') + parser.add_argument('--password', + default=env('OS_PASSWORD'), + help='Defaults to env[OS_PASSWORD].') + + parser.add_argument('--tenant_name', + default=env('OS_TENANT_NAME'), + help='Defaults to env[OS_TENANT_NAME].') + + parser.add_argument('--tenant_id', + default=env('OS_TENANT_ID'), + help='Defaults to env[OS_TENANT_ID].') parser.add_argument('--url', - default=env('KEYSTONE_URL'), - help='Defaults to env[KEYSTONE_URL].') + default=env('OS_AUTH_URL'), + help='Defaults to env[OS_AUTH_URL].') parser.add_argument('--region_name', default=env('KEYSTONE_REGION_NAME'), @@ -144,37 +152,29 @@ class OpenStackIdentityShell(object): self.do_help(args) return 0 - user, apikey, projectid, url, region_name = \ - args.username, args.apikey, args.projectid, args.url, \ - args.region_name - #FIXME(usrleon): Here should be restrict for project id same as # for username or apikey but for compatibility it is not. - if not user: - raise exc.CommandError("You must provide a username, either" - "via --username or via " - "env[KEYSTONE_USERNAME]") - if not apikey: - raise exc.CommandError("You must provide an API key, either" - "via --apikey or via" - "env[KEYSTONE_API_KEY]") - if options.version and options.version != '1.0': - if not projectid: - raise exc.CommandError("You must provide an projectid, either" - "via --projectid or via" - "env[KEYSTONE_PROJECT_ID") - - if not url: - raise exc.CommandError("You must provide a auth url, either" - "via --url or via" - "env[KEYSTONE_URL") - - self.cs = self.get_api_class(options.version)(user, - apikey, - projectid, - url, - region_name=region_name) + if not args.user_id and not args.user_name: + raise exc.CommandError("You must provide a user name or id:" + "via --user_name or env[OS_USER_NAME]" + "via --user_id or env[OS_USER_ID])") + if not args.password: + raise exc.CommandError("You must provide a password, either" + "via --password or env[OS_PASSWORD]") + + if not args.url: + raise exc.CommandError("You must provide a auth url, either" + "via --auth_url or via" + "env[OS_AUTH_URL") + + self.cs = self.get_api_class(options.version)(user_name=args.user_name, + user_id=args.user_id, + tenant_name=args.tenant_name, + tenant_id=args.tenant_id, + password=args.password, + auth_url=args.auth_url, + region_name=args.region_name) try: self.cs.authenticate() diff --git a/keystoneclient/v2_0/client.py b/keystoneclient/v2_0/client.py index 21bc4c7..c9dc6d5 100644 --- a/keystoneclient/v2_0/client.py +++ b/keystoneclient/v2_0/client.py @@ -12,7 +12,6 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. -import urlparse import logging from keystoneclient import client @@ -86,20 +85,22 @@ class Client(client.HTTPClient): Returns ``True`` if authentication was successful. """ self.management_url = self.auth_url - try: - raw_token = self.tokens.authenticate(username=self.user, - password=self.password, - tenant=self.project_id, - token=self.auth_token, - return_raw=True) - self._extract_service_catalog(self.auth_url, raw_token) - return True - except (exceptions.AuthorizationFailure, exceptions.Unauthorized): - raise - except Exception, e: - _logger.exception("Authorization Failed.") - raise exceptions.AuthorizationFailure("Authorization Failed: " - "%s" % e) + # try: + raw_token = self.tokens.authenticate(user_name=self.user_name, + user_id=self.user_id, + tenant_id=self.tenant_id, + tenant_name=self.tenant_name, + password=self.password, + return_raw=True) + print 'got token %s' % raw_token + self._extract_service_catalog(self.auth_url, raw_token) + return True + # except (exceptions.AuthorizationFailure, exceptions.Unauthorized): + # raise + # except Exception, e: + # _logger.exception("Authorization Failed.") + # raise exceptions.AuthorizationFailure("Authorization Failed: " + # "%s" % e) def _extract_service_catalog(self, url, body): """ Set the client's service catalog from the response data. """ @@ -108,9 +109,8 @@ class Client(client.HTTPClient): self.auth_token = self.service_catalog.get_token() except KeyError: raise exceptions.AuthorizationFailure() - if self.project_id: - # Unscoped tokens don't return a service catalog - self.management_url = self.service_catalog.url_for( - attr='region', - filter_value=self.region_name) + + # Unscoped tokens don't return a service catalog + self.management_url = self.service_catalog.url_for(attr='region', + filter_value=self.region_name) return self.service_catalog diff --git a/keystoneclient/v2_0/tokens.py b/keystoneclient/v2_0/tokens.py index 581a71a..a369801 100644 --- a/keystoneclient/v2_0/tokens.py +++ b/keystoneclient/v2_0/tokens.py @@ -21,17 +21,22 @@ class Token(base.Resource): class TokenManager(base.ManagerWithFind): resource_class = Token - def authenticate(self, username=None, password=None, tenant=None, - token=None, return_raw=False): + def authenticate(self, user_name=None, user_id=None, tenant_id=None, + tenant_name=None, password=None, token=None, return_raw=False): if token and token != password: params = {"auth": {"token": {"id": token}}} - elif username and password: - params = {"auth": {"passwordCredentials": {"username": username, + elif user_name and password: + params = {"auth": {"passwordCredentials": {"username": user_name, + "password": password}}} + elif user_id and password: + params = {"auth": {"passwordCredentials": {"userId": user_id, "password": password}}} else: raise ValueError('A username and password or token is required.') - if tenant: - params['auth']['tenantId'] = tenant + if tenant_id: + params['auth']['tenantId'] = tenant_id + elif tenant_name: + params['auth']['tenantName'] = tenant_name return self._create('/tokens', params, "access", return_raw=return_raw) def endpoints(self, token): |