delta/openstack/python-openstackclient.git/openstackclient/common/clientmanager.py, branch 3.2.1 opendev.org: openstack/python-openstackclient Defer auth prompting until it is actually needed 2016-12-09T18:07:52+00:00 Dean Troyer dtroyer@gmail.com 2016-09-01T15:54:29+00:00 9484cd3850594ef6cb62d3c57dc5ec402305975c Auth option prompting happens waaaay to early in the default os-client-config flow, we need to defer it until adter the commands have been parsed. This is why ClientManager.setup_auth() exists, as it is not called until the first attempt to connect to a server occurs. Commands that do not require authentication never hit this. Also, required options were not being enforced. By doing this we handle when no authentication info is present, we fail on missing auth-url rather than attempt to prompt for a password (default auth is password). Closes-Bug: 1619274 Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726 (cherry picked from commit 14dbfe44741b65c9e0514a34669f52de8629b1c0) 
Auth option prompting happens waaaay to early in the default
os-client-config flow, we need to defer it until adter the commands
have been parsed.  This is why ClientManager.setup_auth() exists,
as it is not called until the first attempt to connect to a server
occurs.  Commands that do not require authentication never hit this.

Also, required options were not being enforced.  By doing this we handle
when no authentication info is present, we fail on missing auth-url rather
than attempt to prompt for a password (default auth is password).

Closes-Bug: 1619274
Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
(cherry picked from commit 14dbfe44741b65c9e0514a34669f52de8629b1c0)
Provide fallback prompt function for current osc-lib 2016-08-30T00:22:06+00:00 Dean Troyer dtroyer@gmail.com 2016-08-29T23:14:26+00:00 84c83fc3aeebf8201a301f1864c3b8a1572111f1 Leaving the pw_func uninitialize in osc-lib turned out to be a bad idea as the test to prompt in setup_auth() doesn't check for a callback of None. Also, release note Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956 
Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956
Fix auth prompt brokenness 2016-08-29T16:58:49+00:00 Dean Troyer dtroyer@gmail.com 2016-08-29T16:07:49+00:00 bec206fa0a0214d856259661c5e32086f33d2f62 We start by fixing this in the already-present OSC_Config class so OSC can move forward. This change needs to get ported down into os-client-config in the near future, maybe even soon enough to make the client library freeze this week. * Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__() * When looping through the auth options from the KSA plugin look for any that have a prompt defined and do not have a value already, so ask for one. Closes-bug: #1617384 Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442 
We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442
osc-lib: shell 2016-08-05T18:48:55+00:00 Dean Troyer dtroyer@gmail.com 2016-06-23T22:51:54+00:00 6a15f90daed6514e30b4af0ebb52c7864acaafcc Convert to using ClientManager and OpenStackShell from osc-lib. * Change all internal uses of ClientManager private attributes that are now public in osc-lib's ClientManager. Leave back-compat copies in place in OSC's clientManager so we don't break plugins. * Put some work-arounds in place for changes in osc-lib that we need until a new release makes it through the g-r and u-c change process. * Add a test for Unicode decoding of argv in shell.main() to parallel the one in osc-lib. Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c 
Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
  now public in osc-lib's ClientManager.  Leave back-compat copies in
  place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
  a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
  the one in osc-lib.

Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
Remove temporary code in ClientManager 2016-07-25T19:55:33+00:00 Dean Troyer dtroyer@gmail.com 2016-07-25T19:29:08+00:00 0bc2d83f685790c154e1c4acb824a55cf0db84b4 This effectively reverts https://review.openstack.org/#/c/341618/. Change-Id: Ic8e53e17b4a5352b0c00e39bcb5d248b057540a9 
This effectively reverts https://review.openstack.org/#/c/341618/.

Change-Id: Ic8e53e17b4a5352b0c00e39bcb5d248b057540a9
Rework clientmanager 2016-07-22T20:49:18+00:00 Dean Troyer dtroyer@gmail.com 2016-05-13T21:53:44+00:00 f38c51c1b90576e6b13ac6086386884c09f5813a * Add compatibility for plugin v2 interface removed from osc-lib * ClientManager.is_network_endpoint_enabled() is wrapper for new is_service_available() Change-Id: I6f26ce9e4d0702f50c7949bacfbeeb0f98cddb5d 
* Add compatibility for plugin v2 interface removed from osc-lib
* ClientManager.is_network_endpoint_enabled() is wrapper for
  new is_service_available()

Change-Id: I6f26ce9e4d0702f50c7949bacfbeeb0f98cddb5d
Temp work around for missing select_auth_plugin() 2016-07-13T15:33:19+00:00 Dean Troyer dtroyer@gmail.com 2016-07-13T15:30:51+00:00 067647b6a40b21e19f3faf3a4fc6188b8c3129b1 These were removed prematurely from osc-lib (by me) but the real fix in https://review.openstack.org/329189 is having racy functional test issues that may be related to osc-lib, so let's clear this up while we fix that... Change-Id: I8f67466967751fdf6fd24ae1b16ccee2aec52323 
These were removed prematurely from osc-lib (by me) but the real fix in
https://review.openstack.org/329189 is having racy functional test issues
that may be related to osc-lib, so let's clear this up while we fix that...

Change-Id: I8f67466967751fdf6fd24ae1b16ccee2aec52323
osc-lib: api.auth 2016-06-30T13:57:59+00:00 Dean Troyer dtroyer@gmail.com 2016-06-23T20:39:48+00:00 d324530532d5361e85e784c3df2f0d40a128b149 Move auth plugin checking to osc-lib. Change-Id: I673d9c2d6e8bbf724c3000459a729e831d747814 
Move auth plugin checking to osc-lib.

Change-Id: I673d9c2d6e8bbf724c3000459a729e831d747814
Refactor setting defaults for some scope parameters 2016-06-21T06:55:30+00:00 Alvaro Lopez Garcia aloga@ifca.unican.es 2016-05-27T09:03:15+00:00 099a2c38b99dff6a0909c0a3ba2909f1aea58644 The code is setting defaults for some scope parameters, cheking if the name ends with some specific substring (namely ending in "password") causing failures in some plugins that end with the same string, but do not allow those parameters (like "user_domain_id" in "v3oidcpassword"). Closes-Bug: #1582774 Change-Id: Id7036db3b783b135353d035dc4c1df7c808d6474 
The code is setting defaults for some scope parameters, cheking if the
name ends with some specific substring (namely ending in "password")
causing failures in some plugins that end with the same string, but do
not allow those parameters (like "user_domain_id" in "v3oidcpassword").

Closes-Bug: #1582774
Change-Id: Id7036db3b783b135353d035dc4c1df7c808d6474
Do not prompt for scope options with default scoped tokens 2016-06-17T16:37:15+00:00 Dolph Mathews dolph.mathews@gmail.com 2016-06-15T16:26:35+00:00 fe0c8e955be0331aef9cc6847c9bddc43ce66d92 This changes the scope validation to occur after a token has already been created. Previous flow: 1. Validate authentication options. 2. Validate authorization options if the command requires a scope. 3. Create a token (using authentication + authorization options) 4. Run command. This means that scope was being checked, even if a default scope was applied in step 3 by Keystone. New flow: 1. Validate authentication options. 2. Create token (using authentication + authorization options) 3 Validate authorization options if the command requires a scope and the token is not scoped. 4. Run command. Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981 Closes-Bug: 1592062 
This changes the scope validation to occur after a token has already
been created.

Previous flow:

1. Validate authentication options.
2. Validate authorization options if the command requires a scope.
3. Create a token (using authentication + authorization options)
4. Run command.

This means that scope was being checked, even if a default scope was
applied in step 3 by Keystone.

New flow:

1. Validate authentication options.
2. Create token (using authentication + authorization options)
3  Validate authorization options if the command requires a scope and
   the token is not scoped.
4. Run command.

Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981
Closes-Bug: 1592062