delta/openstack/python-openstackclient.git/openstackclient, branch 3.2.1 opendev.org: openstack/python-openstackclient Defer auth prompting until it is actually needed 2016-12-09T18:07:52+00:00 Dean Troyer dtroyer@gmail.com 2016-09-01T15:54:29+00:00 9484cd3850594ef6cb62d3c57dc5ec402305975c Auth option prompting happens waaaay to early in the default os-client-config flow, we need to defer it until adter the commands have been parsed. This is why ClientManager.setup_auth() exists, as it is not called until the first attempt to connect to a server occurs. Commands that do not require authentication never hit this. Also, required options were not being enforced. By doing this we handle when no authentication info is present, we fail on missing auth-url rather than attempt to prompt for a password (default auth is password). Closes-Bug: 1619274 Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726 (cherry picked from commit 14dbfe44741b65c9e0514a34669f52de8629b1c0) 
Auth option prompting happens waaaay to early in the default
os-client-config flow, we need to defer it until adter the commands
have been parsed.  This is why ClientManager.setup_auth() exists,
as it is not called until the first attempt to connect to a server
occurs.  Commands that do not require authentication never hit this.

Also, required options were not being enforced.  By doing this we handle
when no authentication info is present, we fail on missing auth-url rather
than attempt to prompt for a password (default auth is password).

Closes-Bug: 1619274
Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
(cherry picked from commit 14dbfe44741b65c9e0514a34669f52de8629b1c0)
Merge "Use project_domain_id only in password auth" into stable/newton 2016-12-09T17:59:00+00:00 Jenkins jenkins@review.openstack.org 2016-12-09T17:59:00+00:00 23f6681de615973b7cf54036b607d9a80da6d929 






Use project_domain_id only in password auth
2016-12-09T02:36:18+00:00

Boris Bobrov
bbobrov@mirantis.com

2016-11-17T10:46:21+00:00

fc370104156810cb4f65a3235d6bf6ab65f028bd

The method being changed constructs domain-related parameters that will
further be passed to the auth plugin. If project domain is not
passed, the method sets it to the default domain.

token_endpoint does not expect any information about domain,
because it uses only a token and URL. Passing it to auth plugin causes
an exception.

Construct domain-related parameters only for specific plugins, such
as password or totp.

Change-Id: I13db3bbe31a0ed843e9f4528d37c768546e2bee9
Closes-Bug: 1642301
(cherry picked from commit e51a8d63747932f2ee4ffab02dfb0cd43e4a103d)





The method being changed constructs domain-related parameters that will
further be passed to the auth plugin. If project domain is not
passed, the method sets it to the default domain.

token_endpoint does not expect any information about domain,
because it uses only a token and URL. Passing it to auth plugin causes
an exception.

Construct domain-related parameters only for specific plugins, such
as password or totp.

Change-Id: I13db3bbe31a0ed843e9f4528d37c768546e2bee9
Closes-Bug: 1642301
(cherry picked from commit e51a8d63747932f2ee4ffab02dfb0cd43e4a103d)







Mask passwords in debug logs for auth_config_hook
2016-10-06T20:08:59+00:00

Matt Riedemann
mriedem@us.ibm.com

2016-10-06T01:11:16+00:00

a37addb7b034105ce03ee35a0a1610d191c4b269

The auth config hook can have credentials in it so
we have to mask the config before logging it. To
avoid doing the work of masking the password if we
aren't going to log it, there is a conditional put
around the actual debug statement.

Conflicts:
        openstackclient/common/client_config.py

NOTE(mriedem): The conflict was due to imports.

Change-Id: I8e626672ec94fc837610216bccb4354dbdedca17
Closes-Bug: #1630822
(cherry picked from commit cd1a412408f068aeef97c1ee368400307fce7733)





The auth config hook can have credentials in it so
we have to mask the config before logging it. To
avoid doing the work of masking the password if we
aren't going to log it, there is a conditional put
around the actual debug statement.

Conflicts:
        openstackclient/common/client_config.py

NOTE(mriedem): The conflict was due to imports.

Change-Id: I8e626672ec94fc837610216bccb4354dbdedca17
Closes-Bug: #1630822
(cherry picked from commit cd1a412408f068aeef97c1ee368400307fce7733)







Provide fallback prompt function for current osc-lib
2016-08-30T00:22:06+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-29T23:14:26+00:00

84c83fc3aeebf8201a301f1864c3b8a1572111f1

Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956





Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956







Merge "Fix auth prompt brokenness"
2016-08-29T21:09:58+00:00

Jenkins
jenkins@review.openstack.org

2016-08-29T21:09:58+00:00

c5f8f761de01e7dee7d65ccba40e8ee4cf116500












Fix auth prompt brokenness
2016-08-29T16:58:49+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-29T16:07:49+00:00

bec206fa0a0214d856259661c5e32086f33d2f62

We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442





We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442







Merge "Clean imports in code"
2016-08-29T13:13:32+00:00

Jenkins
jenkins@review.openstack.org

2016-08-29T13:13:32+00:00

8fce974d2da7d24a662e6a677ab3b63182fe1c7e












Clean imports in code
2016-08-25T06:50:38+00:00

Cao Xuan Hoang
hoangcx@vn.fujitsu.com

2016-08-25T06:50:38+00:00

f854b7d6ea1c67cf7f313e039691c4cb40ff1236

In some part in the code we import objects.
In the Openstack style guidelines they recommend to import only modules.

http://docs.openstack.org/developer/hacking/#imports

Change-Id: I2eb35dc53f0fdb61c31022bb70293d1df8aaf482





In some part in the code we import objects.
In the Openstack style guidelines they recommend to import only modules.

http://docs.openstack.org/developer/hacking/#imports

Change-Id: I2eb35dc53f0fdb61c31022bb70293d1df8aaf482







Restore default auth-type for token/endpoint
2016-08-24T21:57:56+00:00

Dean Troyer
dtroyer@gmail.com

2016-08-24T20:26:39+00:00

188709c6688b6baa0b9e3c09f4dda745ab1e700e

The split to osc-lib shell lost the detection of --os-token and
--os-url to set --os-auth-type token_endpoint

Closes-bug: 1615988
Change-Id: I248f776a3a7b276195c162818f41ba20760ee545





The split to osc-lib shell lost the detection of --os-token and
--os-url to set --os-auth-type token_endpoint

Closes-bug: 1615988
Change-Id: I248f776a3a7b276195c162818f41ba20760ee545