From 0c77a9fe8baa4df9ea2d0055db9c700af3cae310 Mon Sep 17 00:00:00 2001 From: Matthieu Huin Date: Fri, 18 Jul 2014 19:18:25 +0200 Subject: Support for keystone auth plugins This patch allows the user to choose which authentication plugin to use with the CLI. The arguments needed by the auth plugins are automatically added to the argument parser. Some examples with the currently available authentication plugins:: OS_USERNAME=admin OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v2.0 \ OS_PASSWORD=admin openstack user list OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default OS_USER_DOMAIN_NAME=default \ OS_PROJECT_NAME=admin OS_AUTH_URL=http://keystone:5000/v3 OS_PASSWORD=admin \ OS_IDENTITY_API_VERSION=3 OS_AUTH_PLUGIN=v3password openstack project list OS_TOKEN=1234 OS_URL=http://service_url:35357/v2.0 \ OS_IDENTITY_API_VERSION=2.0 openstack user list The --os-auth-plugin option can be omitted; if so the CLI will attempt to guess which plugin to use from the other options. Change-Id: I330c20ddb8d96b3a4287c68b57c36c4a0f869669 Co-Authored-By: Florent Flament --- openstackclient/identity/client.py | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) (limited to 'openstackclient/identity') diff --git a/openstackclient/identity/client.py b/openstackclient/identity/client.py index a43b50e3..bc10a6d2 100644 --- a/openstackclient/identity/client.py +++ b/openstackclient/identity/client.py @@ -16,9 +16,9 @@ import logging from keystoneclient.v2_0 import client as identity_client_v2_0 +from openstackclient.api import auth from openstackclient.common import utils - LOG = logging.getLogger(__name__) DEFAULT_IDENTITY_API_VERSION = '2.0' @@ -47,16 +47,15 @@ def make_client(instance): # TODO(dtroyer): Something doesn't like the session.auth when using # token auth, chase that down. if instance._url: - LOG.debug('Using token auth') + LOG.debug('Using service token auth') client = identity_client( endpoint=instance._url, - token=instance._token, + token=instance._auth_params['token'], cacert=instance._cacert, - insecure=instance._insecure, - trust_id=instance._trust_id, + insecure=instance._insecure ) else: - LOG.debug('Using password auth') + LOG.debug('Using auth plugin: %s' % instance._auth_plugin) client = identity_client( session=instance.session, cacert=instance._cacert, @@ -66,7 +65,6 @@ def make_client(instance): # so we can remove it if not instance._url: instance.auth_ref = instance.auth.get_auth_ref(instance.session) - return client @@ -81,14 +79,7 @@ def build_option_parser(parser): help='Identity API version, default=' + DEFAULT_IDENTITY_API_VERSION + ' (Env: OS_IDENTITY_API_VERSION)') - parser.add_argument( - '--os-trust-id', - metavar='', - default=utils.env('OS_TRUST_ID'), - help='Trust ID to use when authenticating. ' - 'This can only be used with Keystone v3 API ' - '(Env: OS_TRUST_ID)') - return parser + return auth.build_auth_plugins_option_parser(parser) class IdentityClientv2_0(identity_client_v2_0.Client): -- cgit v1.2.1