|
11 | 11 | # under the License. |
12 | 12 | # |
13 | 13 |
|
14 | | -"""Authentication Library""" |
| 14 | +# NOTE(dtroyer): This file is deprecated in Jun 2016, remove after 4.x release |
| 15 | +# or Jun 2017. |
15 | 16 |
|
16 | | -import argparse |
17 | | -import logging |
| 17 | +import sys |
18 | 18 |
|
19 | | -from keystoneauth1.loading import base |
20 | | -from osc_lib import exceptions as exc |
21 | | -from osc_lib import utils |
| 19 | +from osc_lib.api.auth import * # noqa |
22 | 20 |
|
23 | | -from openstackclient.i18n import _ |
24 | 21 |
|
25 | | -LOG = logging.getLogger(__name__) |
26 | | - |
27 | | -# Initialize the list of Authentication plugins early in order |
28 | | -# to get the command-line options |
29 | | -PLUGIN_LIST = None |
30 | | - |
31 | | -# List of plugin command line options |
32 | | -OPTIONS_LIST = {} |
33 | | - |
34 | | - |
35 | | -def get_plugin_list(): |
36 | | - """Gather plugin list and cache it""" |
37 | | - global PLUGIN_LIST |
38 | | - |
39 | | - if PLUGIN_LIST is None: |
40 | | - PLUGIN_LIST = base.get_available_plugin_names() |
41 | | - return PLUGIN_LIST |
42 | | - |
43 | | - |
44 | | -def get_options_list(): |
45 | | - """Gather plugin options so the help action has them available""" |
46 | | - |
47 | | - global OPTIONS_LIST |
48 | | - |
49 | | - if not OPTIONS_LIST: |
50 | | - for plugin_name in get_plugin_list(): |
51 | | - plugin_options = base.get_plugin_options(plugin_name) |
52 | | - for o in plugin_options: |
53 | | - os_name = o.dest.lower().replace('_', '-') |
54 | | - os_env_name = 'OS_' + os_name.upper().replace('-', '_') |
55 | | - OPTIONS_LIST.setdefault( |
56 | | - os_name, {'env': os_env_name, 'help': ''}, |
57 | | - ) |
58 | | - # TODO(mhu) simplistic approach, would be better to only add |
59 | | - # help texts if they vary from one auth plugin to another |
60 | | - # also the text rendering is ugly in the CLI ... |
61 | | - OPTIONS_LIST[os_name]['help'] += 'With %s: %s\n' % ( |
62 | | - plugin_name, |
63 | | - o.help, |
64 | | - ) |
65 | | - return OPTIONS_LIST |
66 | | - |
67 | | - |
68 | | -def select_auth_plugin(options): |
69 | | - """Pick an auth plugin based on --os-auth-type or other options""" |
70 | | - |
71 | | - auth_plugin_name = None |
72 | | - |
73 | | - # Do the token/url check first as this must override the default |
74 | | - # 'password' set by os-client-config |
75 | | - # Also, url and token are not copied into o-c-c's auth dict (yet?) |
76 | | - if options.auth.get('url') and options.auth.get('token'): |
77 | | - # service token authentication |
78 | | - auth_plugin_name = 'token_endpoint' |
79 | | - elif options.auth_type in PLUGIN_LIST: |
80 | | - # A direct plugin name was given, use it |
81 | | - auth_plugin_name = options.auth_type |
82 | | - elif options.auth.get('username'): |
83 | | - if options.identity_api_version == '3': |
84 | | - auth_plugin_name = 'v3password' |
85 | | - elif options.identity_api_version.startswith('2'): |
86 | | - auth_plugin_name = 'v2password' |
87 | | - else: |
88 | | - # let keystoneclient figure it out itself |
89 | | - auth_plugin_name = 'password' |
90 | | - elif options.auth.get('token'): |
91 | | - if options.identity_api_version == '3': |
92 | | - auth_plugin_name = 'v3token' |
93 | | - elif options.identity_api_version.startswith('2'): |
94 | | - auth_plugin_name = 'v2token' |
95 | | - else: |
96 | | - # let keystoneclient figure it out itself |
97 | | - auth_plugin_name = 'token' |
98 | | - else: |
99 | | - # The ultimate default is similar to the original behaviour, |
100 | | - # but this time with version discovery |
101 | | - auth_plugin_name = 'password' |
102 | | - LOG.debug("Auth plugin %s selected", auth_plugin_name) |
103 | | - return auth_plugin_name |
104 | | - |
105 | | - |
106 | | -def build_auth_params(auth_plugin_name, cmd_options): |
107 | | - |
108 | | - if auth_plugin_name: |
109 | | - LOG.debug('auth_type: %s', auth_plugin_name) |
110 | | - auth_plugin_loader = base.get_plugin_loader(auth_plugin_name) |
111 | | - auth_params = {opt.dest: opt.default |
112 | | - for opt in base.get_plugin_options(auth_plugin_name)} |
113 | | - auth_params.update(dict(cmd_options.auth)) |
114 | | - # grab tenant from project for v2.0 API compatibility |
115 | | - if auth_plugin_name.startswith("v2"): |
116 | | - if 'project_id' in auth_params: |
117 | | - auth_params['tenant_id'] = auth_params['project_id'] |
118 | | - del auth_params['project_id'] |
119 | | - if 'project_name' in auth_params: |
120 | | - auth_params['tenant_name'] = auth_params['project_name'] |
121 | | - del auth_params['project_name'] |
122 | | - else: |
123 | | - LOG.debug('no auth_type') |
124 | | - # delay the plugin choice, grab every option |
125 | | - auth_plugin_loader = None |
126 | | - auth_params = dict(cmd_options.auth) |
127 | | - plugin_options = set([o.replace('-', '_') for o in get_options_list()]) |
128 | | - for option in plugin_options: |
129 | | - LOG.debug('fetching option %s', option) |
130 | | - auth_params[option] = getattr(cmd_options.auth, option, None) |
131 | | - return (auth_plugin_loader, auth_params) |
132 | | - |
133 | | - |
134 | | -def check_valid_authorization_options(options, auth_plugin_name): |
135 | | - """Validate authorization options, and provide helpful error messages.""" |
136 | | - if (options.auth.get('project_id') and not |
137 | | - options.auth.get('domain_id') and not |
138 | | - options.auth.get('domain_name') and not |
139 | | - options.auth.get('project_name') and not |
140 | | - options.auth.get('tenant_id') and not |
141 | | - options.auth.get('tenant_name')): |
142 | | - raise exc.CommandError(_( |
143 | | - 'Missing parameter(s): ' |
144 | | - 'Set either a project or a domain scope, but not both. Set a ' |
145 | | - 'project scope with --os-project-name, OS_PROJECT_NAME, or ' |
146 | | - 'auth.project_name. Alternatively, set a domain scope with ' |
147 | | - '--os-domain-name, OS_DOMAIN_NAME or auth.domain_name.')) |
148 | | - |
149 | | - |
150 | | -def check_valid_authentication_options(options, auth_plugin_name): |
151 | | - """Validate authentication options, and provide helpful error messages.""" |
152 | | - |
153 | | - # Get all the options defined within the plugin. |
154 | | - plugin_opts = base.get_plugin_options(auth_plugin_name) |
155 | | - plugin_opts = {opt.dest: opt for opt in plugin_opts} |
156 | | - |
157 | | - # NOTE(aloga): this is an horrible hack. We need a way to specify the |
158 | | - # required options in the plugins. Using the "required" argument for |
159 | | - # the oslo_config.cfg.Opt does not work, as it is not possible to load the |
160 | | - # plugin if the option is not defined, so the error will simply be: |
161 | | - # "NoMatchingPlugin: The plugin foobar could not be found" |
162 | | - msgs = [] |
163 | | - if 'password' in plugin_opts and not options.auth.get('username'): |
164 | | - msgs.append(_('Set a username with --os-username, OS_USERNAME,' |
165 | | - ' or auth.username')) |
166 | | - if 'auth_url' in plugin_opts and not options.auth.get('auth_url'): |
167 | | - msgs.append(_('Set a service AUTH_URL, with --os-auth-url, ' |
168 | | - 'OS_AUTH_URL or auth.auth_url')) |
169 | | - if 'url' in plugin_opts and not options.auth.get('url'): |
170 | | - msgs.append(_('Set a service URL, with --os-url, ' |
171 | | - 'OS_URL or auth.url')) |
172 | | - if 'token' in plugin_opts and not options.auth.get('token'): |
173 | | - msgs.append(_('Set a token with --os-token, ' |
174 | | - 'OS_TOKEN or auth.token')) |
175 | | - if msgs: |
176 | | - raise exc.CommandError( |
177 | | - _('Missing parameter(s): \n%s') % '\n'.join(msgs)) |
178 | | - |
179 | | - |
180 | | -def build_auth_plugins_option_parser(parser): |
181 | | - """Auth plugins options builder |
182 | | -
|
183 | | - Builds dynamically the list of options expected by each available |
184 | | - authentication plugin. |
185 | | -
|
186 | | - """ |
187 | | - available_plugins = list(get_plugin_list()) |
188 | | - parser.add_argument( |
189 | | - '--os-auth-type', |
190 | | - metavar='<auth-type>', |
191 | | - dest='auth_type', |
192 | | - default=utils.env('OS_AUTH_TYPE'), |
193 | | - help=_('Select an authentication type. Available types: %s.' |
194 | | - ' Default: selected based on --os-username/--os-token' |
195 | | - ' (Env: OS_AUTH_TYPE)') % ', '.join(available_plugins), |
196 | | - choices=available_plugins |
197 | | - ) |
198 | | - # Maintain compatibility with old tenant env vars |
199 | | - envs = { |
200 | | - 'OS_PROJECT_NAME': utils.env( |
201 | | - 'OS_PROJECT_NAME', |
202 | | - default=utils.env('OS_TENANT_NAME') |
203 | | - ), |
204 | | - 'OS_PROJECT_ID': utils.env( |
205 | | - 'OS_PROJECT_ID', |
206 | | - default=utils.env('OS_TENANT_ID') |
207 | | - ), |
208 | | - } |
209 | | - for o in get_options_list(): |
210 | | - # Remove tenant options from KSC plugins and replace them below |
211 | | - if 'tenant' not in o: |
212 | | - parser.add_argument( |
213 | | - '--os-' + o, |
214 | | - metavar='<auth-%s>' % o, |
215 | | - dest=o.replace('-', '_'), |
216 | | - default=envs.get( |
217 | | - OPTIONS_LIST[o]['env'], |
218 | | - utils.env(OPTIONS_LIST[o]['env']), |
219 | | - ), |
220 | | - help=_('%(help)s\n(Env: %(env)s)') % { |
221 | | - 'help': OPTIONS_LIST[o]['help'], |
222 | | - 'env': OPTIONS_LIST[o]['env'], |
223 | | - }, |
224 | | - ) |
225 | | - # add tenant-related options for compatibility |
226 | | - # this is deprecated but still used in some tempest tests... |
227 | | - parser.add_argument( |
228 | | - '--os-tenant-name', |
229 | | - metavar='<auth-tenant-name>', |
230 | | - dest='os_project_name', |
231 | | - help=argparse.SUPPRESS, |
232 | | - ) |
233 | | - parser.add_argument( |
234 | | - '--os-tenant-id', |
235 | | - metavar='<auth-tenant-id>', |
236 | | - dest='os_project_id', |
237 | | - help=argparse.SUPPRESS, |
238 | | - ) |
239 | | - return parser |
| 22 | +sys.stderr.write( |
| 23 | + "WARNING: %s is deprecated and will be removed after Jun 2017. " |
| 24 | + "Please use osc_lib.api.auth\n" % __name__ |
| 25 | +) |
0 commit comments