Skip to content

Commit 7f59fa5

Browse files
Jenkinsopenstack-gerrit
Jenkins
authored and
openstack-gerrit
committed
Merge "trust authentication"
2 parents e43c0f2 + 5672c68 commit 7f59fa5

5 files changed

Lines changed: 89 additions & 22 deletions

File tree

doc/source/man/openstack.rst

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,8 @@ OPTIONS
8383
:option:`--os-XXXX-api-version` <XXXX-api-version>
8484
Additional API version options will be available depending on the installed API libraries.
8585

86+
:option:`--os-trust-id` <trust-id>
87+
id of the trust to use as a trustee user
8688

8789
COMMANDS
8890
========
@@ -181,21 +183,23 @@ The following environment variables can be set to alter the behaviour of :progra
181183
:envvar:`OS_CACERT`
182184
CA certificate bundle file
183185

184-
:envvar:`OS_COMPUTE_API_VERISON`
186+
:envvar:`OS_COMPUTE_API_VERSION`
185187
Compute API version (Default: 2)
186188

187-
:envvar:`OS_IDENTITY_API_VERISON`
189+
:envvar:`OS_IDENTITY_API_VERSION`
188190
Identity API version (Default: 2.0)
189191

190-
:envvar:`OS_IMAGE_API_VERISON`
192+
:envvar:`OS_IMAGE_API_VERSION`
191193
Image API version (Default: 1)
192194

193-
:envvar:`OS_VOLUME_API_VERISON`
195+
:envvar:`OS_VOLUME_API_VERSION`
194196
Volume API version (Default: 1)
195197

196-
:envvar:`OS_XXXX_API_VERISON`
198+
:envvar:`OS_XXXX_API_VERSION`
197199
Additional API version options will be available depending on the installed API libraries.
198200

201+
:envvar:`OS_TRUST_ID`
202+
id of the trust to use as a trustee user
199203

200204
BUGS
201205
====

openstackclient/common/clientmanager.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,8 @@ def __init__(self, token=None, url=None, auth_url=None,
4848
username=None, password=None,
4949
user_domain_id=None, user_domain_name=None,
5050
project_domain_id=None, project_domain_name=None,
51-
region_name=None, api_version=None, verify=True):
51+
region_name=None, api_version=None, verify=True,
52+
trust_id=None):
5253
self._token = token
5354
self._url = url
5455
self._auth_url = auth_url
@@ -64,6 +65,7 @@ def __init__(self, token=None, url=None, auth_url=None,
6465
self._project_domain_name = project_domain_name
6566
self._region_name = region_name
6667
self._api_version = api_version
68+
self._trust_id = trust_id
6769
self._service_catalog = None
6870

6971
# verify is the Requests-compatible form

openstackclient/identity/client.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ def make_client(instance):
4343
token=instance._token,
4444
cacert=instance._cacert,
4545
insecure=instance._insecure,
46+
trust_id=instance._trust_id,
4647
)
4748
else:
4849
LOG.debug('instantiating identity client: password flow')
@@ -61,6 +62,7 @@ def make_client(instance):
6162
region_name=instance._region_name,
6263
cacert=instance._cacert,
6364
insecure=instance._insecure,
65+
trust_id=instance._trust_id,
6466
)
6567
instance.auth_ref = client.auth_ref
6668
return client

openstackclient/shell.py

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -326,6 +326,13 @@ def build_option_parser(self, description, version):
326326
help='Identity API version, default=' +
327327
identity_client.DEFAULT_IDENTITY_API_VERSION +
328328
' (Env: OS_IDENTITY_API_VERSION)')
329+
parser.add_argument(
330+
'--os-trust-id',
331+
metavar='<trust-id>',
332+
default=utils.env('OS_TRUST_ID'),
333+
help='Trust ID to use when authenticating. '
334+
'This can only be used with Keystone v3 API '
335+
'(Env: OS_TRUST_ID)')
329336

330337
return parser
331338

@@ -373,19 +380,35 @@ def authenticate_user(self):
373380
if not ((self.options.os_project_id
374381
or self.options.os_project_name) or
375382
(self.options.os_domain_id
376-
or self.options.os_domain_name)):
383+
or self.options.os_domain_name) or
384+
self.options.os_trust_id):
377385
raise exc.CommandError(
378386
"You must provide authentication scope as a project "
379387
"or a domain via --os-project-id or env[OS_PROJECT_ID], "
380388
"--os-project-name or env[OS_PROJECT_NAME], "
381389
"--os-domain-id or env[OS_DOMAIN_ID], or"
382-
"--os-domain-name or env[OS_DOMAIN_NAME].")
390+
"--os-domain-name or env[OS_DOMAIN_NAME], or "
391+
"--os-trust-id or env[OS_TRUST_ID].")
383392

384393
if not self.options.os_auth_url:
385394
raise exc.CommandError(
386395
"You must provide an auth url via"
387396
" either --os-auth-url or via env[OS_AUTH_URL]")
388397

398+
if (self.options.os_trust_id and
399+
self.options.os_identity_api_version != '3'):
400+
raise exc.CommandError(
401+
"Trusts can only be used with Identity API v3")
402+
403+
if (self.options.os_trust_id and
404+
((self.options.os_project_id
405+
or self.options.os_project_name) or
406+
(self.options.os_domain_id
407+
or self.options.os_domain_name))):
408+
raise exc.CommandError(
409+
"Authentication cannot be scoped to multiple targets. "
410+
"Pick one of project, domain or trust.")
411+
389412
self.client_manager = clientmanager.ClientManager(
390413
token=self.options.os_token,
391414
url=self.options.os_url,
@@ -403,6 +426,7 @@ def authenticate_user(self):
403426
region_name=self.options.os_region_name,
404427
verify=self.verify,
405428
api_version=self.api_version,
429+
trust_id=self.options.os_trust_id,
406430
)
407431
return
408432

openstackclient/tests/test_shell.py

Lines changed: 49 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,8 @@ def _assert_password_auth(self, cmd_options, default_args):
104104
default_args["password"])
105105
self.assertEqual(_shell.options.os_region_name,
106106
default_args["region_name"])
107+
self.assertEqual(_shell.options.os_trust_id,
108+
default_args["trust_id"])
107109

108110
def _assert_token_auth(self, cmd_options, default_args):
109111
with mock.patch("openstackclient.shell.OpenStackShell.initialize_app",
@@ -181,7 +183,8 @@ def test_only_url_flow(self):
181183
"project_domain_name": "",
182184
"username": "",
183185
"password": "",
184-
"region_name": ""
186+
"region_name": "",
187+
"trust_id": "",
185188
}
186189
self._assert_password_auth(flag, kwargs)
187190

@@ -199,7 +202,8 @@ def test_only_project_id_flow(self):
199202
"project_domain_name": "",
200203
"username": "",
201204
"password": "",
202-
"region_name": ""
205+
"region_name": "",
206+
"trust_id": "",
203207
}
204208
self._assert_password_auth(flag, kwargs)
205209

@@ -217,7 +221,8 @@ def test_only_project_name_flow(self):
217221
"project_domain_name": "",
218222
"username": "",
219223
"password": "",
220-
"region_name": ""
224+
"region_name": "",
225+
"trust_id": "",
221226
}
222227
self._assert_password_auth(flag, kwargs)
223228

@@ -235,7 +240,8 @@ def test_only_tenant_id_flow(self):
235240
"project_domain_name": "",
236241
"username": "",
237242
"password": "",
238-
"region_name": ""
243+
"region_name": "",
244+
"trust_id": "",
239245
}
240246
self._assert_password_auth(flag, kwargs)
241247

@@ -253,7 +259,8 @@ def test_only_tenant_name_flow(self):
253259
"project_domain_name": "",
254260
"username": "",
255261
"password": "",
256-
"region_name": ""
262+
"region_name": "",
263+
"trust_id": "",
257264
}
258265
self._assert_password_auth(flag, kwargs)
259266

@@ -271,7 +278,8 @@ def test_only_domain_id_flow(self):
271278
"project_domain_name": "",
272279
"username": "",
273280
"password": "",
274-
"region_name": ""
281+
"region_name": "",
282+
"trust_id": "",
275283
}
276284
self._assert_password_auth(flag, kwargs)
277285

@@ -289,7 +297,8 @@ def test_only_domain_name_flow(self):
289297
"project_domain_name": "",
290298
"username": "",
291299
"password": "",
292-
"region_name": ""
300+
"region_name": "",
301+
"trust_id": "",
293302
}
294303
self._assert_password_auth(flag, kwargs)
295304

@@ -307,7 +316,8 @@ def test_only_user_domain_id_flow(self):
307316
"project_domain_name": "",
308317
"username": "",
309318
"password": "",
310-
"region_name": ""
319+
"region_name": "",
320+
"trust_id": "",
311321
}
312322
self._assert_password_auth(flag, kwargs)
313323

@@ -325,7 +335,8 @@ def test_only_user_domain_name_flow(self):
325335
"project_domain_name": "",
326336
"username": "",
327337
"password": "",
328-
"region_name": ""
338+
"region_name": "",
339+
"trust_id": "",
329340
}
330341
self._assert_password_auth(flag, kwargs)
331342

@@ -343,7 +354,8 @@ def test_only_project_domain_id_flow(self):
343354
"project_domain_name": "",
344355
"username": "",
345356
"password": "",
346-
"region_name": ""
357+
"region_name": "",
358+
"trust_id": "",
347359
}
348360
self._assert_password_auth(flag, kwargs)
349361

@@ -361,7 +373,8 @@ def test_only_project_domain_name_flow(self):
361373
"project_domain_name": DEFAULT_PROJECT_DOMAIN_NAME,
362374
"username": "",
363375
"password": "",
364-
"region_name": ""
376+
"region_name": "",
377+
"trust_id": "",
365378
}
366379
self._assert_password_auth(flag, kwargs)
367380

@@ -379,7 +392,8 @@ def test_only_username_flow(self):
379392
"project_domain_name": "",
380393
"username": DEFAULT_USERNAME,
381394
"password": "",
382-
"region_name": ""
395+
"region_name": "",
396+
"trust_id": "",
383397
}
384398
self._assert_password_auth(flag, kwargs)
385399

@@ -397,7 +411,8 @@ def test_only_password_flow(self):
397411
"project_domain_name": "",
398412
"username": "",
399413
"password": DEFAULT_PASSWORD,
400-
"region_name": ""
414+
"region_name": "",
415+
"trust_id": "",
401416
}
402417
self._assert_password_auth(flag, kwargs)
403418

@@ -415,7 +430,27 @@ def test_only_region_name_flow(self):
415430
"project_domain_name": "",
416431
"username": "",
417432
"password": "",
418-
"region_name": DEFAULT_REGION_NAME
433+
"region_name": DEFAULT_REGION_NAME,
434+
"trust_id": "",
435+
}
436+
self._assert_password_auth(flag, kwargs)
437+
438+
def test_only_trust_id_flow(self):
439+
flag = "--os-trust-id " + "1234"
440+
kwargs = {
441+
"auth_url": "",
442+
"project_id": "",
443+
"project_name": "",
444+
"domain_id": "",
445+
"domain_name": "",
446+
"user_domain_id": "",
447+
"user_domain_name": "",
448+
"project_domain_id": "",
449+
"project_domain_name": "",
450+
"username": "",
451+
"password": "",
452+
"region_name": "",
453+
"trust_id": "1234",
419454
}
420455
self._assert_password_auth(flag, kwargs)
421456

0 commit comments

Comments
 (0)