From 3e2415b6d27335c30f5b42141db6dca6fd1060c6 Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Fri, 2 Aug 2013 14:50:09 +0200 Subject: [PATCH 1/2] Argument parsing and checking - allow token authentication This expands the argument parser and ensure_auth_info method to provide alternative means of authentication. Up to now the CLI required username, password, tenant and Keystone URL. Now user can also provide auth token and Tuskar URL (alternatively Keystone URL instead of Tuskar URL, in that case the Tuskar URL would be fetched from Keystone). --- tuskarclient/shell.py | 37 +++++++++++++++++++++----------- tuskarclient/tests/test_shell.py | 37 ++++++++++++++++++++++++++++++++ tuskarclient/v1/argparsers.py | 14 ++++++++++++ 3 files changed, 75 insertions(+), 13 deletions(-) diff --git a/tuskarclient/shell.py b/tuskarclient/shell.py index 066f745..b5368d2 100755 --- a/tuskarclient/shell.py +++ b/tuskarclient/shell.py @@ -40,22 +40,33 @@ class TuskarShell(object): self._ensure_auth_info(args) def _ensure_auth_info(self, args): - if not args.os_username: - raise UsageError("You must provide username via either " - "--os-username or env[OS_USERNAME]") + '''Ensure that authentication information is provided. Two variants + of authentication are supported: + - provide username, password, tenant and auth url + - provide token and tuskar url (or auth url instead of tuskar url) + ''' + if not args.os_auth_token: + if not args.os_username: + raise UsageError("You must provide username via either " + "--os-username or env[OS_USERNAME]") - if not args.os_password: - raise UsageError("You must provide password via either " - "--os-password or env[OS_PASSWORD]") + if not args.os_password: + raise UsageError("You must provide password via either " + "--os-password or env[OS_PASSWORD]") - if not args.os_tenant_id and not args.os_tenant_name: - raise UsageError("You must provide tenant via either " - "--os-tenant-name or --os-tenant-id or " - "env[OS_TENANT_NAME] or env[OS_TENANT_ID]") + if not args.os_tenant_id and not args.os_tenant_name: + raise UsageError("You must provide tenant via either " + "--os-tenant-name or --os-tenant-id or " + "env[OS_TENANT_NAME] or env[OS_TENANT_ID]") - if not args.os_auth_url: - raise UsageError("You must provide auth URL via either " - "--os-auth-url or env[OS_AUTH_URL]") + if not args.os_auth_url: + raise UsageError("You must provide auth URL via either " + "--os-auth-url or env[OS_AUTH_URL]") + else: + if not args.tuskar_url and not args.os_auth_url: + raise UsageError("You must provide either " + "--tuskar_url or --os_auth_url or " + "env[TUSKAR_URL] or env[OS_AUTH_URL]") class UsageError(Exception): diff --git a/tuskarclient/tests/test_shell.py b/tuskarclient/tests/test_shell.py index 4e0b497..10fd3d9 100644 --- a/tuskarclient/tests/test_shell.py +++ b/tuskarclient/tests/test_shell.py @@ -10,6 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. +from tuskarclient import shell import tuskarclient.tests.utils as tutils @@ -17,3 +18,39 @@ class ShellTest(tutils.TestCase): def setUp(self): super(ShellTest, self).setUp() + self.s = shell.TuskarShell({}) + + def empty_args(self): + args = lambda: None # i'd use object(), but it can't have attributes + args_attributes = [ + 'os_username', 'os_password', 'os_tenant_name', 'os_tenant_id', + 'os_auth_url', 'os_auth_token', 'tuskar_url', + ] + for attr in args_attributes: + setattr(args, attr, None) + + return args + + def test_ensure_auth_info_with_credentials(self): + ensure = self.s._ensure_auth_info + usage_error = shell.UsageError + args = self.empty_args() + + args.os_username = 'user' + args.os_password = 'pass' + args.os_tenant_name = 'tenant' + self.assertRaises(usage_error, ensure, args) + + args.os_auth_url = 'keystone' + ensure(args) # doesn't raise + + def test_ensure_auth_info_with_token(self): + ensure = self.s._ensure_auth_info + usage_error = shell.UsageError + args = self.empty_args() + + args.os_auth_token = 'token' + self.assertRaises(usage_error, ensure, args) + + args.tuskar_url = 'tuskar' + ensure(args) # doesn't raise diff --git a/tuskarclient/v1/argparsers.py b/tuskarclient/v1/argparsers.py index cc4a2eb..4d3613c 100644 --- a/tuskarclient/v1/argparsers.py +++ b/tuskarclient/v1/argparsers.py @@ -70,4 +70,18 @@ def create_top_parser(): help=argparse.SUPPRESS, ) + parser.add_argument('--os-auth-token', + default=utils.env('OS_AUTH_TOKEN'), + help='Defaults to env[OS_AUTH_TOKEN]') + + parser.add_argument('--os_auth_token', + help=argparse.SUPPRESS) + + parser.add_argument('--tuskar-url', + default=utils.env('TUSKAR_URL'), + help='Defaults to env[TUSKAR_URL]') + + parser.add_argument('--tuskar_url', + help=argparse.SUPPRESS) + return parser From c1b74bd237ff1643ba965a47efe3dd97e9a2bf9b Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Fri, 2 Aug 2013 14:54:21 +0200 Subject: [PATCH 2/2] Set default service type to 'management' We don't know yet what service type will be used in Keystone to identify Tuskar service, but it sure won't be 'metering'. We should rather get an unknown service type error than fetch a Ceilometer service URL mistakenly. --- tuskarclient/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tuskarclient/client.py b/tuskarclient/client.py index 164af05..3d40260 100644 --- a/tuskarclient/client.py +++ b/tuskarclient/client.py @@ -35,7 +35,7 @@ def _get_ksclient(**kwargs): def _get_endpoint(client, **kwargs): """Get an endpoint using the provided keystone client.""" return client.service_catalog.url_for( - service_type=kwargs.get('service_type') or 'metering', + service_type=kwargs.get('service_type') or 'management', endpoint_type=kwargs.get('endpoint_type') or 'publicURL')