def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# FIXME(gyee): there are two scenarios:
#
# 1. user update password for himself
# 2. admin update password on behalf of the user. This is an unlikely
# scenario because that will require admin knowing the user's
# original password which is forbidden under most security
# policies.
#
# Of the two scenarios above, user either authenticate using its
# original password or an authentication token. For scenario #1,
# if user is authenticating with its original password (i.e. passing
# --os-password argument), we can just make use of it instead of using
# --original-password or prompting. For scenario #2, admin will need
# to specify --original-password option or this won't work because
# --os-password is the admin's own password. In the future if we stop
# supporting scenario #2 then we can just do this.
#
# current_password = (parsed_args.original_password or
# self.app.cloud.password)
#
current_password = parsed_args.original_password
if current_password is None:
current_password = utils.get_password(
self.app.stdin, prompt="Current Password:"******"New Password:")
identity_client.users.update_password(current_password, password)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# FIXME(gyee): there are two scenarios:
#
# 1. user update password for himself
# 2. admin update password on behalf of the user. This is an unlikely
# scenario because that will require admin knowing the user's
# original password which is forbidden under most security
# policies.
#
# Of the two scenarios above, user either authenticate using its
# original password or an authentication token. For scenario #1,
# if user is authenticating with its original password (i.e. passing
# --os-password argument), we can just make use of it instead of using
# --original-password or prompting. For scenario #2, admin will need
# to specify --original-password option or this won't work because
# --os-password is the admin's own password. In the future if we stop
# supporting scenario #2 then we can just do this.
#
# current_password = (parsed_args.original_password or
# self.app.cloud.password)
#
current_password = parsed_args.original_password
if current_password is None:
current_password = utils.get_password(self.app.stdin,
prompt="Current Password:"******"New Password:")
identity_client.users.update_password(current_password, password)
def take_action(self, parsed_args):
self.log.debug("take_action(%s)", parsed_args)
client = self.app.client_manager.data_processing
jb_id = utils.get_resource_id(
client.job_binaries, parsed_args.job_binary)
if parsed_args.json:
blob = osc_utils.read_blob_file_contents(parsed_args.json)
try:
template = jsonutils.loads(blob)
except ValueError as e:
raise exceptions.CommandError(
'An error occurred when reading '
'template from file %s: %s' % (parsed_args.json, e))
data = client.job_binaries.update(jb_id, template).to_dict()
else:
if parsed_args.password_prompt:
parsed_args.password = osc_utils.get_password(
self.app.stdin, confirm=False)
if parsed_args.secret_key_prompt:
parsed_args.secret_key = osc_utils.get_password(
self.app.stdin, confirm=False)
extra = {}
if parsed_args.password:
extra['password'] = parsed_args.password
if parsed_args.username:
extra['user'] = parsed_args.username
if parsed_args.access_key:
extra['accesskey'] = parsed_args.access_key
if parsed_args.secret_key:
extra['secretkey'] = parsed_args.secret_key
if parsed_args.s3_endpoint:
extra['endpoint'] = parsed_args.s3_endpoint
if not extra:
extra = None
update_fields = utils.create_dict_from_kwargs(
name=parsed_args.name, url=parsed_args.url,
description=parsed_args.description,
extra=extra, is_public=parsed_args.is_public,
is_protected=parsed_args.is_protected
)
data = client.job_binaries.update(
jb_id, update_fields).to_dict()
data = utils.prepare_data(data, JOB_BINARY_FIELDS)
return self.dict2columns(data)
def take_action(self, parsed_args):
self.log.debug("take_action(%s)", parsed_args)
client = self.app.client_manager.data_processing
jb_id = utils.get_resource_id(client.job_binaries,
parsed_args.job_binary)
if parsed_args.json:
blob = osc_utils.read_blob_file_contents(parsed_args.json)
try:
template = jsonutils.loads(blob)
except ValueError as e:
raise exceptions.CommandError('An error occurred when reading '
'template from file %s: %s' %
(parsed_args.json, e))
data = client.job_binaries.update(jb_id, template).to_dict()
else:
if parsed_args.password_prompt:
parsed_args.password = osc_utils.get_password(self.app.stdin,
confirm=False)
if parsed_args.secret_key_prompt:
parsed_args.secret_key = osc_utils.get_password(self.app.stdin,
confirm=False)
extra = {}
if parsed_args.password:
extra['password'] = parsed_args.password
if parsed_args.username:
extra['user'] = parsed_args.username
if parsed_args.access_key:
extra['accesskey'] = parsed_args.access_key
if parsed_args.secret_key:
extra['secretkey'] = parsed_args.secret_key
if parsed_args.s3_endpoint:
extra['endpoint'] = parsed_args.s3_endpoint
if not extra:
extra = None
update_fields = utils.create_dict_from_kwargs(
name=parsed_args.name,
url=parsed_args.url,
description=parsed_args.description,
extra=extra,
is_public=parsed_args.is_public,
is_protected=parsed_args.is_protected)
data = client.job_binaries.update(jb_id, update_fields).to_dict()
data = utils.prepare_data(data, JOB_BINARY_FIELDS)
return self.dict2columns(data)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# FIXME(gyee): there are two scenarios:
#
# 1. user update password for himself
# 2. admin update password on behalf of the user. This is an unlikely
# scenario because that will require admin knowing the user's
# original password which is forbidden under most security
# policies.
#
# Of the two scenarios above, user either authenticate using its
# original password or an authentication token. For scenario #1,
# if user is authenticating with its original password (i.e. passing
# --os-password argument), we can just make use of it instead of using
# --original-password or prompting. For scenario #2, admin will need
# to specify --original-password option or this won't work because
# --os-password is the admin's own password. In the future if we stop
# supporting scenario #2 then we can just do this.
#
# current_password = (parsed_args.original_password or
# self.app.cloud.password)
#
current_password = parsed_args.original_password
if current_password is None:
current_password = utils.get_password(
self.app.stdin, prompt="Current Password:"******"New Password:"******"No password was supplied, authentication will fail "
"when a user does not have a password."))
identity_client.users.update_password(current_password, password)
# retrieve the authentication information from the cached token session
session_auth = identity_client.session.auth
username = ""
if "username" in session_auth.__dict__:
username = session_auth.username
elif "_username" in session_auth.__dict__:
username = session_auth._username
if username == 'admin' :
print("Warning: '%s' password changed. Please wait 5 minutes "
"before Locking/Unlocking the controllers for the password "
"change to come into effect\n" %(username))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def test_get_password_bad_once(self):
answers = [PASSWORD, WASSPORD, DROWSSAP, DROWSSAP]
with mock.patch("getpass.getpass", side_effect=answers):
mock_stdin = mock.Mock()
mock_stdin.isatty = mock.Mock()
mock_stdin.isatty.return_value = True
self.assertEqual(DROWSSAP, utils.get_password(mock_stdin))
def test_get_password_bad_once(self):
answers = [PASSWORD, WASSPORD, DROWSSAP, DROWSSAP]
with mock.patch("getpass.getpass", side_effect=answers):
mock_stdin = mock.Mock()
mock_stdin.isatty = mock.Mock()
mock_stdin.isatty.return_value = True
self.assertEqual(DROWSSAP, utils.get_password(mock_stdin))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
self.log.debug("take_action(%s)", parsed_args)
client = self.app.client_manager.data_processing
if parsed_args.json:
blob = osc_utils.read_blob_file_contents(parsed_args.json)
try:
template = jsonutils.loads(blob)
except ValueError as e:
raise exceptions.CommandError('An error occurred when reading '
'template from file %s: %s' %
(parsed_args.json, e))
data = client.job_binaries.create(**template).to_dict()
else:
if parsed_args.data:
data = open(parsed_args.data).read()
jbi_id = client.job_binary_internals.create(
parsed_args.name, data).id
parsed_args.url = 'internal-db://' + jbi_id
if parsed_args.password_prompt:
parsed_args.password = osc_utils.get_password(self.app.stdin,
confirm=False)
if parsed_args.password and not parsed_args.username:
raise exceptions.CommandError(
'Username via --username should be provided with password')
if parsed_args.username and not parsed_args.password:
raise exceptions.CommandError(
'Password should be provided via --password or entered '
'interactively with --password-prompt')
if parsed_args.password and parsed_args.username:
extra = {
'user': parsed_args.username,
'password': parsed_args.password
}
else:
extra = None
data = client.job_binaries.create(
name=parsed_args.name,
url=parsed_args.url,
description=parsed_args.description,
extra=extra,
is_public=parsed_args.public,
is_protected=parsed_args.protected).to_dict()
data = utils.prepare_data(data, JOB_BINARY_FIELDS)
return self.dict2columns(data)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.project:
project_id = utils.find_resource(
identity_client.tenants,
parsed_args.project,
).id
else:
project_id = None
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if not parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
try:
user = identity_client.users.create(
parsed_args.name,
parsed_args.password,
parsed_args.email,
tenant_id=project_id,
enabled=enabled,
)
except ks_exc.Conflict:
if parsed_args.or_show:
user = utils.find_resource(
identity_client.users,
parsed_args.name,
)
LOG.info(_('Returning existing user %s'), user.name)
else:
raise
# NOTE(dtroyer): The users.create() method wants 'tenant_id' but
# the returned resource has 'tenantId'. Sigh.
# We're using project_id now inside OSC so there.
if 'tenantId' in user._info:
user._info.update(
{'project_id': user._info.pop('tenantId')}
)
info = {}
info.update(user._info)
return zip(*sorted(six.iteritems(info)))
def take_action(self, parsed_args):
self.log.debug("take_action(%s)" % parsed_args)
client = self.app.client_manager.data_processing
if parsed_args.json:
blob = osc_utils.read_blob_file_contents(parsed_args.json)
try:
template = jsonutils.loads(blob)
except ValueError as e:
raise exceptions.CommandError(
'An error occurred when reading '
'template from file %s: %s' % (parsed_args.json, e))
data = client.job_binaries.create(**template).to_dict()
else:
if parsed_args.data:
data = open(parsed_args.data).read()
jbi_id = client.job_binary_internals.create(
parsed_args.name, data).id
parsed_args.url = 'internal-db://' + jbi_id
if parsed_args.password_prompt:
parsed_args.password = osc_utils.get_password(
self.app.stdin, confirm=False)
if parsed_args.password and not parsed_args.username:
raise exceptions.CommandError(
'Username via --username should be provided with password')
if parsed_args.username and not parsed_args.password:
raise exceptions.CommandError(
'Password should be provided via --password or entered '
'interactively with --password-prompt')
if parsed_args.password and parsed_args.username:
extra = {
'user': parsed_args.username,
'password': parsed_args.password
}
else:
extra = None
data = client.job_binaries.create(
name=parsed_args.name, url=parsed_args.url,
description=parsed_args.description, extra=extra,
is_public=parsed_args.public,
is_protected=parsed_args.protected).to_dict()
data = utils.prepare_data(data, JOB_BINARY_FIELDS)
return self.dict2columns(data)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.project:
project_id = utils.find_resource(
identity_client.tenants,
parsed_args.project,
).id
else:
project_id = None
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if not parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
try:
user = identity_client.users.create(
parsed_args.name,
parsed_args.password,
parsed_args.email,
tenant_id=project_id,
enabled=enabled,
)
except ks_exc.Conflict:
if parsed_args.or_show:
user = utils.find_resource(
identity_client.users,
parsed_args.name,
)
LOG.info(_('Returning existing user %s'), user.name)
else:
raise
# NOTE(dtroyer): The users.create() method wants 'tenant_id' but
# the returned resource has 'tenantId'. Sigh.
# We're using project_id now inside OSC so there.
if 'tenantId' in user._info:
user._info.update(
{'project_id': user._info.pop('tenantId')}
)
info = {}
info.update(user._info)
return zip(*sorted(six.iteritems(info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
options = _get_options_for_user(identity_client, parsed_args)
if options:
kwargs['options'] = options
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user_str = common._get_token_resource(identity_client, 'user',
parsed_args.user,
parsed_args.domain)
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
user = utils.find_resource(identity_client.users,
user_str,
domain_id=domain.id)
else:
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
if user.name == 'admin' and 'password' in kwargs :
print("Warning: '%s' password changed. Please wait 5 minutes "
"before Locking/Unlocking the controllers for the password "
"change to come into effect\n" %(user.name))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_id = None
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
domain_id = None
if parsed_args.domain:
domain_id = common.find_domain(identity_client,
parsed_args.domain).id
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if not parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
options = _get_options_for_user(identity_client, parsed_args)
try:
user = identity_client.users.create(
name=parsed_args.name,
domain=domain_id,
default_project=project_id,
password=parsed_args.password,
email=parsed_args.email,
description=parsed_args.description,
enabled=enabled,
options=options,
)
except ks_exc.Conflict:
if parsed_args.or_show:
user = utils.find_resource(identity_client.users,
parsed_args.name,
domain_id=domain_id)
LOG.info(_('Returning existing user %s'), user.name)
else:
raise
user._info.pop('links')
return zip(*sorted(user._info.items()))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_id = None
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
domain_id = None
if parsed_args.domain:
domain_id = common.find_domain(identity_client,
parsed_args.domain).id
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if not parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
try:
user = identity_client.users.create(
name=parsed_args.name,
domain=domain_id,
default_project=project_id,
password=parsed_args.password,
email=parsed_args.email,
description=parsed_args.description,
enabled=enabled
)
except ks_exc.Conflict:
if parsed_args.or_show:
user = utils.find_resource(identity_client.users,
parsed_args.name,
domain_id=domain_id)
LOG.info(_('Returning existing user %s'), user.name)
else:
raise
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(
_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
if parsed_args.password:
identity_client.users.update_password(
user.id,
parsed_args.password,
)
if parsed_args.project:
project = utils.find_resource(
identity_client.tenants,
parsed_args.project,
)
identity_client.users.update_tenant(
user.id,
project.id,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if (not parsed_args.name
and not parsed_args.name
and not parsed_args.password
and not parsed_args.email
and not parsed_args.project
and not parsed_args.description
and not parsed_args.enable
and not parsed_args.disable):
sys.stderr.write(_("Incorrect set of arguments provided. "
"See openstack --help for more details\n"))
return
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
if parsed_args.password:
kwargs['password'] = parsed_args.password
if parsed_args.description:
kwargs['description'] = parsed_args.description
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
kwargs['default_project'] = project_id
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
if '' == parsed_args.password:
LOG.warning(_("No password was supplied, authentication will fail "
"when a user does not have a password."))
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
if parsed_args.password:
identity_client.users.update_password(
user.id,
parsed_args.password,
)
if parsed_args.project:
project = utils.find_resource(
identity_client.tenants,
parsed_args.project,
)
identity_client.users.update_tenant(
user.id,
project.id,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
project_id = None
if parsed_args.project:
project_id = common.find_project(identity_client,
parsed_args.project,
parsed_args.project_domain).id
domain_id = None
if parsed_args.domain:
domain_id = common.find_domain(identity_client,
parsed_args.domain).id
enabled = True
if parsed_args.disable:
enabled = False
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
try:
user = identity_client.users.create(
name=parsed_args.name,
domain=domain_id,
default_project=project_id,
password=parsed_args.password,
email=parsed_args.email,
description=parsed_args.description,
enabled=enabled)
except ks_exc.Conflict:
if parsed_args.or_show:
user = utils.find_resource(identity_client.users,
parsed_args.name,
domain_id=domain_id)
LOG.info(_('Returning existing user %s'), user.name)
else:
raise
user._info.pop('links')
return zip(*sorted(six.iteritems(user._info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
if parsed_args.password:
identity_client.users.update_password(
user.id,
parsed_args.password,
)
if parsed_args.project:
project = utils.find_resource(
identity_client.tenants,
parsed_args.project,
)
identity_client.users.update_tenant(
user.id,
project.id,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.password_prompt:
parsed_args.password = utils.get_password(self.app.stdin)
user = utils.find_resource(
identity_client.users,
parsed_args.user,
)
if parsed_args.password:
identity_client.users.update_password(
user.id,
parsed_args.password,
)
if parsed_args.project:
project = utils.find_resource(
identity_client.tenants,
parsed_args.project,
)
identity_client.users.update_tenant(
user.id,
project.id,
)
kwargs = {}
if parsed_args.name:
kwargs['name'] = parsed_args.name
if parsed_args.email:
kwargs['email'] = parsed_args.email
kwargs['enabled'] = user.enabled
if parsed_args.enable:
kwargs['enabled'] = True
if parsed_args.disable:
kwargs['enabled'] = False
identity_client.users.update(user.id, **kwargs)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
image_client = self.app.client_manager.image
for deadopt in self.deadopts:
if getattr(parsed_args, deadopt.replace('-', '_'), None):
raise exceptions.CommandError(
_("ERROR: --%s was given, which is an Image v1 option"
" that is no longer supported in Image v2") % deadopt)
# Build an attribute dict from the parsed args, only include
# attributes that were actually set on the command line
kwargs = {}
copy_attrs = ('name', 'id', 'container_format', 'disk_format',
'min_disk', 'min_ram', 'tags', 'visibility')
for attr in copy_attrs:
if attr in parsed_args:
val = getattr(parsed_args, attr, None)
if val:
# Only include a value in kwargs for attributes that
# are actually present on the command line
kwargs[attr] = val
# properties should get flattened into the general kwargs
if getattr(parsed_args, 'properties', None):
for k, v in six.iteritems(parsed_args.properties):
kwargs[k] = str(v)
# Handle exclusive booleans with care
# Avoid including attributes in kwargs if an option is not
# present on the command line. These exclusive booleans are not
# a single value for the pair of options because the default must be
# to do nothing when no options are present as opposed to always
# setting a default.
if parsed_args.protected:
kwargs['protected'] = True
if parsed_args.unprotected:
kwargs['protected'] = False
if parsed_args.public:
kwargs['visibility'] = 'public'
if parsed_args.private:
kwargs['visibility'] = 'private'
if parsed_args.community:
kwargs['visibility'] = 'community'
if parsed_args.shared:
kwargs['visibility'] = 'shared'
# Handle deprecated --owner option
project_arg = parsed_args.project
if parsed_args.owner:
project_arg = parsed_args.owner
LOG.warning(
_('The --owner option is deprecated, '
'please use --project instead.'))
if project_arg:
kwargs['owner'] = common.find_project(
identity_client,
project_arg,
parsed_args.project_domain,
).id
# open the file first to ensure any failures are handled before the
# image is created
fp = gc_utils.get_data_file(parsed_args)
info = {}
if fp is not None and parsed_args.volume:
raise exceptions.CommandError(
_("Uploading data and using "
"container are not allowed at "
"the same time"))
if fp is None and parsed_args.file:
LOG.warning(_("Failed to get an image file."))
return {}, {}
if parsed_args.owner:
kwargs['owner'] = common.find_project(
identity_client,
parsed_args.owner,
parsed_args.project_domain,
).id
# sign an image using a given local private key file
if parsed_args.sign_key_path or parsed_args.sign_cert_id:
if not parsed_args.file:
msg = (_("signing an image requires the --file option, "
"passing files via stdin when signing is not "
"supported."))
raise exceptions.CommandError(msg)
if (len(parsed_args.sign_key_path) < 1
or len(parsed_args.sign_cert_id) < 1):
msg = (_("'sign-key-path' and 'sign-cert-id' must both be "
"specified when attempting to sign an image."))
raise exceptions.CommandError(msg)
else:
sign_key_path = parsed_args.sign_key_path
sign_cert_id = parsed_args.sign_cert_id
signer = image_signer.ImageSigner()
try:
pw = utils.get_password(
self.app.stdin,
prompt=("Please enter private key password, leave "
"empty if none: "),
confirm=False)
if not pw or len(pw) < 1:
pw = None
signer.load_private_key(sign_key_path, password=pw)
except Exception:
msg = (_("Error during sign operation: private key could "
"not be loaded."))
raise exceptions.CommandError(msg)
signature = signer.generate_signature(fp)
signature_b64 = b64encode(signature)
kwargs['img_signature'] = signature_b64
kwargs['img_signature_certificate_uuid'] = sign_cert_id
kwargs['img_signature_hash_method'] = signer.hash_method
if signer.padding_method:
kwargs['img_signature_key_type'] = signer.padding_method
# If a volume is specified.
if parsed_args.volume:
volume_client = self.app.client_manager.volume
source_volume = utils.find_resource(
volume_client.volumes,
parsed_args.volume,
)
response, body = volume_client.volumes.upload_to_image(
source_volume.id,
parsed_args.force,
parsed_args.name,
parsed_args.container_format,
parsed_args.disk_format,
)
info = body['os-volume_upload_image']
try:
info['volume_type'] = info['volume_type']['name']
except TypeError:
info['volume_type'] = None
else:
image = image_client.images.create(**kwargs)
if fp is not None:
with fp:
try:
image_client.images.upload(image.id, fp)
except Exception:
# If the upload fails for some reason attempt to remove the
# dangling queued image made by the create() call above but
# only if the user did not specify an id which indicates
# the Image already exists and should be left alone.
try:
if 'id' not in kwargs:
image_client.images.delete(image.id)
except Exception:
pass # we don't care about this one
raise # now, throw the upload exception again
# update the image after the data has been uploaded
image = image_client.images.get(image.id)
if not info:
info = _format_image(image)
return zip(*sorted(six.iteritems(info)))
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
image_client = self.app.client_manager.image
for deadopt in self.deadopts:
if getattr(parsed_args, deadopt.replace('-', '_'), None):
raise exceptions.CommandError(
_("ERROR: --%s was given, which is an Image v1 option"
" that is no longer supported in Image v2") % deadopt)
# Build an attribute dict from the parsed args, only include
# attributes that were actually set on the command line
kwargs = {}
copy_attrs = ('name', 'id',
'container_format', 'disk_format',
'min_disk', 'min_ram', 'tags', 'visibility')
for attr in copy_attrs:
if attr in parsed_args:
val = getattr(parsed_args, attr, None)
if val:
# Only include a value in kwargs for attributes that
# are actually present on the command line
kwargs[attr] = val
# properties should get flattened into the general kwargs
if getattr(parsed_args, 'properties', None):
for k, v in six.iteritems(parsed_args.properties):
kwargs[k] = str(v)
# Handle exclusive booleans with care
# Avoid including attributes in kwargs if an option is not
# present on the command line. These exclusive booleans are not
# a single value for the pair of options because the default must be
# to do nothing when no options are present as opposed to always
# setting a default.
if parsed_args.protected:
kwargs['protected'] = True
if parsed_args.unprotected:
kwargs['protected'] = False
if parsed_args.public:
kwargs['visibility'] = 'public'
if parsed_args.private:
kwargs['visibility'] = 'private'
if parsed_args.community:
kwargs['visibility'] = 'community'
if parsed_args.shared:
kwargs['visibility'] = 'shared'
# Handle deprecated --owner option
project_arg = parsed_args.project
if parsed_args.owner:
project_arg = parsed_args.owner
LOG.warning(_('The --owner option is deprecated, '
'please use --project instead.'))
if project_arg:
kwargs['owner'] = common.find_project(
identity_client,
project_arg,
parsed_args.project_domain,
).id
# open the file first to ensure any failures are handled before the
# image is created
fp = gc_utils.get_data_file(parsed_args)
info = {}
if fp is not None and parsed_args.volume:
raise exceptions.CommandError(_("Uploading data and using "
"container are not allowed at "
"the same time"))
if fp is None and parsed_args.file:
LOG.warning(_("Failed to get an image file."))
return {}, {}
if parsed_args.owner:
kwargs['owner'] = common.find_project(
identity_client,
parsed_args.owner,
parsed_args.project_domain,
).id
# sign an image using a given local private key file
if parsed_args.sign_key_path or parsed_args.sign_cert_id:
if not parsed_args.file:
msg = (_("signing an image requires the --file option, "
"passing files via stdin when signing is not "
"supported."))
raise exceptions.CommandError(msg)
if (len(parsed_args.sign_key_path) < 1 or
len(parsed_args.sign_cert_id) < 1):
msg = (_("'sign-key-path' and 'sign-cert-id' must both be "
"specified when attempting to sign an image."))
raise exceptions.CommandError(msg)
else:
sign_key_path = parsed_args.sign_key_path
sign_cert_id = parsed_args.sign_cert_id
signer = image_signer.ImageSigner()
try:
pw = utils.get_password(
self.app.stdin,
prompt=("Please enter private key password, leave "
"empty if none: "),
confirm=False)
if not pw or len(pw) < 1:
pw = None
signer.load_private_key(
sign_key_path,
password=pw)
except Exception:
msg = (_("Error during sign operation: private key could "
"not be loaded."))
raise exceptions.CommandError(msg)
signature = signer.generate_signature(fp)
signature_b64 = b64encode(signature)
kwargs['img_signature'] = signature_b64
kwargs['img_signature_certificate_uuid'] = sign_cert_id
kwargs['img_signature_hash_method'] = signer.hash_method
if signer.padding_method:
kwargs['img_signature_key_type'] = signer.padding_method
# If a volume is specified.
if parsed_args.volume:
volume_client = self.app.client_manager.volume
source_volume = utils.find_resource(
volume_client.volumes,
parsed_args.volume,
)
response, body = volume_client.volumes.upload_to_image(
source_volume.id,
parsed_args.force,
parsed_args.name,
parsed_args.container_format,
parsed_args.disk_format,
)
info = body['os-volume_upload_image']
try:
info['volume_type'] = info['volume_type']['name']
except TypeError:
info['volume_type'] = None
else:
image = image_client.images.create(**kwargs)
if fp is not None:
with fp:
try:
image_client.images.upload(image.id, fp)
except Exception:
# If the upload fails for some reason attempt to remove the
# dangling queued image made by the create() call above but
# only if the user did not specify an id which indicates
# the Image already exists and should be left alone.
try:
if 'id' not in kwargs:
image_client.images.delete(image.id)
except Exception:
pass # we don't care about this one
raise # now, throw the upload exception again
# update the image after the data has been uploaded
image = image_client.images.get(image.id)
if not info:
info = _format_image(image)
return zip(*sorted(six.iteritems(info)))
def take_action(self, parsed_args):
self.log.debug("take_action(%s)", parsed_args)
client = self.app.client_manager.data_processing
if parsed_args.json:
blob = osc_utils.read_blob_file_contents(parsed_args.json)
try:
template = jsonutils.loads(blob)
except ValueError as e:
raise exceptions.CommandError('An error occurred when reading '
'template from file %s: %s' %
(parsed_args.json, e))
data = client.job_binaries.create(**template).to_dict()
else:
if parsed_args.password_prompt:
parsed_args.password = osc_utils.get_password(self.app.stdin,
confirm=False)
if parsed_args.secret_key_prompt:
parsed_args.secret_key = osc_utils.get_password(self.app.stdin,
confirm=False)
if not parsed_args.password:
parsed_args.password = parsed_args.secret_key
if not parsed_args.username:
parsed_args.username = parsed_args.access_key
if parsed_args.password and not parsed_args.username:
raise exceptions.CommandError(
'Username via --username, or S3 access key via '
'--access-key should be provided with password')
if parsed_args.username and not parsed_args.password:
raise exceptions.CommandError(
'Password should be provided via --password or '
'--secret-key, or entered interactively with '
'--password-prompt or --secret-key-prompt')
if parsed_args.password and parsed_args.username:
if not parsed_args.url:
raise exceptions.CommandError(
'URL must be provided via --url')
if parsed_args.url.startswith('s3'):
if not parsed_args.s3_endpoint:
raise exceptions.CommandError(
'S3 job binaries need an endpoint provided via '
'--s3-endpoint')
extra = {
'accesskey': parsed_args.username,
'secretkey': parsed_args.password,
'endpoint': parsed_args.s3_endpoint,
}
else:
extra = {
'user': parsed_args.username,
'password': parsed_args.password
}
else:
extra = None
data = client.job_binaries.create(
name=parsed_args.name,
url=parsed_args.url,
description=parsed_args.description,
extra=extra,
is_public=parsed_args.public,
is_protected=parsed_args.protected).to_dict()
data = utils.prepare_data(data, jb_v1.JOB_BINARY_FIELDS)
return self.dict2columns(data)
def test_get_password_good(self):
with mock.patch("getpass.getpass", return_value=PASSWORD):
mock_stdin = mock.Mock()
mock_stdin.isatty = mock.Mock()
mock_stdin.isatty.return_value = True
self.assertEqual(PASSWORD, utils.get_password(mock_stdin))
def test_get_password_good(self):
with mock.patch("getpass.getpass", return_value=PASSWORD):
mock_stdin = mock.Mock()
mock_stdin.isatty = mock.Mock()
mock_stdin.isatty.return_value = True
self.assertEqual(PASSWORD, utils.get_password(mock_stdin))
def take_action(self, parsed_args):
self.log.debug("take_action(%s)", parsed_args)
client = self.app.client_manager.data_processing
if parsed_args.json:
blob = osc_utils.read_blob_file_contents(parsed_args.json)
try:
template = jsonutils.loads(blob)
except ValueError as e:
raise exceptions.CommandError(
'An error occurred when reading '
'template from file %s: %s' % (parsed_args.json, e))
data = client.job_binaries.create(**template).to_dict()
else:
if parsed_args.password_prompt:
parsed_args.password = osc_utils.get_password(
self.app.stdin, confirm=False)
if parsed_args.secret_key_prompt:
parsed_args.secret_key = osc_utils.get_password(
self.app.stdin, confirm=False)
if not parsed_args.password:
parsed_args.password = parsed_args.secret_key
if not parsed_args.username:
parsed_args.username = parsed_args.access_key
if parsed_args.password and not parsed_args.username:
raise exceptions.CommandError(
'Username via --username, or S3 access key via '
'--access-key should be provided with password')
if parsed_args.username and not parsed_args.password:
raise exceptions.CommandError(
'Password should be provided via --password or '
'--secret-key, or entered interactively with '
'--password-prompt or --secret-key-prompt')
if parsed_args.password and parsed_args.username:
if not parsed_args.url:
raise exceptions.CommandError(
'URL must be provided via --url')
if parsed_args.url.startswith('s3'):
if not parsed_args.s3_endpoint:
raise exceptions.CommandError(
'S3 job binaries need an endpoint provided via '
'--s3-endpoint')
extra = {
'accesskey': parsed_args.username,
'secretkey': parsed_args.password,
'endpoint': parsed_args.s3_endpoint,
}
else:
extra = {
'user': parsed_args.username,
'password': parsed_args.password
}
else:
extra = None
data = client.job_binaries.create(
name=parsed_args.name, url=parsed_args.url,
description=parsed_args.description, extra=extra,
is_public=parsed_args.public,
is_protected=parsed_args.protected).to_dict()
data = utils.prepare_data(data, jb_v1.JOB_BINARY_FIELDS)
return self.dict2columns(data)
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
image_client = self.app.client_manager.image
for deadopt in self.deadopts:
if getattr(parsed_args, deadopt.replace('-', '_'), None):
raise exceptions.CommandError(
_("ERROR: --%s was given, which is an Image v1 option"
" that is no longer supported in Image v2") % deadopt)
# Build an attribute dict from the parsed args, only include
# attributes that were actually set on the command line
kwargs = {}
copy_attrs = ('name', 'id',
'container_format', 'disk_format',
'min_disk', 'min_ram', 'tags', 'visibility')
for attr in copy_attrs:
if attr in parsed_args:
val = getattr(parsed_args, attr, None)
if val:
# Only include a value in kwargs for attributes that
# are actually present on the command line
kwargs[attr] = val
# properties should get flattened into the general kwargs
if getattr(parsed_args, 'properties', None):
for k, v in parsed_args.properties.items():
kwargs[k] = str(v)
# Handle exclusive booleans with care
# Avoid including attributes in kwargs if an option is not
# present on the command line. These exclusive booleans are not
# a single value for the pair of options because the default must be
# to do nothing when no options are present as opposed to always
# setting a default.
if parsed_args.protected:
kwargs['is_protected'] = True
if parsed_args.unprotected:
kwargs['is_protected'] = False
if parsed_args.public:
kwargs['visibility'] = 'public'
if parsed_args.private:
kwargs['visibility'] = 'private'
if parsed_args.community:
kwargs['visibility'] = 'community'
if parsed_args.shared:
kwargs['visibility'] = 'shared'
if parsed_args.project:
kwargs['owner_id'] = common.find_project(
identity_client,
parsed_args.project,
parsed_args.project_domain,
).id
if parsed_args.use_import:
kwargs['use_import'] = True
# open the file first to ensure any failures are handled before the
# image is created. Get the file name (if it is file, and not stdin)
# for easier further handling.
(fp, fname) = get_data_file(parsed_args)
info = {}
if fp is not None and parsed_args.volume:
raise exceptions.CommandError(_("Uploading data and using "
"container are not allowed at "
"the same time"))
if fp is None and parsed_args.file:
LOG.warning(_("Failed to get an image file."))
return {}, {}
elif fname:
kwargs['filename'] = fname
elif fp:
kwargs['validate_checksum'] = False
kwargs['data'] = fp
# sign an image using a given local private key file
if parsed_args.sign_key_path or parsed_args.sign_cert_id:
if not parsed_args.file:
msg = (_("signing an image requires the --file option, "
"passing files via stdin when signing is not "
"supported."))
raise exceptions.CommandError(msg)
if (len(parsed_args.sign_key_path) < 1 or
len(parsed_args.sign_cert_id) < 1):
msg = (_("'sign-key-path' and 'sign-cert-id' must both be "
"specified when attempting to sign an image."))
raise exceptions.CommandError(msg)
else:
sign_key_path = parsed_args.sign_key_path
sign_cert_id = parsed_args.sign_cert_id
signer = image_signer.ImageSigner()
try:
pw = utils.get_password(
self.app.stdin,
prompt=("Please enter private key password, leave "
"empty if none: "),
confirm=False)
if not pw or len(pw) < 1:
pw = None
else:
# load_private_key() requires the password to be
# passed as bytes
pw = pw.encode()
signer.load_private_key(
sign_key_path,
password=pw)
except Exception:
msg = (_("Error during sign operation: private key "
"could not be loaded."))
raise exceptions.CommandError(msg)
signature = signer.generate_signature(fp)
signature_b64 = b64encode(signature)
kwargs['img_signature'] = signature_b64
kwargs['img_signature_certificate_uuid'] = sign_cert_id
kwargs['img_signature_hash_method'] = signer.hash_method
if signer.padding_method:
kwargs['img_signature_key_type'] = \
signer.padding_method
# If a volume is specified.
if parsed_args.volume:
volume_client = self.app.client_manager.volume
source_volume = utils.find_resource(
volume_client.volumes,
parsed_args.volume,
)
response, body = volume_client.volumes.upload_to_image(
source_volume.id,
parsed_args.force,
parsed_args.name,
parsed_args.container_format,
parsed_args.disk_format,
)
info = body['os-volume_upload_image']
try:
info['volume_type'] = info['volume_type']['name']
except TypeError:
info['volume_type'] = None
else:
image = image_client.create_image(**kwargs)
if not info:
info = _format_image(image)
return zip(*sorted(info.items()))
