def test_add_token(self):
data = {
'token': 'Test token',
'user': '******',
'tenant': 'Test tenant',
'expires': '20120104T18:30',
}
manage_api.add_token(**data)
result = manage_api.list_tokens()
user = db_api.USER.get_by_name(data['user'])
tenant = db_api.TENANT.get_by_name(data['tenant'])
self.assertEqual(result, [[data['token'], user['id'],
datetime.datetime(2012, 1, 4, 18, 30),
tenant['id']]])
def process(*args):
"""
Usage: keystone-manage [options] type command [id [attributes]]
type : role, tenant, user, token, endpoint, endpointTemplates
command : add, list, disable, delete, grant, revoke
id : name or id
attributes : depending on type...
users : password, tenant
tokens : user, tenant, expiration
role list [tenant] will list roles granted on that tenant
options
-c | --config-file : config file to use
-d | --debug : debug mode
Example: keystone-manage user add Admin P@ssw0rd
"""
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(
'No obj type specified for first argument')
object_type = args[0]
if object_type not in ['user', 'tenant', 'role', 'service',
'endpointTemplates', 'token', 'endpoint', 'credentials']:
raise optparse.OptParseError(
'%s is not a supported obj type' % object_type)
if len(args) == 1:
raise optparse.OptParseError(
'No command specified for second argument')
command = args[1]
if command not in ['add', 'list', 'disable', 'delete', 'grant', 'revoke']:
raise optparse.OptParseError('add, disable, delete, and list are the '
'only supported commands (right now)')
if len(args) == 2:
if command != 'list':
raise optparse.OptParseError('No id specified for third argument')
if len(args) > 2:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = (lambda args, x: len(args) > x and args[x] or None)
def print_table(header_row, rows):
"""Prints a lists of lists as table in a human readable format"""
print "\t".join(header_row)
print '-' * 79
rows = [[str(col) for col in row] for row in rows]
print "\n".join(["\t".join(row) for row in rows])
# Execute command
if (object_type, command) == ('user', 'add'):
require_args(args, 4, 'No password specified for fourth argument')
if api.add_user(name=object_id, password=args[3],
tenant=optional_arg(args, 4)):
print "SUCCESS: User %s created." % object_id
elif (object_type, command) == ('user', 'disable'):
if api.disable_user(name=object_id):
print "SUCCESS: User %s disabled." % object_id
elif (object_type, command) == ('user', 'list'):
print_table(('id', 'name', 'enabled', 'tenant'), api.list_users())
elif (object_type, command) == ('tenant', 'add'):
if api.add_tenant(name=object_id):
print "SUCCESS: Tenant %s created." % object_id
elif (object_type, command) == ('tenant', 'list'):
print_table(('id', 'name', 'enabled'), api.list_tenants())
elif (object_type, command) == ('tenant', 'disable'):
if api.disable_tenant(name=object_id):
print "SUCCESS: Tenant %s disabled." % object_id
elif (object_type, command) == ('role', 'add'):
if api.add_role(name=object_id):
print "SUCCESS: Role %s created successfully." % object_id
elif (object_type, command) == ('role', 'list'):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print 'Role assignments for tenant %s' % tenant
print_table(('User', 'Role'), api.list_roles(tenant=tenant))
else:
# print without tenants
print_table(('id', 'name'), api.list_roles())
elif (object_type, command) == ('role', 'grant'):
require_args(args, 4, "Missing arguments: role grant 'role' 'user' "
"'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print("SUCCESS: Granted %s the %s role on %s." %
(object_id, args[3], tenant))
elif (object_type, command) == ('endpointTemplates', 'add'):
require_args(args, 9, "Missing arguments: endpointTemplates add "
"'region' 'service' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'")
if api.add_endpoint_template(region=args[2], service=args[3],
public_url=args[4], admin_url=args[5], internal_url=args[6],
enabled=args[7], is_global=args[8]):
print("SUCCESS: Created EndpointTemplates for %s pointing to %s." %
(args[3], args[4]))
elif (object_type, command) == ('endpointTemplates', 'list'):
tenant = optional_arg(args, 2)
if tenant:
print 'Endpoints for tenant %s' % tenant
print_table(('service', 'region', 'Public URL'),
api.list_tenant_endpoints())
else:
print 'All EndpointTemplates'
print_table(('service', 'region', 'Public URL'),
api.list_endpoint_templates())
elif (object_type, command) == ('endpoint', 'add'):
require_args(args, 4, "Missing arguments: endPoint add tenant "
"endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print("SUCCESS: Endpoint %s added to tenant %s." %
(args[3], args[2]))
elif (object_type, command) == ('token', 'add'):
require_args(args, 6, 'Creating a token requires a token id, user, '
'tenant, and expiration')
if api.add_token(token=object_id, user=args[3], tenant=args[4],
expires=args[5]):
print "SUCCESS: Token %s created." % (object_id,)
elif (object_type, command) == ('token', 'list'):
print_table(('token', 'user', 'expiration', 'tenant'),
api.list_tokens())
elif (object_type, command) == ('token', 'delete'):
if api.delete_token(token=object_id):
print 'SUCCESS: Token %s deleted.' % (object_id,)
elif (object_type, command) == ('service', 'add'):
require_args(args, 4, "Missing arguments: service add name "
"type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
if api.add_service(name=object_id, type=type, desc=desc):
print "SUCCESS: Service %s created successfully." % (object_id,)
elif (object_type, command) == ('service', 'list'):
print_table(('id', 'name', 'type'), api.list_services())
elif (object_type, command) == ('credentials', 'add'):
require_args(args, 6, 'Creating a credentials requires a type, key, '
'secret, and tenant_id (id is user_id)')
if api.add_credentials(user=object_id, type=args[3], key=args[4],
secrete=args[5], tenant=optional_arg(args, 6)):
print "SUCCESS: Credentials %s created." % object_id
else:
# Command not handled
print ("ERROR: unrecognized command %s %s" % (object_type, command))
def process(*args):
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(OBJECT_NOT_SPECIFIED)
else:
object_type = args[0]
if object_type not in OBJECTS:
raise optparse.OptParseError(SUPPORTED_OBJECTS)
if len(args) == 1:
raise optparse.OptParseError(ACTION_NOT_SPECIFIED)
else:
action = args[1]
if action not in ACTIONS:
raise optparse.OptParseError(SUPPORTED_ACTIONS)
if len(args) == 2 and action not in ['list']:
raise optparse.OptParseError(ID_NOT_SPECIFIED)
else:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = (lambda args, x: len(args) > x and args[x] or None)
def print_table(header_row, rows):
"""Prints a lists of lists as table in a human readable format"""
print "\t".join(header_row)
print '-' * 79
rows = [[str(col) for col in row] for row in rows]
print "\n".join(["\t".join(row) for row in rows])
# Execute command
if (object_type, action) == ('user', 'add'):
require_args(args, 4, 'No password specified for fourth argument')
if api.add_user(name=object_id, password=args[3],
tenant=optional_arg(args, 4)):
print "SUCCESS: User %s created." % object_id
elif (object_type, action) == ('user', 'list'):
print_table(('id', 'name', 'enabled', 'tenant'), api.list_users())
elif (object_type, action) == ('user', 'disable'):
if api.disable_user(name=object_id):
print "SUCCESS: User %s disabled." % object_id
elif object_type == 'user':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('users'))
elif (object_type, action) == ('tenant', 'add'):
if api.add_tenant(name=object_id):
print "SUCCESS: Tenant %s created." % object_id
elif (object_type, action) == ('tenant', 'list'):
print_table(('id', 'name', 'enabled'), api.list_tenants())
elif (object_type, action) == ('tenant', 'disable'):
if api.disable_tenant(name=object_id):
print "SUCCESS: Tenant %s disabled." % object_id
elif object_type == 'tenant':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tenants'))
elif (object_type, action) == ('role', 'add'):
if api.add_role(name=object_id):
print "SUCCESS: Role %s created successfully." % object_id
elif (object_type, action) == ('role', 'list'):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print 'Role assignments for tenant %s' % tenant
print_table(('User', 'Role'), api.list_roles(tenant=tenant))
else:
# print without tenants
print_table(('id', 'name'), api.list_roles())
elif (object_type, action) == ('role', 'grant'):
require_args(args, 4, "Missing arguments: role grant 'role' 'user' "
"'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print("SUCCESS: Granted %s the %s role on %s." %
(object_id, args[3], tenant))
elif object_type == 'role':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('roles'))
elif (object_type, action) == ('endpointTemplates', 'add'):
require_args(args, 9, "Missing arguments: endpointTemplates add "
"'region' 'service' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'")
if api.add_endpoint_template(region=args[2], service=args[3],
public_url=args[4], admin_url=args[5], internal_url=args[6],
enabled=args[7], is_global=args[8]):
print("SUCCESS: Created EndpointTemplates for %s pointing to %s." %
(args[3], args[4]))
elif (object_type, action) == ('endpointTemplates', 'list'):
tenant = optional_arg(args, 2)
if tenant:
print 'Endpoints for tenant %s' % tenant
print_table(('service', 'region', 'Public URL'),
api.list_tenant_endpoints())
else:
print 'All EndpointTemplates'
print_table(('service', 'region', 'Public URL'),
api.list_endpoint_templates())
elif object_type == 'endpointTemplates':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % (
'endpointTemplates'))
elif (object_type, action) == ('endpoint', 'add'):
require_args(args, 4, "Missing arguments: endPoint add tenant "
"endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print("SUCCESS: Endpoint %s added to tenant %s." %
(args[3], args[2]))
elif object_type == 'endpoint':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('endpoints'))
elif (object_type, action) == ('token', 'add'):
require_args(args, 6, 'Creating a token requires a token id, user, '
'tenant, and expiration')
if api.add_token(token=object_id, user=args[3], tenant=args[4],
expires=args[5]):
print "SUCCESS: Token %s created." % (object_id,)
elif (object_type, action) == ('token', 'list'):
print_table(('token', 'user', 'expiration', 'tenant'),
api.list_tokens())
elif (object_type, action) == ('token', 'delete'):
if api.delete_token(token=object_id):
print 'SUCCESS: Token %s deleted.' % (object_id,)
elif object_type == 'token':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tokens'))
elif (object_type, action) == ('service', 'add'):
require_args(args, 4, "Missing arguments: service add name "
"type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
if api.add_service(name=object_id, type=type, desc=desc):
print "SUCCESS: Service %s created successfully." % (object_id,)
elif (object_type, action) == ('service', 'list'):
print_table(('id', 'name', 'type'), api.list_services())
elif object_type == 'service':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('services'))
elif (object_type, action) == ('credentials', 'add'):
require_args(args, 6, 'Creating a credentials requires a type, key, '
'secret, and tenant_id (id is user_id)')
if api.add_credentials(user=object_id, type=args[3], key=args[4],
secrete=args[5], tenant=optional_arg(args, 6)):
print "SUCCESS: Credentials %s created." % object_id
elif object_type == 'credentials':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('credentials'))
else:
# Command recognized but not handled: should never reach this
raise NotImplementedError()
def process(*args):
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(OBJECT_NOT_SPECIFIED)
else:
object_type = args[0]
if object_type not in OBJECTS:
raise optparse.OptParseError(SUPPORTED_OBJECTS)
if len(args) == 1:
raise optparse.OptParseError(ACTION_NOT_SPECIFIED)
else:
action = args[1]
if action not in ACTIONS:
raise optparse.OptParseError(SUPPORTED_ACTIONS)
if action not in ['list', 'sync', 'version_control', 'version']:
if len(args) == 2:
raise optparse.OptParseError(ID_NOT_SPECIFIED)
else:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = (lambda args, x:
len(args) > x and str(args[x]).strip() or None)
if object_type == 'database':
options = get_options(args)
# Execute command
if (object_type, action) == ('user', 'add'):
require_args(args, 4, 'No password specified for fourth argument')
if api.add_user(name=object_id, password=args[3],
tenant=optional_arg(args, 4)):
print ("SUCCESS: User %s created." % object_id)
elif (object_type, action) == ('user', 'list'):
print (Table('Users', ['id', 'name', 'enabled', 'tenant'],
api.list_users()))
elif (object_type, action) == ('user', 'disable'):
if api.disable_user(name=object_id):
print ("SUCCESS: User %s disabled." % object_id)
elif object_type == 'user':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('users'))
elif (object_type, action) == ('tenant', 'add'):
if api.add_tenant(name=object_id):
print ("SUCCESS: Tenant %s created." % object_id)
elif (object_type, action) == ('tenant', 'list'):
print Table('Tenants', ['id', 'name', 'enabled'], api.list_tenants())
elif (object_type, action) == ('tenant', 'disable'):
if api.disable_tenant(name=object_id):
print ("SUCCESS: Tenant %s disabled." % object_id)
elif object_type == 'tenant':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tenants'))
elif (object_type, action) == ('role', 'add'):
if api.add_role(name=object_id, service_name=optional_arg(args, 3)):
print ("SUCCESS: Role %s created successfully." % object_id)
elif (object_type, action) == ('role', 'list'):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print (Table('Role assignments for tenant %s' %
tenant, ['User', 'Role'],
api.list_roles(tenant=tenant)))
else:
# print without tenants
print (Table('Roles', ['id', 'name', 'service_id', 'description'],
api.list_roles()))
elif (object_type, action) == ('role', 'grant'):
require_args(args, 4, "Missing arguments: role grant 'role' 'user' "
"'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print ("SUCCESS: Granted %s the %s role on %s." %
(args[3], object_id, tenant))
elif object_type == 'role':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('roles'))
elif (object_type, action) == ('endpointTemplates', 'add'):
require_args(args, 9, "Missing arguments: endpointTemplates add "
"'region' 'service_name' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'")
version_id = optional_arg(args, 9)
version_list = optional_arg(args, 10)
version_info = optional_arg(args, 11)
if api.add_endpoint_template(region=args[2], service=args[3],
public_url=args[4], admin_url=args[5], internal_url=args[6],
enabled=args[7], is_global=args[8],
version_id=version_id, version_list=version_list,
version_info=version_info):
print ("SUCCESS: Created EndpointTemplates for %s "
"pointing to %s." % (args[3], args[4]))
elif (object_type, action) == ('endpointTemplates', 'list'):
tenant = optional_arg(args, 2)
if tenant:
print Table('Endpoints for tenant %s' % tenant,
['id', 'service', 'region', 'Public URL'],
api.list_tenant_endpoints(tenant))
else:
print Table('All EndpointTemplates', ['id', 'service', 'type',
'region', 'enabled', 'is_global', 'Public URL',
'Admin URL'],
api.list_endpoint_templates())
elif (object_type, action) == ('endpoint', 'add'):
require_args(args, 4, "Missing arguments: endPoint add tenant "
"endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print ("SUCCESS: Endpoint %s added to tenant %s." %
(args[3], args[2]))
elif object_type == 'endpoint':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('endpoints'))
elif (object_type, action) == ('token', 'add'):
require_args(args, 6, 'Creating a token requires a token id, user, '
'tenant, and expiration')
if api.add_token(token=object_id, user=args[3], tenant=args[4],
expires=args[5]):
print ("SUCCESS: Token %s created." % object_id)
elif (object_type, action) == ('token', 'list'):
print Table('Tokens', ('token', 'user', 'expiration', 'tenant'),
api.list_tokens())
elif (object_type, action) == ('token', 'delete'):
if api.delete_token(token=object_id):
print ('SUCCESS: Token %s deleted.' % (object_id,))
elif object_type == 'token':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tokens'))
elif (object_type, action) == ('service', 'add'):
require_args(args, 4, "Missing arguments: service add <name> " \
"[type] [desc] [owner_id]"
"type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
owner_id = optional_arg(args, 5)
if api.add_service(name=object_id, type=type, desc=desc,
owner_id=owner_id):
print ("SUCCESS: Service %s created successfully."
% (object_id,))
elif (object_type, action) == ('service', 'list'):
print (Table('Services', ('id', 'name', 'type', 'owner_id',
'description'), api.list_services()))
elif object_type == 'service':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('services'))
elif (object_type, action) == ('credentials', 'add'):
require_args(args, 6, 'Creating a credentials requires a type, key, '
'secret, and tenant_id (id is user_id)')
if api.add_credentials(user=object_id, type=args[3], key=args[4],
secrete=args[5], tenant=optional_arg(args, 6)):
print ("SUCCESS: Credentials %s created." %
(object_id,))
elif object_type == 'credentials':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('credentials'))
elif (object_type, action) == ('database', 'sync'):
require_args(args, 1, 'Syncing database requires a version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_sync(options['keystone.backends.sqlalchemy'],
args)
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'upgrade'):
require_args(args, 1, 'Upgrading database requires a version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_upgrade(options['keystone.backends.sqlalchemy'],
args)
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'downgrade'):
require_args(args, 1, 'Downgrading database requires a version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_downgrade(options['keystone.backends.sqlalchemy'],
args)
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'version_control'):
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_version_control(options['keystone.backends.sqlalchemy'])
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'version'):
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_version(options['keystone.backends.sqlalchemy'])
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'goto'):
require_args(args, 1, 'Jumping database versions requires a '
'version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_goto_version(options['keystone.backends.sqlalchemy'],
version=args[2])
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
else:
# Command recognized but not handled: should never reach this
raise NotImplementedError()
def process(*args):
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(OBJECT_NOT_SPECIFIED)
else:
object_type = args[0]
if object_type not in OBJECTS:
raise optparse.OptParseError(SUPPORTED_OBJECTS)
if len(args) == 1:
raise optparse.OptParseError(ACTION_NOT_SPECIFIED)
else:
action = args[1]
if action not in ACTIONS:
raise optparse.OptParseError(SUPPORTED_ACTIONS)
if action not in ["list"]:
if len(args) == 2:
raise optparse.OptParseError(ID_NOT_SPECIFIED)
else:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = lambda args, x: len(args) > x and str(args[x]).strip() or None
def print_table(header_row, rows):
"""Prints a lists of lists as table in a human readable format"""
print "\t".join(header_row)
print "-" * 79
rows = [[str(col) for col in row] for row in rows]
print "\n".join(["\t".join(row) for row in rows])
# Execute command
if (object_type, action) == ("user", "add"):
require_args(args, 4, "No password specified for fourth argument")
if api.add_user(name=object_id, password=args[3], tenant=optional_arg(args, 4)):
print "SUCCESS: User %s created." % object_id
elif (object_type, action) == ("user", "list"):
print_table(("id", "name", "enabled", "tenant"), api.list_users())
elif (object_type, action) == ("user", "disable"):
if api.disable_user(name=object_id):
print "SUCCESS: User %s disabled." % object_id
elif object_type == "user":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("users"))
elif (object_type, action) == ("tenant", "add"):
if api.add_tenant(name=object_id):
print "SUCCESS: Tenant %s created." % object_id
elif (object_type, action) == ("tenant", "list"):
print_table(("id", "name", "enabled"), api.list_tenants())
elif (object_type, action) == ("tenant", "disable"):
if api.disable_tenant(name=object_id):
print "SUCCESS: Tenant %s disabled." % object_id
elif object_type == "tenant":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("tenants"))
elif (object_type, action) == ("role", "add"):
if api.add_role(name=object_id):
print "SUCCESS: Role %s created successfully." % object_id
elif (object_type, action) == ("role", "list"):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print "Role assignments for tenant %s" % tenant
print_table(("User", "Role"), api.list_roles(tenant=tenant))
else:
# print without tenants
print_table(("id", "name", "service_id", "description"), api.list_roles())
elif (object_type, action) == ("role", "grant"):
require_args(args, 4, "Missing arguments: role grant 'role' 'user' " "'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print ("SUCCESS: Granted %s the %s role on %s." % (args[3], object_id, tenant))
elif object_type == "role":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("roles"))
elif (object_type, action) == ("endpointTemplates", "add"):
require_args(
args,
9,
"Missing arguments: endpointTemplates add "
"'region' 'service_name' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'",
)
version_id = optional_arg(args, 9)
version_list = optional_arg(args, 10)
version_info = optional_arg(args, 11)
if api.add_endpoint_template(
region=args[2],
service=args[3],
public_url=args[4],
admin_url=args[5],
internal_url=args[6],
enabled=args[7],
is_global=args[8],
version_id=version_id,
version_list=version_list,
version_info=version_info,
):
print ("SUCCESS: Created EndpointTemplates for %s pointing to %s." % (args[3], args[4]))
elif (object_type, action) == ("endpointTemplates", "list"):
tenant = optional_arg(args, 2)
if tenant:
print "Endpoints for tenant %s" % tenant
print_table(("service", "region", "Public URL"), api.list_tenant_endpoints(tenant))
else:
print "All EndpointTemplates"
print_table(
("id", "service", "type", "region", "enabled", "is_global", "Public URL", "Admin URL"),
api.list_endpoint_templates(),
)
elif (object_type, action) == ("endpoint", "add"):
require_args(args, 4, "Missing arguments: endPoint add tenant " "endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print ("SUCCESS: Endpoint %s added to tenant %s." % (args[3], args[2]))
elif object_type == "endpoint":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("endpoints"))
elif (object_type, action) == ("token", "add"):
require_args(args, 6, "Creating a token requires a token id, user, " "tenant, and expiration")
if api.add_token(token=object_id, user=args[3], tenant=args[4], expires=args[5]):
print "SUCCESS: Token %s created." % (object_id,)
elif (object_type, action) == ("token", "list"):
print_table(("token", "user", "expiration", "tenant"), api.list_tokens())
elif (object_type, action) == ("token", "delete"):
if api.delete_token(token=object_id):
print "SUCCESS: Token %s deleted." % (object_id,)
elif object_type == "token":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("tokens"))
elif (object_type, action) == ("service", "add"):
require_args(args, 4, "Missing arguments: service add <name> " "[type] [desc] [owner_id]" "type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
owner_id = optional_arg(args, 5)
if api.add_service(name=object_id, type=type, desc=desc, owner_id=owner_id):
print "SUCCESS: Service %s created successfully." % (object_id,)
elif (object_type, action) == ("service", "list"):
print_table(("id", "name", "type", "owner_id", "description"), api.list_services())
elif object_type == "service":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("services"))
elif (object_type, action) == ("credentials", "add"):
require_args(args, 6, "Creating a credentials requires a type, key, " "secret, and tenant_id (id is user_id)")
if api.add_credentials(
user=object_id, type=args[3], key=args[4], secrete=args[5], tenant=optional_arg(args, 6)
):
print "SUCCESS: Credentials %s created." % object_id
elif object_type == "credentials":
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ("credentials"))
else:
# Command recognized but not handled: should never reach this
raise NotImplementedError()
def process(*args):
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(OBJECT_NOT_SPECIFIED)
else:
object_type = args[0]
if object_type not in OBJECTS:
raise optparse.OptParseError(SUPPORTED_OBJECTS)
if len(args) == 1:
raise optparse.OptParseError(ACTION_NOT_SPECIFIED)
else:
action = args[1]
if action not in ACTIONS:
raise optparse.OptParseError(SUPPORTED_ACTIONS)
if action not in ['list', 'sync', 'version_control', 'version']:
if len(args) == 2:
raise optparse.OptParseError(ID_NOT_SPECIFIED)
else:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = (lambda args, x:
len(args) > x and str(args[x]).strip() or None)
if object_type == 'database':
options = get_options(args)
# Execute command
if (object_type, action) == ('user', 'add'):
require_args(args, 4, 'No password specified for fourth argument')
if api.add_user(name=object_id, password=args[3],
tenant=optional_arg(args, 4)):
print "SUCCESS: User %s created." % object_id
elif (object_type, action) == ('user', 'list'):
print Table('Users', ['id', 'name', 'enabled', 'tenant'],
api.list_users())
elif (object_type, action) == ('user', 'disable'):
if api.disable_user(name=object_id):
print "SUCCESS: User %s disabled." % object_id
elif object_type == 'user':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('users'))
elif (object_type, action) == ('tenant', 'add'):
if api.add_tenant(name=object_id):
print "SUCCESS: Tenant %s created." % object_id
elif (object_type, action) == ('tenant', 'list'):
print Table('Tenants', ['id', 'name', 'enabled'], api.list_tenants())
elif (object_type, action) == ('tenant', 'disable'):
if api.disable_tenant(name=object_id):
print "SUCCESS: Tenant %s disabled." % object_id
elif object_type == 'tenant':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tenants'))
elif (object_type, action) == ('role', 'add'):
if api.add_role(name=object_id, service_name=optional_arg(args, 3)):
print "SUCCESS: Role %s created successfully." % object_id
elif (object_type, action) == ('role', 'list'):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print Table('Role assignments for tenant %s' % tenant,
['User', 'Role'],
api.list_roles(tenant=tenant))
else:
# print without tenants
print Table('Roles', ['id', 'name', 'service_id', 'description'],
api.list_roles())
elif (object_type, action) == ('role', 'grant'):
require_args(args, 4, "Missing arguments: role grant 'role' 'user' "
"'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print("SUCCESS: Granted %s the %s role on %s." %
(args[3], object_id, tenant))
elif object_type == 'role':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('roles'))
elif (object_type, action) == ('endpointTemplates', 'add'):
require_args(args, 9, "Missing arguments: endpointTemplates add "
"'region' 'service_name' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'")
version_id = optional_arg(args, 9)
version_list = optional_arg(args, 10)
version_info = optional_arg(args, 11)
if api.add_endpoint_template(region=args[2], service=args[3],
public_url=args[4], admin_url=args[5], internal_url=args[6],
enabled=args[7], is_global=args[8],
version_id=version_id, version_list=version_list,
version_info=version_info):
print("SUCCESS: Created EndpointTemplates for %s pointing to %s." %
(args[3], args[4]))
elif (object_type, action) == ('endpointTemplates', 'list'):
tenant = optional_arg(args, 2)
if tenant:
print Table('Endpoints for tenant %s' % tenant,
['id', 'service', 'region', 'Public URL'],
api.list_tenant_endpoints(tenant))
else:
print Table('All EndpointTemplates', ['id', 'service', 'type',
'region', 'enabled', 'is_global', 'Public URL',
'Admin URL'],
api.list_endpoint_templates())
elif (object_type, action) == ('endpoint', 'add'):
require_args(args, 4, "Missing arguments: endPoint add tenant "
"endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print("SUCCESS: Endpoint %s added to tenant %s." %
(args[3], args[2]))
elif object_type == 'endpoint':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('endpoints'))
elif (object_type, action) == ('token', 'add'):
require_args(args, 6, 'Creating a token requires a token id, user, '
'tenant, and expiration')
if api.add_token(token=object_id, user=args[3], tenant=args[4],
expires=args[5]):
print "SUCCESS: Token %s created." % (object_id,)
elif (object_type, action) == ('token', 'list'):
print Table('Tokens', ('token', 'user', 'expiration', 'tenant'),
api.list_tokens())
elif (object_type, action) == ('token', 'delete'):
if api.delete_token(token=object_id):
print 'SUCCESS: Token %s deleted.' % (object_id,)
elif object_type == 'token':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tokens'))
elif (object_type, action) == ('service', 'add'):
require_args(args, 4, "Missing arguments: service add <name> " \
"[type] [desc] [owner_id]"
"type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
owner_id = optional_arg(args, 5)
if api.add_service(name=object_id, type=type, desc=desc,
owner_id=owner_id):
print "SUCCESS: Service %s created successfully." % (object_id,)
elif (object_type, action) == ('service', 'list'):
print Table('Services',
('id', 'name', 'type', 'owner_id', 'description'),
api.list_services())
elif object_type == 'service':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('services'))
elif (object_type, action) == ('credentials', 'add'):
require_args(args, 6, 'Creating a credentials requires a type, key, '
'secret, and tenant_id (id is user_id)')
if api.add_credentials(user=object_id, type=args[3], key=args[4],
secrete=args[5], tenant=optional_arg(args, 6)):
print "SUCCESS: Credentials %s created." % object_id
elif object_type == 'credentials':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('credentials'))
elif (object_type, action) == ('database', 'sync'):
require_args(args, 1, 'Syncing database requires a version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_sync(options['keystone.backends.sqlalchemy'],
args)
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'upgrade'):
require_args(args, 1, 'Upgrading database requires a version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_upgrade(options['keystone.backends.sqlalchemy'],
args)
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'downgrade'):
require_args(args, 1, 'Downgrading database requires a version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_downgrade(options['keystone.backends.sqlalchemy'],
args)
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'version_control'):
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_version_control(options['keystone.backends.sqlalchemy'])
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'version'):
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_version(options['keystone.backends.sqlalchemy'])
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
elif (object_type, action) == ('database', 'goto'):
require_args(args, 1, 'Jumping database versions requires a '
'version #')
backend_names = options.get('backends', None)
if backend_names:
if 'keystone.backends.sqlalchemy' in backend_names.split(','):
do_db_goto_version(options['keystone.backends.sqlalchemy'],
version=args[2])
else:
raise optparse.OptParseError(
'SQL alchemy backend not specified in config')
else:
# Command recognized but not handled: should never reach this
raise NotImplementedError()
def process(*args):
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(OBJECT_NOT_SPECIFIED)
else:
object_type = args[0]
if object_type not in OBJECTS:
raise optparse.OptParseError(SUPPORTED_OBJECTS)
if len(args) == 1:
raise optparse.OptParseError(ACTION_NOT_SPECIFIED)
else:
action = args[1]
if action not in ACTIONS:
raise optparse.OptParseError(SUPPORTED_ACTIONS)
if len(args) == 2 and action not in ['list']:
raise optparse.OptParseError(ID_NOT_SPECIFIED)
else:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = (lambda args, x: len(args) > x and args[x] or None)
def print_table(header_row, rows):
"""Prints a lists of lists as table in a human readable format"""
print "\t".join(header_row)
print '-' * 79
rows = [[str(col) for col in row] for row in rows]
print "\n".join(["\t".join(row) for row in rows])
# Execute command
if (object_type, action) == ('user', 'add'):
require_args(args, 4, 'No password specified for fourth argument')
if api.add_user(name=object_id,
password=args[3],
tenant=optional_arg(args, 4)):
print "SUCCESS: User %s created." % object_id
elif (object_type, action) == ('user', 'list'):
print_table(('id', 'name', 'enabled', 'tenant'), api.list_users())
elif (object_type, action) == ('user', 'disable'):
if api.disable_user(name=object_id):
print "SUCCESS: User %s disabled." % object_id
elif object_type == 'user':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('users'))
elif (object_type, action) == ('tenant', 'add'):
if api.add_tenant(name=object_id):
print "SUCCESS: Tenant %s created." % object_id
elif (object_type, action) == ('tenant', 'list'):
print_table(('id', 'name', 'enabled'), api.list_tenants())
elif (object_type, action) == ('tenant', 'disable'):
if api.disable_tenant(name=object_id):
print "SUCCESS: Tenant %s disabled." % object_id
elif object_type == 'tenant':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tenants'))
elif (object_type, action) == ('role', 'add'):
if api.add_role(name=object_id):
print "SUCCESS: Role %s created successfully." % object_id
elif (object_type, action) == ('role', 'list'):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print 'Role assignments for tenant %s' % tenant
print_table(('User', 'Role'), api.list_roles(tenant=tenant))
else:
# print without tenants
print_table(('id', 'name'), api.list_roles())
elif (object_type, action) == ('role', 'grant'):
require_args(
args, 4, "Missing arguments: role grant 'role' 'user' "
"'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print("SUCCESS: Granted %s the %s role on %s." %
(object_id, args[3], tenant))
elif object_type == 'role':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('roles'))
elif (object_type, action) == ('endpointTemplates', 'add'):
require_args(
args, 9, "Missing arguments: endpointTemplates add "
"'region' 'service' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'")
if api.add_endpoint_template(region=args[2],
service=args[3],
public_url=args[4],
admin_url=args[5],
internal_url=args[6],
enabled=args[7],
is_global=args[8]):
print("SUCCESS: Created EndpointTemplates for %s pointing to %s." %
(args[3], args[4]))
elif (object_type, action) == ('endpointTemplates', 'list'):
tenant = optional_arg(args, 2)
if tenant:
print 'Endpoints for tenant %s' % tenant
print_table(('service', 'region', 'Public URL'),
api.list_tenant_endpoints())
else:
print 'All EndpointTemplates'
print_table(('service', 'region', 'Public URL'),
api.list_endpoint_templates())
elif object_type == 'endpointTemplates':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED %
('endpointTemplates'))
elif (object_type, action) == ('endpoint', 'add'):
require_args(
args, 4, "Missing arguments: endPoint add tenant "
"endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print("SUCCESS: Endpoint %s added to tenant %s." %
(args[3], args[2]))
elif object_type == 'endpoint':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('endpoints'))
elif (object_type, action) == ('token', 'add'):
require_args(
args, 6, 'Creating a token requires a token id, user, '
'tenant, and expiration')
if api.add_token(token=object_id,
user=args[3],
tenant=args[4],
expires=args[5]):
print "SUCCESS: Token %s created." % (object_id, )
elif (object_type, action) == ('token', 'list'):
print_table(('token', 'user', 'expiration', 'tenant'),
api.list_tokens())
elif (object_type, action) == ('token', 'delete'):
if api.delete_token(token=object_id):
print 'SUCCESS: Token %s deleted.' % (object_id, )
elif object_type == 'token':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('tokens'))
elif (object_type, action) == ('service', 'add'):
require_args(args, 4, "Missing arguments: service add name " "type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
if api.add_service(name=object_id, type=type, desc=desc):
print "SUCCESS: Service %s created successfully." % (object_id, )
elif (object_type, action) == ('service', 'list'):
print_table(('id', 'name', 'type'), api.list_services())
elif object_type == 'service':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('services'))
elif (object_type, action) == ('credentials', 'add'):
require_args(
args, 6, 'Creating a credentials requires a type, key, '
'secret, and tenant_id (id is user_id)')
if api.add_credentials(user=object_id,
type=args[3],
key=args[4],
secrete=args[5],
tenant=optional_arg(args, 6)):
print "SUCCESS: Credentials %s created." % object_id
elif object_type == 'credentials':
raise optparse.OptParseError(ACTION_NOT_SUPPORTED % ('credentials'))
else:
# Command recognized but not handled: should never reach this
raise NotImplementedError()
def process(*args):
"""
Usage: keystone-manage [options] type command [id [attributes]]
type : role, tenant, user, token, endpoint, endpointTemplates
command : add, list, disable, delete, grant, revoke
id : name or id
attributes : depending on type...
users : password, tenant
tokens : user, tenant, expiration
role list [tenant] will list roles granted on that tenant
options
-c | --config-file : config file to use
-d | --debug : debug mode
Example: keystone-manage user add Admin P@ssw0rd
"""
# Check arguments
if len(args) == 0:
raise optparse.OptParseError(
'No obj type specified for first argument')
object_type = args[0]
if object_type not in [
'user', 'tenant', 'role', 'service', 'endpointTemplates', 'token',
'endpoint', 'credentials'
]:
raise optparse.OptParseError('%s is not a supported obj type' %
object_type)
if len(args) == 1:
raise optparse.OptParseError(
'No command specified for second argument')
command = args[1]
if command not in ['add', 'list', 'disable', 'delete', 'grant', 'revoke']:
raise optparse.OptParseError('add, disable, delete, and list are the '
'only supported commands (right now)')
if len(args) == 2:
if command != 'list':
raise optparse.OptParseError('No id specified for third argument')
if len(args) > 2:
object_id = args[2]
# Helper functions
def require_args(args, min, msg):
"""Ensure there are at least `min` arguments"""
if len(args) < min:
raise optparse.OptParseError(msg)
optional_arg = (lambda args, x: len(args) > x and args[x] or None)
def print_table(header_row, rows):
"""Prints a lists of lists as table in a human readable format"""
print "\t".join(header_row)
print '-' * 79
rows = [[str(col) for col in row] for row in rows]
print "\n".join(["\t".join(row) for row in rows])
# Execute command
if (object_type, command) == ('user', 'add'):
require_args(args, 4, 'No password specified for fourth argument')
if api.add_user(name=object_id,
password=args[3],
tenant=optional_arg(args, 4)):
print "SUCCESS: User %s created." % object_id
elif (object_type, command) == ('user', 'disable'):
if api.disable_user(name=object_id):
print "SUCCESS: User %s disabled." % object_id
elif (object_type, command) == ('user', 'list'):
print_table(('id', 'enabled', 'tenant'), api.list_users())
elif (object_type, command) == ('tenant', 'add'):
if api.add_tenant(name=object_id):
print "SUCCESS: Tenant %s created." % object_id
elif (object_type, command) == ('tenant', 'list'):
print_table(('id', 'name', 'enabled'), api.list_tenants())
elif (object_type, command) == ('tenant', 'disable'):
if api.disable_tenant(name=object_id):
print "SUCCESS: Tenant %s disabled." % object_id
elif (object_type, command) == ('role', 'add'):
if api.add_role(name=object_id):
print "SUCCESS: Role %s created successfully." % object_id
elif (object_type, command) == ('role', 'list'):
tenant = optional_arg(args, 2)
if tenant:
# print with users
print 'Role assignments for tenant %s' % tenant
print_table(('User', 'Role'), api.list_roles(tenant=tenant))
else:
# print without tenants
print_table(('id', 'name'), api.list_roles())
elif (object_type, command) == ('role', 'grant'):
require_args(
args, 4, "Missing arguments: role grant 'role' 'user' "
"'tenant (optional)'")
tenant = optional_arg(args, 4)
if api.grant_role(object_id, args[3], tenant):
print("SUCCESS: Granted %s the %s role on %s." %
(object_id, args[3], tenant))
elif (object_type, command) == ('endpointTemplates', 'add'):
require_args(
args, 9, "Missing arguments: endpointTemplates add "
"'region' 'service' 'publicURL' 'adminURL' 'internalURL' "
"'enabled' 'global'")
if api.add_endpoint_template(region=args[2],
service=args[3],
public_url=args[4],
admin_url=args[5],
internal_url=args[6],
enabled=args[7],
is_global=args[8]):
print("SUCCESS: Created EndpointTemplates for %s pointing to %s." %
(args[3], args[4]))
elif (object_type, command) == ('endpointTemplates', 'list'):
tenant = optional_arg(args, 2)
if tenant:
print 'Endpoints for tenant %s' % tenant
print_table(('service', 'region', 'Public URL'),
api.list_tenant_endpoints())
else:
print 'All EndpointTemplates'
print_table(('service', 'region', 'Public URL'),
api.list_endpoint_templates())
elif (object_type, command) == ('endpoint', 'add'):
require_args(
args, 4, "Missing arguments: endPoint add tenant "
"endPointTemplate")
if api.add_endpoint(tenant=args[2], endpoint_template=args[3]):
print("SUCCESS: Endpoint %s added to tenant %s." %
(args[3], args[2]))
elif (object_type, command) == ('token', 'add'):
require_args(
args, 6, 'Creating a token requires a token id, user, '
'tenant, and expiration')
if api.add_token(token=object_id,
user=args[3],
tenant=args[4],
expires=args[5]):
print "SUCCESS: Token %s created." % (object_id, )
elif (object_type, command) == ('token', 'list'):
print_table(('token', 'user', 'expiration', 'tenant'),
api.list_tokens())
elif (object_type, command) == ('token', 'delete'):
if api.delete_token(token=object_id):
print 'SUCCESS: Token %s deleted.' % (object_id, )
elif (object_type, command) == ('service', 'add'):
require_args(args, 4, "Missing arguments: service add name " "type")
type = optional_arg(args, 3)
desc = optional_arg(args, 4)
if api.add_service(name=object_id, type=type, desc=desc):
print "SUCCESS: Service %s created successfully." % (object_id, )
elif (object_type, command) == ('service', 'list'):
print_table(('id', 'name', 'type'), api.list_services())
elif (object_type, command) == ('credentials', 'add'):
require_args(
args, 6, 'Creating a credentials requires a type, key, '
'secret, and tenant_id (id is user_id)')
if api.add_credentials(user=object_id,
type=args[3],
key=args[4],
secrete=args[5],
tenant=optional_arg(args, 6)):
print "SUCCESS: Credentials %s created." % object_id
else:
# Command not handled
print("ERROR: unrecognized command %s %s" % (object_type, command))