1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
# Copyright 2012-2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Identity v3 Token action implementations"""
import six
from openstackclient.common import command
from openstackclient.common import utils
from openstackclient.identity import common
class AuthorizeRequestToken(command.ShowOne):
"""Authorize a request token"""
def get_parser(self, prog_name):
parser = super(AuthorizeRequestToken, self).get_parser(prog_name)
parser.add_argument(
'--request-key',
metavar='<request-key>',
help='Request token to authorize (ID only) (required)',
required=True
)
parser.add_argument(
'--role',
metavar='<role>',
action='append',
default=[],
help='Roles to authorize (name or ID) '
'(repeat to set multiple values) (required)',
required=True
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
# NOTE(stevemar): We want a list of role ids
roles = []
for role in parsed_args.role:
role_id = utils.find_resource(
identity_client.roles,
role,
).id
roles.append(role_id)
verifier_pin = identity_client.oauth1.request_tokens.authorize(
parsed_args.request_key,
roles)
return zip(*sorted(six.iteritems(verifier_pin._info)))
class CreateAccessToken(command.ShowOne):
"""Create an access token"""
def get_parser(self, prog_name):
parser = super(CreateAccessToken, self).get_parser(prog_name)
parser.add_argument(
'--consumer-key',
metavar='<consumer-key>',
help='Consumer key (required)',
required=True
)
parser.add_argument(
'--consumer-secret',
metavar='<consumer-secret>',
help='Consumer secret (required)',
required=True
)
parser.add_argument(
'--request-key',
metavar='<request-key>',
help='Request token to exchange for access token (required)',
required=True
)
parser.add_argument(
'--request-secret',
metavar='<request-secret>',
help='Secret associated with <request-key> (required)',
required=True
)
parser.add_argument(
'--verifier',
metavar='<verifier>',
help='Verifier associated with <request-key> (required)',
required=True
)
return parser
def take_action(self, parsed_args):
token_client = self.app.client_manager.identity.oauth1.access_tokens
access_token = token_client.create(
parsed_args.consumer_key, parsed_args.consumer_secret,
parsed_args.request_key, parsed_args.request_secret,
parsed_args.verifier)
return zip(*sorted(six.iteritems(access_token._info)))
class CreateRequestToken(command.ShowOne):
"""Create a request token"""
def get_parser(self, prog_name):
parser = super(CreateRequestToken, self).get_parser(prog_name)
parser.add_argument(
'--consumer-key',
metavar='<consumer-key>',
help='Consumer key (required)',
required=True
)
parser.add_argument(
'--consumer-secret',
metavar='<consumer-secret>',
help='Consumer secret (required)',
required=True
)
parser.add_argument(
'--project',
metavar='<project>',
help='Project that consumer wants to access (name or ID)'
' (required)',
required=True
)
parser.add_argument(
'--domain',
metavar='<domain>',
help='Domain owning <project> (name or ID)',
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
if parsed_args.domain:
domain = common.find_domain(identity_client, parsed_args.domain)
project = utils.find_resource(identity_client.projects,
parsed_args.project,
domain_id=domain.id)
else:
project = utils.find_resource(identity_client.projects,
parsed_args.project)
token_client = identity_client.oauth1.request_tokens
request_token = token_client.create(
parsed_args.consumer_key,
parsed_args.consumer_secret,
project.id)
return zip(*sorted(six.iteritems(request_token._info)))
class IssueToken(command.ShowOne):
"""Issue new token"""
# scoped token is optional
required_scope = False
def get_parser(self, prog_name):
parser = super(IssueToken, self).get_parser(prog_name)
return parser
def take_action(self, parsed_args):
token = self.app.client_manager.auth_ref.service_catalog.get_token()
if 'tenant_id' in token:
token['project_id'] = token.pop('tenant_id')
return zip(*sorted(six.iteritems(token)))
class RevokeToken(command.Command):
"""Revoke existing token"""
def get_parser(self, prog_name):
parser = super(RevokeToken, self).get_parser(prog_name)
parser.add_argument(
'token',
metavar='<token>',
help='Token to be deleted',
)
return parser
def take_action(self, parsed_args):
identity_client = self.app.client_manager.identity
identity_client.tokens.revoke_token(parsed_args.token)
|
