This changes the scope validation to occur after a token has already been created. Previous flow: 1. Validate authentication options. 2. Validate authorization options if the command requires a scope. 3. Create a token (using authentication + authorization options) 4. Run command. This means that scope was being checked, even if a default scope was applied in step 3 by Keystone. New flow: 1. Validate authentication options. 2. Create token (using authentication + authorization options) 3 Validate authorization options if the command requires a scope and the token is not scoped. 4. Run command. Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981 Closes-Bug: 1592062
OpenStackClient
OpenStackClient (aka OSC) is a command-line client for OpenStack that brings the command set for Compute, Identity, Image, Object Store and Block Storage APIs together in a single shell with a uniform command structure.
The primary goal is to provide a unified shell command structure and a common language to describe operations in OpenStack.
- PyPi - package installation
- Online Documentation
- Launchpad project - release management
- Blueprints - feature specifications
- Bugs - issue tracking
- Source
- Developer - getting started as a developer
- Contributing - contributing code
- Testing - testing code
- IRC: #openstack-sdks on Freenode (irc.freenode.net)
- License: Apache 2.0
Getting Started
OpenStack Client can be installed from PyPI using pip:
pip install python-openstackclient
There are a few variants on getting help. A list of global options
and supported commands is shown with --help
:
openstack --help
There is also a help
command that can be used to get
help text for a specific command:
openstack help
openstack help server create
Configuration
The CLI is configured via environment variables and command-line options as listed in http://docs.openstack.org/developer/python-openstackclient/authentication.html.
Authentication using username/password is most commonly used:
export OS_AUTH_URL=<url-to-openstack-identity>
export OS_PROJECT_NAME=<project-name>
export OS_USERNAME=<username>
export OS_PASSWORD=<password> # (optional)
The corresponding command-line options look very similar:
--os-auth-url <url>
--os-project-name <project-name>
--os-username <username>
[--os-password <password>]
If a password is not provided above (in plaintext), you will be interactively prompted to provide one securely.
Authentication may also be performed using an already-acquired token and a URL pointing directly to the service API that presumably was acquired from the Service Catalog:
export OS_TOKEN=<token>
export OS_URL=<url-to-openstack-service>
The corresponding command-line options look very similar:
--os-token <token>
--os-url <url-to-openstack-service>