We need all the headers to be safe strings so they can be joined
together and not become an unicode string in doing so.
This fixes a bug when creating an image with non-ascii characters in the
name.
This is required for python 2.6 compatibility.
Change-Id: I66ebc27edf4ccd8f903399da58705711c372536d
Closes-Bug: 1448080
Pass the subcomand's arguments instead of the base ones to the endpoint
creation call when quering the `/versions` endpoint. Passing the wrong
arguments will end in the auth_requirement not being identified and an
error 'Expected Endpoint' will be raised as no endpoint will be gotten
from keystone.
This patch also removes an unnecessary mock in the test code related to
this fix.
Depends-On Iefeb9bc123f8c65fecd0cba585ecd3eb349b23a6
Change-Id: I46088130b9175798e3719e43f48dc474fbc8a251
Closes-bug: #1504058
It turns out the server does not support this, and the underlying
code gets very unhappy.
Co-Authored-By:Itisha <ishadewan07@gmail.com>
Change-Id: If67c11da28adbb2d793430d122e3930cc278737f
Client doesn't support image deletion in batches in v2 now.
It's useful. So it's need to add it.
Change-Id: Idf5a6890b3fd01a65fecab2033b21367c30bc6b1
Closes-bug:#1485407
When running just 'glance' under python3, we will get the error:
ERROR: 'Namespace' object has no attribute 'func'
This is because map() is used to decode sys.argv, but under Python3
it returns a map object which is an iterable. Some code later tries
to use this in a boolean context and it will always return True,
even if it's empty.
Change-Id: I2f03e462cb813833b75b9f2de7badd10b10cddff
Closes-Bug: #1295356
The latest change to the auth_required logic introduced a bug were even
when the token and endpoint were passed, authentication was being
required.
This patch fixes that issue and makes sure that authentication is not
required when these 2 arguements are present.
Closes-bug: #1499540
Change-Id: I4c9c15ba526378970da5461511ed922d42c5a9f9
Dictionary creation could be rewritten as a dictionary literal.
for example:
expect_namespace = {}
expect_namespace['namespace'] = 'MyNamespace'
expect_namespace['protected'] = True
could be rewritten as
expect_namespace = {
'namespace': 'MyNamespace',
'protected': True
}
TrivialFix
Change-Id: I76265c26861916ed01cadb62e9201aa871183566
The oslo.utils function has exception_to_unicode that can
replace glance util function exception_to_str.
So we don't to have this exception_to_str function in glance
anymore.
Change-Id: I332bc55558087920fdd6ae2d822bece5166f5ba6
The client currently downloads the image metadata to check if it's deleted
or not. This logic belongs to the server and it's already implemented
there. Instead of getting the image, send the delete request and catch
the 404 error, which is already raised by the server.
Change-Id: I1e6ef42340f8e380ff99b9d6ca7ea416e0eebfbc
Closes-bug: #1496305
If CLI client is called without any subcommands or arguments it will
fail with """'Namespace' object has no attribute 'command'""". This
is coming from the getattr which does not have alternate value
specified.
Closes-Bug: #1494259
Change-Id: I461f0d4a91f3af2224bafc14a88572a8e4a3c051
The `help` command was behaving a bit funky. This patch re-orders the
code a bit so that the `help` command will be parsed at the very
beginning before running other commands and checks.
It also allows to get help without downloading/checking schemas and
without requiring auth credentials (previously required by the schema
operations).
Change-Id: Ib7b10d4d80f15e6b75bb8644d7d916bef09413d6
Closes-bug: #1490457
Add parsing the endpoint URL and check the path string only
in order to decide the API version.
Change-Id: Ib0a035f3bed31e2162a1231a5f5dcc3907d37243
Closes-Bug: #1489727
In case that a sensetive header (that should be obscured by its SHA1
hash) is None, the safe_header throws an exception which fails the
calling process and by that may harm the functionality.
Change-Id: I56944a382fd546eba0a6dd6d6b1cecf83b1dc106
Closes-Bug: #1491311
The `_cache_schemas` call currently forces authentication even when the
`auth_token` and `os_image_url` are passed. Instead of handling forced
authentications, let the client use the passed arguments and
authenticate only once if needed.
This was not caught by the existing tests because the call to
`_cache_schemas` was mocked.
Change-Id: I93cec9a68cafc0992d14dab38114d03e25f1e5da
Closes-bug: #1490462
We have a basic implementation for a fallback mechanism that will use v1
rather than v2 when downloading schema files from glance-api fails.
However, this is not sound. If the schemas are cached already, we won't
check if v2 is available and fail to fallback.
This patch fixes the aforementioned issue by getting the list of
available versions from the server only when the API versions was not
explicitly specified through the CLI. That is, for all commands that
don't pass `--os-image-api-version 2`, we'll check v2's availability and
we'll fallback to v1 if it isn't available.
This patch also changes how we handle `/versions` calls in the client.
The server has been, incorrectly, replying to requests to `/version`
with a 300 error, which ended up in the client re-raising such
exception. While I think 300 shouldn't raise an exception, I think we
should handle that in a spearate patch. Therefore, this patch just
avoids raising such exception when `/version` is explicitly called.
This fallback behaviour and the check on `/versions` will be removed in
future versions of the client. The later depends on this bug[0] being
fixed.
[0] https://bugs.launchpad.net/glance/+bug/1491350
Closes-bug: #1489381
Change-Id: Ibeba6bc86db2a97b8a2b4bd042248464cd792e5e
There's a corner case where password may be requested twice. In a fresh
environment, when schemas have not be downloaded for v2, the client will
ask for a password to download the schemas and then it'll ask for the
password again to run the actual command. This happens because we parse
the CLI arguments twice to make sure we're parsing them for the right
client version.
This patch checks if the password is unset in the newly parsed arguments
and if it's been set in the previously parsed ones. In this case it
keeps the set password. I believe this approach is safer than re-using
the already parsed arguements which may have been parsed for a different
API version (might happen because we fallback to v1 if v2 is not
available).
Change-Id: I080253170e3e84a90363e5bb494cf137895fe2e7
Closes-bug: #1488892
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm. This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.
In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False. When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.
This patch/spec proposes removing the custom code because:
* It is a burden to maintain
Eg adding new code such as keystone session support is more complicated
* It can introduce additional failure modes
We have seen some bugs related to the 'custom' certificate checking
* Newer Operating Systems disable SSL for us.
Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
'off'. This makes both servers and client less likely to have compression
enabled.
* Newer combinations of 'requests' and 'python' do this for us
Requests disables compression when backed by a version of python which
supports it (>= 2.7.9). This makes clients more likely to disable
compression out-of-the-box.
* It is (in principle) possible to do this on older versions too
If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
operating system/python combinations, the requests library should
disable SSL compression on the client side.
* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.
Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling
Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
Currently glanceclient doesn't enforce disk-format or container-format
presence in the command line on image-create when providing image data
(with --file, --location, --copy-from), which means that the POST
request is made with the whole image and error is reported by Glance
API.
This post enforces presence of those arguments when image data is
provided so we can get the error quicker and avoid sending unnecessary
data over the network.
Change-Id: I5914fa9cfef190a028b374005adbf3a804b1b677
Closes-Bug: #1309272
Now that we have stable branches for clients, it's easier to keep track
of the current default image's schema in Glance and update it
respectively. This patch adds the current image schema, including the
schema-properties.
One good reason to do this is to be able to react when a running Glance
instance is not around to be introspected. It's really unfortunate that
things like help text can't be rendered when there image schema is not
available in the system.
We could keep the schema in a json file but rather than shipping data
files with glanceclient we can just have it in the python modules.
Change-Id: I9b8cc1d18d6717ccf991fb8149ab13c06d653ee4
Closes-bug: #1481729
Now we have claimed v2 is the current API version of Glance,
we should change the Glance client as well to be consistent
with Glance server.
DocImpact
Change-Id: I09c9e409d149e2d797785591183e06c13229b7f7
Previously when listing images via v2, the first image of each batch
was validated against the v2 schema.
This could lead to unpredictable behaviour where a particular image
which failed the schema check may or may not be the first of a batch.
In some cases it also meant that operation by one user could affect the
ability of another other to list images.
Change-Id: I22974a3e3d9cbdd254099780752ae45ff2a557af
Closes-bug: 1477910
Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS
Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw
Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c
This commit enables new flake8 checks:
* E265 block comment should start with '# '
* H405 multi line docstring summary not separated with an empty line
* E123 closing bracket does not match indentation of opening bracket's line
* H238 old style class declaration, use new style (inherit from `object`)
* E128 continuation line under-indented for visual indent
and makes related changes in the code.
Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c
Add new tests for v2 tasks module to cover following cases:
- getting list of tasks using the marker
- getting list of tasks using sort_key & sort_dir keys
Change-Id: Ic126999ebb16e51cc472fe8f86dfe1fced0bc016
Closes-Bug: 1433637
This set provides API and shell commands support for:
- CRUD on metadef_tags;
Change-Id: I09bdf43edee6fff615d223f1a6df7c15a1e40565
Implements: blueprint metadefs-tags-cli
DocImpact
Vincent Untz