delta/openstack/python-openstackclient.git/openstackclient/identity, branch ussuri-em opendev.org: openstack/python-openstackclient Fix reverted osc-lib interface change 2021-01-21T14:26:33+00:00 Roger Luethi rl@patchworkscience.org 2020-07-23T11:20:09+00:00 0a8d855764c049be983ece4aaad02eea866da09e The patch https://review.opendev.org/#/c/673389/ introduced a regression by changing the osc-lib interface. Two conflicting attempts to fix the regression were launched: 1) Reverting the patch. 2) The patch https://review.opendev.org/683119 changes the exception from the generic CommandError back to a specific Forbidden exception. The patch https://review.opendev.org/683118 catches this exception and passes on, i.e. re-implements the same behavior as before. The first idea was implemented, the initial patch reverted. The second idea was partially implemented. The change in python-openstackclient (683118) was merged. The change in osc-lib was approved but failed to merge because the initial change had been reverted. Now we have again a situation where the exception produced in osc-lib does not match the exception expected by the caller. It is unclear if the osc-lib interface will ever get a rebased version of https://review.opendev.org/683119 merged, so the safest way to address the issue is to also catch the exception that used to be thrown before the inital change and is again thrown after the inital change has been reverted. Change-Id: I2ea2def607ec5be112e42d53a1e660fef0cdd69c (cherry picked from commit 0a8753dc3eaeda25554ccd769350de1e9792a62b) 
The patch https://review.opendev.org/#/c/673389/ introduced a regression
by changing the osc-lib interface.

Two conflicting attempts to fix the regression were launched:

1) Reverting the patch.

2) The patch https://review.opendev.org/683119 changes the exception
   from the generic CommandError back to a specific Forbidden exception.

   The patch https://review.opendev.org/683118 catches this exception
   and passes on, i.e. re-implements the same behavior as before.

The first idea was implemented, the initial patch reverted. The second
idea was partially implemented. The change in python-openstackclient
(683118) was merged. The change in osc-lib was approved but failed to
merge because the initial change had been reverted.

Now we have again a situation where the exception produced in osc-lib
does not match the exception expected by the caller.

It is unclear if the osc-lib interface will ever get a rebased version
of https://review.opendev.org/683119 merged, so the safest way to
address the issue is to also catch the exception that used to be
thrown before the inital change and is again thrown after the inital
change has been reverted.

Change-Id: I2ea2def607ec5be112e42d53a1e660fef0cdd69c
(cherry picked from commit 0a8753dc3eaeda25554ccd769350de1e9792a62b)
Bypass user and group verification in RemoveRole 2020-08-19T15:49:55+00:00 Lance Bragstad lbragstad@gmail.com 2020-07-09T22:07:52+00:00 b30843cee35e50e516a41a48bcbe00dd2c1639f4 Keystone let's users remove role assignments that reference non-existent users and groups. This is nice when keystone backs to an identity store like LDAP and users or groups are removed. Previously, openstackclient would validate the user and group existed in keystone before sending the request to delete the role assignment. This commit updates the code to bypass that validation so that users can use IDs to forcibly cleanup role assignments. Change-Id: I102b41677736bbe37a82abaa3c5b3e1faf2475d5 Story: 2006635 Task: 36848 (cherry picked from commit e24673267093de85beee753860cda1fb224ce4bc) 
Keystone let's users remove role assignments that reference non-existent
users and groups. This is nice when keystone backs to an identity store
like LDAP and users or groups are removed.

Previously, openstackclient would validate the user and group existed in
keystone before sending the request to delete the role assignment. This
commit updates the code to bypass that validation so that users can use
IDs to forcibly cleanup role assignments.

Change-Id: I102b41677736bbe37a82abaa3c5b3e1faf2475d5
Story: 2006635
Task: 36848
(cherry picked from commit e24673267093de85beee753860cda1fb224ce4bc)
Client should parse string to boolean for value 'is_domain' 2020-06-10T19:21:41+00:00 yanpuqing yanpq@awcloud.com 2019-05-20T06:47:44+00:00 19723aee18e2901e9250dd840a61359704baa170 When we use "--property" parameter, client get lists these the value is string type, but the type of the value 'is_domain' should be boolean, so we should judge it and parse it. The patch parse string to boolean for value 'is_domain'. Co-Authored-By: Lance Bragstad <lbragstad@gmail.com> Conflict: Direct backports of this patch fail because the original tests proposed to the Victoria (master) branch included keystone ``options``. Support for ``options`` was added in: I9c3bdd741f28bf558267fb217818d947597ce13e This backport removes the ``options`` key from the expected values in the tests since feature support for ``options`` isn't going to be backported. Otherwise, the functionality of this change is fully tested like it is on later releases. Change-Id: I37c9eb854524bde3a1530bfe2e3a03810fb1a676 Task: 30039 Story: 2005246 (cherry picked from commit 533af9f1b2de40d98f69e83cdf89ecf254cf3879) 
When we use "--property" parameter, client get lists these the
value is string type, but the type of the value 'is_domain'
should be boolean, so we should judge it and parse it.
The patch parse string to boolean for value 'is_domain'.

Co-Authored-By: Lance Bragstad <lbragstad@gmail.com>

Conflict:
  Direct backports of this patch fail because the original tests
  proposed to the Victoria (master) branch included keystone
  ``options``. Support for ``options`` was added in:

    I9c3bdd741f28bf558267fb217818d947597ce13e

  This backport removes the ``options`` key from the expected values in
  the tests since feature support for ``options`` isn't going to be
  backported. Otherwise, the functionality of this change is fully
  tested like it is on later releases.

Change-Id: I37c9eb854524bde3a1530bfe2e3a03810fb1a676
Task: 30039
Story: 2005246
(cherry picked from commit 533af9f1b2de40d98f69e83cdf89ecf254cf3879)
Merge "Now we can add description for role creation in OSC" 2020-03-20T18:59:44+00:00 Zuul zuul@review.opendev.org 2020-03-20T18:59:44+00:00 fc12033f1da53fe11f930dd405eae5e2bf814621 






Fix copypaste errors in access rule command
2020-01-21T23:08:46+00:00

Colleen Murphy
colleen.murphy@suse.com

2020-01-21T23:08:46+00:00

99b0b073922fb64ca4d0f6a5c44a28bc339b4312

Access rules are access rules, not application credentials.

Change-Id: I74d05f11ec186283e5a86d92dcbfe4eb24130eee





Access rules are access rules, not application credentials.

Change-Id: I74d05f11ec186283e5a86d92dcbfe4eb24130eee







Add support for app cred access rules
2020-01-17T19:14:51+00:00

Colleen Murphy
colleen.murphy@suse.de

2019-08-22T00:38:29+00:00

70ab3f9dd56a638cdff516ca85baa5ebd64c888b

This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.

bp whitelist-extension-for-app-creds

Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa





This commit introduces the --access-rules option for 'application
credential create' as well as new 'access rule' commands for listing,
showing, and deleting access rules.

bp whitelist-extension-for-app-creds

Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa







Replace six.iteritems() with .items()
2020-01-09T09:41:29+00:00

lihaijing
lihaijing@fiberhome.com

2017-07-07T03:48:48+00:00

d15bbada73f81136c966007d9c564dd6cfb2fd9c

1. As mentioned in [1], we should avoid using six.iteritems to achieve
   iterators. We can use dict.items instead, as it will return iterators
   in PY3 as well. And dict.items/keys will more readable.

2. In py2, the performance about list should be negligible,
   see the link [2].

[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html

Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I4b9edb326444264c0f6c4ad281acaac356a07e85
Implements: blueprint replace-iteritems-with-items





1. As mentioned in [1], we should avoid using six.iteritems to achieve
   iterators. We can use dict.items instead, as it will return iterators
   in PY3 as well. And dict.items/keys will more readable.

2. In py2, the performance about list should be negligible,
   see the link [2].

[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html

Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I4b9edb326444264c0f6c4ad281acaac356a07e85
Implements: blueprint replace-iteritems-with-items







neutron: autogenerate docs
2019-11-01T19:24:30+00:00

Eric Fried
openstack@fried.cc

2019-10-28T22:27:38+00:00

cd6c285cc6c2274e6b42cc452ba4a61a3487ca23

$namespace = openstack.network.v2

The subcommand documents for $namespace were hardcoded and thus prone to
drift over time. This commit removes the hardcoded content and uses the
autoprogram-cliff directive to generate them automatically from the
subcommand configuration classes.

This one turned out to be quite involved, because we support both
neutron and nova-network. When running in a real cloud, the command
classes detect whether the neutron service is present, assume
nova-network if that service is not found, and only add parser options
relevant to the detected service. But the docs need to present both sets
of options. This was easy enough when they were hardcoded, but required
a bit of additional infrastructure for generated docs.

Change-Id: I426261eb1d86bcc68656aabd61f10b7f082da402





$namespace = openstack.network.v2

The subcommand documents for $namespace were hardcoded and thus prone to
drift over time. This commit removes the hardcoded content and uses the
autoprogram-cliff directive to generate them automatically from the
subcommand configuration classes.

This one turned out to be quite involved, because we support both
neutron and nova-network. When running in a real cloud, the command
classes detect whether the neutron service is present, assume
nova-network if that service is not found, and only add parser options
relevant to the detected service. But the docs need to present both sets
of options. This was easy enough when they were hardcoded, but required
a bit of additional infrastructure for generated docs.

Change-Id: I426261eb1d86bcc68656aabd61f10b7f082da402







Merge "Add parent project filter for listing projects"
2019-10-22T21:16:40+00:00

Zuul
zuul@review.opendev.org

2019-10-22T21:16:40+00:00

7e98aaefa9f8d94f9b6cadeee76e452666a4c0ca












Fix osc-lib interface change: catch osc-lib Forbidden
2019-09-19T11:59:11+00:00

Andreas Florath
Andreas.Florath@telekom.de

2019-09-19T11:44:14+00:00

9ad343968947fc025b530644c3369c60a2c14ea5

The patch https://review.opendev.org/#/c/673389/
introduced a regression by changing the osc-lib
interface.

The patch
https://review.opendev.org/683119
changes the exception from the generic CommandError
back to a specific Forbidden exception.

This patch catches this exception and passes on, i.e.
re-implements the same behavior as before.

Story: 2006547

Change-Id: I17b1ec7abaa5b0828ccbcad40bd928565c5c59fb
Signed-off-by: Andreas Florath <Andreas.Florath@telekom.de>





The patch https://review.opendev.org/#/c/673389/
introduced a regression by changing the osc-lib
interface.

The patch
https://review.opendev.org/683119
changes the exception from the generic CommandError
back to a specific Forbidden exception.

This patch catches this exception and passes on, i.e.
re-implements the same behavior as before.

Story: 2006547

Change-Id: I17b1ec7abaa5b0828ccbcad40bd928565c5c59fb
Signed-off-by: Andreas Florath <Andreas.Florath@telekom.de>