diff options
| author | Jenkins <jenkins@review.openstack.org> | 2015-06-03 21:08:52 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2015-06-03 21:08:52 +0000 |
| commit | 7f658c0aca25dd705765bd28e0fa9ea504dc596b (patch) | |
| tree | ed7aaf5ac214d90b88825232e8261a5a3baaab69 | |
| parent | 1fff11a9ab409a62fd48ee235377deb4c400c59f (diff) | |
| parent | 7665d52a0c0643aa6034aa8cf3ae1240c693ca5f (diff) | |
| download | python-openstackclient-7f658c0aca25dd705765bd28e0fa9ea504dc596b.tar.gz | |
Merge "Add domain support for ec2creds in v3 identity"
| -rw-r--r-- | doc/source/command-objects/ec2-credentials.rst | 41 | ||||
| -rw-r--r-- | openstackclient/identity/v3/ec2creds.py | 135 |
2 files changed, 129 insertions, 47 deletions
diff --git a/doc/source/command-objects/ec2-credentials.rst b/doc/source/command-objects/ec2-credentials.rst index a5b67549..d675dc8c 100644 --- a/doc/source/command-objects/ec2-credentials.rst +++ b/doc/source/command-objects/ec2-credentials.rst @@ -15,6 +15,8 @@ Create EC2 credentials os ec2 credentials create [--project <project>] [--user <user>] + [--user-domain <user-domain>] + [--project-domain <project-domain>] .. option:: --project <project> @@ -24,6 +26,21 @@ Create EC2 credentials Specify an alternate user (default: current authenticated user) +.. option:: --user-domain <user-domain> + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + +.. option:: --project-domain <project-domain> + + Domain the project belongs to (name or ID). + This can be used in case collisions between project names exist. + + .. versionadded:: 3 + + The :option:`--project` and :option:`--user` options are typically only useful for admin users, but may be allowed for other users depending on the policy of the cloud and the roles granted to the user. @@ -38,12 +55,20 @@ Delete EC2 credentials os ec2 credentials delete [--user <user>] + [--user-domain <user-domain>] <access-key> .. option:: --user <user> Specify a user +.. option:: --user-domain <user-domain> + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + .. _ec2_credentials_delete-access-key: .. describe:: access-key @@ -63,11 +88,19 @@ List EC2 credentials os ec2 credentials list [--user <user>] + [--user-domain <user-domain>] .. option:: --user <user> Filter list by <user> +.. option:: --user-domain <user-domain> + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + The :option:`--user` option is typically only useful for admin users, but may be allowed for other users depending on the policy of the cloud and the roles granted to the user. @@ -82,12 +115,20 @@ Display EC2 credentials details os ec2 credentials show [--user <user>] + [--user-domain <user-domain>] <access-key> .. option:: --user <user> Specify a user +.. option:: --user-domain <user-domain> + + Domain the user belongs to (name or ID). + This can be used in case collisions between user names exist. + + .. versionadded:: 3 + .. _ec2_credentials_show-access-key: .. describe:: access-key diff --git a/openstackclient/identity/v3/ec2creds.py b/openstackclient/identity/v3/ec2creds.py index 254cca78..c49502c6 100644 --- a/openstackclient/identity/v3/ec2creds.py +++ b/openstackclient/identity/v3/ec2creds.py @@ -21,6 +21,35 @@ from cliff import show from openstackclient.common import utils from openstackclient.i18n import _ # noqa +from openstackclient.identity import common + + +def _determine_ec2_user(parsed_args, client_manager): + """Determine a user several different ways. + + Assumes parsed_args has user and user_domain arguments. Attempts to find + the user if domain scoping is provided, otherwise revert to a basic user + call. Lastly use the currently authenticated user. + + """ + + user_domain = None + if parsed_args.user_domain: + user_domain = common.find_domain(client_manager.identity, + parsed_args.user_domain) + if parsed_args.user: + if user_domain is not None: + user = utils.find_resource(client_manager.identity.users, + parsed_args.user, + domain_id=user_domain.id).id + else: + user = utils.find_resource( + client_manager.identity.users, + parsed_args.user).id + else: + # Get the user from the current auth + user = client_manager.auth_ref.user_id + return user class CreateEC2Creds(show.ShowOne): @@ -42,28 +71,45 @@ class CreateEC2Creds(show.ShowOne): help=_('Specify an alternate user' ' (default: current authenticated user)'), ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) + parser.add_argument( + '--project-domain', + metavar='<project-domain>', + help=('Domain the project belongs to (name or ID). ' + 'This can be used in case collisions between project names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity + client_manager = self.app.client_manager + user = self.determine_ec2_user(parsed_args, client_manager) + + project_domain = None + if parsed_args.project_domain: + project_domain = common.find_domain(identity_client, + parsed_args.project_domain) if parsed_args.project: - project = utils.find_resource( - identity_client.projects, - parsed_args.project, - ).id + if project_domain is not None: + project = utils.find_resource(identity_client.projects, + parsed_args.project, + domain_id=project_domain.id).id + else: + project = utils.find_resource( + identity_client.projects, + parsed_args.project).id else: # Get the project from the current auth project = self.app.client_manager.auth_ref.project_id - if parsed_args.user: - user = utils.find_resource( - identity_client.users, - parsed_args.user, - ).id - else: - # Get the user from the current auth - user = self.app.client_manager.auth_ref.user_id creds = identity_client.ec2.create(user, project) @@ -95,22 +141,20 @@ class DeleteEC2Creds(command.Command): metavar='<user>', help=_('Specify a user'), ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) - identity_client = self.app.client_manager.identity - - if parsed_args.user: - user = utils.find_resource( - identity_client.users, - parsed_args.user, - ).id - else: - # Get the user from the current auth - user = self.app.client_manager.auth_ref.user_id - - identity_client.ec2.delete(user, parsed_args.access_key) + client_manager = self.app.client_manager + user = self.determine_ec2_user(parsed_args, client_manager) + client_manager.identity.ec2.delete(user, parsed_args.access_key) class ListEC2Creds(lister.Lister): @@ -125,24 +169,23 @@ class ListEC2Creds(lister.Lister): metavar='<user>', help=_('Specify a user'), ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) - identity_client = self.app.client_manager.identity - - if parsed_args.user: - user = utils.find_resource( - identity_client.users, - parsed_args.user, - ).id - else: - # Get the user from the current auth - user = self.app.client_manager.auth_ref.user_id + client_manager = self.app.client_manager + user = self.determine_ec2_user(parsed_args, client_manager) columns = ('access', 'secret', 'tenant_id', 'user_id') column_headers = ('Access', 'Secret', 'Project ID', 'User ID') - data = identity_client.ec2.list(user) + data = client_manager.identity.ec2.list(user) return (column_headers, (utils.get_item_properties( @@ -168,22 +211,20 @@ class ShowEC2Creds(show.ShowOne): metavar='<user>', help=_('Specify a user'), ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) - identity_client = self.app.client_manager.identity - - if parsed_args.user: - user = utils.find_resource( - identity_client.users, - parsed_args.user, - ).id - else: - # Get the user from the current auth - user = self.app.client_manager.auth_ref.user_id - - creds = identity_client.ec2.get(user, parsed_args.access_key) + client_manager = self.app.client_manager + user = self.determine_ec2_user(parsed_args, client_manager) + creds = client_manager.identity.ec2.get(user, parsed_args.access_key) info = {} info.update(creds._info) |