diff options
| author | Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br> | 2014-09-19 12:29:39 -0300 |
|---|---|---|
| committer | Raildo Mascena <raildo@lsd.ufcg.edu.br> | 2015-06-22 11:05:01 -0300 |
| commit | ed241ef9bc4e36137ecf835c545fdd44dddc426f (patch) | |
| tree | 447e645cad8a7e56896bad3b7f6c94b83be337ae | |
| parent | 3120a0bd2ac2dd8cf918abfeae8357e20ac6b34e (diff) | |
| download | python-openstackclient-ed241ef9bc4e36137ecf835c545fdd44dddc426f.tar.gz | |
Add support to inherited project role grant calls
Once inherited project role grant calls are
implemented on python-keystoneclient,
python-openstackclient also should support such
calls.
This patch add such support as well as its
related tests.
Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Change-Id: Id72670be8640e5c6e2490a6ef849e9ec3493b1a9
Implements: blueprint hierarchical-multitenancy
| -rw-r--r-- | doc/source/command-objects/role_assignment.rst | 5 | ||||
| -rw-r--r-- | openstackclient/identity/common.py | 9 | ||||
| -rw-r--r-- | openstackclient/identity/v3/role.py | 2 | ||||
| -rw-r--r-- | openstackclient/tests/identity/v3/test_role.py | 46 |
4 files changed, 62 insertions, 0 deletions
diff --git a/doc/source/command-objects/role_assignment.rst b/doc/source/command-objects/role_assignment.rst index 749d883e..cfb1079c 100644 --- a/doc/source/command-objects/role_assignment.rst +++ b/doc/source/command-objects/role_assignment.rst @@ -19,6 +19,7 @@ List role assignments [--domain <domain>] [--project <project>] [--effective] + [--inherited] .. option:: --role <role> @@ -43,3 +44,7 @@ List role assignments .. option:: --effective Returns only effective role assignments (defaults to False) + +.. option:: --inherited + + Specifies if the role grant is inheritable to the sub projects diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index 6eca02ba..2638b797 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -139,3 +139,12 @@ def add_project_domain_option_to_parser(parser): 'This can be used in case collisions between project names ' 'exist.') ) + + +def add_inherited_option_to_parser(parser): + parser.add_argument( + '--inherited', + action='store_true', + default=False, + help=('Specifies if the role grant is inheritable to the sub projects') + ) diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index 17f47ffd..199b7dca 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -55,6 +55,7 @@ def _add_identity_and_resource_options_to_parser(parser): common.add_group_domain_option_to_parser(parser) common.add_project_domain_option_to_parser(parser) common.add_user_domain_option_to_parser(parser) + common.add_inherited_option_to_parser(parser) def _process_identity_and_resource_options(parsed_args, @@ -102,6 +103,7 @@ def _process_identity_and_resource_options(parsed_args, parsed_args.project, parsed_args.group_domain, ).id + kwargs['inherited'] = parsed_args.inherited return kwargs diff --git a/openstackclient/tests/identity/v3/test_role.py b/openstackclient/tests/identity/v3/test_role.py index 84cf07a1..4ff3b95f 100644 --- a/openstackclient/tests/identity/v3/test_role.py +++ b/openstackclient/tests/identity/v3/test_role.py @@ -45,6 +45,15 @@ class TestRole(identity_fakes.TestIdentityv3): self.roles_mock = self.app.client_manager.identity.roles self.roles_mock.reset_mock() + def _is_inheritance_testcase(self): + return False + + +class TestRoleInherited(TestRole): + + def _is_inheritance_testcase(self): + return True + class TestRoleAdd(TestRole): @@ -95,12 +104,15 @@ class TestRoleAdd(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -111,6 +123,7 @@ class TestRoleAdd(TestRole): kwargs = { 'user': identity_fakes.user_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -124,12 +137,15 @@ class TestRoleAdd(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -140,6 +156,7 @@ class TestRoleAdd(TestRole): kwargs = { 'user': identity_fakes.user_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -153,12 +170,15 @@ class TestRoleAdd(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -169,6 +189,7 @@ class TestRoleAdd(TestRole): kwargs = { 'group': identity_fakes.group_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -182,12 +203,15 @@ class TestRoleAdd(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -198,6 +222,7 @@ class TestRoleAdd(TestRole): kwargs = { 'group': identity_fakes.group_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.grant(role, user=, group=, domain=, project=) self.roles_mock.grant.assert_called_with( @@ -206,6 +231,10 @@ class TestRoleAdd(TestRole): ) +class TestRoleAddInherited(TestRoleAdd, TestRoleInherited): + pass + + class TestRoleCreate(TestRole): def setUp(self): @@ -550,12 +579,15 @@ class TestRoleRemove(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -566,6 +598,7 @@ class TestRoleRemove(TestRole): kwargs = { 'user': identity_fakes.user_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( @@ -579,12 +612,15 @@ class TestRoleRemove(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', identity_fakes.user_name), ('group', None), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -595,6 +631,7 @@ class TestRoleRemove(TestRole): kwargs = { 'user': identity_fakes.user_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( @@ -608,12 +645,16 @@ class TestRoleRemove(TestRole): '--domain', identity_fakes.domain_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', identity_fakes.domain_name), ('project', None), ('role', identity_fakes.role_name), + ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -624,6 +665,7 @@ class TestRoleRemove(TestRole): kwargs = { 'group': identity_fakes.group_id, 'domain': identity_fakes.domain_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( @@ -637,12 +679,15 @@ class TestRoleRemove(TestRole): '--project', identity_fakes.project_name, identity_fakes.role_name, ] + if self._is_inheritance_testcase(): + arglist.append('--inherited') verifylist = [ ('user', None), ('group', identity_fakes.group_name), ('domain', None), ('project', identity_fakes.project_name), ('role', identity_fakes.role_name), + ('inherited', self._is_inheritance_testcase()), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -653,6 +698,7 @@ class TestRoleRemove(TestRole): kwargs = { 'group': identity_fakes.group_id, 'project': identity_fakes.project_id, + 'inherited': self._is_inheritance_testcase(), } # RoleManager.revoke(role, user=, group=, domain=, project=) self.roles_mock.revoke.assert_called_with( |