Add support for app cred access rules

This commit introduces the --access-rules option for 'application credential create' as well as new 'access rule' commands for listing, showing, and deleting access rules. bp whitelist-extension-for-app-creds Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
author: Colleen Murphy <colleen.murphy@suse.de> 2019-08-21 17:38:29 -0700
committer: Colleen Murphy <colleen.murphy@suse.com> 2020-01-17 11:14:51 -0800
commit: 70ab3f9dd56a638cdff516ca85baa5ebd64c888b (patch)
tree: d8a92201238b7bcc749c80bb2d8a403f3d3b2d1b /openstackclient/identity/v3/application_credential.py
parent: db29e28b7c1a6ef737f0c4cd459906379f59b252 (diff)
download: python-openstackclient-70ab3f9dd56a638cdff516ca85baa5ebd64c888b.tar.gz
1 files changed, 27 insertions, 0 deletions
diff --git a/openstackclient/identity/v3/application_credential.py b/openstackclient/identity/v3/application_credential.py
index ea0b30cd..a2089856 100644
--- a/openstackclient/identity/v3/application_credential.py
+++ b/openstackclient/identity/v3/application_credential.py
@@ -16,6 +16,7 @@
 """Identity v3 Application Credential action implementations"""
 
 import datetime
+import json
 import logging
 
 from osc_lib.command import command
@@ -79,6 +80,17 @@ class CreateApplicationCredential(command.ShowOne):
                    ' other application credentials and trusts (this is the'
                    ' default behavior)'),
         )
+        parser.add_argument(
+            '--access-rules',
+            metavar='<access-rules>',
+            help=_('Either a string or file path containing a JSON-formatted '
+                   'list of access rules, each containing a request method, '
+                   'path, and service, for example '
+                   '\'[{"method": "GET", '
+                   '"path": "/v2.1/servers", '
+                   '"service": "compute"}]\''),
+
+        )
         return parser
 
     def take_action(self, parsed_args):
@@ -105,6 +117,20 @@ class CreateApplicationCredential(command.ShowOne):
         else:
             unrestricted = parsed_args.unrestricted
 
+        if parsed_args.access_rules:
+            try:
+                access_rules = json.loads(parsed_args.access_rules)
+            except ValueError:
+                try:
+                    with open(parsed_args.access_rules) as f:
+                        access_rules = json.load(f)
+                except IOError:
+                    raise exceptions.CommandError(
+                        _("Access rules is not valid JSON string or file does"
+                          " not exist."))
+        else:
+            access_rules = None
+
         app_cred_manager = identity_client.application_credentials
         application_credential = app_cred_manager.create(
             parsed_args.name,
@@ -113,6 +139,7 @@ class CreateApplicationCredential(command.ShowOne):
             description=parsed_args.description,
             secret=parsed_args.secret,
             unrestricted=unrestricted,
+            access_rules=access_rules,
         )
 
         application_credential._info.pop('links', None)
author	Colleen Murphy <colleen.murphy@suse.de>	2019-08-21 17:38:29 -0700
committer	Colleen Murphy <colleen.murphy@suse.com>	2020-01-17 11:14:51 -0800
commit	70ab3f9dd56a638cdff516ca85baa5ebd64c888b (patch)
tree	d8a92201238b7bcc749c80bb2d8a403f3d3b2d1b /openstackclient/identity/v3/application_credential.py
parent	db29e28b7c1a6ef737f0c4cd459906379f59b252 (diff)
download	python-openstackclient-70ab3f9dd56a638cdff516ca85baa5ebd64c888b.tar.gz