diff options
| author | Henry Nash <henryn@linux.vnet.ibm.com> | 2016-04-29 23:59:27 +0100 |
|---|---|---|
| committer | Dean Troyer <dtroyer@gmail.com> | 2016-07-22 21:46:29 +0000 |
| commit | 713d92df4e53f74698a1ff2dfcb7514ff22f023b (patch) | |
| tree | dbf6825abaa32d4779d07ea28c7d637411959efd /openstackclient/identity/v3 | |
| parent | 719c5d79ced34687944eb0bf458f36070817a7b9 (diff) | |
| download | python-openstackclient-713d92df4e53f74698a1ff2dfcb7514ff22f023b.tar.gz | |
Add assignment list to v2 identity and deprecate alternate listing
The current identity role list command (both v2 and v3) is
overloaded with listing roles as well as assignments (if you
provide user, group, project or domain options). This is in
addition to the v3 assignment list command designed for this
purpose.
This overloading complicates the fact that roles can now be
domain specific (i.e. have a domain attribute), so the
command 'role list --domain <domain-name' will soon become
ambigious (this is in a follow on patch).
This patch:
- Adds a v2 assignments list, with support for pulling the
user and project from the auth credentials
- For comapability, adds the same auth support to the
existing v3 assignments list
- Deprecates the use of role list and user role list to list
assignments
Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8
Partial-Bug: 1605774
Diffstat (limited to 'openstackclient/identity/v3')
| -rw-r--r-- | openstackclient/identity/v3/role.py | 20 | ||||
| -rw-r--r-- | openstackclient/identity/v3/role_assignment.py | 26 |
2 files changed, 46 insertions, 0 deletions
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index 27380179..e8a03ff3 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -251,6 +251,10 @@ class ListRole(command.Lister): for user_role in data: user_role.user = user.name user_role.domain = domain.name + self.log.warning(_('Listing assignments using role list is ' + 'deprecated. Use role assignment list --user ' + '<user-name> --domain <domain-name> --names ' + 'instead.')) elif parsed_args.user and parsed_args.project: columns = ('ID', 'Name', 'Project', 'User') data = identity_client.roles.list( @@ -261,6 +265,10 @@ class ListRole(command.Lister): for user_role in data: user_role.user = user.name user_role.project = project.name + self.log.warning(_('Listing assignments using role list is ' + 'deprecated. Use role assignment list --user ' + '<user-name> --project <project-name> --names ' + 'instead.')) elif parsed_args.user: columns = ('ID', 'Name') data = identity_client.roles.list( @@ -268,6 +276,10 @@ class ListRole(command.Lister): domain='default', os_inherit_extension_inherited=parsed_args.inherited ) + self.log.warning(_('Listing assignments using role list is ' + 'deprecated. Use role assignment list --user ' + '<user-name> --domain default --names ' + 'instead.')) elif parsed_args.group and parsed_args.domain: columns = ('ID', 'Name', 'Domain', 'Group') data = identity_client.roles.list( @@ -278,6 +290,10 @@ class ListRole(command.Lister): for group_role in data: group_role.group = group.name group_role.domain = domain.name + self.log.warning(_('Listing assignments using role list is ' + 'deprecated. Use role assignment list --group ' + '<group-name> --domain <domain-name> --names ' + 'instead.')) elif parsed_args.group and parsed_args.project: columns = ('ID', 'Name', 'Project', 'Group') data = identity_client.roles.list( @@ -288,6 +304,10 @@ class ListRole(command.Lister): for group_role in data: group_role.group = group.name group_role.project = project.name + self.log.warning(_('Listing assignments using role list is ' + 'deprecated. Use role assignment list --group ' + '<group-name> --project <project-name> --names ' + 'instead.')) else: sys.stderr.write(_("Error: If a user or group is specified, " "either --domain or --project must also be " diff --git a/openstackclient/identity/v3/role_assignment.py b/openstackclient/identity/v3/role_assignment.py index 39e2336d..6177d1a5 100644 --- a/openstackclient/identity/v3/role_assignment.py +++ b/openstackclient/identity/v3/role_assignment.py @@ -67,6 +67,19 @@ class ListRoleAssignment(command.Lister): ) common.add_project_domain_option_to_parser(parser) common.add_inherited_option_to_parser(parser) + parser.add_argument( + '--auth-user', + action="store_true", + dest='authuser', + help='Only list assignments for the authenticated user', + ) + parser.add_argument( + '--auth-project', + action="store_true", + dest='authproject', + help='Only list assignments for the project to which the ' + 'authenticated user\'s token is scoped', + ) return parser def _as_tuple(self, assignment): @@ -75,6 +88,7 @@ class ListRoleAssignment(command.Lister): def take_action(self, parsed_args): identity_client = self.app.client_manager.identity + auth_ref = self.app.client_manager.auth_ref role = None if parsed_args.role: @@ -90,6 +104,12 @@ class ListRoleAssignment(command.Lister): parsed_args.user, parsed_args.user_domain, ) + elif parsed_args.authuser: + if auth_ref: + user = common.find_user( + identity_client, + auth_ref.user_id + ) domain = None if parsed_args.domain: @@ -105,6 +125,12 @@ class ListRoleAssignment(command.Lister): parsed_args.project, parsed_args.project_domain, ) + elif parsed_args.authproject: + if auth_ref: + project = common.find_project( + identity_client, + auth_ref.project_id + ) group = None if parsed_args.group: |