Adding options to user cli

User options [1] can be set by making POST and PATCH request for /v3/users API calls but cannot by openstack CLI because of no user options defined in create and update user CLI [2]. This patch adds the user options [1] in create user and update user CLI. [1] https://docs.openstack.org/keystone/latest/admin/resource-options.html#multi-factor-auth-rules [2] https://docs.openstack.org/api-ref/identity/v3/#create-user Change-Id: I4e41bae2e8cfbe92d52b14d856991bedcd44164f
author: Vishakha Agarwal <agarwalvishakha18@gmail.com> 2019-12-05 16:48:16 +0530
committer: Vishakha Agarwal <agarwalvishakha18@gmail.com> 2020-03-26 22:24:39 +0530
commit: 05da145eaee329e299b449ba2d7ea88d1325e432 (patch)
tree: 24864b1e0771143c4ad4cbc6edb0c5454dcc8f06 /openstackclient/identity
parent: c5719a12b5b84b2efd989030f17c0eacc9faf7ad (diff)
download: python-openstackclient-05da145eaee329e299b449ba2d7ea88d1325e432.tar.gz
1 files changed, 119 insertions, 1 deletions
diff --git a/openstackclient/identity/v3/user.py b/openstackclient/identity/v3/user.py
index ca85c5d8..cbc112a0 100644
--- a/openstackclient/identity/v3/user.py
+++ b/openstackclient/identity/v3/user.py
@@ -30,6 +30,114 @@ from openstackclient.identity import common
 LOG = logging.getLogger(__name__)
 
 
+def _get_options_for_user(identity_client, parsed_args):
+    options = {}
+    if parsed_args.ignore_lockout_failure_attempts:
+        options['ignore_lockout_failure_attempts'] = True
+    if parsed_args.no_ignore_lockout_failure_attempts:
+        options['ignore_lockout_failure_attempts'] = False
+    if parsed_args.ignore_password_expiry:
+        options['ignore_password_expiry'] = True
+    if parsed_args.no_ignore_password_expiry:
+        options['ignore_password_expiry'] = False
+    if parsed_args.ignore_change_password_upon_first_use:
+        options['ignore_change_password_upon_first_use'] = True
+    if parsed_args.no_ignore_change_password_upon_first_use:
+        options['ignore_change_password_upon_first_use'] = False
+    if parsed_args.enable_lock_password:
+        options['lock_password'] = True
+    if parsed_args.disable_lock_password:
+        options['lock_password'] = False
+    if parsed_args.enable_multi_factor_auth:
+        options['multi_factor_auth_enabled'] = True
+    if parsed_args.disable_multi_factor_auth:
+        options['multi_factor_auth_enabled'] = False
+    if parsed_args.multi_factor_auth_rule:
+        auth_rules = [rule.split(",") for rule in
+                      parsed_args.multi_factor_auth_rule]
+        if auth_rules:
+            options['multi_factor_auth_rules'] = auth_rules
+    return options
+
+
+def _add_user_options(parser):
+    # Add additional user options
+
+    parser.add_argument(
+        '--ignore-lockout-failure-attempts',
+        action="store_true",
+        help=_('Opt into ignoring the number of times a user has '
+               'authenticated and locking out the user as a result'),
+    )
+    parser.add_argument(
+        '--no-ignore-lockout-failure-attempts',
+        action="store_true",
+        help=_('Opt out of ignoring the number of times a user has '
+               'authenticated and locking out the user as a result'),
+    )
+    parser.add_argument(
+        '--ignore-password-expiry',
+        action="store_true",
+        help=_('Opt into allowing user to continue using passwords that '
+               'may be expired'),
+    )
+    parser.add_argument(
+        '--no-ignore-password-expiry',
+        action="store_true",
+        help=_('Opt out of allowing user to continue using passwords '
+               'that may be expired'),
+    )
+    parser.add_argument(
+        '--ignore-change-password-upon-first-use',
+        action="store_true",
+        help=_('Control if a user should be forced to change their password '
+               'immediately after they log into keystone for the first time. '
+               'Opt into ignoring the user to change their password during '
+               'first time login in keystone'),
+    )
+    parser.add_argument(
+        '--no-ignore-change-password-upon-first-use',
+        action="store_true",
+        help=_('Control if a user should be forced to change their password '
+               'immediately after they log into keystone for the first time. '
+               'Opt out of ignoring the user to change their password during '
+               'first time login in keystone'),
+    )
+    parser.add_argument(
+        '--enable-lock-password',
+        action="store_true",
+        help=_('Disables the ability for a user to change its password '
+               'through self-service APIs'),
+    )
+    parser.add_argument(
+        '--disable-lock-password',
+        action="store_true",
+        help=_('Enables the ability for a user to change its password '
+               'through self-service APIs'),
+    )
+    parser.add_argument(
+        '--enable-multi-factor-auth',
+        action="store_true",
+        help=_('Enables the MFA (Multi Factor Auth)'),
+    )
+    parser.add_argument(
+        '--disable-multi-factor-auth',
+        action="store_true",
+        help=_('Disables the MFA (Multi Factor Auth)'),
+    )
+    parser.add_argument(
+        '--multi-factor-auth-rule',
+        metavar='<rule>',
+        action="append",
+        default=[],
+        help=_('Set multi-factor auth rules. For example, to set a rule '
+               'requiring the "password" and "totp" auth methods to be '
+               'provided, use: "--multi-factor-auth-rule password,totp". '
+               'May be provided multiple times to set different rule '
+               'combinations.')
+    )
+
+
 class CreateUser(command.ShowOne):
     _description = _("Create new user")
 
@@ -72,6 +180,8 @@ class CreateUser(command.ShowOne):
             metavar='<description>',
             help=_('User description'),
         )
+        _add_user_options(parser)
+
         enable_group = parser.add_mutually_exclusive_group()
         enable_group.add_argument(
             '--enable',
@@ -113,6 +223,7 @@ class CreateUser(command.ShowOne):
         if not parsed_args.password:
             LOG.warning(_("No password was supplied, authentication will fail "
                           "when a user does not have a password."))
+        options = _get_options_for_user(identity_client, parsed_args)
 
         try:
             user = identity_client.users.create(
@@ -122,7 +233,8 @@ class CreateUser(command.ShowOne):
                 password=parsed_args.password,
                 email=parsed_args.email,
                 description=parsed_args.description,
-                enabled=enabled
+                enabled=enabled,
+                options=options,
             )
         except ks_exc.Conflict:
             if parsed_args.or_show:
@@ -333,6 +445,8 @@ class SetUser(command.Command):
             metavar='<description>',
             help=_('Set user description'),
         )
+        _add_user_options(parser)
+
         enable_group = parser.add_mutually_exclusive_group()
         enable_group.add_argument(
             '--enable',
@@ -390,6 +504,10 @@ class SetUser(command.Command):
         if parsed_args.disable:
             kwargs['enabled'] = False
 
+        options = _get_options_for_user(identity_client, parsed_args)
+        if options:
+            kwargs['options'] = options
+
         identity_client.users.update(user.id, **kwargs)
author	Vishakha Agarwal <agarwalvishakha18@gmail.com>	2019-12-05 16:48:16 +0530
committer	Vishakha Agarwal <agarwalvishakha18@gmail.com>	2020-03-26 22:24:39 +0530
commit	05da145eaee329e299b449ba2d7ea88d1325e432 (patch)
tree	24864b1e0771143c4ad4cbc6edb0c5454dcc8f06 /openstackclient/identity
parent	c5719a12b5b84b2efd989030f17c0eacc9faf7ad (diff)
download	python-openstackclient-05da145eaee329e299b449ba2d7ea88d1325e432.tar.gz