diff options
| author | Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> | 2022-07-13 15:09:34 +0300 |
|---|---|---|
| committer | Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> | 2022-07-13 22:28:07 +0300 |
| commit | 167cf11e825af95fe40c1daefdb6095c791a3ee5 (patch) | |
| tree | 9bbfbc40d1d15ea14040cf9fc623ef03334b8781 /openstackclient/identity | |
| parent | e49ad1795b9dd57d5a82fb6f8f365fa20041cf29 (diff) | |
| download | python-openstackclient-167cf11e825af95fe40c1daefdb6095c791a3ee5.tar.gz | |
Add authorization_ttl for identity providers
this is supported since Ussuri (Keystone API version 3.14) but was
lacking from openstackclient.
Change-Id: Ifac818b9a4eff66d9a68455ada1ddfe67cb46b3b
Diffstat (limited to 'openstackclient/identity')
| -rw-r--r-- | openstackclient/identity/v3/identity_provider.py | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/openstackclient/identity/v3/identity_provider.py b/openstackclient/identity/v3/identity_provider.py index 7307cea0..19a62144 100644 --- a/openstackclient/identity/v3/identity_provider.py +++ b/openstackclient/identity/v3/identity_provider.py @@ -63,6 +63,16 @@ class CreateIdentityProvider(command.ShowOne): 'specified, a domain will be created automatically. ' '(Name or ID)'), ) + parser.add_argument( + '--authorization-ttl', + metavar='<authorization-ttl>', + type=int, + help=_('Time to keep the role assignments for users ' + 'authenticating via this identity provider. ' + 'When not provided, global default configured in the ' + 'Identity service will be used. ' + 'Available since Identity API version 3.14 (Ussuri).'), + ) enable_identity_provider = parser.add_mutually_exclusive_group() enable_identity_provider.add_argument( '--enable', @@ -95,12 +105,23 @@ class CreateIdentityProvider(command.ShowOne): domain_id = common.find_domain(identity_client, parsed_args.domain).id + # TODO(pas-ha) actually check for 3.14 microversion + kwargs = {} + auth_ttl = parsed_args.authorization_ttl + if auth_ttl is not None: + if auth_ttl < 0: + msg = (_("%(param)s must be positive integer or zero." + ) % {"param": "authorization-ttl"}) + raise exceptions.CommandError(msg) + kwargs['authorization_ttl'] = auth_ttl + idp = identity_client.federation.identity_providers.create( id=parsed_args.identity_provider_id, remote_ids=remote_ids, description=parsed_args.description, domain_id=domain_id, - enabled=parsed_args.enabled) + enabled=parsed_args.enabled, + **kwargs) idp._info.pop('links', None) remote_ids = format_columns.ListColumn(idp._info.pop('remote_ids', [])) @@ -205,6 +226,14 @@ class SetIdentityProvider(command.Command): help=_('Name of a file that contains many remote IDs to associate ' 'with the identity provider, one per line'), ) + parser.add_argument( + '--authorization-ttl', + metavar='<authorization-ttl>', + type=int, + help=_('Time to keep the role assignments for users ' + 'authenticating via this identity provider. ' + 'Available since Identity API version 3.14 (Ussuri).'), + ) enable_identity_provider = parser.add_mutually_exclusive_group() enable_identity_provider.add_argument( '--enable', @@ -241,6 +270,20 @@ class SetIdentityProvider(command.Command): if parsed_args.remote_id_file or parsed_args.remote_id: kwargs['remote_ids'] = remote_ids + # TODO(pas-ha) actually check for 3.14 microversion + # TODO(pas-ha) make it possible to reset authorization_ttl + # back to None value. + # Currently not possible as filter_kwargs decorator in + # keystoneclient/base.py explicitly drops the None-valued keys + # from kwargs, and 'update' method is wrapped in this decorator. + auth_ttl = parsed_args.authorization_ttl + if auth_ttl is not None: + if auth_ttl < 0: + msg = (_("%(param)s must be positive integer or zero." + ) % {"param": "authorization-ttl"}) + raise exceptions.CommandError(msg) + kwargs['authorization_ttl'] = auth_ttl + federation_client.identity_providers.update( parsed_args.identity_provider, **kwargs |