diff options
| author | Nicolas Belouin <nicolas.belouin@gandi.net> | 2022-01-14 15:44:11 +0100 |
|---|---|---|
| committer | Nicolas Belouin <nicolas.belouin@gandi.net> | 2022-04-12 06:26:18 +0000 |
| commit | 64e4520b2a79b9046a791f5e3729f5cbfc2d3fa5 (patch) | |
| tree | 25863212b91ab41998abc6455a495ebe60b01fa1 /openstackclient/identity | |
| parent | dabaec5a7b1b9786a8f91eebef738bf755faf059 (diff) | |
| download | python-openstackclient-64e4520b2a79b9046a791f5e3729f5cbfc2d3fa5.tar.gz | |
Add trustor and trustee filtering to trusts list
The keystone API supports filtering trusts by trustor and/or
trustee.
Also adds a shortcut parameter to get trusts with current
user as trustee or trustor.
Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
Change-Id: I00ed2b68cf8ada214a59f640f4f0a5c9dbc37063
Diffstat (limited to 'openstackclient/identity')
| -rw-r--r-- | openstackclient/identity/v3/trust.py | 87 |
1 files changed, 86 insertions, 1 deletions
diff --git a/openstackclient/identity/v3/trust.py b/openstackclient/identity/v3/trust.py index cd3a65d0..61273f41 100644 --- a/openstackclient/identity/v3/trust.py +++ b/openstackclient/identity/v3/trust.py @@ -176,10 +176,95 @@ class DeleteTrust(command.Command): class ListTrust(command.Lister): _description = _("List trusts") + def get_parser(self, prog_name): + parser = super().get_parser(prog_name) + parser.add_argument( + '--trustor', + metavar='<trustor-user>', + help=_('Trustor user to filter (name or ID)'), + ) + parser.add_argument( + '--trustee', + metavar='<trustee-user>', + help=_('Trustee user to filter (name or ID)'), + ) + parser.add_argument( + '--trustor-domain', + metavar='<trustor-domain>', + help=_('Domain that contains <trustor> (name or ID)'), + ) + parser.add_argument( + '--trustee-domain', + metavar='<trustee-domain>', + help=_('Domain that contains <trustee> (name or ID)'), + ) + parser.add_argument( + '--auth-user', + action="store_true", + dest='authuser', + help=_('Only list trusts related to the authenticated user'), + ) + return parser + def take_action(self, parsed_args): + identity_client = self.app.client_manager.identity + auth_ref = self.app.client_manager.auth_ref + + if parsed_args.authuser and any([ + parsed_args.trustor, + parsed_args.trustor_domain, + parsed_args.trustee, + parsed_args.trustee_domain, + ]): + msg = _("--authuser cannot be used with --trustee or --trustor") + raise exceptions.CommandError(msg) + + if parsed_args.trustee_domain and not parsed_args.trustee: + msg = _("Using --trustee-domain mandates the use of --trustee") + raise exceptions.CommandError(msg) + + if parsed_args.trustor_domain and not parsed_args.trustor: + msg = _("Using --trustor-domain mandates the use of --trustor") + raise exceptions.CommandError(msg) + + if parsed_args.authuser: + if auth_ref: + user = common.find_user( + identity_client, + auth_ref.user_id + ) + # We need two calls here as we want trusts with + # either the trustor or the trustee set to current user + # using a single call would give us trusts with both + # trustee and trustor set to current user + data1 = identity_client.trusts.list(trustor_user=user) + data2 = identity_client.trusts.list(trustee_user=user) + data = set(data1 + data2) + else: + trustor = None + if parsed_args.trustor: + trustor = common.find_user( + identity_client, + parsed_args.trustor, + parsed_args.trustor_domain, + ) + + trustee = None + if parsed_args.trustee: + trustee = common.find_user( + identity_client, + parsed_args.trustor, + parsed_args.trustor_domain, + ) + + data = self.app.client_manager.identity.trusts.list( + trustor_user=trustor, + trustee_user=trustee, + ) + columns = ('ID', 'Expires At', 'Impersonation', 'Project ID', 'Trustee User ID', 'Trustor User ID') - data = self.app.client_manager.identity.trusts.list() + return (columns, (utils.get_item_properties( s, columns, |