Add functionality for add-role commands

keep the functions sorted
Please review carefully as I intend to mimic this logic with
list and remove, I'm open to suggestions about handling thigs
differently

Change-Id: Ia6359134c44447f3b758870c4dc306ec1f970852

1 files changed, 81 insertions, 0 deletions

diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index 5b4ceb1d..faff9062 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -25,6 +25,87 @@ from cliff import show
 from openstackclient.common import utils
 
 
+class AddRole(command.Command):
+    """Add role command"""
+
+    api = 'identity'
+    log = logging.getLogger(__name__ + '.AddRole')
+
+    def get_parser(self, prog_name):
+        parser = super(AddRole, self).get_parser(prog_name)
+        parser.add_argument(
+            'role',
+            metavar='<role>',
+            help='Name or ID of role to add',
+        )
+        user_or_group = parser.add_mutually_exclusive_group()
+        user_or_group.add_argument(
+            '--user',
+            metavar='<user>',
+            help='Name or ID of user to assign a role',
+        )
+        user_or_group.add_argument(
+            '--group',
+            metavar='<group>',
+            help='Name or ID of group to assign a role',
+        )
+        domain_or_project = parser.add_mutually_exclusive_group()
+        domain_or_project.add_argument(
+            '--domain',
+            metavar='<domain>',
+            help='Name or ID of domain where user or group resides',
+        )
+        domain_or_project.add_argument(
+            '--project',
+            metavar='<project>',
+            help='Name or ID of project where user or group resides',
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        self.log.debug('take_action(%s)' % parsed_args)
+        identity_client = self.app.client_manager.identity
+
+        if (not parsed_args.user and not parsed_args.domain
+                and not parsed_args.group and not parsed_args.project):
+            sys.stdout.write("Role not updated, no arguments present \n")
+            return
+
+        role_id = utils.find_resource(identity_client.roles,
+                                      parsed_args.role).id
+
+        if (parsed_args.user and parsed_args.domain):
+            user = utils.find_resource(identity_client.users,
+                                       parsed_args.user)
+            domain = utils.find_resource(identity_client.domains,
+                                         parsed_args.domain)
+            identity_client.roles.grant(role_id, user=user, domain=domain)
+            return
+        elif (parsed_args.user and parsed_args.project):
+            user = utils.find_resource(identity_client.users,
+                                       parsed_args.user)
+            project = utils.find_resource(identity_client.projects,
+                                          parsed_args.project)
+            identity_client.roles.grant(role_id, user=user, project=project)
+            return
+        elif (parsed_args.group and parsed_args.project):
+            group = utils.find_resource(identity_client.group,
+                                        parsed_args.group)
+            project = utils.find_resource(identity_client.projects,
+                                          parsed_args.project)
+            identity_client.roles.grant(role_id, group=group, project=project)
+            return
+        elif (parsed_args.group and parsed_args.domain):
+            group = utils.find_resource(identity_client.group,
+                                        parsed_args.group)
+            domain = utils.find_resource(identity_client.domains,
+                                         parsed_args.domain)
+            identity_client.roles.grant(role_id, group=group, domain=domain)
+            return
+        else:
+            return
+
+
 class CreateRole(show.ShowOne):
     """Create new role"""