diff options
| author | Jenkins <jenkins@review.openstack.org> | 2015-05-22 20:00:01 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2015-05-22 20:00:01 +0000 |
| commit | 61cfebb8aa7c20dd8ae5f4a79f57fbb3c38fd104 (patch) | |
| tree | 1e1cb037c6ccf4845041b3c137c08350bb2bf9ab /openstackclient | |
| parent | 7cc9632939ba05381a50faca581ffd2cb22351b3 (diff) | |
| parent | 3ca96ef93cda1a3f186febc0e241e2d4adb682eb (diff) | |
| download | python-openstackclient-61cfebb8aa7c20dd8ae5f4a79f57fbb3c38fd104.tar.gz | |
Merge "Enable specifing domains in "role add""
Diffstat (limited to 'openstackclient')
| -rw-r--r-- | openstackclient/identity/common.py | 16 | ||||
| -rw-r--r-- | openstackclient/identity/v3/role.py | 102 |
2 files changed, 74 insertions, 44 deletions
diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index 2cc68c8d..a6e674c0 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id): domains.Domain) -def find_group(identity_client, name_or_id): +def find_group(identity_client, name_or_id, domain_id=None): return _find_identity_resource(identity_client.groups, name_or_id, - groups.Group) + groups.Group, domain_id=domain_id) -def find_project(identity_client, name_or_id): +def find_project(identity_client, name_or_id, domain_id=None): return _find_identity_resource(identity_client.projects, name_or_id, - projects.Project) + projects.Project, domain_id=domain_id) -def find_user(identity_client, name_or_id): +def find_user(identity_client, name_or_id, domain_id=None): return _find_identity_resource(identity_client.users, name_or_id, - users.User) + users.User, domain_id=domain_id) def _find_identity_resource(identity_client_manager, name_or_id, - resource_type): + resource_type, **kwargs): """Find a specific identity resource. Using keystoneclient's manager, attempt to find a specific resource by its @@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id, try: identity_resource = utils.find_resource(identity_client_manager, - name_or_id) + name_or_id, **kwargs) if identity_resource is not None: return identity_resource except identity_exc.Forbidden: diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index 3dd998ba..bc64f7f8 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -63,6 +63,27 @@ class AddRole(command.Command): metavar='<group>', help='Include <group> (name or ID)', ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) + parser.add_argument( + '--group-domain', + metavar='<group-domain>', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--project-domain', + metavar='<project-domain>', + help=('Domain the project belongs to (name or ID). ' + 'This can be used in case collisions between project names ' + 'exist.') + ) return parser def take_action(self, parsed_args): @@ -78,67 +99,76 @@ class AddRole(command.Command): parsed_args.role, ) + kwargs = {} if parsed_args.user and parsed_args.domain: - user = common.find_user( + user_domain_id = self._get_domain_id_if_requested( + parsed_args.user_domain) + kwargs['user'] = common.find_user( identity_client, parsed_args.user, - ) - domain = common.find_domain( + user_domain_id, + ).id + kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, - ) - identity_client.roles.grant( - role.id, - user=user.id, - domain=domain.id, - ) + ).id elif parsed_args.user and parsed_args.project: - user = common.find_user( + user_domain_id = self._get_domain_id_if_requested( + parsed_args.user_domain) + kwargs['user'] = common.find_user( identity_client, parsed_args.user, - ) - project = common.find_project( + user_domain_id, + ).id + project_domain_id = self._get_domain_id_if_requested( + parsed_args.project_domain) + kwargs['project'] = common.find_project( identity_client, parsed_args.project, - ) - identity_client.roles.grant( - role.id, - user=user.id, - project=project.id, - ) + project_domain_id, + ).id elif parsed_args.group and parsed_args.domain: - group = common.find_group( + group_domain_id = self._get_domain_id_if_requested( + parsed_args.group_domain) + kwargs['group'] = common.find_group( identity_client, parsed_args.group, - ) - domain = common.find_domain( + group_domain_id, + ).id + kwargs['domain'] = common.find_domain( identity_client, parsed_args.domain, - ) - identity_client.roles.grant( - role.id, - group=group.id, - domain=domain.id, - ) + ).id elif parsed_args.group and parsed_args.project: - group = common.find_group( + group_domain_id = self._get_domain_id_if_requested( + parsed_args.group_domain) + kwargs['group'] = common.find_group( identity_client, parsed_args.group, - ) - project = common.find_project( + group_domain_id, + ).id + project_domain_id = self._get_domain_id_if_requested( + parsed_args.project_domain) + kwargs['project'] = common.find_project( identity_client, parsed_args.project, - ) - identity_client.roles.grant( - role.id, - group=group.id, - project=project.id, - ) + project_domain_id, + ).id else: sys.stderr.write("Role not added, incorrect set of arguments \ provided. See openstack --help for more details\n") + return + + identity_client.roles.grant(role.id, **kwargs) return + def _get_domain_id_if_requested(self, domain_name_or_id): + if domain_name_or_id is None: + return None + domain = common.find_domain(self.app.client_manager.identity, + domain_name_or_id) + return domain.id + class CreateRole(show.ShowOne): """Create new role""" |