diff options
Diffstat (limited to 'openstackclient/identity/v2_0/role_assignment.py')
| -rw-r--r-- | openstackclient/identity/v2_0/role_assignment.py | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/openstackclient/identity/v2_0/role_assignment.py b/openstackclient/identity/v2_0/role_assignment.py new file mode 100644 index 00000000..406508ac --- /dev/null +++ b/openstackclient/identity/v2_0/role_assignment.py @@ -0,0 +1,113 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +"""Identity v2 Assignment action implementations """ + +from openstackclient.common import command +from openstackclient.common import exceptions +from openstackclient.common import utils +from openstackclient.i18n import _ # noqa + + +class ListRoleAssignment(command.Lister): + """List role assignments""" + + def get_parser(self, prog_name): + parser = super(ListRoleAssignment, self).get_parser(prog_name) + parser.add_argument( + '--user', + metavar='<user>', + help='User to filter (name or ID)', + ) + parser.add_argument( + '--project', + metavar='<project>', + help='Project to filter (name or ID)', + ) + parser.add_argument( + '--names', + action="store_true", + help='Display names instead of IDs', + ) + parser.add_argument( + '--auth-user', + action="store_true", + dest='authuser', + help='Only list assignments for the authenticated user', + ) + parser.add_argument( + '--auth-project', + action="store_true", + dest='authproject', + help='Only list assignments for the project to which the ' + 'authenticated user\'s token is scoped', + ) + return parser + + def take_action(self, parsed_args): + identity_client = self.app.client_manager.identity + auth_ref = self.app.client_manager.auth_ref + + include_names = True if parsed_args.names else False + + user = None + if parsed_args.user: + user = utils.find_resource( + identity_client.users, + parsed_args.user, + ) + elif parsed_args.authuser: + if auth_ref: + user = utils.find_resource( + identity_client.users, + auth_ref.user_id + ) + + project = None + if parsed_args.project: + project = utils.find_resource( + identity_client.projects, + parsed_args.project, + ) + elif parsed_args.authproject: + if auth_ref: + project = utils.find_resource( + identity_client.projects, + auth_ref.project_id + ) + + # If user or project is not specified, we would ideally list all + # relevant assignments in the system (to be compatible with v3). + # However, there is no easy way of doing that in v2. + if not user or not project: + msg = _("Project and User must be specified") + raise exceptions.CommandError(msg) + else: + data = identity_client.roles.roles_for_user(user.id, project.id) + + columns = ('Role', 'User', 'Project') + for user_role in data: + if include_names: + setattr(user_role, 'role', user_role.name) + user_role.user = user.name + user_role.project = project.name + else: + setattr(user_role, 'role', user_role.id) + user_role.user = user.id + user_role.project = project.id + + return (columns, + (utils.get_item_properties( + s, columns, + formatters={}, + ) for s in data)) |