1 files changed, 79 insertions, 0 deletions

diff --git a/openstackclient/identity/v3/unscoped_saml.py b/openstackclient/identity/v3/unscoped_saml.py
new file mode 100644
index 00000000..affbaf3a
--- /dev/null
+++ b/openstackclient/identity/v3/unscoped_saml.py
@@ -0,0 +1,79 @@
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+"""Identity v3 unscoped SAML auth action implementations.
+
+The first step of federated auth is to fetch an unscoped token. From there,
+the user can list domains and projects they are allowed to access, and request
+a scoped token."""
+
+import logging
+
+from cliff import lister
+
+from openstackclient.common import exceptions
+from openstackclient.common import utils
+
+
+UNSCOPED_AUTH_PLUGINS = ['v3unscopedsaml', 'v3unscopedadfs']
+
+
+def auth_with_unscoped_saml(func):
+    """Check the unscoped federated context"""
+    def _decorated(self, parsed_args):
+        auth_plugin_name = self.app.client_manager.auth_plugin_name
+        if auth_plugin_name in UNSCOPED_AUTH_PLUGINS:
+            return func(self, parsed_args)
+        else:
+            msg = ('This command requires the use of an unscoped SAML '
+                   'authentication plugin. Please use argument '
+                   '--os-auth-plugin with one of the following '
+                   'plugins: ' + ', '.join(UNSCOPED_AUTH_PLUGINS))
+            raise exceptions.CommandError(msg)
+    return _decorated
+
+
+class ListAccessibleDomains(lister.Lister):
+    """List accessible domains"""
+
+    log = logging.getLogger(__name__ + '.ListAccessibleDomains')
+
+    @auth_with_unscoped_saml
+    def take_action(self, parsed_args):
+        self.log.debug('take_action(%s)', parsed_args)
+        columns = ('ID', 'Enabled', 'Name', 'Description')
+        identity_client = self.app.client_manager.identity
+        data = identity_client.federation.domains.list()
+        return (columns,
+                (utils.get_item_properties(
+                    s, columns,
+                    formatters={},
+                ) for s in data))
+
+
+class ListAccessibleProjects(lister.Lister):
+    """List accessible projects"""
+
+    log = logging.getLogger(__name__ + '.ListAccessibleProjects')
+
+    @auth_with_unscoped_saml
+    def take_action(self, parsed_args):
+        self.log.debug('take_action(%s)', parsed_args)
+        columns = ('ID', 'Domain ID', 'Enabled', 'Name')
+        identity_client = self.app.client_manager.identity
+        data = identity_client.federation.projects.list()
+        return (columns,
+                (utils.get_item_properties(
+                    s, columns,
+                    formatters={},
+                ) for s in data))