diff options
Diffstat (limited to 'openstackclient/identity')
| -rw-r--r-- | openstackclient/identity/common.py | 16 | ||||
| -rw-r--r-- | openstackclient/identity/v3/group.py | 116 | ||||
| -rw-r--r-- | openstackclient/identity/v3/role.py | 321 |
3 files changed, 208 insertions, 245 deletions
diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py index a6e674c0..b97a1778 100644 --- a/openstackclient/identity/common.py +++ b/openstackclient/identity/common.py @@ -43,22 +43,32 @@ def find_service(identity_client, name_type_or_id): raise exceptions.CommandError(msg) +def _get_domain_id_if_requested(identity_client, domain_name_or_id): + if not domain_name_or_id: + return None + domain = find_domain(identity_client, domain_name_or_id) + return domain.id + + def find_domain(identity_client, name_or_id): return _find_identity_resource(identity_client.domains, name_or_id, domains.Domain) -def find_group(identity_client, name_or_id, domain_id=None): +def find_group(identity_client, name_or_id, domain_name_or_id=None): + domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id) return _find_identity_resource(identity_client.groups, name_or_id, groups.Group, domain_id=domain_id) -def find_project(identity_client, name_or_id, domain_id=None): +def find_project(identity_client, name_or_id, domain_name_or_id=None): + domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id) return _find_identity_resource(identity_client.projects, name_or_id, projects.Project, domain_id=domain_id) -def find_user(identity_client, name_or_id, domain_id=None): +def find_user(identity_client, name_or_id, domain_name_or_id=None): + domain_id = _get_domain_id_if_requested(identity_client, domain_name_or_id) return _find_identity_resource(identity_client.users, name_or_id, users.User, domain_id=domain_id) diff --git a/openstackclient/identity/v3/group.py b/openstackclient/identity/v3/group.py index 91acf3e5..b064eb77 100644 --- a/openstackclient/identity/v3/group.py +++ b/openstackclient/identity/v3/group.py @@ -46,16 +46,32 @@ class AddUserToGroup(command.Command): metavar='<user>', help='User to add to <group> (name or ID)', ) + parser.add_argument( + '--group-domain', + metavar='<group-domain>', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - user_id = utils.find_resource(identity_client.users, - parsed_args.user).id - group_id = utils.find_resource(identity_client.groups, - parsed_args.group).id + user_id = common.find_user(identity_client, + parsed_args.user, + parsed_args.user_domain).id + group_id = common.find_group(identity_client, + parsed_args.group, + parsed_args.group_domain).id try: identity_client.users.add_to_group(user_id, group_id) @@ -84,16 +100,32 @@ class CheckUserInGroup(command.Command): metavar='<user>', help='User to check (name or ID)', ) + parser.add_argument( + '--group-domain', + metavar='<group-domain>', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - user_id = utils.find_resource(identity_client.users, - parsed_args.user).id - group_id = utils.find_resource(identity_client.groups, - parsed_args.group).id + user_id = common.find_user(identity_client, + parsed_args.user, + parsed_args.user_domain).id + group_id = common.find_group(identity_client, + parsed_args.group, + parsed_args.group_domain).id try: identity_client.users.check_in_group(user_id, group_id) @@ -184,17 +216,10 @@ class DeleteGroup(command.Command): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - domain = None - if parsed_args.domain: - domain = common.find_domain(identity_client, parsed_args.domain) for group in parsed_args.groups: - if domain is not None: - group_obj = utils.find_resource(identity_client.groups, - group, - domain_id=domain.id) - else: - group_obj = utils.find_resource(identity_client.groups, - group) + group_obj = common.find_group(identity_client, + group, + parsed_args.domain) identity_client.groups.delete(group_obj.id) return @@ -217,6 +242,13 @@ class ListGroup(lister.Lister): help='Filter group list by <user> (name or ID)', ) parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) + parser.add_argument( '--long', action='store_true', default=False, @@ -234,9 +266,10 @@ class ListGroup(lister.Lister): parsed_args.domain).id if parsed_args.user: - user = utils.find_resource( - identity_client.users, + user = common.find_user( + identity_client, parsed_args.user, + parsed_args.user_domain, ).id else: user = None @@ -277,16 +310,32 @@ class RemoveUserFromGroup(command.Command): metavar='<user>', help='User to remove from <group> (name or ID)', ) + parser.add_argument( + '--group-domain', + metavar='<group-domain>', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) return parser def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - user_id = utils.find_resource(identity_client.users, - parsed_args.user).id - group_id = utils.find_resource(identity_client.groups, - parsed_args.group).id + user_id = common.find_user(identity_client, + parsed_args.user, + parsed_args.user_domain).id + group_id = common.find_group(identity_client, + parsed_args.group, + parsed_args.group_domain).id try: identity_client.users.remove_from_group(user_id, group_id) @@ -310,6 +359,11 @@ class SetGroup(command.Command): metavar='<group>', help='Group to modify (name or ID)') parser.add_argument( + '--domain', + metavar='<domain>', + help='Domain containing <group> (name or ID)', + ) + parser.add_argument( '--name', metavar='<name>', help='New group name') @@ -322,7 +376,8 @@ class SetGroup(command.Command): def take_action(self, parsed_args): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - group = utils.find_resource(identity_client.groups, parsed_args.group) + group = common.find_group(identity_client, parsed_args.group, + parsed_args.domain) kwargs = {} if parsed_args.name: kwargs['name'] = parsed_args.name @@ -359,14 +414,9 @@ class ShowGroup(show.ShowOne): self.log.debug('take_action(%s)', parsed_args) identity_client = self.app.client_manager.identity - if parsed_args.domain: - domain = common.find_domain(identity_client, parsed_args.domain) - group = utils.find_resource(identity_client.groups, - parsed_args.group, - domain_id=domain.id) - else: - group = utils.find_resource(identity_client.groups, - parsed_args.group) + group = common.find_group(identity_client, + parsed_args.group, + domain_name_or_id=parsed_args.domain) group._info.pop('links') return zip(*sorted(six.iteritems(group._info))) diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py index bc64f7f8..4f1c04d5 100644 --- a/openstackclient/identity/v3/role.py +++ b/openstackclient/identity/v3/role.py @@ -29,6 +29,100 @@ from openstackclient.i18n import _ # noqa from openstackclient.identity import common +def _add_identity_and_resource_options_to_parser(parser): + domain_or_project = parser.add_mutually_exclusive_group() + domain_or_project.add_argument( + '--domain', + metavar='<domain>', + help='Include <domain> (name or ID)', + ) + domain_or_project.add_argument( + '--project', + metavar='<project>', + help='Include `<project>` (name or ID)', + ) + user_or_group = parser.add_mutually_exclusive_group() + user_or_group.add_argument( + '--user', + metavar='<user>', + help='Include <user> (name or ID)', + ) + user_or_group.add_argument( + '--group', + metavar='<group>', + help='Include <group> (name or ID)', + ) + parser.add_argument( + '--user-domain', + metavar='<user-domain>', + help=('Domain the user belongs to (name or ID). ' + 'This can be used in case collisions between user names ' + 'exist.') + ) + parser.add_argument( + '--group-domain', + metavar='<group-domain>', + help=('Domain the group belongs to (name or ID). ' + 'This can be used in case collisions between group names ' + 'exist.') + ) + parser.add_argument( + '--project-domain', + metavar='<project-domain>', + help=('Domain the project belongs to (name or ID). ' + 'This can be used in case collisions between project names ' + 'exist.') + ) + + +def _process_identity_and_resource_options(parsed_args, + identity_client_manager): + kwargs = {} + if parsed_args.user and parsed_args.domain: + kwargs['user'] = common.find_user( + identity_client_manager, + parsed_args.user, + parsed_args.user_domain, + ).id + kwargs['domain'] = common.find_domain( + identity_client_manager, + parsed_args.domain, + ).id + elif parsed_args.user and parsed_args.project: + kwargs['user'] = common.find_user( + identity_client_manager, + parsed_args.user, + parsed_args.user_domain, + ).id + kwargs['project'] = common.find_project( + identity_client_manager, + parsed_args.project, + parsed_args.project_domain, + ).id + elif parsed_args.group and parsed_args.domain: + kwargs['group'] = common.find_group( + identity_client_manager, + parsed_args.group, + parsed_args.group_domain, + ).id + kwargs['domain'] = common.find_domain( + identity_client_manager, + parsed_args.domain, + ).id + elif parsed_args.group and parsed_args.project: + kwargs['group'] = common.find_group( + identity_client_manager, + parsed_args.group, + parsed_args.group_domain, + ).id + kwargs['project'] = common.find_project( + identity_client_manager, + parsed_args.project, + parsed_args.group_domain, + ).id + return kwargs + + class AddRole(command.Command): """Adds a role to a user or group on a domain or project""" @@ -41,49 +135,7 @@ class AddRole(command.Command): metavar='<role>', help='Role to add to <user> (name or ID)', ) - domain_or_project = parser.add_mutually_exclusive_group() - domain_or_project.add_argument( - '--domain', - metavar='<domain>', - help='Include <domain> (name or ID)', - ) - domain_or_project.add_argument( - '--project', - metavar='<project>', - help='Include `<project>` (name or ID)', - ) - user_or_group = parser.add_mutually_exclusive_group() - user_or_group.add_argument( - '--user', - metavar='<user>', - help='Include <user> (name or ID)', - ) - user_or_group.add_argument( - '--group', - metavar='<group>', - help='Include <group> (name or ID)', - ) - parser.add_argument( - '--user-domain', - metavar='<user-domain>', - help=('Domain the user belongs to (name or ID). ' - 'This can be used in case collisions between user names ' - 'exist.') - ) - parser.add_argument( - '--group-domain', - metavar='<group-domain>', - help=('Domain the group belongs to (name or ID). ' - 'This can be used in case collisions between group names ' - 'exist.') - ) - parser.add_argument( - '--project-domain', - metavar='<project-domain>', - help=('Domain the project belongs to (name or ID). ' - 'This can be used in case collisions between project names ' - 'exist.') - ) + _add_identity_and_resource_options_to_parser(parser) return parser def take_action(self, parsed_args): @@ -99,76 +151,17 @@ class AddRole(command.Command): parsed_args.role, ) - kwargs = {} - if parsed_args.user and parsed_args.domain: - user_domain_id = self._get_domain_id_if_requested( - parsed_args.user_domain) - kwargs['user'] = common.find_user( - identity_client, - parsed_args.user, - user_domain_id, - ).id - kwargs['domain'] = common.find_domain( - identity_client, - parsed_args.domain, - ).id - elif parsed_args.user and parsed_args.project: - user_domain_id = self._get_domain_id_if_requested( - parsed_args.user_domain) - kwargs['user'] = common.find_user( - identity_client, - parsed_args.user, - user_domain_id, - ).id - project_domain_id = self._get_domain_id_if_requested( - parsed_args.project_domain) - kwargs['project'] = common.find_project( - identity_client, - parsed_args.project, - project_domain_id, - ).id - elif parsed_args.group and parsed_args.domain: - group_domain_id = self._get_domain_id_if_requested( - parsed_args.group_domain) - kwargs['group'] = common.find_group( - identity_client, - parsed_args.group, - group_domain_id, - ).id - kwargs['domain'] = common.find_domain( - identity_client, - parsed_args.domain, - ).id - elif parsed_args.group and parsed_args.project: - group_domain_id = self._get_domain_id_if_requested( - parsed_args.group_domain) - kwargs['group'] = common.find_group( - identity_client, - parsed_args.group, - group_domain_id, - ).id - project_domain_id = self._get_domain_id_if_requested( - parsed_args.project_domain) - kwargs['project'] = common.find_project( - identity_client, - parsed_args.project, - project_domain_id, - ).id - else: - sys.stderr.write("Role not added, incorrect set of arguments \ - provided. See openstack --help for more details\n") + kwargs = _process_identity_and_resource_options( + parsed_args, self.app.client_manager.identity) + if not kwargs: + sys.stderr.write("Role not added, incorrect set of arguments " + "provided. See openstack --help for more " + "details\n") return identity_client.roles.grant(role.id, **kwargs) return - def _get_domain_id_if_requested(self, domain_name_or_id): - if domain_name_or_id is None: - return None - domain = common.find_domain(self.app.client_manager.identity, - domain_name_or_id) - return domain.id - class CreateRole(show.ShowOne): """Create new role""" @@ -242,28 +235,7 @@ class ListRole(lister.Lister): def get_parser(self, prog_name): parser = super(ListRole, self).get_parser(prog_name) - domain_or_project = parser.add_mutually_exclusive_group() - domain_or_project.add_argument( - '--domain', - metavar='<domain>', - help='Filter roles by <domain> (name or ID)', - ) - domain_or_project.add_argument( - '--project', - metavar='<project>', - help='Filter roles by <project> (name or ID)', - ) - user_or_group = parser.add_mutually_exclusive_group() - user_or_group.add_argument( - '--user', - metavar='<user>', - help='Filter roles by <user> (name or ID)', - ) - user_or_group.add_argument( - '--group', - metavar='<group>', - help='Filter roles by <group> (name or ID)', - ) + _add_identity_and_resource_options_to_parser(parser) return parser def take_action(self, parsed_args): @@ -274,11 +246,13 @@ class ListRole(lister.Lister): user = common.find_user( identity_client, parsed_args.user, + parsed_args.user_domain, ) elif parsed_args.group: group = common.find_group( identity_client, parsed_args.group, + parsed_args.group_domain, ) if parsed_args.domain: @@ -290,6 +264,7 @@ class ListRole(lister.Lister): project = common.find_project( identity_client, parsed_args.project, + parsed_args.project_domain, ) # no user or group specified, list all roles in the system @@ -363,28 +338,7 @@ class RemoveRole(command.Command): metavar='<role>', help='Role to remove (name or ID)', ) - domain_or_project = parser.add_mutually_exclusive_group() - domain_or_project.add_argument( - '--domain', - metavar='<domain>', - help='Include <domain> (name or ID)', - ) - domain_or_project.add_argument( - '--project', - metavar='<project>', - help='Include <project> (name or ID)', - ) - user_or_group = parser.add_mutually_exclusive_group() - user_or_group.add_argument( - '--user', - metavar='<user>', - help='Include <user> (name or ID)', - ) - user_or_group.add_argument( - '--group', - metavar='<group>', - help='Include <group> (name or ID)', - ) + _add_identity_and_resource_options_to_parser(parser) return parser def take_action(self, parsed_args): @@ -400,65 +354,14 @@ class RemoveRole(command.Command): parsed_args.role, ) - if parsed_args.user and parsed_args.domain: - user = common.find_user( - identity_client, - parsed_args.user, - ) - domain = common.find_domain( - identity_client, - parsed_args.domain, - ) - identity_client.roles.revoke( - role.id, - user=user.id, - domain=domain.id, - ) - elif parsed_args.user and parsed_args.project: - user = common.find_user( - identity_client, - parsed_args.user, - ) - project = common.find_project( - identity_client, - parsed_args.project, - ) - identity_client.roles.revoke( - role.id, - user=user.id, - project=project.id, - ) - elif parsed_args.group and parsed_args.domain: - group = common.find_group( - identity_client, - parsed_args.group, - ) - domain = common.find_domain( - identity_client, - parsed_args.domain, - ) - identity_client.roles.revoke( - role.id, - group=group.id, - domain=domain.id, - ) - elif parsed_args.group and parsed_args.project: - group = common.find_group( - identity_client, - parsed_args.group, - ) - project = common.find_project( - identity_client, - parsed_args.project, - ) - identity_client.roles.revoke( - role.id, - group=group.id, - project=project.id, - ) - else: + kwargs = _process_identity_and_resource_options( + parsed_args, self.app.client_manager.identity) + if not kwargs: sys.stderr.write("Role not removed, incorrect set of arguments \ provided. See openstack --help for more details\n") + return + + identity_client.roles.revoke(role.id, **kwargs) return |